summaryrefslogtreecommitdiff
path: root/hosts/kay/modules/sshfwd.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/kay/modules/sshfwd.nix')
-rw-r--r--hosts/kay/modules/sshfwd.nix28
1 files changed, 28 insertions, 0 deletions
diff --git a/hosts/kay/modules/sshfwd.nix b/hosts/kay/modules/sshfwd.nix
new file mode 100644
index 0000000..0f0d3c3
--- /dev/null
+++ b/hosts/kay/modules/sshfwd.nix
@@ -0,0 +1,28 @@
+{ ... }: let
+ group = "sshfwd";
+in {
+ networking.firewall.allowedTCPPorts = [ 2222 ];
+
+ users = {
+ groups.${group}.members = [];
+
+ users."lia" = {
+ inherit group;
+ isSystemUser = true;
+
+ openssh.authorizedKeys.keys
+ = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7fJlh9L+9JSq0+hK7jNZjszmZqNXwzqcZ+zx0yJyU lia" ];
+ };
+ };
+
+ services.openssh.extraConfig = ''
+ Match Group ${group}
+ ForceCommand echo 'this account is only usable for forwarding'
+ PermitTunnel no
+ AllowAgentForwarding no
+ X11Forwarding no
+
+ AllowTcpForwarding yes
+ GatewayPorts yes
+ '';
+}