diff options
Diffstat (limited to 'os/kay/modules/sftp.nix')
-rw-r--r-- | os/kay/modules/sftp.nix | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/os/kay/modules/sftp.nix b/os/kay/modules/sftp.nix new file mode 100644 index 0000000..bbe055e --- /dev/null +++ b/os/kay/modules/sftp.nix @@ -0,0 +1,44 @@ +{ config, ... }: + +let + storage = "/hdd/users"; + user = config.userdata.name; + pubKeys = config.users.users.${user}.openssh.authorizedKeys.keys; +in +{ + users = { + groups."sftp".members = []; + + users."sftp" = { + group = "sftp"; + shell = "/run/current-system/sw/bin/nologin"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmA1dyV+o9gfoxlbVG0Y+dn3lVqdFs5fMqfxyNc5/Lr sftp@cez" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCbgjAfyDNtLNyOS+sfLirYtfEAkGqV54LOwabpWkvf sftp@veu" + ] ++ pubKeys; + }; + + users."nazer" = { + group = "sftp"; + shell = "/run/current-system/sw/bin/nologin"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV09w9Ovk9wk4Bhn/06iOn+Ss8lK3AmQAl8+lXHRycu nazu@pc" + ]; + }; + }; + + services.openssh.extraConfig = '' + Match Group sftp + # chroot dir should be owned by root + # and sub dirs by %u + ChrootDirectory ${storage}/%u + ForceCommand internal-sftp + + PermitTunnel no + AllowAgentForwarding no + AllowTcpForwarding no + X11Forwarding no + ''; +} |