summaryrefslogtreecommitdiff
path: root/os/kay/modules/sftp.nix
diff options
context:
space:
mode:
Diffstat (limited to 'os/kay/modules/sftp.nix')
-rw-r--r--os/kay/modules/sftp.nix44
1 files changed, 44 insertions, 0 deletions
diff --git a/os/kay/modules/sftp.nix b/os/kay/modules/sftp.nix
new file mode 100644
index 0000000..bbe055e
--- /dev/null
+++ b/os/kay/modules/sftp.nix
@@ -0,0 +1,44 @@
+{ config, ... }:
+
+let
+ storage = "/hdd/users";
+ user = config.userdata.name;
+ pubKeys = config.users.users.${user}.openssh.authorizedKeys.keys;
+in
+{
+ users = {
+ groups."sftp".members = [];
+
+ users."sftp" = {
+ group = "sftp";
+ shell = "/run/current-system/sw/bin/nologin";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmA1dyV+o9gfoxlbVG0Y+dn3lVqdFs5fMqfxyNc5/Lr sftp@cez"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCbgjAfyDNtLNyOS+sfLirYtfEAkGqV54LOwabpWkvf sftp@veu"
+ ] ++ pubKeys;
+ };
+
+ users."nazer" = {
+ group = "sftp";
+ shell = "/run/current-system/sw/bin/nologin";
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV09w9Ovk9wk4Bhn/06iOn+Ss8lK3AmQAl8+lXHRycu nazu@pc"
+ ];
+ };
+ };
+
+ services.openssh.extraConfig = ''
+ Match Group sftp
+ # chroot dir should be owned by root
+ # and sub dirs by %u
+ ChrootDirectory ${storage}/%u
+ ForceCommand internal-sftp
+
+ PermitTunnel no
+ AllowAgentForwarding no
+ AllowTcpForwarding no
+ X11Forwarding no
+ '';
+}