diff options
Diffstat (limited to 'os/kay/modules/sshfwd.nix')
| -rw-r--r-- | os/kay/modules/sshfwd.nix | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/os/kay/modules/sshfwd.nix b/os/kay/modules/sshfwd.nix new file mode 100644 index 0000000..d70b893 --- /dev/null +++ b/os/kay/modules/sshfwd.nix @@ -0,0 +1,29 @@ +{ ... }: let + group = "sshfwd"; +in { + networking.firewall.allowedTCPPorts = [ 2222 ]; + + users = { + groups.${group}.members = []; + + users."lia" = { + inherit group; + isSystemUser = true; + + openssh.authorizedKeys.keys + = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7fJlh9L+9JSq0+hK7jNZjszmZqNXwzqcZ+zx0yJyU lia" ]; + }; + }; + + services.openssh.extraConfig = '' + Match Group ${group} + ForceCommand echo 'this account is only usable for remote forwarding' + PermitTunnel no + AllowAgentForwarding no + X11Forwarding no + + AllowTcpForwarding remote + GatewayPorts clientspecified + PermitListen *:2222 + ''; +} |