From 7bb35b9e407422312c171802c7f5e583f353ba28 Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Sun, 11 Feb 2024 20:17:49 +0530 Subject: hosts/kay,lia/sshfwd: init --- hosts/kay/configuration.nix | 1 + hosts/kay/modules/dns/sinanmohd.com.zone | 2 +- hosts/kay/modules/sshfwd.nix | 28 ++++++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 hosts/kay/modules/sshfwd.nix (limited to 'hosts/kay') diff --git a/hosts/kay/configuration.nix b/hosts/kay/configuration.nix index 97172d0..78385d1 100644 --- a/hosts/kay/configuration.nix +++ b/hosts/kay/configuration.nix @@ -8,6 +8,7 @@ ./modules/sftp.nix ./modules/acme.nix ./modules/dns + ./modules/sshfwd.nix ../../common.nix ]; diff --git a/hosts/kay/modules/dns/sinanmohd.com.zone b/hosts/kay/modules/dns/sinanmohd.com.zone index 2ea2925..05f7cef 100644 --- a/hosts/kay/modules/dns/sinanmohd.com.zone +++ b/hosts/kay/modules/dns/sinanmohd.com.zone @@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com. $TTL 2d @ IN SOA ns1 sinan ( - 2024020800 ; serial + 2024020840 ; serial 2h ; refresh 5m ; retry 1d ; expire diff --git a/hosts/kay/modules/sshfwd.nix b/hosts/kay/modules/sshfwd.nix new file mode 100644 index 0000000..0f0d3c3 --- /dev/null +++ b/hosts/kay/modules/sshfwd.nix @@ -0,0 +1,28 @@ +{ ... }: let + group = "sshfwd"; +in { + networking.firewall.allowedTCPPorts = [ 2222 ]; + + users = { + groups.${group}.members = []; + + users."lia" = { + inherit group; + isSystemUser = true; + + openssh.authorizedKeys.keys + = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7fJlh9L+9JSq0+hK7jNZjszmZqNXwzqcZ+zx0yJyU lia" ]; + }; + }; + + services.openssh.extraConfig = '' + Match Group ${group} + ForceCommand echo 'this account is only usable for forwarding' + PermitTunnel no + AllowAgentForwarding no + X11Forwarding no + + AllowTcpForwarding yes + GatewayPorts yes + ''; +} -- cgit v1.2.3