bento/fleet.nix at e65110f8a7b9ad6d3525879b3d70f0fea642fef7 · nab-os/bento

History

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

{ lib, pkgs, ... }:

let

create_users = host:

{

users.users."${host.username}" = {

createHome = false;

home = "/home/chroot/" + host.username;

isNormalUser = false;

isSystemUser = true;

group = "sftp_users";

openssh.authorizedKeys.keys = [ host.key ];

shell = null;

};

users = [

{ username = "router"; key = "ssh-ed25519 AAAAC3NzaC2aZGI1OTE5AAAAOIOZKLFCZLM67viQXHYRjraE6WLfvETMkjjgSz0mxMzS root@router"; }

];

in

{

imports = builtins.map create_users users;

users.groups = { sftp_users = {}; };

services.openssh.extraConfig = ''

Match Group sftp_users

X11Forwarding no

AllowTcpForwarding no

ChrootDirectory %h

ForceCommand internal-sftp

'';

}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fleet.nix

fleet.nix

Files

fleet.nix

Latest commit

History

fleet.nix

File metadata and controls