Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: clean up modules

Browse source
This commit is contained in:
Infinidoge 2024-10-22 11:34:51 -04:00
parent 28f18c9a99
commit 8cd8b3a3f9
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
64 changed files with 258 additions and 273 deletions
Download patch file Download diff file Expand all files Collapse all files

57
hosts/Infini-DL360/ssh.nix
View file

@ -1,31 +1,38 @@
{ pkgs, config, ... }:
{ config, pkgs, ... }:
let
cfg = config.services.openssh;
in
{
users.users.incoming = {
description = "User for incoming files with a chroot jail";
isSystemUser = true;
group = "incoming";
};
users.groups.incoming = { };
users.users = {
incoming = {
description = "User for incoming files with a chroot jail";
isSystemUser = true;
group = "incoming";
};
users.users.jump = {
description = "User for ssh jumping";
isSystemUser = true;
group = "nogroup";
};
jump = {
description = "User for ssh jumping";
isSystemUser = true;
group = "nogroup";
};
users.users.neofetch = {
description = "SSH Neofetch";
isSystemUser = true;
group = "nogroup";
hashedPassword = "$y$j9T$pixfaOyCz4Sbf8KE8AGVk.$TQKPzMvPan8qrO08kqjuJZO4LlUY7Yjxho0wIbcsmV3"; # :)
shell = pkgs.bash;
};
neofetch = {
description = "SSH Neofetch";
isSystemUser = true;
group = "nogroup";
hashedPassword = "$y$j9T$pixfaOyCz4Sbf8KE8AGVk.$TQKPzMvPan8qrO08kqjuJZO4LlUY7Yjxho0wIbcsmV3"; # :)
shell = pkgs.bash;
};
users.users.guest = {
description = "Guest shell account for temporary access";
group = "users";
isNormalUser = true;
shell = pkgs.bash;
guest = {
description = "Guest shell account for temporary access";
group = "users";
isNormalUser = true;
shell = pkgs.bash;
};
};
users.groups = {
incoming = { };
};
security.pam.services.sshd.allowNullPassword = true;
@ -41,7 +48,7 @@
Match user incoming
AuthorizedKeysFile /etc/ssh/authorized_keys.d/infinidoge /etc/ssh/authorized_keys.d/%u
ChrootDirectory /srv/external
ForceCommand ${config.services.openssh.sftpServerExecutable} -d incoming -u 007
ForceCommand ${cfg.sftpServerExecutable} -d incoming -u 007
X11Forwarding no
AllowTcpForwarding no
KbdInteractiveAuthentication no