Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Infini-DL360: add ssh jump user

Browse source
This commit is contained in:
Infinidoge 2024-07-18 18:20:56 -04:00
parent feac7d06b2
commit 9cbc3af51a
Signed by: Infinidoge
SSH key fingerprint: SHA256:EMoPe5e2dO0gEvtBb2xkZTz5dkyL0rBmuiGTKG5s96E
1 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
hosts/Infini-DL360/default.nix
View file

@ -123,6 +123,12 @@
}; };
users.groups.incoming = { }; users.groups.incoming = { };
users.users.jump = {
description = "User for ssh jumping";
isSystemUser = true;
group = "nogroup";
};
systemd.tmpfiles.settings."30-external" = { systemd.tmpfiles.settings."30-external" = {
"/srv/external".d = { user = "root"; group = "root"; }; "/srv/external".d = { user = "root"; group = "root"; };
"/srv/external/incoming".d = { user = "incoming"; group = "incoming"; mode = "0770"; }; "/srv/external/incoming".d = { user = "incoming"; group = "incoming"; mode = "0770"; };
@ -139,5 +145,14 @@
AllowTcpForwarding no AllowTcpForwarding no
KbdInteractiveAuthentication no KbdInteractiveAuthentication no
PasswordAuthentication no PasswordAuthentication no
Match user jump
AuthorizedKeysFile /etc/ssh/authorized_keys.d/infinidoge /etc/ssh/authorized_keys.d/%u
ForceCommand ${pkgs.shadow}/bin/nologin
PermitTTY no
X11Forwarding no
PermitTunnel no
GatewayPorts no
PasswordAuthentication no
''; '';
} }