From d7a0d49accac9aa6143efb787564501d14e78697 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Mon, 7 Apr 2025 11:17:35 -0400
Subject: [PATCH] Infini-DL360/research: init

---
 hosts/Infini-DL360/default.nix  |  1 +
 hosts/Infini-DL360/research.nix | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 hosts/Infini-DL360/research.nix

diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix
index 858076c..ceb929a 100644
--- a/hosts/Infini-DL360/default.nix
+++ b/hosts/Infini-DL360/default.nix
@@ -25,6 +25,7 @@
     ./postgresql.nix
     ./privoxy.nix
     ./radicale.nix
+    ./research.nix
     ./searx.nix
     ./ssh.nix
     ./thelounge.nix
diff --git a/hosts/Infini-DL360/research.nix b/hosts/Infini-DL360/research.nix
new file mode 100644
index 0000000..316c21a
--- /dev/null
+++ b/hosts/Infini-DL360/research.nix
@@ -0,0 +1,32 @@
+{ pkgs, ... }:
+
+{
+  users.users.cs252 = {
+    description = "Guest account for CS 252 researchers";
+    group = "users";
+    isNormalUser = true;
+    shell = pkgs.bash;
+  };
+
+  services.openssh.extraConfig = ''
+    Match user cs252
+      AuthorizedKeysFile /etc/ssh/authorized_keys.d/infinidoge /etc/ssh/authorized_keys.d/%u
+      DisableForwarding yes
+      PasswordAuthentication no
+  '';
+
+  security.pam.loginLimits = [
+    {
+      domain = "cs252";
+      item = "memlock";
+      type = "-";
+      value = "256000000";
+    }
+    {
+      domain = "cs252";
+      item = "as";
+      type = "-";
+      value = "256000000";
+    }
+  ];
+}