From d8cda888d971094eec964d5fd27ef164f7ddb86c Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Wed, 4 Dec 2024 12:00:25 -0500
Subject: [PATCH] Infini-DL360/ssh: add forwarding user

---
 hosts/Infini-DL360/ssh.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/hosts/Infini-DL360/ssh.nix b/hosts/Infini-DL360/ssh.nix
index c280ff2..7de3aa7 100644
--- a/hosts/Infini-DL360/ssh.nix
+++ b/hosts/Infini-DL360/ssh.nix
@@ -22,6 +22,12 @@ in
       group = "nogroup";
     };
 
+    forward = {
+      description = "User for ssh forwarding";
+      isSystemUser = true;
+      group = "nogroup";
+    };
+
     neofetch = {
       description = "SSH Neofetch";
       isSystemUser = true;
@@ -69,6 +75,15 @@ in
       GatewayPorts no
       PasswordAuthentication no
 
+    Match user forward
+      AuthorizedKeysFile /etc/ssh/authorized_keys.d/infinidoge /etc/ssh/authorized_keys.d/%u
+      ForceCommand ${pkgs.shadow}/bin/nologin
+      PermitTTY no
+      X11Forwarding no
+      PermitTunnel yes
+      GatewayPorts no
+      PasswordAuthentication no
+
     Match user neofetch
       ForceCommand ${pkgs.hyfetch}/bin/neowofetch --config ${neofetchConfig}
       PermitTTY yes