hosts/Infini-DL360/default.nix

@@ -30,11 +30,11 @@
     ./postgresql.nix
     ./privoxy.nix
     ./radicale.nix
+    ./research.nix
     ./searx.nix
     ./ssh.nix
     ./thelounge.nix
     ./torrenting.nix
-    ./users.nix
     ./vaultwarden.nix
     ./web.nix
     ./wireguard.nix

hosts/Infini-DL360/research.nix

@@ -0,0 +1,32 @@
+{ pkgs, ... }:
+
+{
+  users.users.cs252 = {
+    description = "Guest account for CS 252 researchers";
+    group = "users";
+    isNormalUser = true;
+    shell = pkgs.bash;
+  };
+
+  services.openssh.extraConfig = ''
+    Match user cs252
+      AuthorizedKeysFile /etc/ssh/authorized_keys.d/infinidoge /etc/ssh/authorized_keys.d/%u
+      DisableForwarding yes
+      PasswordAuthentication no
+  '';
+
+  security.pam.loginLimits = [
+    {
+      domain = "cs252";
+      item = "memlock";
+      type = "-";
+      value = "256000000";
+    }
+    {
+      domain = "cs252";
+      item = "as";
+      type = "-";
+      value = "256000000";
+    }
+  ];
+}

hosts/Infini-DL360/ssh.nix

@@ -1,9 +1,4 @@
-{
+{ config, pkgs, ... }:
-  config,
-  pkgs,
-  lib,
-  ...
-}:
 let
   cfg = config.services.openssh;
 
@@ -68,7 +63,7 @@ in
 
   # https://enotacoes.wordpress.com/2021/10/05/limiting-user-to-sshfs-or-sftp-of-one-directory-only/
   # https://github.com/NixOS/nixpkgs/blob/d603719ec6e294f034936c0d0dc06f689d91b6c3/nixos/modules/services/networking/ssh/sshd.nix#L663
-  services.openssh.extraConfig = lib.mkBefore ''
+  services.openssh.extraConfig = ''
     XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
 
     Match user infinidoge

hosts/Infini-DL360/users.nix

@@ -1,14 +0,0 @@
-{ pkgs, ... }:
-
-{
-  users.users.mistergij = {
-    description = "Account for hosting DnD World bots";
-    isNormalUser = true;
-    shell = pkgs.bash;
-  };
-
-  services.openssh.extraConfig = ''
-    Match user mistergij
-      DisableForwarding yes
-  '';
-}