From 5ed3257499685e867427943ce429fb2077a9ba56 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Thu, 14 Aug 2025 13:55:54 -0400 Subject: [PATCH 1/3] Infini-DL360: remove CS252 research access --- hosts/Infini-DL360/default.nix | 1 - hosts/Infini-DL360/research.nix | 32 -------------------------------- 2 files changed, 33 deletions(-) delete mode 100644 hosts/Infini-DL360/research.nix diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix index 4633e5d..56b5fd2 100644 --- a/hosts/Infini-DL360/default.nix +++ b/hosts/Infini-DL360/default.nix @@ -30,7 +30,6 @@ ./postgresql.nix ./privoxy.nix ./radicale.nix - ./research.nix ./searx.nix ./ssh.nix ./thelounge.nix diff --git a/hosts/Infini-DL360/research.nix b/hosts/Infini-DL360/research.nix deleted file mode 100644 index 316c21a..0000000 --- a/hosts/Infini-DL360/research.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.cs252 = { - description = "Guest account for CS 252 researchers"; - group = "users"; - isNormalUser = true; - shell = pkgs.bash; - }; - - services.openssh.extraConfig = '' - Match user cs252 - AuthorizedKeysFile /etc/ssh/authorized_keys.d/infinidoge /etc/ssh/authorized_keys.d/%u - DisableForwarding yes - PasswordAuthentication no - ''; - - security.pam.loginLimits = [ - { - domain = "cs252"; - item = "memlock"; - type = "-"; - value = "256000000"; - } - { - domain = "cs252"; - item = "as"; - type = "-"; - value = "256000000"; - } - ]; -} From 2ae55152c6165a6290d36a79e0f8bb46c8797665 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Thu, 14 Aug 2025 14:19:40 -0400 Subject: [PATCH 2/3] Infini-DL360/users: init --- hosts/Infini-DL360/default.nix | 1 + hosts/Infini-DL360/users.nix | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 hosts/Infini-DL360/users.nix diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix index 56b5fd2..b0b8cad 100644 --- a/hosts/Infini-DL360/default.nix +++ b/hosts/Infini-DL360/default.nix @@ -34,6 +34,7 @@ ./ssh.nix ./thelounge.nix ./torrenting.nix + ./users.nix ./vaultwarden.nix ./web.nix ./wireguard.nix diff --git a/hosts/Infini-DL360/users.nix b/hosts/Infini-DL360/users.nix new file mode 100644 index 0000000..3edd0c3 --- /dev/null +++ b/hosts/Infini-DL360/users.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + users.users.mistergij = { + description = "Account for hosting DnD World bots"; + isNormalUser = true; + shell = pkgs.bash; + }; + + services.openssh.extraConfig = '' + Match user mistergij + DisableForwarding yes + ''; +} From b28efc33ca46b032dfe0d080a72e39fb4908fec1 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Mon, 25 Aug 2025 23:01:03 -0400 Subject: [PATCH 3/3] Infini-DL360/ssh: reorder ssh extra config --- hosts/Infini-DL360/ssh.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/hosts/Infini-DL360/ssh.nix b/hosts/Infini-DL360/ssh.nix index ab9e55d..372c81a 100644 --- a/hosts/Infini-DL360/ssh.nix +++ b/hosts/Infini-DL360/ssh.nix @@ -1,4 +1,9 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.services.openssh; @@ -63,7 +68,7 @@ in # https://enotacoes.wordpress.com/2021/10/05/limiting-user-to-sshfs-or-sftp-of-one-directory-only/ # https://github.com/NixOS/nixpkgs/blob/d603719ec6e294f034936c0d0dc06f689d91b6c3/nixos/modules/services/networking/ssh/sshd.nix#L663 - services.openssh.extraConfig = '' + services.openssh.extraConfig = lib.mkBefore '' XAuthLocation ${pkgs.xorg.xauth}/bin/xauth Match user infinidoge