wip

features/filedrop.nix

@@ -0,0 +1,32 @@
+{
+  nixos = _: {
+    users.groups.filedrop = {
+      members = [ "matej" ];
+    };
+
+    users.users.filedrop = {
+      isSystemUser = true;
+      group = "filedrop";
+      home = "/home/filedrop";
+      shell = "/run/current-system/sw/bin/nologin";
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9R5UycluqUZBfK0X+l7JTUqnM/0GFFmVijKfj2cbE3 tilenmarc"
+      ];
+    };
+
+    # chroot dir must be root-owned; incoming is writable by filedrop
+    systemd.tmpfiles.rules = [
+      "d /home/filedrop 0755 root root -"
+      "d /home/filedrop/incoming 0775 filedrop filedrop -"
+      "L /home/matej/filedrop - - - - /home/filedrop/incoming"
+    ];
+
+    services.openssh.extraConfig = ''
+      Match User filedrop
+        ForceCommand internal-sftp
+        ChrootDirectory /home/filedrop
+        AllowTcpForwarding no
+        X11Forwarding no
+    '';
+  };
+}

features/gaming.nix

@@ -1,12 +1,14 @@
 {
-  nixos = {pkgs, ...} : {
+  nixos =
-    programs.steam = {
+    { pkgs, ... }:
-      enable = true;
+    {
-      remotePlay.openFirewall = true;
+      programs.steam = {
-      dedicatedServer.openFirewall = true;
+        enable = true;
-      localNetworkGameTransfers.openFirewall = true;
+        remotePlay.openFirewall = true;
-    };
+        dedicatedServer.openFirewall = true;
+        localNetworkGameTransfers.openFirewall = true;
+      };
 
-    environment.systemPackages = [ pkgs.prismlauncher ];
+      environment.systemPackages = [ pkgs.prismlauncher ];
-  };
+    };
 }

flake/hosts.nix

@@ -96,6 +96,7 @@ in
         "shell"
         "tailscale"
         "remote-base"
+        "filedrop"
       ];
     };