33 lines
886 B
Nix
33 lines
886 B
Nix
{
|
|
nixos = _: {
|
|
users.groups.filedrop = {
|
|
members = [ "matej" ];
|
|
};
|
|
|
|
users.users.filedrop = {
|
|
isSystemUser = true;
|
|
group = "filedrop";
|
|
home = "/home/filedrop";
|
|
shell = "/run/current-system/sw/bin/nologin";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9R5UycluqUZBfK0X+l7JTUqnM/0GFFmVijKfj2cbE3 tilenmarc"
|
|
];
|
|
};
|
|
|
|
# chroot dir must be root-owned; incoming is writable by filedrop
|
|
systemd.tmpfiles.rules = [
|
|
"d /home/filedrop 0755 root root -"
|
|
"d /home/filedrop/incoming 0775 filedrop filedrop -"
|
|
"L /home/matej/filedrop - - - - /home/filedrop/incoming"
|
|
];
|
|
|
|
services.openssh.extraConfig = ''
|
|
Match User filedrop
|
|
ForceCommand internal-sftp
|
|
ChrootDirectory /home/filedrop
|
|
AllowTcpForwarding no
|
|
X11Forwarding no
|
|
'';
|
|
};
|
|
}
|