3 files changed, 36 insertions, 1 deletions

diff --git a/config/default.nix b/config/default.nix
index 90f7dfe..db94c34 100644
--- a/config/default.nix
+++ b/config/default.nix
@@ -1,4 +1,5 @@
-{modulesPath, ...}: {
+{ modulesPath, ... }:
+{
   imports = [
     # (modulesPath + "/profiles/headless.nix")
     (modulesPath + "/profiles/minimal.nix")
@@ -7,6 +8,7 @@
     ./hardware
     ./networking.nix
     ./nix.nix
+    ./services
     ./storage.nix
     ./system.nix
     ./users.nix
diff --git a/config/services/default.nix b/config/services/default.nix
new file mode 100644
index 0000000..b0df600
--- /dev/null
+++ b/config/services/default.nix
@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  imports = [ ./git ];
+}
diff --git a/config/services/git/default.nix b/config/services/git/default.nix
new file mode 100644
index 0000000..fef2233
--- /dev/null
+++ b/config/services/git/default.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.git = {
+    isSystemUser = true;
+    group = "git";
+    createHome = true;
+    home = "/srv/git";
+    shell = "${pkgs.git}/bin/git-shell";
+    openssh.authorizedKeys.keys = config.users.users.qaristote.openssh.authorizedKeys.keys ++ [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT+jPcQhtBu4jxNAn54PV2TJ5krCfFnbXsR3OHk72l8 qaristote@dragonfly-g4"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDh2W0Nv76Nnw8TNysOkxVDZpnW0VEptq4u4Rask6zoO qaristote@optiplex-9030"
+    ];
+  };
+
+  users.groups.git = { };
+
+  services.openssh = {
+    extraConfig = ''
+      Match user git
+        AllowTcpForwarding no
+        AllowAgentForwarding no
+        PasswordAuthentication no
+        PermitTTY no
+        X11Forwarding no
+    '';
+  };
+}