diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2025-10-18 11:54:59 +0200 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2025-10-18 12:19:56 +0200 |
| commit | 494b4a0343f96a702e5c21348fb3a6eb9ffe99e6 (patch) | |
| tree | 560d6460149f9c084c86e74c915e19d67a20ca81 /config/services/sshproxy | |
| parent | 1c4d7e84843a35684c8974a521a58842b97f0e13 (diff) | |
Diffstat (limited to 'config/services/sshproxy')
| -rw-r--r-- | config/services/sshproxy/default.nix | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/config/services/sshproxy/default.nix b/config/services/sshproxy/default.nix new file mode 100644 index 0000000..7bfbc62 --- /dev/null +++ b/config/services/sshproxy/default.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: +{ + users.users.sshjump = { + shell = "${pkgs.coreutils}/bin/true"; + isSystemUser = true; + group = "sshjump"; + openssh.authorizedKeys.keys = with config.personal.lib.publicKeys.ssh; [ + latitude-7490 + precision-3571 + dragonfly-g4 + optiplex-9030 + ]; + }; + + users.groups.sshjump = { }; + + services.openssh.extraConfig = '' + Match user sshjump + AllowTcpForwarding yes + AllowAgentForwarding yes + PasswordAuthentication no + PermitTunnel no + GatewayPorts no + PermitTTY no + X11Forwarding no + ''; +} |