diff options
Diffstat (limited to 'config/services')
| -rw-r--r-- | config/services/default.nix | 9 | ||||
| -rw-r--r-- | config/services/sshproxy/default.nix | 27 |
2 files changed, 34 insertions, 2 deletions
diff --git a/config/services/default.nix b/config/services/default.nix index 5cabb7a..52a7784 100644 --- a/config/services/default.nix +++ b/config/services/default.nix @@ -1,3 +1,8 @@ -{...}: { - imports = [./mesh ./web]; +{ ... }: +{ + imports = [ + ./mesh + ./sshproxy + ./web + ]; } diff --git a/config/services/sshproxy/default.nix b/config/services/sshproxy/default.nix new file mode 100644 index 0000000..7bfbc62 --- /dev/null +++ b/config/services/sshproxy/default.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: +{ + users.users.sshjump = { + shell = "${pkgs.coreutils}/bin/true"; + isSystemUser = true; + group = "sshjump"; + openssh.authorizedKeys.keys = with config.personal.lib.publicKeys.ssh; [ + latitude-7490 + precision-3571 + dragonfly-g4 + optiplex-9030 + ]; + }; + + users.groups.sshjump = { }; + + services.openssh.extraConfig = '' + Match user sshjump + AllowTcpForwarding yes + AllowAgentForwarding yes + PasswordAuthentication no + PermitTunnel no + GatewayPorts no + PermitTTY no + X11Forwarding no + ''; +} |