nixos: ssh: harden

author: quentin@aristote.fr <quentin@aristote.fr> 2026-01-17 18:34:56 +0100
committer: quentin@aristote.fr <quentin@aristote.fr> 2026-01-17 21:11:11 +0100
commit: 920d3342d55312937fed357f9abe165bb2aa281b (patch)
tree: d775b457dcb460ff8cc1ff190e8d968681ca330d /modules/nixos/personal/user.nix
parent: ff4ae77a1a2184586e4b6181edb06bd88ca1c55d (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/nixos/personal/user.nix b/modules/nixos/personal/user.nix
index ea0ce8c..630144a 100644
--- a/modules/nixos/personal/user.nix
+++ b/modules/nixos/personal/user.nix
@@ -32,6 +32,14 @@ in
         ];
       };
 
+      services.openssh.extraConfig = ''
+        Match user ${cfg.name}
+          AllowAgentForwarding yes
+          AllowTcpForwarding yes
+          PermitTTY yes
+          PermitUserRC yes
+      '';
+
       assertions =
         let
           missingArgAssertion = name: {
author	quentin@aristote.fr <quentin@aristote.fr>	2026-01-17 18:34:56 +0100
committer	quentin@aristote.fr <quentin@aristote.fr>	2026-01-17 21:11:11 +0100
commit	920d3342d55312937fed357f9abe165bb2aa281b (patch)
tree	d775b457dcb460ff8cc1ff190e8d968681ca330d /modules/nixos/personal/user.nix
parent	ff4ae77a1a2184586e4b6181edb06bd88ca1c55d (diff)