restrict nix remote builder ssh to nix daemon
Snippet taken from SrvOS
This commit is contained in:
parent
f2cf7d36de
commit
1cc8b6b70a
1 changed files with 3 additions and 1 deletions
|
|
@ -39,7 +39,9 @@ in
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
openssh.authorizedKeys.keys = cfg.authorizedKeys;
|
openssh.authorizedKeys.keys = map (
|
||||||
|
key: ''restrict,command="nix-daemon --stdio" ${key}''
|
||||||
|
) cfg.authorizedKeys;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups.${cfg.user} = { };
|
users.groups.${cfg.user} = { };
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue