Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: create the config files for ca config server the right way

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2025-04-28 10:54:03 +02:00
parent c8e3542fe8
commit e4eb5c80fc
1 changed files with 9 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

13
hosts/fw/modules/cloonar-assistant-config-server.nix
View file

@ -10,14 +10,13 @@
} }
]; ];
in { in {
imports = builtins.map create_users users;
environment.etc = { environment.etc = {
# our single user+key file # our single user+key file
"cloonar_assistant_ssh/sftp_users_keys" = { "cloonar_assistant_ssh/sftp_users_keys" = {
text = lib.concatStringsSep "\n" text = lib.concatStringsSep "\n"
(map (u: "${u.username} ${u.key}") users); (map (u: "${u.username} ${u.key}") users);
mode = "0600"; mode = "0600";
owner = "root"; user = "root";
group = "root"; group = "root";
}; };
@ -28,16 +27,22 @@ in {
awk -v u="$1" '$1==u { $1=""; sub(/^ +/, ""); print }' /etc/cloonar_assistant_ssh/sftp_users_keys awk -v u="$1" '$1==u { $1=""; sub(/^ +/, ""); print }' /etc/cloonar_assistant_ssh/sftp_users_keys
''; '';
mode = "0700"; mode = "0700";
owner = "root"; user = "root";
group = "root"; group = "root";
}; };
}; };
systemd.tmpfiles.rules = map (u:
# Type 'd' = create directory if missing
# Mode 0755, owner root:root
"d /home/cloonar-assistant-configs/${u.username} 0755 root root -"
) users;
services.openssh.extraConfig = '' services.openssh.extraConfig = ''
Match Exec "/bin/grep -qE '^%u[[:space:]]' /etc/cloonar_assistant_ssh/sftp_users_keys" Match Exec "/bin/grep -qE '^%u[[:space:]]' /etc/cloonar_assistant_ssh/sftp_users_keys"
X11Forwarding no X11Forwarding no
AllowTcpForwarding no AllowTcpForwarding no
ChrootDirectory %h ChrootDirectory /home/cloonar-assistant-configs/%u
ForceCommand internal-sftp ForceCommand internal-sftp
# ← only for those matched users: # ← only for those matched users: