1 files changed, 22 insertions, 1 deletions
diff --git a/hel.nix b/hel.nix
index 759441f7..bc2d520f 100644
--- a/hel.nix
+++ b/hel.nix
@@ -109,7 +109,7 @@
          AllowStreamLocalForwarding no
          X11Forwarding no
          AllowAgentForwarding no
-          ChrootDirectory %h
+          ChrootDirectory /run/%u
          AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
      '';
    };
@@ -353,5 +353,26 @@
  virtualisation.virtualbox.host = {
    enable = true;
  };
+  systemd.automounts = [
+    { enable = true;
+      where = "/run/media";
+      automountConfig = {
+        DirectoryMode = "700";
+      };
+    }
+  ];
+  systemd.mounts = [
+    { enable = true;
+      where = "/run/media";
+      what = "/var/media";
+      type = "none";
+      options = "bind";
+      mountConfig = {
+        DirectoryMode = "700";
+      };
+    }
+  ];
 }

diff --git a/hel.nix b/hel.nix index 759441f7..bc2d520f 100644 --- a/hel.nix +++ b/hel.nix
@@ -109,7 +109,7 @@
109	AllowStreamLocalForwarding no	109	AllowStreamLocalForwarding no
110	X11Forwarding no	110	X11Forwarding no
111	AllowAgentForwarding no	111	AllowAgentForwarding no
112	ChrootDirectory %h	112	ChrootDirectory /run/%u
113	AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u	113	AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
114	'';	114	'';
115	};	115	};
@@ -353,5 +353,26 @@
353	virtualisation.virtualbox.host = {	353	virtualisation.virtualbox.host = {
354	enable = true;	354	enable = true;
355	};	355	};
		356
		357	systemd.automounts = [
		358	{ enable = true;
		359	where = "/run/media";
		360	automountConfig = {
		361	DirectoryMode = "700";
		362	};
		363	}
		364	];
		365
		366	systemd.mounts = [
		367	{ enable = true;
		368	where = "/run/media";
		369	what = "/var/media";
		370	type = "none";
		371	options = "bind";
		372	mountConfig = {
		373	DirectoryMode = "700";
		374	};
		375	}
		376	];
356	}	377	}
357		378