1 files changed, 21 insertions, 2 deletions
diff --git a/hel.nix b/hel.nix
index aa276f8f..533a6bc0 100644
--- a/hel.nix
+++ b/hel.nix
@@ -99,7 +99,17 @@
      HandleSuspendKey=sleep
    '';
-    openssh.enable = true;
+    openssh = {
+      enable = true;
+      extraConfig = ''
+        Match User media
+          ForceCommand ${pkgs.openssh}/libexec/sftp-server
+          PermitTTY no
+          AllowPortForwarding no
+          AllowX11Forwarding no
+          AllowAgentForwarding no
+      '';
+    };
    xserver = {
      enable = true;
@@ -238,10 +248,19 @@
  
    extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; };
+    extraUsers.media = {
+      group = "media";
+      home = "/var/media";
+      isSystemUser = true;
+      openssh.authorizedKeys.keyFiles = [
+        users/keys/gkleen-media@hel.pub
+      ];
+    };
    extraGroups = {
      network = {};
      media = {
-        members = [ "gkleen" "uucp" ];
+        members = [ "gkleen" "uucp" "media" ];
      };
      networkmanager = {
        members = [ "gkleen" ];

diff --git a/hel.nix b/hel.nix index aa276f8f..533a6bc0 100644 --- a/hel.nix +++ b/hel.nix
@@ -99,7 +99,17 @@
99	HandleSuspendKey=sleep	99	HandleSuspendKey=sleep
100	'';	100	'';
101		101
102	openssh.enable = true;	102	openssh = {
		103	enable = true;
		104	extraConfig = ''
		105	Match User media
		106	ForceCommand ${pkgs.openssh}/libexec/sftp-server
		107	PermitTTY no
		108	AllowPortForwarding no
		109	AllowX11Forwarding no
		110	AllowAgentForwarding no
		111	'';
		112	};
103		113
104	xserver = {	114	xserver = {
105	enable = true;	115	enable = true;
@@ -238,10 +248,19 @@
238		248
239	extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; };	249	extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; };
240		250
		251	extraUsers.media = {
		252	group = "media";
		253	home = "/var/media";
		254	isSystemUser = true;
		255	openssh.authorizedKeys.keyFiles = [
		256	users/keys/gkleen-media@hel.pub
		257	];
		258	};
		259
241	extraGroups = {	260	extraGroups = {
242	network = {};	261	network = {};
243	media = {	262	media = {
244	members = [ "gkleen" "uucp" ];	263	members = [ "gkleen" "uucp" "media" ];
245	};	264	};
246	networkmanager = {	265	networkmanager = {
247	members = [ "gkleen" ];	266	members = [ "gkleen" ];