From 9bd8491456db17d48639a11d2868632dd084ebc0 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Sun, 4 Sep 2016 19:26:25 +0200
Subject: media on hel

---
 hel.nix | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

(limited to 'hel.nix')

diff --git a/hel.nix b/hel.nix
index aa276f8f..533a6bc0 100644
--- a/hel.nix
+++ b/hel.nix
@@ -99,7 +99,17 @@
       HandleSuspendKey=sleep
     '';
 
-    openssh.enable = true;
+    openssh = {
+      enable = true;
+      extraConfig = ''
+        Match User media
+          ForceCommand ${pkgs.openssh}/libexec/sftp-server
+          PermitTTY no
+          AllowPortForwarding no
+          AllowX11Forwarding no
+          AllowAgentForwarding no
+      '';
+    };
 
     xserver = {
       enable = true;
@@ -238,10 +248,19 @@
   
     extraUsers.root = { inherit (import ./users/gkleen.nix) shell hashedPassword; };
 
+    extraUsers.media = {
+      group = "media";
+      home = "/var/media";
+      isSystemUser = true;
+      openssh.authorizedKeys.keyFiles = [
+        users/keys/gkleen-media@hel.pub
+      ];
+    };
+
     extraGroups = {
       network = {};
       media = {
-        members = [ "gkleen" "uucp" ];
+        members = [ "gkleen" "uucp" "media" ];
       };
       networkmanager = {
         members = [ "gkleen" ];
-- 
cgit v1.2.3