bento/fleet.nix

{
  lib,
  pkgs,
  ...
}: let
  create_users = host: {
    users.users."${host.username}" = {
      createHome = false;
      home = "/home/chroot/" + host.username;
      isNormalUser = false;
      isSystemUser = true;
      group = "sftp_users";
      openssh.authorizedKeys.keys = [host.key];
      shell = null;
    };
  };

  users = [
    {
      username = "router";
      key = "ssh-ed25519 AAAAC3NzaC2aZGI1OTE5AAAAOIOZKLFCZLM67viQXHYRjraE6WLfvETMkjjgSz0mxMzS root@router";
    }
  ];
in {
  imports = builtins.map create_users users;

  users.groups = {sftp_users = {};};

  services.openssh.extraConfig = ''
    Match Group sftp_users
      X11Forwarding no
      AllowTcpForwarding no
      ChrootDirectory %h
      ForceCommand internal-sftp
  '';
}
run alejandra on nix code 2022-09-04 22:42:02 +00:00			`{`
			`lib,`
			`pkgs,`
			`...`
			`}: let`
			`create_users = host: {`
			`users.users."${host.username}" = {`
			`createHome = false;`
			`home = "/home/chroot/" + host.username;`
			`isNormalUser = false;`
			`isSystemUser = true;`
			`group = "sftp_users";`
			`openssh.authorizedKeys.keys = [host.key];`
			`shell = null;`
			`};`
fleet: add the fleet library 2022-09-04 00:07:55 +00:00			`};`

			`users = [`
run alejandra on nix code 2022-09-04 22:42:02 +00:00			`{`
			`username = "router";`
			`key = "ssh-ed25519 AAAAC3NzaC2aZGI1OTE5AAAAOIOZKLFCZLM67viQXHYRjraE6WLfvETMkjjgSz0mxMzS root@router";`
			`}`
fleet: add the fleet library 2022-09-04 00:07:55 +00:00			`];`
run alejandra on nix code 2022-09-04 22:42:02 +00:00			`in {`
fleet: add the fleet library 2022-09-04 00:07:55 +00:00			`imports = builtins.map create_users users;`

run alejandra on nix code 2022-09-04 22:42:02 +00:00			`users.groups = {sftp_users = {};};`
fleet: add the fleet library 2022-09-04 00:07:55 +00:00
			`services.openssh.extraConfig = ''`
			`Match Group sftp_users`
			`X11Forwarding no`
			`AllowTcpForwarding no`
			`ChrootDirectory %h`
			`ForceCommand internal-sftp`
			`'';`
			`}`