rpqt/flocon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

restrict nix remote builder ssh to nix daemon

Browse Source 
Snippet taken from SrvOS
This commit is contained in:
Romain Paquet
2025-10-01 19:36:53 +02:00
parent f2cf7d36de
commit 1cc8b6b70a
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/remote-builder.nix
View File

@@ -39,7 +39,9 @@ in
isSystemUser = true; isSystemUser = true;
group = cfg.group; group = cfg.group;
useDefaultShell = true; useDefaultShell = true;
openssh.authorizedKeys.keys = cfg.authorizedKeys; openssh.authorizedKeys.keys = map (
key: ''restrict,command="nix-daemon --stdio" ${key}''
) cfg.authorizedKeys;
}; };
users.groups.${cfg.user} = { }; users.groups.${cfg.user} = { };