machines: back: add restricted backup
user
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
b5fc45aacc
commit
a964cac3d5
|
@ -101,4 +101,18 @@
|
|||
device = "/dev/md0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
users.users.backup = {
|
||||
isNormalUser = true;
|
||||
uid = 2000;
|
||||
createHome = false;
|
||||
openssh.authorizedKeys.keys = let
|
||||
restrictCmd =
|
||||
''command="${pkgs.rrsync}/bin/rrsync -wo -no-del /tank/",restrict'';
|
||||
in [
|
||||
"${restrictCmd} ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO9LOBcl04ddGijyDSuUXH47Qt6TZISUDwDr1wrm+Ou tank.c8h4.io"
|
||||
];
|
||||
};
|
||||
|
||||
services.openssh.settings.AllowUsers = [ "backup" ];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue