xengi/infra
0
1
Fork 0
Code Pull requests Activity Actions

fix www

Browse source
This commit is contained in:
XenGi 2026-02-17 23:56:46 +01:00
parent 0f0d8c43c8
commit b5b1dbf3fe
Signed by: xengi
SSH key fingerprint: SHA256:jxWM2RTHvxxcncXycwwWkP7HCWb4VREN05UGJTbIPZg
1 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

15
hosts/www/openssh.nix
View file

@ -4,19 +4,20 @@
users = { users = {
users.deploy = { users.deploy = {
description = "deploys static websites from forgejo"; description = "deploys static websites from forgejo";
shell = "/run/current-system/sw/bin/nologin"; shell = pkgs.dash; # gets restricted by authorized_keys
isSystemUser = true; isSystemUser = true;
group = "deploy"; group = "deploy";
packages = [
pkgs.rsync
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
#"command='rsync --server --daemon . /srv/http/www/',restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtN5miFqjb585xuM89PXo3yxtY7WS159BvYS26HbZxC git.berlin.ccc.de/cccb/www" "command=\"${pkgs.rsync}/bin/rsync --server -vlogDtpre.iLsfxCIvu . /srv/http/www/\",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM35LG+xuDaoHQ2bYD4eRc3P6Cl3JVYntoP5Gu9R+mZC deploy@www.berlin.ccc.de production"
"command='rsync --server --daemon . /srv/http/www-staging/',restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtN5miFqjb585xuM89PXo3yxtY7WS159BvYS26HbZxC git.berlin.ccc.de/cccb/www" "command=\"${pkgs.rsync}/bin/rsync --server -vlogDtpre.iLsfxCIvu . /srv/http/www-staging/\",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjjLtnGf7w5D/ON+P2HpMZ5HA2fWp5YSQMGMuu5CjUt deploy@www.berlin.ccc.de staging"
]; ];
#extraGroups = ["nginx"];
}; };
groups.deploy = {}; groups.deploy = {};
}; };
services.openssh.extraConfig = ''
Match User deploy
Banner none
'';
} }