From b918d81d050eed7f9c4a556541ecceb6c095dd70 Mon Sep 17 00:00:00 2001
From: "Ricardo (XenGi) Band" <email@ricardo.band>
Date: Fri, 13 Feb 2026 18:18:30 +0100
Subject: [PATCH] add nginx and ssh config

---
 hosts/www/default.nix |  2 ++
 hosts/www/ssh.nix     | 16 ++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 hosts/www/ssh.nix

diff --git a/hosts/www/default.nix b/hosts/www/default.nix
index 342b7fa..d2ffd0c 100644
--- a/hosts/www/default.nix
+++ b/hosts/www/default.nix
@@ -5,6 +5,8 @@
     ../common.nix
     ../../services/openssh.nix
     ../../services/nginx.nix
+    ./nginx.nix
+    ./ssh.nix
   ];
 
   networking = {
diff --git a/hosts/www/ssh.nix b/hosts/www/ssh.nix
new file mode 100644
index 0000000..0ea5426
--- /dev/null
+++ b/hosts/www/ssh.nix
@@ -0,0 +1,16 @@
+{ pkgs, ... }:
+
+{
+  users.users.deploy = {
+    description = "deploys static websites from forgejo";
+    shell = pkgs.nologin;
+    packages = [
+      pkgs.rsync
+    ];
+    openssh.authorizedKeys.keys = [
+      "command='rsync --server --daemon . /srv/http/www/',restrict ssh-ed25519 AAAAB3NzaC1yc2EAAAADAQABAAABAQCy... git.berlin.ccc.de/cccb/www"
+    ];
+    #extraGroups = ["nginx"];
+  };
+}
+