23 lines
836 B
Nix
23 lines
836 B
Nix
{ pkgs, ... }:
|
|
|
|
{
|
|
users = {
|
|
users.deploy = {
|
|
description = "deploys static websites from forgejo";
|
|
shell = pkgs.dash; # gets restricted by authorized_keys
|
|
isSystemUser = true;
|
|
group = "deploy";
|
|
openssh.authorizedKeys.keys = [
|
|
"command=\"${pkgs.rsync}/bin/rsync --server -vlogDtpre.iLsfxCIvu . /srv/http/www/\",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM35LG+xuDaoHQ2bYD4eRc3P6Cl3JVYntoP5Gu9R+mZC deploy@www.berlin.ccc.de production"
|
|
"command=\"${pkgs.rsync}/bin/rsync --server -vlogDtpre.iLsfxCIvu . /srv/http/www-staging/\",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjjLtnGf7w5D/ON+P2HpMZ5HA2fWp5YSQMGMuu5CjUt deploy@www.berlin.ccc.de staging"
|
|
];
|
|
};
|
|
groups.deploy = {};
|
|
};
|
|
|
|
services.openssh.extraConfig = ''
|
|
Match User deploy
|
|
Banner none
|
|
'';
|
|
}
|
|
|