]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/sftp.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
aubergine: sftp: enable
[julm/julm-nix.git] / hosts / aubergine / sftp.nix
1 { lib, ... }:
2 let
3 sftpRoot = "/var/lib/sftp";
4 in
5 {
6 fileSystems."${sftpRoot}/films" = {
7 device = "/mnt/off3/julm/public/podcasts/films";
8 options = [ "bind" "ro" "nofail" ];
9 };
10 fileSystems."${sftpRoot}/camera" = {
11 device = "/mnt/off2/julm/perso/camera";
12 options = [ "bind" "ro" "nofail" ];
13 };
14 services.openssh.extraConfig = ''
15 Match User sevy
16 AllowAgentForwarding no
17 AllowTcpForwarding no
18 ChrootDirectory ${sftpRoot}
19 ForceCommand internal-sftp -u 0002
20 X11Forwarding no
21 '';
22 }
julm's NixOS and home-manager configs