58 lines
1.2 KiB
Nix
58 lines
1.2 KiB
Nix
{ pkgs, lib, ... }:
|
|
{
|
|
name = "media";
|
|
config = {
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [ 22 ];
|
|
settings = {
|
|
AllowUsers = [ "media" "guest" ];
|
|
};
|
|
extraConfig = ''
|
|
Match Group media
|
|
ChrootDirectory /media
|
|
ForceCommand internal-sftp
|
|
AllowTcpForwarding no
|
|
X11Forwarding no
|
|
'';
|
|
};
|
|
users.users.media = {
|
|
isSystemUser = true;
|
|
group = "media";
|
|
openssh.authorizedKeys.keyFiles = [ ../secrets/id_ed25519.pub ];
|
|
};
|
|
users.users.guest = {
|
|
isSystemUser = true;
|
|
group = "media";
|
|
hashedPassword = pkgs.lib.removeSuffix "\n"
|
|
(builtins.readFile ../secrets/guest_password);
|
|
};
|
|
users.groups.media = {};
|
|
systemd.tmpfiles.settings.media-dir =
|
|
let mode = {
|
|
group = "media";
|
|
mode = "0750";
|
|
user = "media";
|
|
}; in {
|
|
"/media/series".d = mode;
|
|
"/media/movies".d = mode;
|
|
"/media/music".d = mode;
|
|
};
|
|
};
|
|
ports = {
|
|
tcp = [ ];
|
|
udp = [ ];
|
|
http = null;
|
|
forward = [
|
|
{ container = 22; host = 2222; proto = "tcp"; }
|
|
];
|
|
};
|
|
hosts = [];
|
|
volumes = [{
|
|
name = "media";
|
|
mountPoint = "/media/";
|
|
readOnly = false;
|
|
backup = false;
|
|
}];
|
|
}
|