19 lines
972 B
Nix
19 lines
972 B
Nix
{ pkgs, lib, ... }:
|
|
{
|
|
users.users.backup = {
|
|
shell = pkgs.bash;
|
|
isNormalUser = true;
|
|
openssh.authorizedKeys.keys = [
|
|
"restrict,command=\"/run/wrappers/bin/rrsync -ro /\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx"
|
|
];
|
|
};
|
|
|
|
security.wrappers.rrsync = {
|
|
source = "${pkgs.rrsync.out}/bin/rrsync";
|
|
owner = "backup";
|
|
group = "users";
|
|
permissions = "u=rwx,g=,o=";
|
|
capabilities = "cap_dac_read_search=+ep";
|
|
};
|
|
}
|