limit deployerbot-follower to our vpn

2023-07-30 07:22:25 +03:00
parent 471a5b43c5
commit 36bbceac03
2 changed files with 5 additions and 1 deletions
--- a/modules/services/deployerbot/default.nix
+++ b/modules/services/deployerbot/default.nix
@@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
+  myData,
  ...
 }: {
  options.mj.services.deployerbot.main = with lib.types; {
@@ -95,7 +96,9 @@
            isSystemUser = true;
            createHome = true;
            uid = uidgid;
-            openssh.authorizedKeys.keys = [publicKey];
+            openssh.authorizedKeys.keys = let
+              restrictedPubKey = "from=\"${myData.tailscale_subnet.pattern}\" " + publicKey;
+            in [restrictedPubKey];
          };
        };
        users.groups.deployerbot-follower.gid = uidgid;