config/modules/services/borgstor/default.nix
Motiejus Jakštys 70e5230611 system users: use /bin/sh
Just learned about "bash security issue" when reading about rrsync.
2023-09-23 22:46:14 +03:00

34 lines
836 B
Nix

{
config,
lib,
myData,
pkgs,
...
}: {
options.mj.services.borgstor = with lib.types; {
enable = lib.mkEnableOption "Enable borg storage user";
dataDir = lib.mkOption {type = path;};
sshKeys = lib.mkOption {type = listOf str;};
};
config = with config.mj.services.borgstor;
lib.mkIf enable {
users.users.borgstor = {
description = "Borg Storage";
home = dataDir;
shell = "/bin/sh";
group = "borgstor";
isSystemUser = true;
createHome = false;
uid = myData.uidgid.borgstor;
openssh.authorizedKeys.keys =
map (
k: "command=\"${pkgs.borgbackup}/bin/borg serve --restrict-to-path ${dataDir}\",restrict ${k}"
)
sshKeys;
};
users.groups.borgstor.gid = myData.uidgid.borgstor;
};
}