diff options
author | Kjetil Ørbekk <kj@orbekk.com> | 2018-08-23 19:51:28 -0400 |
---|---|---|
committer | Kjetil Ørbekk <kj@orbekk.com> | 2018-08-23 19:51:28 -0400 |
commit | ec8751941bbc81ad5b8512086a8f95f09611dbe2 (patch) | |
tree | a9d47c8a5d7f5ceab0803e43b57027f5ac611f60 /machines/dragon.nix | |
parent | f12affb4f352b5bb8911d69a2d70ddb1660a2b93 (diff) |
Add readonly user
Diffstat (limited to 'machines/dragon.nix')
-rw-r--r-- | machines/dragon.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/machines/dragon.nix b/machines/dragon.nix index d6b72ec..0fa5559 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -139,10 +139,16 @@ in # XXX: temorary hack because of an accidental upgrade. systemd.services.lxd.serviceConfig.ExecStart = lib.mkForce "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd"; + # Required to enable password authentication for one user. + security.pam.services.sshd.unixAuth = lib.mkForce true; services = { openssh = { enable = lib.mkDefault true; passwordAuthentication = false; + extraConfig = '' + Match User readonly + PasswordAuthentication yes + ''; }; }; |