Add readonly user

author: Kjetil Ørbekk <kj@orbekk.com> 2018-08-23 19:51:28 -0400
committer: Kjetil Ørbekk <kj@orbekk.com> 2018-08-23 19:51:28 -0400
commit: ec8751941bbc81ad5b8512086a8f95f09611dbe2 (patch)
tree: a9d47c8a5d7f5ceab0803e43b57027f5ac611f60 /machines
parent: f12affb4f352b5bb8911d69a2d70ddb1660a2b93 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/machines/dragon.nix b/machines/dragon.nix
index d6b72ec..0fa5559 100644
--- a/machines/dragon.nix
+++ b/machines/dragon.nix
@@ -139,10 +139,16 @@ in
   # XXX: temorary hack because of an accidental upgrade.
   systemd.services.lxd.serviceConfig.ExecStart = lib.mkForce "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd";
 
+  # Required to enable password authentication for one user.
+  security.pam.services.sshd.unixAuth = lib.mkForce true;
   services = {
     openssh = {
       enable = lib.mkDefault true;
       passwordAuthentication = false;
+      extraConfig = ''
+        Match User readonly
+	PasswordAuthentication yes
+      '';
     };
   };
author	Kjetil Ørbekk <kj@orbekk.com>	2018-08-23 19:51:28 -0400
committer	Kjetil Ørbekk <kj@orbekk.com>	2018-08-23 19:51:28 -0400
commit	ec8751941bbc81ad5b8512086a8f95f09611dbe2 (patch)
tree	a9d47c8a5d7f5ceab0803e43b57027f5ac611f60 /machines
parent	f12affb4f352b5bb8911d69a2d70ddb1660a2b93 (diff)