felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-04 09:10:01 +01:00
Code Issues Projects Releases Wiki Activity

treewide: limit rsync pull target access to principal

Browse Source
This commit is contained in:
h7x4
2026-01-31 10:15:17 +09:00
parent c3ce6a40ea
commit 91de031896
8 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/bekkalokk/services/vaultwarden.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, lib, values, ... }:
let
cfg = config.services.vaultwarden;
domain = "pw.pvv.ntnu.no";
@@ -107,6 +107,7 @@ in {
rrsyncArgs.ro = true;
authorizedKeysAttrs = [
"restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding"
"no-port-forwarding"
"no-pty"