felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-04 17:20:02 +01:00
Code Issues Projects Releases Wiki Activity

treewide: limit rsync pull target access to principal

Browse Source
This commit is contained in:
h7x4
2026-01-31 10:15:17 +09:00
parent c3ce6a40ea
commit 91de031896
8 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/bicep/services/mysql/backup.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, values, ... }:
let
cfg = config.services.mysql;
backupDir = "/data/mysql-backups";
@@ -22,6 +22,7 @@ in
rrsyncArgs.ro = true;
authorizedKeysAttrs = [
"restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding"
"no-port-forwarding"
"no-pty"