From 39b6b1956c0b7edff70d2549dd9a6b84400d6dc6 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Fri, 15 Sep 2023 10:50:22 +1000
Subject: [PATCH] modules/shared/remote-builder: use `restrict` for ssh

---
 modules/shared/remote-builder.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/shared/remote-builder.nix b/modules/shared/remote-builder.nix
index a25f12e..fc57592 100644
--- a/modules/shared/remote-builder.nix
+++ b/modules/shared/remote-builder.nix
@@ -6,7 +6,7 @@ in
 {
   users.users.nix.openssh.authorizedKeys.keys = [
     # use nix-store for hydra which doesn't support ssh-ng
-    ''command="${config.nix.package}/bin/nix-store --serve --write",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${key}''
+    ''restrict,command="${config.nix.package}/bin/nix-store --serve --write" ${key}''
   ];
 
   nix.settings.trusted-users = [ "nix" ];