modules/shared/remote-builder: use restrict for ssh
This commit is contained in:
zowoq
parent
0fe327bce4
commit
39b6b1956c
1 changed files with 1 additions and 1 deletions
|
|
@ -6,7 +6,7 @@ in
|
||||||
{
|
{
|
||||||
users.users.nix.openssh.authorizedKeys.keys = [
|
users.users.nix.openssh.authorizedKeys.keys = [
|
||||||
# use nix-store for hydra which doesn't support ssh-ng
|
# use nix-store for hydra which doesn't support ssh-ng
|
||||||
''command="${config.nix.package}/bin/nix-store --serve --write",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${key}''
|
''restrict,command="${config.nix.package}/bin/nix-store --serve --write" ${key}''
|
||||||
];
|
];
|
||||||
|
|
||||||
nix.settings.trusted-users = [ "nix" ];
|
nix.settings.trusted-users = [ "nix" ];
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue