modules/shared/remote-builder: use restrict for ssh

2023-09-15 10:50:22 +10:00 · 2023-09-15 10:50:22 +10:00 · 39b6b1956c
commit 39b6b1956c
parent 0fe327bce4
1 changed files with 1 additions and 1 deletions
--- a/modules/shared/remote-builder.nix
+++ b/modules/shared/remote-builder.nix
@ -6,7 +6,7 @@ in
 {
  users.users.nix.openssh.authorizedKeys.keys = [
    # use nix-store for hydra which doesn't support ssh-ng
-    ''command="${config.nix.package}/bin/nix-store --serve --write",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${key}''
+    ''restrict,command="${config.nix.package}/bin/nix-store --serve --write" ${key}''
  ];

  nix.settings.trusted-users = [ "nix" ];