nixremote: fix up perms

2023-11-23 01:44:27 +00:00 · 2023-11-23 01:44:27 +00:00 · f26b64c660
commit f26b64c660
parent 3ff9c0ad0c
1 changed files with 5 additions and 1 deletions
--- a/hosts/common/users/nixremote.nix
+++ b/hosts/common/users/nixremote.nix
@ -8,6 +8,10 @@
  users.users.nixremote = {
    isNormalUser = true;
    home = "/home/nixremote";
+    # remove write permissions everywhere in the home dir.
+    # combined with an ownership of root:nixremote, that means not even nixremote can write anything below this directory
+    # (in which case, i'm not actually sure why nixremote needs a home)
+    homeMode = "550";
    group = "nixremote";
    subUidRanges = [
      { startUid=300000; count=1; }
@ -24,7 +28,7 @@
    fs."/".dir.acl = {
      # don't allow the user to write anywhere
      user = "root";
-      group = "root";
+      group = "nixremote";
    };
  };
 }