Add readonly user to rene box

hosts/seedbox/rene/configuration.nix

@@ -3,10 +3,12 @@ let
   utils = import ../../../util/include.nix { lib = lib; };
   imports =
     (utils.includeDir ./services) ++
+    (utils.includeDir ./storage_users) ++
     [
       ./hardware-configuration.nix
       ./networking.nix
       ./users.nix
+      ./sftp_jail.nix
     ];
 in
 {

hosts/seedbox/rene/hardware-configuration.nix

@@ -14,5 +14,12 @@
     fsType = "ext4";
   };
 
+  # Shared stuff
+  fileSystems."/sftp_jail/melic" = {
+    device = "/home/rene/shared";
+    options = [ "bind,ro" ];
+  };
+
+
   services.qemuGuest.enable = true;
 }

hosts/seedbox/rene/sftp_jail.nix

@@ -0,0 +1,10 @@
+{
+  services.openssh.extraConfig = ''
+    Match Group sftponly
+      ChrootDirectory /sftp_jail
+      ForceCommand internal-sftp
+      AllowTcpForwarding no
+  '';
+
+  users.groups.sftponly = {};
+}

hosts/seedbox/rene/storage_users/melic.nix

@@ -0,0 +1,12 @@
+{
+  users.users.melic = {
+    group = "sftponly";
+    isNormalUser = true;
+    home = "/sftp_jail/melic";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcJKdwwvygRMH/91brR++Fk7sP47wuB8zuTtx+1OZBL+ZyeSmyiwZFXU5WfhwEZndOG4XlLTvJwvgYTMEyvZqh9DuasLv7AqbMfTVkQx1RJOUuLBDLFcjVI5RvGJz1aFRY8Uu0lWll+Nd7Onl8qSDnfSe+mRXw7O90cJI+nELDITxrG5wZ1Onm/ApsaX3S8iPLT5o74hWzE6tKBQqbEcRJJs5snLhxeIXNpaHFN40tJr2MEaLjpdu+9EiKUoVhV8JyUWKHeJFinyAwCC7g7IWte8t43IwQrSfIA19r7+HAMi6bJk5++LBm8p4APSV+rw+tFOzSV+jkAvizTKTUGC/CHMBnq2R1FF+ilSmWSecu2XI4KmKeAD64o5YndXrb0VWCIcVZjphqp52lzk4YNA97xsA6l1VVdfbhKu95Z+HV8kLXW8Nf4d36RUrxgtFnO1MkIh+yO6+xeVak4Fizbu42g49QZe6i3pcCUvB73kHFFfprnSgKouK3/TN4YCIyDsk= melic@Erika"
+    ];
+  };
+}
+