From ea8efc298d2cbcdcd160122863363185625aec93 Mon Sep 17 00:00:00 2001
From: Fugi <me@fugi.dev>
Date: Sun, 6 Oct 2024 23:09:22 +0200
Subject: [PATCH] add ese-deploy user

---
 modules/web/ese.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/web/ese.nix b/modules/web/ese.nix
index 95bd8d1..ce04ef2 100644
--- a/modules/web/ese.nix
+++ b/modules/web/ese.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
   domain = "ese.${config.networking.domain}";
   webRoot = "/srv/web/ese";
@@ -23,4 +23,12 @@ in
       };
     };
   };
+
+  users.users."ese-deploy" = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      ''command="${pkgs.rrsync}/bin/rrsync ${webRoot}",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWGdTdobZN2oSLsTQmHOahdc9vqyuwUBS0PSk5IQhGV''
+    ];
+  };
+
 }