From 60150bbe989f4303af2c48a001693d0f2159c11b Mon Sep 17 00:00:00 2001
From: fruchti <fruchti@gvfr.de>
Date: Thu, 23 Mar 2023 21:18:00 +0100
Subject: [PATCH] Burp server: Add user for SSH-tunnelling in

---
 hosts/burp-server.nix | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/hosts/burp-server.nix b/hosts/burp-server.nix
index 7e551ab..39c5502 100644
--- a/hosts/burp-server.nix
+++ b/hosts/burp-server.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 {
     services.burp.server = {
         enable = true;
@@ -27,4 +27,21 @@
             "Mon,Tue,Wed,Thu,Fri,Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23"
         ];
     };
+
+    # Used for other clients to open an SSH tunnel to the burp server
+    users.users.burp-remote = {
+        isNormalUser = false;
+        isSystemUser = true;
+        createHome = false;
+        group = "nogroup";
+        # A shell is necessary for the user to run `sleep`
+        shell = pkgs.bash;
+        openssh.authorizedKeys.keys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItwImll4vcrfRQZjf6zkEGJswpL9EdWRiibXtjis99J root@Emitter"
+        ];
+    };
+    services.openssh.extraConfig = ''
+        Match User burp-remote
+            ForceCommand ${pkgs.coreutils}/bin/sleep 10
+    '';
 }