X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fprivate%2Fpub%2Frestrict;fp=modules%2Fprivate%2Fpub%2Frestrict;h=0000000000000000000000000000000000000000;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=b2f3be369f1a60fb0efb56d7d04e8cdcc0a687c2;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/pub/restrict b/modules/private/pub/restrict
deleted file mode 100644
index b2f3be3..0000000
--- a/modules/private/pub/restrict
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-user="$1"
-rootuser="$HOME/$user/"
-mkdir -p $rootuser
-
-orig="$SSH_ORIGINAL_COMMAND"
-if [ -z "$orig" ]; then
-  orig="/bin/bash -l"
-fi
-if [ "${orig:0:7}" = "command" ]; then
-  orig="${orig:8}"
-fi
-
-case "$orig" in
-rsync*)
-        rrsync $HOME/$user/
-        ;;
-*)
-        nix_store_paths() {
-          nix-store -q -R \
-               /run/current-system/sw \
-               /etc/profiles/per-user/pub \
-               /etc/ssl/certs/ca-bundle.crt \
-               | while read i; do
-            printf '%s--ro-bind\0'$i'\0'$i'\0' ''
-          done
-        }
-
-        set -euo pipefail
-        (exec -c bwrap --ro-bind /usr /usr \
-              --args 10 \
-              --dir /tmp \
-              --dir /var \
-              --symlink ../tmp var/tmp \
-              --proc /proc \
-              --dev /dev \
-              --ro-bind /etc/resolv.conf /etc/resolv.conf \
-              --ro-bind /etc/zoneinfo /etc/zoneinfo \
-              --ro-bind /etc/ssl /etc/ssl \
-              --ro-bind /etc/static/ssl/certs /etc/static/ssl/certs \
-              --ro-bind /run/current-system/sw/lib/locale/locale-archive /etc/locale-archive \
-              --ro-bind /run/current-system/sw/bin /bin \
-              --ro-bind /etc/profiles/per-user/pub/bin /bin-pub \
-              --bind /var/lib/pub/$user /var/lib/pub \
-              --dir /var/lib/commons \
-              --ro-bind $TMUX_RESTRICT /var/lib/commons/tmux.restrict.conf \
-              --chdir /var/lib/pub \
-              --unshare-all \
-              --share-net \
-              --dir /run/user/$(id -u) \
-              --setenv TERM "$TERM" \
-              --setenv LOCALE_ARCHIVE "/etc/locale-archive" \
-              --setenv XDG_RUNTIME_DIR "/run/user/`id -u`" \
-              --setenv PS1 "$user@pub $ " \
-              --setenv PATH "/bin:/bin-pub" \
-              --setenv HOME "/var/lib/pub" \
-              --file 11 /etc/passwd \
-              --file 12 /etc/group \
-              -- $orig) \
-              10< <(nix_store_paths) \
-              11< <(getent passwd $UID 65534) \
-              12< <(getent group $(id -g) 65534)
-        ;;
-esac