nethack container

systems/ful/configuration.nix

@@ -15,6 +15,7 @@ in {
     ./go-webring.nix
     ./gemini.nix
     ./wallabag.nix
+    ./nethack.nix
     ../../configs/monitoring.nix
     ../../configs/mycelium.nix
     ../../configs/tor.nix

systems/ful/nethack.nix

@@ -0,0 +1,60 @@
+{
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  containers.nethack = {
+    autoStart = true;
+
+    forwardPorts = [
+      {
+        containerPort = 22;
+        hostPort = 22;
+      }
+    ];
+
+    config =
+      { pkgs, ... }:
+      {
+        system.stateVersion = "25.11";
+
+        networking.hostName = "nethack";
+        services.openssh.enable = true;
+
+        environment.systemPackages = [ pkgs.nethack ];
+
+        programs.tmux.enable = true;
+        programs.tmux.extraConfig = ''
+          set -g mouse on
+          set -g allow-rename off
+          set -g detach-on-destroy off
+
+          unbind-key C-b
+          set -g prefix None
+        '';
+
+        users.users.nethack = {
+          isNormalUser = true;
+          home = "/home/nethack";
+          createHome = true;
+          shell = pkgs.bash;
+          openssh.authorizedKeys.keys = [
+            "ssh-ed25519 AAAA...yourkey"
+            "ssh-ed25519 AAAA...friendkey"
+          ];
+        };
+
+        services.openssh.settings = {
+          PasswordAuthentication = false;
+          PermitRootLogin = "no";
+        };
+
+        services.openssh.extraConfig = ''
+          Match User nethack
+            ForceCommand ${pkgs.tmux}/bin/tmux attach -t nethack || \
+                         ${pkgs.tmux}/bin/tmux new -s nethack ${pkgs.nethack}/bin/nethack
+            AllowTcpForwarding no
+            X11Forwarding no
+            PermitTTY yes
+        '';
+      };
+  };
+}