Merge remote-tracking branch 'gum/master'

makefu/2configs/share/anon-ftp.nix

@@ -0,0 +1,31 @@
+{ config, lib, ... }:
+let
+  ftpdir = "/home/ftp";
+in {
+  networking.firewall = {
+    allowedTCPPorts = [ 20 21 ];
+    autoLoadConntrackHelpers = true;
+    connectionTrackingModules = [ "ftp" ];
+    extraCommands = ''
+      iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
+    '';
+  };
+  systemd.services.vsftpd.preStart = lib.mkForce ''
+    mkdir -p -m755 ${ftpdir}/incoming
+    chown root:root ${ftpdir}
+    chown ftp ${ftpdir}/incoming
+  '';
+  services.vsftpd = {
+    enable = true;
+    extraConfig = ''
+      ftpd_banner=Welcome to the krebs share, use the incoming dir for new and old leaks. Join freenode#krebs
+    '';
+    anonymousUser = true;
+    anonymousUserNoPassword = true;
+    anonymousUploadEnable = true;
+    anonymousMkdirEnable = true;
+    writeEnable = true;
+    chrootlocalUser = true;
+    anonymousUserHome = ftpdir;
+  };
+}