Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2017-08-01 18:05:53 +02:00
commit c5b90e82c8

View File

@ -0,0 +1,31 @@
{ config, lib, ... }:
let
ftpdir = "/home/ftp";
in {
networking.firewall = {
allowedTCPPorts = [ 20 21 ];
autoLoadConntrackHelpers = true;
connectionTrackingModules = [ "ftp" ];
extraCommands = ''
iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
'';
};
systemd.services.vsftpd.preStart = lib.mkForce ''
mkdir -p -m755 ${ftpdir}/incoming
chown root:root ${ftpdir}
chown ftp ${ftpdir}/incoming
'';
services.vsftpd = {
enable = true;
extraConfig = ''
ftpd_banner=Welcome to the krebs share, use the incoming dir for new and old leaks. Join freenode#krebs
'';
anonymousUser = true;
anonymousUserNoPassword = true;
anonymousUploadEnable = true;
anonymousMkdirEnable = true;
writeEnable = true;
chrootlocalUser = true;
anonymousUserHome = ftpdir;
};
}