diff options
author | makefu <github@syntax-fehler.de> | 2022-06-06 21:12:52 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2022-06-06 21:13:01 +0200 |
commit | 3aeb1c334aa4a5f0890b5c7019d6fcb80aa47e54 (patch) | |
tree | bf8ff752bd01439f3983a1165b3920ad1f6f8d17 /2configs/bgt/download.binaergewitter.de.nix | |
parent | 76ced3914bdcc0fd4d025dacdc3db32275eb9b9f (diff) |
ma bgt: move storedir to hetzner cloud, fix for old ssh client
Diffstat (limited to '2configs/bgt/download.binaergewitter.de.nix')
-rw-r--r-- | 2configs/bgt/download.binaergewitter.de.nix | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/2configs/bgt/download.binaergewitter.de.nix b/2configs/bgt/download.binaergewitter.de.nix index 6ce0606a8..1cf21f213 100644 --- a/2configs/bgt/download.binaergewitter.de.nix +++ b/2configs/bgt/download.binaergewitter.de.nix @@ -5,22 +5,37 @@ let ident = (builtins.readFile ./auphonic.pub); bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; bgterror = "/var/spool/nginx/logs/binaergewitter.error.log"; + + # TODO: only when the data is stored somewhere else + wwwdir = "/var/www/binaergewitter"; + storedir = "/media/cloud/www/binaergewitter"; in { + fileSystems."${wwwdir}" = { + device = storedir; + options = [ "bind" ]; + }; + services.openssh = { allowSFTP = true; sftpFlags = [ "-l VERBOSE" ]; extraConfig = '' + HostkeyAlgorithms +ssh-rsa + Match User auphonic ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no PasswordAuthentication no + PubkeyAcceptedAlgorithms +ssh-rsa + ''; }; users.users.auphonic = { uid = genid "auphonic"; group = "nginx"; + # for storedir + extraGroups = [ "download" ]; useDefaultShell = true; isSystemUser = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; |