summaryrefslogtreecommitdiffstats
path: root/2configs/bgt/download.binaergewitter.de.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2022-06-06 21:12:52 +0200
committermakefu <github@syntax-fehler.de>2022-06-06 21:13:01 +0200
commit3aeb1c334aa4a5f0890b5c7019d6fcb80aa47e54 (patch)
treebf8ff752bd01439f3983a1165b3920ad1f6f8d17 /2configs/bgt/download.binaergewitter.de.nix
parent76ced3914bdcc0fd4d025dacdc3db32275eb9b9f (diff)
ma bgt: move storedir to hetzner cloud, fix for old ssh client
Diffstat (limited to '2configs/bgt/download.binaergewitter.de.nix')
-rw-r--r--2configs/bgt/download.binaergewitter.de.nix15
1 files changed, 15 insertions, 0 deletions
diff --git a/2configs/bgt/download.binaergewitter.de.nix b/2configs/bgt/download.binaergewitter.de.nix
index 6ce0606a8..1cf21f213 100644
--- a/2configs/bgt/download.binaergewitter.de.nix
+++ b/2configs/bgt/download.binaergewitter.de.nix
@@ -5,22 +5,37 @@ let
ident = (builtins.readFile ./auphonic.pub);
bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
+
+ # TODO: only when the data is stored somewhere else
+ wwwdir = "/var/www/binaergewitter";
+ storedir = "/media/cloud/www/binaergewitter";
in {
+ fileSystems."${wwwdir}" = {
+ device = storedir;
+ options = [ "bind" ];
+ };
+
services.openssh = {
allowSFTP = true;
sftpFlags = [ "-l VERBOSE" ];
extraConfig = ''
+ HostkeyAlgorithms +ssh-rsa
+
Match User auphonic
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
PasswordAuthentication no
+ PubkeyAcceptedAlgorithms +ssh-rsa
+
'';
};
users.users.auphonic = {
uid = genid "auphonic";
group = "nginx";
+ # for storedir
+ extraGroups = [ "download" ];
useDefaultShell = true;
isSystemUser = true;
openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-13 03:50:11 +0000