ma anon-ftp: init

author: makefu <github@syntax-fehler.de> 2017-08-01 15:01:59 +0200
committer: makefu <github@syntax-fehler.de> 2017-08-01 15:01:59 +0200
commit: 0e216ad6375e4c3f59b4e0a4c0e4fdf485893d10 (patch)
tree: f01a67d5e0c77b2258ffdf2c4a36df403cc0e95c /2configs/share/anon-ftp.nix
parent: 0349ae613c2dce2e65bf39bd018fdb0361a4a994 (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/2configs/share/anon-ftp.nix b/2configs/share/anon-ftp.nix
new file mode 100644
index 000000000..471f22cba
--- /dev/null
+++ b/2configs/share/anon-ftp.nix
@@ -0,0 +1,31 @@
+{ config, lib, ... }:
+let
+  ftpdir = "/home/ftp";
+in {
+  networking.firewall = {
+    allowedTCPPorts = [ 20 21 ];
+    autoLoadConntrackHelpers = true;
+    connectionTrackingModules = [ "ftp" ];
+    extraCommands = ''
+      iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
+    '';
+  };
+  systemd.services.vsftpd.preStart = lib.mkForce ''
+    mkdir -p -m755 ${ftpdir}/incoming
+    chown root:root ${ftpdir}
+    chown ftp ${ftpdir}/incoming
+  '';
+  services.vsftpd = {
+    enable = true;
+    extraConfig = ''
+      ftpd_banner=Welcome to the krebs share, use the incoming dir for new and old leaks. Join freenode#krebs
+    '';
+    anonymousUser = true;
+    anonymousUserNoPassword = true;
+    anonymousUploadEnable = true;
+    anonymousMkdirEnable = true;
+    writeEnable = true;
+    chrootlocalUser = true;
+    anonymousUserHome = ftpdir;
+  };
+}
author	makefu <github@syntax-fehler.de>	2017-08-01 15:01:59 +0200
committer	makefu <github@syntax-fehler.de>	2017-08-01 15:01:59 +0200
commit	0e216ad6375e4c3f59b4e0a4c0e4fdf485893d10 (patch)
tree	f01a67d5e0c77b2258ffdf2c4a36df403cc0e95c /2configs/share/anon-ftp.nix
parent	0349ae613c2dce2e65bf39bd018fdb0361a4a994 (diff)