Replace ftp with webdav

author: Gregor Kleen <gkleen@yggdrasil.li> 2017-12-05 23:20:26 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2017-12-05 23:20:26 +0100
commit: 9491ee71c04d82ab026702d28c5f9ed67aba80d7 (patch)
tree: 9e164a60f75a4d2c353aef8d9fc61d1ebc597883 /ymir.nix
parent: 2335c598e73034738cdfb12e885589d890f6ee16 (diff)
download: nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.tar
nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.tar.gz
nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.tar.bz2
nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.tar.xz
nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.zip
1 files changed, 4 insertions, 37 deletions
diff --git a/ymir.nix b/ymir.nix
index 0d7de78d..e940f8b6 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -14,10 +14,10 @@ let
    };
  };
  myDomains = [ "dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org"
-                "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li"
+                "webdav.141.li" "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li"
                "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "muc.xmpp.li" "proxy.xmpp.li"
-                "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li"
+                "webdav.yggdrasil.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li"
-                "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"
+                "webdav.praseodym.org" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"
                "git.rheperire.org" "api.rheperire.org" "www.rheperire.org" "rheperire.org"
                "ymir.kleen.li" "kleen.li" "www.kleen.li"
                "ymir.nights.email" "nights.email" "www.nights.email"
@@ -140,8 +140,7 @@ in rec {
    firewall = {
      enable = true;
      allowPing = true;
-      allowedTCPPorts = [ 21 # ftp
+      allowedTCPPorts = [ 22 # ssh
-                          22 # ssh
                          25 # smtp
                          143 # imap
                          993 # imaps
@@ -160,8 +159,6 @@ in rec {
      allowedUDPPorts = [ 64738 # murmur
                          53 # DNS
                        ];
-      allowedTCPPortRanges = [ { from = 20000; to = 21000; } # ftp
-                             ];
      allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
                             ];
    };
@@ -963,34 +960,4 @@ in rec {
  systemd.status-mail = {
    onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];
  };
-  services.vsftpd = {
-    enable = true;
-    forceLocalLoginsSSL = true;
-    forceLocalDataSSL = true;
-    localUsers = true;
-    writeEnable = true;
-    chrootlocalUser = true;
-    rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
-    rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-    extraConfig = ''
-      pam_service_name=vsftpd
-      port_enable=no
-      pasv_enable=yes
-      pasv_max_port=21000
-      pasv_min_port=20000
-      allow_writeable_chroot=yes
-    '';
-  };
-  security.pam.services."vsftpd".text = ''
-    auth requisite  pam_succeed_if.so user ingroup ftp
-    auth include ftp
-    account include ftp
-    session include ftp
-  '';
 }
author	Gregor Kleen <gkleen@yggdrasil.li>	2017-12-05 23:20:26 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2017-12-05 23:20:26 +0100
commit	9491ee71c04d82ab026702d28c5f9ed67aba80d7 (patch)
tree	9e164a60f75a4d2c353aef8d9fc61d1ebc597883 /ymir.nix
parent	2335c598e73034738cdfb12e885589d890f6ee16 (diff)
download	nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.tar nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.tar.gz nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.tar.bz2 nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.tar.xz nixos-9491ee71c04d82ab026702d28c5f9ed67aba80d7.zip

diff --git a/ymir.nix b/ymir.nix index 0d7de78d..e940f8b6 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -14,10 +14,10 @@ let
14	};	14	};
15	};	15	};
16	myDomains = [ "dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org"	16	myDomains = [ "dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org"
17	"files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li"	17	"webdav.141.li" "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li"
18	"ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "muc.xmpp.li" "proxy.xmpp.li"	18	"ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "muc.xmpp.li" "proxy.xmpp.li"
19	"files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li"	19	"webdav.yggdrasil.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li"
20	"files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"	20	"webdav.praseodym.org" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"
21	"git.rheperire.org" "api.rheperire.org" "www.rheperire.org" "rheperire.org"	21	"git.rheperire.org" "api.rheperire.org" "www.rheperire.org" "rheperire.org"
22	"ymir.kleen.li" "kleen.li" "www.kleen.li"	22	"ymir.kleen.li" "kleen.li" "www.kleen.li"
23	"ymir.nights.email" "nights.email" "www.nights.email"	23	"ymir.nights.email" "nights.email" "www.nights.email"
@@ -140,8 +140,7 @@ in rec {
140	firewall = {	140	firewall = {
141	enable = true;	141	enable = true;
142	allowPing = true;	142	allowPing = true;
143	allowedTCPPorts = [ 21 # ftp	143	allowedTCPPorts = [ 22 # ssh
144	22 # ssh
145	25 # smtp	144	25 # smtp
146	143 # imap	145	143 # imap
147	993 # imaps	146	993 # imaps
@@ -160,8 +159,6 @@ in rec {
160	allowedUDPPorts = [ 64738 # murmur	159	allowedUDPPorts = [ 64738 # murmur
161	53 # DNS	160	53 # DNS
162	];	161	];
163	allowedTCPPortRanges = [ { from = 20000; to = 21000; } # ftp
164	];
165	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh	162	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
166	];	163	];
167	};	164	};
@@ -963,34 +960,4 @@ in rec {
963	systemd.status-mail = {	960	systemd.status-mail = {
964	onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];	961	onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];
965	};	962	};
966
967	services.vsftpd = {
968	enable = true;
969	forceLocalLoginsSSL = true;
970	forceLocalDataSSL = true;
971	localUsers = true;
972	writeEnable = true;
973	chrootlocalUser = true;
974	rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
975	rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
976	extraConfig = ''
977	pam_service_name=vsftpd
978
979	port_enable=no
980
981	pasv_enable=yes
982	pasv_max_port=21000
983	pasv_min_port=20000
984
985	allow_writeable_chroot=yes
986	'';
987	};
988
989	security.pam.services."vsftpd".text = ''
990	auth requisite pam_succeed_if.so user ingroup ftp
991
992	auth include ftp
993	account include ftp
994	session include ftp
995	'';
996	}	963	}