2 files changed, 41 insertions, 10 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index a1de81c3..dcee84fa 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -175,8 +175,6 @@ in {
        listen [::]:443 ssl;
        server_name ~^(.*\.)?bragi\.(yggdrasil\.li|141\.li)$;
-        include ${acme};
        location / {
          auth_basic "Reverse proxy to bragi";
          auth_basic_user_file /srv/www/bragi/htpasswd;
@@ -184,6 +182,39 @@ in {
          proxy_pass http://bragi.asgard.yggdrasil/;
        }
      }
+      server {
+        listen *:80;
+        listen [::]:80;
+        server_name ~^ftp\.(yggdrasil\.li|141\.li|praseodym\.org)$;
+        include ${acme};
+        location / {
+          return 301 https://$host$request_uri;
+        }
+      }
+      server {
+        listen *:443 ssl;
+        listen [::]:443 ssl;
+        server_name ~^ftp\.(yggdrasil\.li|141\.li|praseodym\.org)$;
+        client_body_temp_path /tmp/webdav;
+        location / {
+          root /srv/ftp/$remote_user;
+          autoindex on;
+        
+          auth_basic "FTP over WebDAV";
+          auth_basic_user_file /srv/ftp.htpasswd;
+          dav_methods PUT DELETE MKCOL COPY MOVE;
+          create_full_put_path on;
+          dav_access user:rw group:r all:r;
+        }
+      }
    '';
  };
 }
diff --git a/ymir.nix b/ymir.nix
index 3eb10d10..e73ae546 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -14,10 +14,10 @@ let
    };
  };
  myDomains = [ "dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org"
-                "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li"
+                "ftp.141.li" "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li"
                "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "muc.xmpp.li" "proxy.xmpp.li"
-                "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li"
+                "ftp.yggdrasil.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li"
-                "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"
+                "ftp.praseodym.org" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org"
                "git.rheperire.org" "api.rheperire.org" "www.rheperire.org" "rheperire.org"
                "ymir.kleen.li" "kleen.li" "www.kleen.li"
                "ymir.nights.email" "nights.email" "www.nights.email"
@@ -979,17 +979,17 @@ in rec {
  services.vsftpd = {
    enable = true;
-    # forceLocalLoginsSSL = true;
+    forceLocalLoginsSSL = true;
-    # forceLocalDataSSL = true;
+    forceLocalDataSSL = true;
    localUsers = true;
    writeEnable = true;
    chrootlocalUser = true;
-    # rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
+    rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
-    # rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
    extraConfig = ''
      local_umask=022
    
-      log_ftp_protocol=YES
+      log_ftp_protocol=NO
      xferlog_enable=YES
    
      pam_service_name=vsftpd