From 9491ee71c04d82ab026702d28c5f9ed67aba80d7 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 5 Dec 2017 23:20:26 +0100 Subject: Replace ftp with webdav --- custom/ymir-nginx.nix | 22 ++++++++++++++++++++++ ymir.nix | 41 ++++------------------------------------- 2 files changed, 26 insertions(+), 37 deletions(-) diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index a1de81c3..96633f00 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix @@ -184,6 +184,28 @@ in { proxy_pass http://bragi.asgard.yggdrasil/; } } + + server { + listen *:443 ssl; + listen [::]:443 ssl; + + server_name ~^webdav\.(yggdrasil\.li|141\.li|praseodym\.org)$; + + include ${acme}; + + location ~ ^/(.+?)(/.*)?$ { + alias /home/$1/webdav$2; + autoindex on; + + auth_basic "WebDAV user directory of $1"; + auth_basic_user_file /home/$1/webdav.htpasswd; + + client_body_temp_path /tmp/webdav.$1; + dav_methods PUT DELETE MKCOL COPY MOVE; + create_full_put_path on; + dav_access user:rw group:r all:r; + } + } ''; }; } diff --git a/ymir.nix b/ymir.nix index 0d7de78d..e940f8b6 100644 --- a/ymir.nix +++ b/ymir.nix @@ -14,10 +14,10 @@ let }; }; myDomains = [ "dirty-haskell.org" "www.dirty-haskell.org" "lists.dirty-haskell.org" "l.dirty-haskell.org" - "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li" + "webdav.141.li" "files.141.li" "f.141.li" "ymir.141.li" "141.li" "www.141.li" "lists.141.li" "l.141.li" "bragi.141.li" "ymir.xmpp.li" "xmpp.li" "www.xmpp.li" "lists.xmpp.li" "l.xmpp.li" "muc.xmpp.li" "proxy.xmpp.li" - "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li" - "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org" + "webdav.yggdrasil.li" "files.yggdrasil.li" "f.yggdrasil.li" "ymir.yggdrasil.li" "git.yggdrasil.li" "www.yggdrasil.li" "yggdrasil.li" "lists.yggdrasil.li" "l.yggdrasil.li" "bragi.yggdrasil.li" + "webdav.praseodym.org" "files.praseodym.org" "f.praseodym.org" "ymir.praseodym.org" "praseodym.org" "www.praseodym.org" "lists.praseodym.org" "l.praseodym.org" "git.rheperire.org" "api.rheperire.org" "www.rheperire.org" "rheperire.org" "ymir.kleen.li" "kleen.li" "www.kleen.li" "ymir.nights.email" "nights.email" "www.nights.email" @@ -140,8 +140,7 @@ in rec { firewall = { enable = true; allowPing = true; - allowedTCPPorts = [ 21 # ftp - 22 # ssh + allowedTCPPorts = [ 22 # ssh 25 # smtp 143 # imap 993 # imaps @@ -160,8 +159,6 @@ in rec { allowedUDPPorts = [ 64738 # murmur 53 # DNS ]; - allowedTCPPortRanges = [ { from = 20000; to = 21000; } # ftp - ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh ]; }; @@ -963,34 +960,4 @@ in rec { systemd.status-mail = { onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ]; }; - - services.vsftpd = { - enable = true; - forceLocalLoginsSSL = true; - forceLocalDataSSL = true; - localUsers = true; - writeEnable = true; - chrootlocalUser = true; - rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; - rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; - extraConfig = '' - pam_service_name=vsftpd - - port_enable=no - - pasv_enable=yes - pasv_max_port=21000 - pasv_min_port=20000 - - allow_writeable_chroot=yes - ''; - }; - - security.pam.services."vsftpd".text = '' - auth requisite pam_succeed_if.so user ingroup ftp - - auth include ftp - account include ftp - session include ftp - ''; } -- cgit v1.2.3