From 976e692d0def820fe5a12eb918142ebeee4188ac Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 5 Dec 2017 22:31:27 +0100
Subject: vsftp pasv

---
 ymir.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index 2319fcfc..f3eea658 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -160,6 +160,8 @@ in rec {
       allowedUDPPorts = [ 64738 # murmur
                           53 # DNS
                         ];
+      allowedTCPPortRanges = [ { from = 20000; to = 21000; } # ftp
+                             ];
       allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
                              ];
     };
@@ -973,6 +975,10 @@ in rec {
     rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
     extraConfig = ''
       pam_service_name=vsftpd
+
+      pasv_enable=true
+      pasv_max_port=20000
+      pasv_min_port=21000
     '';
   };
 
-- 
cgit v1.2.3