summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2017-08-01 15:01:59 +0200
committermakefu <github@syntax-fehler.de>2017-08-01 15:01:59 +0200
commitf9811b2ea134d2a5e2dfa0afe8b55a717e601679 (patch)
treeeb51fb3f5f159bdafbf62503fa1db73619fe86ad
parent923570f0f75b569eb1bb675dc0d0f18243ad6387 (diff)
ma anon-ftp: init
-rw-r--r--makefu/2configs/share/anon-ftp.nix31
1 files changed, 31 insertions, 0 deletions
diff --git a/makefu/2configs/share/anon-ftp.nix b/makefu/2configs/share/anon-ftp.nix
new file mode 100644
index 000000000..471f22cba
--- /dev/null
+++ b/makefu/2configs/share/anon-ftp.nix
@@ -0,0 +1,31 @@
+{ config, lib, ... }:
+let
+ ftpdir = "/home/ftp";
+in {
+ networking.firewall = {
+ allowedTCPPorts = [ 20 21 ];
+ autoLoadConntrackHelpers = true;
+ connectionTrackingModules = [ "ftp" ];
+ extraCommands = ''
+ iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
+ '';
+ };
+ systemd.services.vsftpd.preStart = lib.mkForce ''
+ mkdir -p -m755 ${ftpdir}/incoming
+ chown root:root ${ftpdir}
+ chown ftp ${ftpdir}/incoming
+ '';
+ services.vsftpd = {
+ enable = true;
+ extraConfig = ''
+ ftpd_banner=Welcome to the krebs share, use the incoming dir for new and old leaks. Join freenode#krebs
+ '';
+ anonymousUser = true;
+ anonymousUserNoPassword = true;
+ anonymousUploadEnable = true;
+ anonymousMkdirEnable = true;
+ writeEnable = true;
+ chrootlocalUser = true;
+ anonymousUserHome = ftpdir;
+ };
+}