From 67693d4eb4d492811069c32e6ed4e57854163beb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 6 Jun 2022 21:12:52 +0200
Subject: ma bgt: move storedir to hetzner cloud, fix for old ssh client

---
 makefu/2configs/bgt/download.binaergewitter.de.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'makefu/2configs/bgt/download.binaergewitter.de.nix')

diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 6ce0606a..1cf21f21 100644
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -5,22 +5,37 @@ let
   ident = (builtins.readFile ./auphonic.pub);
   bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";
   bgterror = "/var/spool/nginx/logs/binaergewitter.error.log";
+
+  # TODO: only when the data is stored somewhere else
+  wwwdir = "/var/www/binaergewitter";
+  storedir = "/media/cloud/www/binaergewitter";
 in {
+  fileSystems."${wwwdir}" = {
+    device = storedir;
+    options = [ "bind" ];
+  };
+
   services.openssh = {
     allowSFTP = true;
     sftpFlags = [ "-l VERBOSE" ];
     extraConfig = ''
+      HostkeyAlgorithms +ssh-rsa
+
       Match User auphonic
         ForceCommand internal-sftp
         AllowTcpForwarding no
         X11Forwarding no
         PasswordAuthentication no
+        PubkeyAcceptedAlgorithms +ssh-rsa
+
     '';
   };
 
   users.users.auphonic = {
     uid = genid "auphonic";
     group = "nginx";
+    # for storedir
+    extraGroups = [ "download" ];
     useDefaultShell = true;
     isSystemUser = true;
     openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ];
-- 
cgit v1.2.3