From f9811b2ea134d2a5e2dfa0afe8b55a717e601679 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 1 Aug 2017 15:01:59 +0200
Subject: ma anon-ftp: init

---
 makefu/2configs/share/anon-ftp.nix | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 makefu/2configs/share/anon-ftp.nix

(limited to 'makefu')

diff --git a/makefu/2configs/share/anon-ftp.nix b/makefu/2configs/share/anon-ftp.nix
new file mode 100644
index 000000000..471f22cba
--- /dev/null
+++ b/makefu/2configs/share/anon-ftp.nix
@@ -0,0 +1,31 @@
+{ config, lib, ... }:
+let
+  ftpdir = "/home/ftp";
+in {
+  networking.firewall = {
+    allowedTCPPorts = [ 20 21 ];
+    autoLoadConntrackHelpers = true;
+    connectionTrackingModules = [ "ftp" ];
+    extraCommands = ''
+      iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
+    '';
+  };
+  systemd.services.vsftpd.preStart = lib.mkForce ''
+    mkdir -p -m755 ${ftpdir}/incoming
+    chown root:root ${ftpdir}
+    chown ftp ${ftpdir}/incoming
+  '';
+  services.vsftpd = {
+    enable = true;
+    extraConfig = ''
+      ftpd_banner=Welcome to the krebs share, use the incoming dir for new and old leaks. Join freenode#krebs
+    '';
+    anonymousUser = true;
+    anonymousUserNoPassword = true;
+    anonymousUploadEnable = true;
+    anonymousMkdirEnable = true;
+    writeEnable = true;
+    chrootlocalUser = true;
+    anonymousUserHome = ftpdir;
+  };
+}
-- 
cgit v1.2.3