85 lines
1.8 KiB
Nix
85 lines
1.8 KiB
Nix
{ config, pkgs, lib, zentralwerk, ... }:
|
|
|
|
{
|
|
c3d2 = {
|
|
deployment = {
|
|
server = "server9";
|
|
mounts = [ "etc" "var"];
|
|
};
|
|
};
|
|
|
|
microvm.mem = 1024;
|
|
microvm.shares = [
|
|
{
|
|
tag = "ftp";
|
|
source = "/tank/storage/ftp";
|
|
mountPoint = "/var/www";
|
|
proto = "virtiofs";
|
|
socket = "ftp.socket";
|
|
}
|
|
];
|
|
|
|
networking = {
|
|
hostName = "ftp";
|
|
firewall.allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
|
|
users.groups."ftpupload" = { };
|
|
|
|
users.users."ftpupload" = {
|
|
home = "/home/ftpupload";
|
|
group = "ftpupload";
|
|
openssh.authorizedKeys.keyFiles = [ ./ftpupload.authorized_keys ];
|
|
isNormalUser = true;
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedOptimisation = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
sslDhparam = "${config.security.dhparams.params."nginx".path}";
|
|
defaultListenAddresses = [ "0.0.0.0" ];
|
|
additionalModules = [ pkgs.nginxModules.fancyindex ];
|
|
};
|
|
|
|
services.nginx.virtualHosts."ftp.c3d2.de" = {
|
|
default = true;
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
root = "/var/www/ftp.c3d2.de";
|
|
extraConfig = ''
|
|
fancyindex on;
|
|
fancyindex_exact_size off;
|
|
fancyindex_css_href /.theme/style.css;
|
|
'';
|
|
};
|
|
};
|
|
|
|
security.dhparams = {
|
|
enable = true;
|
|
stateful = true;
|
|
params."nginx".bits = 4096;
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
extraConfig = ''
|
|
Match User ftpupload
|
|
X11Forwarding no
|
|
ChrootDirectory /var/www
|
|
AllowTcpForwarding no
|
|
ForceCommand internal-sftp
|
|
'';
|
|
};
|
|
|
|
sops = {
|
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
secrets = { };
|
|
};
|
|
|
|
system.stateVersion = "22.05";
|
|
}
|