vsftpd on ymir

author: Gregor Kleen <gkleen@yggdrasil.li> 2017-12-05 21:48:16 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2017-12-05 21:48:16 +0100
commit: 36bf705b23628f27a91979cbc6fe635fdfb7307b (patch)
tree: 9bd3da80d656e5cbddecd6ac20d28e786501ab71
parent: 889355a1f93bfe94991a9ac86c5e76ee944fc517 (diff)
download: nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar
nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.gz
nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.bz2
nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.xz
nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.zip
2 files changed, 20 insertions, 1 deletions
diff --git a/users/gkleen.nix b/users/gkleen.nix
index 648f4ab1..1beaf1c3 100644
--- a/users/gkleen.nix
+++ b/users/gkleen.nix
@@ -1,7 +1,7 @@
 {
  name = "gkleen";
  description = "Gregor Kleen";
-  extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" "vboxusers" ];
+  extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ftp" "ssh" "vboxusers" ];
  group = "users";
  uid = 1000;
  createHome = true;
diff --git a/ymir.nix b/ymir.nix
index fbe45e03..dd2c35c7 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -959,4 +959,23 @@ in rec {
  systemd.status-mail = {
    onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];
  };
+  services.vsftpd = {
+    enable = true;
+    forceLocalLoginSSL = true;
+    forceLocalDataSSL = true;
+    localUsers = true;
+    writeEnable = true;
+    chrootLocalUser = true;
+    rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
+    rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    extraConfig = ''
+      pam_service_name=vsftpd
+    '';
+  };
+  security.pam.services."vsftpd".text = ''
+    auth requisite  pam_succeed_if.so user ingroup ftp
+    auth required   pam_unix.so audit
+  '';
 }
author	Gregor Kleen <gkleen@yggdrasil.li>	2017-12-05 21:48:16 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2017-12-05 21:48:16 +0100
commit	36bf705b23628f27a91979cbc6fe635fdfb7307b (patch)
tree	9bd3da80d656e5cbddecd6ac20d28e786501ab71
parent	889355a1f93bfe94991a9ac86c5e76ee944fc517 (diff)
download	nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.gz nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.bz2 nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.xz nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.zip

diff --git a/users/gkleen.nix b/users/gkleen.nix index 648f4ab1..1beaf1c3 100644 --- a/users/gkleen.nix +++ b/users/gkleen.nix
@@ -1,7 +1,7 @@
1	{	1	{
2	name = "gkleen";	2	name = "gkleen";
3	description = "Gregor Kleen";	3	description = "Gregor Kleen";
4	extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" "vboxusers" ];	4	extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ftp" "ssh" "vboxusers" ];
5	group = "users";	5	group = "users";
6	uid = 1000;	6	uid = 1000;
7	createHome = true;	7	createHome = true;


diff --git a/ymir.nix b/ymir.nix index fbe45e03..dd2c35c7 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -959,4 +959,23 @@ in rec {
959	systemd.status-mail = {	959	systemd.status-mail = {
960	onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];	960	onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];
961	};	961	};
		962
		963	services.vsftpd = {
		964	enable = true;
		965	forceLocalLoginSSL = true;
		966	forceLocalDataSSL = true;
		967	localUsers = true;
		968	writeEnable = true;
		969	chrootLocalUser = true;
		970	rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
		971	rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
		972	extraConfig = ''
		973	pam_service_name=vsftpd
		974	'';
		975	};
		976
		977	security.pam.services."vsftpd".text = ''
		978	auth requisite pam_succeed_if.so user ingroup ftp
		979	auth required pam_unix.so audit
		980	'';
962	}	981	}