diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2017-12-05 21:48:16 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2017-12-05 21:48:16 +0100 |
commit | 36bf705b23628f27a91979cbc6fe635fdfb7307b (patch) | |
tree | 9bd3da80d656e5cbddecd6ac20d28e786501ab71 | |
parent | 889355a1f93bfe94991a9ac86c5e76ee944fc517 (diff) | |
download | nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.gz nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.bz2 nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.xz nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.zip |
vsftpd on ymir
-rw-r--r-- | users/gkleen.nix | 2 | ||||
-rw-r--r-- | ymir.nix | 19 |
2 files changed, 20 insertions, 1 deletions
diff --git a/users/gkleen.nix b/users/gkleen.nix index 648f4ab1..1beaf1c3 100644 --- a/users/gkleen.nix +++ b/users/gkleen.nix | |||
@@ -1,7 +1,7 @@ | |||
1 | { | 1 | { |
2 | name = "gkleen"; | 2 | name = "gkleen"; |
3 | description = "Gregor Kleen"; | 3 | description = "Gregor Kleen"; |
4 | extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" "vboxusers" ]; | 4 | extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ftp" "ssh" "vboxusers" ]; |
5 | group = "users"; | 5 | group = "users"; |
6 | uid = 1000; | 6 | uid = 1000; |
7 | createHome = true; | 7 | createHome = true; |
@@ -959,4 +959,23 @@ in rec { | |||
959 | systemd.status-mail = { | 959 | systemd.status-mail = { |
960 | onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ]; | 960 | onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ]; |
961 | }; | 961 | }; |
962 | |||
963 | services.vsftpd = { | ||
964 | enable = true; | ||
965 | forceLocalLoginSSL = true; | ||
966 | forceLocalDataSSL = true; | ||
967 | localUsers = true; | ||
968 | writeEnable = true; | ||
969 | chrootLocalUser = true; | ||
970 | rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; | ||
971 | rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; | ||
972 | extraConfig = '' | ||
973 | pam_service_name=vsftpd | ||
974 | ''; | ||
975 | }; | ||
976 | |||
977 | security.pam.services."vsftpd".text = '' | ||
978 | auth requisite pam_succeed_if.so user ingroup ftp | ||
979 | auth required pam_unix.so audit | ||
980 | ''; | ||
962 | } | 981 | } |