summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2017-12-05 21:48:16 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2017-12-05 21:48:16 +0100
commit36bf705b23628f27a91979cbc6fe635fdfb7307b (patch)
tree9bd3da80d656e5cbddecd6ac20d28e786501ab71
parent889355a1f93bfe94991a9ac86c5e76ee944fc517 (diff)
downloadnixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar
nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.gz
nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.bz2
nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.tar.xz
nixos-36bf705b23628f27a91979cbc6fe635fdfb7307b.zip
vsftpd on ymir
-rw-r--r--users/gkleen.nix2
-rw-r--r--ymir.nix19
2 files changed, 20 insertions, 1 deletions
diff --git a/users/gkleen.nix b/users/gkleen.nix
index 648f4ab1..1beaf1c3 100644
--- a/users/gkleen.nix
+++ b/users/gkleen.nix
@@ -1,7 +1,7 @@
1{ 1{
2 name = "gkleen"; 2 name = "gkleen";
3 description = "Gregor Kleen"; 3 description = "Gregor Kleen";
4 extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" "vboxusers" ]; 4 extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ftp" "ssh" "vboxusers" ];
5 group = "users"; 5 group = "users";
6 uid = 1000; 6 uid = 1000;
7 createHome = true; 7 createHome = true;
diff --git a/ymir.nix b/ymir.nix
index fbe45e03..dd2c35c7 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -959,4 +959,23 @@ in rec {
959 systemd.status-mail = { 959 systemd.status-mail = {
960 onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ]; 960 onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ];
961 }; 961 };
962
963 services.vsftpd = {
964 enable = true;
965 forceLocalLoginSSL = true;
966 forceLocalDataSSL = true;
967 localUsers = true;
968 writeEnable = true;
969 chrootLocalUser = true;
970 rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
971 rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
972 extraConfig = ''
973 pam_service_name=vsftpd
974 '';
975 };
976
977 security.pam.services."vsftpd".text = ''
978 auth requisite pam_succeed_if.so user ingroup ftp
979 auth required pam_unix.so audit
980 '';
962} 981}