summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-10-19 20:15:39 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2021-10-19 20:15:39 +0200
commit66d1af1a67ad35eff62791952699600d682545d4 (patch)
tree67fa25d92c62bc5324d75ad3dce70c8310549109
parentdc2753001ceb375900eecd166b9ce72333882cb9 (diff)
downloadnixos-66d1af1a67ad35eff62791952699600d682545d4.tar
nixos-66d1af1a67ad35eff62791952699600d682545d4.tar.gz
nixos-66d1af1a67ad35eff62791952699600d682545d4.tar.bz2
nixos-66d1af1a67ad35eff62791952699600d682545d4.tar.xz
nixos-66d1af1a67ad35eff62791952699600d682545d4.zip
...
-rw-r--r--ymir.nix12
1 files changed, 4 insertions, 8 deletions
diff --git a/ymir.nix b/ymir.nix
index 3d85da9f..7b8bf581 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -976,17 +976,16 @@ in rec {
976 chrootlocalUser = true; 976 chrootlocalUser = true;
977 rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; 977 rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
978 rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; 978 rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
979 enableVirtualUsers = true;
980 localRoot = "/srv/ftp/$USER";
979 extraConfig = '' 981 extraConfig = ''
980 debug_ssl=YES 982 ssl_ciphers=HIGH:!aNULL:!eNULL:!NULL
981 log_ftp_protocol=YES
982 983
983 local_umask=022 984 local_umask=022
984 985
985 log_ftp_protocol=NO 986 log_ftp_protocol=NO
986 xferlog_enable=YES 987 xferlog_enable=YES
987 988
988 pam_service_name=vsftpd
989
990 port_enable=NO 989 port_enable=NO
991 990
992 pasv_enable=YES 991 pasv_enable=YES
@@ -995,18 +994,15 @@ in rec {
995 994
996 allow_writeable_chroot=YES 995 allow_writeable_chroot=YES
997 996
998 guest_enable=YES
999 guest_username=vsftpd
1000 virtual_use_local_privs=YES 997 virtual_use_local_privs=YES
1001 user_sub_token=$USER 998 user_sub_token=$USER
1002 local_root=/srv/ftp/$USER
1003 hide_ids=YES 999 hide_ids=YES
1004 ''; 1000 '';
1005 }; 1001 };
1006 1002
1007 systemd.services."vsftpd".serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 1003 systemd.services."vsftpd".serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
1008 1004
1009 security.pam.services."vsftpd".text = '' 1005 security.pam.services."vsftpd".text = mkForce ''
1010 auth required ${pkgs.pam_pwdfile}/lib/security/pam_pwdfile.so pwdfile=/srv/ftp.htpasswd 1006 auth required ${pkgs.pam_pwdfile}/lib/security/pam_pwdfile.so pwdfile=/srv/ftp.htpasswd
1011 account required pam_permit.so 1007 account required pam_permit.so
1012 ''; 1008 '';