diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-10-19 20:15:39 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-10-19 20:15:39 +0200 |
commit | 66d1af1a67ad35eff62791952699600d682545d4 (patch) | |
tree | 67fa25d92c62bc5324d75ad3dce70c8310549109 | |
parent | dc2753001ceb375900eecd166b9ce72333882cb9 (diff) | |
download | nixos-66d1af1a67ad35eff62791952699600d682545d4.tar nixos-66d1af1a67ad35eff62791952699600d682545d4.tar.gz nixos-66d1af1a67ad35eff62791952699600d682545d4.tar.bz2 nixos-66d1af1a67ad35eff62791952699600d682545d4.tar.xz nixos-66d1af1a67ad35eff62791952699600d682545d4.zip |
...
-rw-r--r-- | ymir.nix | 12 |
1 files changed, 4 insertions, 8 deletions
@@ -976,17 +976,16 @@ in rec { | |||
976 | chrootlocalUser = true; | 976 | chrootlocalUser = true; |
977 | rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; | 977 | rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; |
978 | rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; | 978 | rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; |
979 | enableVirtualUsers = true; | ||
980 | localRoot = "/srv/ftp/$USER"; | ||
979 | extraConfig = '' | 981 | extraConfig = '' |
980 | debug_ssl=YES | 982 | ssl_ciphers=HIGH:!aNULL:!eNULL:!NULL |
981 | log_ftp_protocol=YES | ||
982 | 983 | ||
983 | local_umask=022 | 984 | local_umask=022 |
984 | 985 | ||
985 | log_ftp_protocol=NO | 986 | log_ftp_protocol=NO |
986 | xferlog_enable=YES | 987 | xferlog_enable=YES |
987 | 988 | ||
988 | pam_service_name=vsftpd | ||
989 | |||
990 | port_enable=NO | 989 | port_enable=NO |
991 | 990 | ||
992 | pasv_enable=YES | 991 | pasv_enable=YES |
@@ -995,18 +994,15 @@ in rec { | |||
995 | 994 | ||
996 | allow_writeable_chroot=YES | 995 | allow_writeable_chroot=YES |
997 | 996 | ||
998 | guest_enable=YES | ||
999 | guest_username=vsftpd | ||
1000 | virtual_use_local_privs=YES | 997 | virtual_use_local_privs=YES |
1001 | user_sub_token=$USER | 998 | user_sub_token=$USER |
1002 | local_root=/srv/ftp/$USER | ||
1003 | hide_ids=YES | 999 | hide_ids=YES |
1004 | ''; | 1000 | ''; |
1005 | }; | 1001 | }; |
1006 | 1002 | ||
1007 | systemd.services."vsftpd".serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; | 1003 | systemd.services."vsftpd".serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; |
1008 | 1004 | ||
1009 | security.pam.services."vsftpd".text = '' | 1005 | security.pam.services."vsftpd".text = mkForce '' |
1010 | auth required ${pkgs.pam_pwdfile}/lib/security/pam_pwdfile.so pwdfile=/srv/ftp.htpasswd | 1006 | auth required ${pkgs.pam_pwdfile}/lib/security/pam_pwdfile.so pwdfile=/srv/ftp.htpasswd |
1011 | account required pam_permit.so | 1007 | account required pam_permit.so |
1012 | ''; | 1008 | ''; |