summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-10-19 20:16:39 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2021-10-19 20:16:39 +0200
commit99e1e56ece10b0618e5c8a044533134d681da3c5 (patch)
treebb2f467ad1a6ed5378802e484c0fa5a0d6db4777
parent66d1af1a67ad35eff62791952699600d682545d4 (diff)
downloadnixos-99e1e56ece10b0618e5c8a044533134d681da3c5.tar
nixos-99e1e56ece10b0618e5c8a044533134d681da3c5.tar.gz
nixos-99e1e56ece10b0618e5c8a044533134d681da3c5.tar.bz2
nixos-99e1e56ece10b0618e5c8a044533134d681da3c5.tar.xz
nixos-99e1e56ece10b0618e5c8a044533134d681da3c5.zip
...
Diffstat
-rw-r--r--ymir.nix9
1 files changed, 6 insertions, 3 deletions
diff --git a/ymir.nix b/ymir.nix
index 7b8bf581..0eb00965 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -976,8 +976,6 @@ in rec {
976 chrootlocalUser = true; 976 chrootlocalUser = true;
977 rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; 977 rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
978 rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; 978 rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
979 enableVirtualUsers = true;
980 localRoot = "/srv/ftp/$USER";
981 extraConfig = '' 979 extraConfig = ''
982 ssl_ciphers=HIGH:!aNULL:!eNULL:!NULL 980 ssl_ciphers=HIGH:!aNULL:!eNULL:!NULL
983 981
@@ -986,6 +984,8 @@ in rec {
986 log_ftp_protocol=NO 984 log_ftp_protocol=NO
987 xferlog_enable=YES 985 xferlog_enable=YES
988 986
987 pam_service_name=vsftpd
988
989 port_enable=NO 989 port_enable=NO
990 990
991 pasv_enable=YES 991 pasv_enable=YES
@@ -994,15 +994,18 @@ in rec {
994 994
995 allow_writeable_chroot=YES 995 allow_writeable_chroot=YES
996 996
997 guest_enable=YES
998 guest_username=vsftpd
997 virtual_use_local_privs=YES 999 virtual_use_local_privs=YES
998 user_sub_token=$USER 1000 user_sub_token=$USER
1001 local_root=/srv/ftp/$USER
999 hide_ids=YES 1002 hide_ids=YES
1000 ''; 1003 '';
1001 }; 1004 };
1002 1005
1003 systemd.services."vsftpd".serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 1006 systemd.services."vsftpd".serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
1004 1007
1005 security.pam.services."vsftpd".text = mkForce '' 1008 security.pam.services."vsftpd".text = ''
1006 auth required ${pkgs.pam_pwdfile}/lib/security/pam_pwdfile.so pwdfile=/srv/ftp.htpasswd 1009 auth required ${pkgs.pam_pwdfile}/lib/security/pam_pwdfile.so pwdfile=/srv/ftp.htpasswd
1007 account required pam_permit.so 1010 account required pam_permit.so
1008 ''; 1011 '';
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 05:39:23 +0000