diff options
| -rw-r--r-- | users/gkleen.nix | 2 | ||||
| -rw-r--r-- | ymir.nix | 19 |
2 files changed, 20 insertions, 1 deletions
diff --git a/users/gkleen.nix b/users/gkleen.nix index 648f4ab1..1beaf1c3 100644 --- a/users/gkleen.nix +++ b/users/gkleen.nix | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | { | 1 | { |
| 2 | name = "gkleen"; | 2 | name = "gkleen"; |
| 3 | description = "Gregor Kleen"; | 3 | description = "Gregor Kleen"; |
| 4 | extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" "vboxusers" ]; | 4 | extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ftp" "ssh" "vboxusers" ]; |
| 5 | group = "users"; | 5 | group = "users"; |
| 6 | uid = 1000; | 6 | uid = 1000; |
| 7 | createHome = true; | 7 | createHome = true; |
| @@ -959,4 +959,23 @@ in rec { | |||
| 959 | systemd.status-mail = { | 959 | systemd.status-mail = { |
| 960 | onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ]; | 960 | onFailure = [ "nixos-upgrade" "postfix" "dovecot2" "prosody" "opendkim" "nsd" "unbound" "tinc.yggdrasil" "postsrsd" ]; |
| 961 | }; | 961 | }; |
| 962 | |||
| 963 | services.vsftpd = { | ||
| 964 | enable = true; | ||
| 965 | forceLocalLoginSSL = true; | ||
| 966 | forceLocalDataSSL = true; | ||
| 967 | localUsers = true; | ||
| 968 | writeEnable = true; | ||
| 969 | chrootLocalUser = true; | ||
| 970 | rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; | ||
| 971 | rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; | ||
| 972 | extraConfig = '' | ||
| 973 | pam_service_name=vsftpd | ||
| 974 | ''; | ||
| 975 | }; | ||
| 976 | |||
| 977 | security.pam.services."vsftpd".text = '' | ||
| 978 | auth requisite pam_succeed_if.so user ingroup ftp | ||
| 979 | auth required pam_unix.so audit | ||
| 980 | ''; | ||
| 962 | } | 981 | } |