1 files changed, 4 insertions, 8 deletions

diff --git a/ymir.nix b/ymir.nix
index 3d85da9f..7b8bf581 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -976,17 +976,16 @@ in rec {
     chrootlocalUser = true;
     rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    enableVirtualUsers = true;
+    localRoot = "/srv/ftp/$USER";
     extraConfig = ''
-      debug_ssl=YES
-      log_ftp_protocol=YES
+      ssl_ciphers=HIGH:!aNULL:!eNULL:!NULL
 
       local_umask=022
     
       log_ftp_protocol=NO
       xferlog_enable=YES
     
-      pam_service_name=vsftpd
-
       port_enable=NO
 
       pasv_enable=YES
@@ -995,18 +994,15 @@ in rec {
 
       allow_writeable_chroot=YES
 
-      guest_enable=YES
-      guest_username=vsftpd
       virtual_use_local_privs=YES
       user_sub_token=$USER
-      local_root=/srv/ftp/$USER
       hide_ids=YES
     '';
   };
 
   systemd.services."vsftpd".serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
 
-  security.pam.services."vsftpd".text = ''
+  security.pam.services."vsftpd".text = mkForce ''
     auth required ${pkgs.pam_pwdfile}/lib/security/pam_pwdfile.so pwdfile=/srv/ftp.htpasswd
     account required pam_permit.so
   '';