From 4b040faf4f490ced545dcf10741e903c064ca78f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 6 Dec 2017 13:37:55 +0100
Subject: Virtual FTP

---
 users/gkleen.nix |  2 +-
 ymir.nix         | 14 +++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/users/gkleen.nix b/users/gkleen.nix
index 1beaf1c3..648f4ab1 100644
--- a/users/gkleen.nix
+++ b/users/gkleen.nix
@@ -1,7 +1,7 @@
 {
   name = "gkleen";
   description = "Gregor Kleen";
-  extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ftp" "ssh" "vboxusers" ];
+  extraGroups = [ "wheel" "network" "lp" "dialout" "audio" "xmpp" "mail" "ssh" "vboxusers" ];
   group = "users";
   uid = 1000;
   createHome = true;
diff --git a/ymir.nix b/ymir.nix
index 0d7de78d..bb6bc183 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -983,14 +983,18 @@ in rec {
       pasv_min_port=20000
 
       allow_writeable_chroot=yes
+
+      guest_enable=yes
+      guest_username=vsftpd
+      virtual_use_local_privs=yes
+      user_sub_token=$USER
+      local_root=/srv/ftp/$USER
+      hide_ids=yes
     '';
   };
 
   security.pam.services."vsftpd".text = ''
-    auth requisite  pam_succeed_if.so user ingroup ftp
-
-    auth include ftp
-    account include ftp
-    session include ftp
+    auth required pam_pwdfile.so pwdfile /srv/ftp.htpasswd
+    account required pam_permit.so
   '';
 }
-- 
cgit v1.2.3