From 66d1af1a67ad35eff62791952699600d682545d4 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 19 Oct 2021 20:15:39 +0200 Subject: ... --- ymir.nix | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/ymir.nix b/ymir.nix index 3d85da9f..7b8bf581 100644 --- a/ymir.nix +++ b/ymir.nix @@ -976,17 +976,16 @@ in rec { chrootlocalUser = true; rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem"; rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem"; + enableVirtualUsers = true; + localRoot = "/srv/ftp/$USER"; extraConfig = '' - debug_ssl=YES - log_ftp_protocol=YES + ssl_ciphers=HIGH:!aNULL:!eNULL:!NULL local_umask=022 log_ftp_protocol=NO xferlog_enable=YES - pam_service_name=vsftpd - port_enable=NO pasv_enable=YES @@ -995,18 +994,15 @@ in rec { allow_writeable_chroot=YES - guest_enable=YES - guest_username=vsftpd virtual_use_local_privs=YES user_sub_token=$USER - local_root=/srv/ftp/$USER hide_ids=YES ''; }; systemd.services."vsftpd".serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - security.pam.services."vsftpd".text = '' + security.pam.services."vsftpd".text = mkForce '' auth required ${pkgs.pam_pwdfile}/lib/security/pam_pwdfile.so pwdfile=/srv/ftp.htpasswd account required pam_permit.so ''; -- cgit v1.2.3