From 99e1e56ece10b0618e5c8a044533134d681da3c5 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 19 Oct 2021 20:16:39 +0200
Subject: ...

---
 ymir.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 7b8bf581..0eb00965 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -976,8 +976,6 @@ in rec {
     chrootlocalUser = true;
     rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
     rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-    enableVirtualUsers = true;
-    localRoot = "/srv/ftp/$USER";
     extraConfig = ''
       ssl_ciphers=HIGH:!aNULL:!eNULL:!NULL
 
@@ -986,6 +984,8 @@ in rec {
       log_ftp_protocol=NO
       xferlog_enable=YES
     
+      pam_service_name=vsftpd
+
       port_enable=NO
 
       pasv_enable=YES
@@ -994,15 +994,18 @@ in rec {
 
       allow_writeable_chroot=YES
 
+      guest_enable=YES
+      guest_username=vsftpd
       virtual_use_local_privs=YES
       user_sub_token=$USER
+      local_root=/srv/ftp/$USER
       hide_ids=YES
     '';
   };
 
   systemd.services."vsftpd".serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
 
-  security.pam.services."vsftpd".text = mkForce ''
+  security.pam.services."vsftpd".text = ''
     auth required ${pkgs.pam_pwdfile}/lib/security/pam_pwdfile.so pwdfile=/srv/ftp.htpasswd
     account required pam_permit.so
   '';
-- 
cgit v1.2.3