5ebdee3577
those that run daemons) to modules/services. This probably broke some things since there are a few relative paths in modules (e.g. imports of system/ids.nix). * Moved some PAM modules out of etc/pam.d to the directories of NixOS modules that use them. svn path=/nixos/branches/modular-nixos/; revision=15717
153 lines
3.5 KiB
Nix
153 lines
3.5 KiB
Nix
{pkgs, config, ...}:
|
|
|
|
###### interface
|
|
let
|
|
inherit (pkgs.lib) mkOption mkIf;
|
|
|
|
options = {
|
|
services = {
|
|
vsftpd = {
|
|
enable = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether to enable the vsftpd FTP server.
|
|
";
|
|
};
|
|
|
|
anonymousUser = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether to enable the anonymous FTP user.
|
|
";
|
|
};
|
|
|
|
localUsers = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether to enable FTP for the local users.
|
|
";
|
|
};
|
|
|
|
writeEnable = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether any write activity is permitted to users.
|
|
";
|
|
};
|
|
|
|
anonymousUploadEnable = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether any uploads are permitted to anonymous users.
|
|
";
|
|
};
|
|
|
|
anonymousMkdirEnable = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether mkdir is permitted to anonymous users.
|
|
";
|
|
};
|
|
|
|
chrootlocalUser = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether u can like out of ur home dir.
|
|
";
|
|
};
|
|
|
|
userlistEnable = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether users are included.
|
|
";
|
|
};
|
|
|
|
userlistDeny = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether users are excluded.
|
|
";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
in
|
|
|
|
###### implementation
|
|
|
|
let
|
|
|
|
inherit (config.services.vsftpd) anonymousUser localUsers writeEnable anonymousUploadEnable anonymousMkdirEnable
|
|
chrootlocalUser userlistEnable userlistDeny;
|
|
inherit (pkgs) vsftpd;
|
|
|
|
yesNoOption = p : name :
|
|
"${name}=${if p then "YES" else "NO"}";
|
|
|
|
in
|
|
|
|
mkIf config.services.vsftpd.enable {
|
|
require = [
|
|
options
|
|
];
|
|
|
|
users = {
|
|
extraUsers = [
|
|
{ name = "vsftpd";
|
|
uid = (import ../../../system/ids.nix).uids.vsftpd;
|
|
description = "VSFTPD user";
|
|
home = "/homeless-shelter";
|
|
}
|
|
] ++ pkgs.lib.optional anonymousUser
|
|
{ name = "ftp";
|
|
uid = (import ../../../system/ids.nix).uids.ftp;
|
|
group = "ftp";
|
|
description = "Anonymous ftp user";
|
|
home = "/home/ftp";
|
|
};
|
|
|
|
extraGroups = [
|
|
{ name = "ftp";
|
|
gid = (import ../../../system/ids.nix).gids.ftp;
|
|
}
|
|
];
|
|
|
|
};
|
|
|
|
services = {
|
|
extraJobs = [{
|
|
name = "vsftpd";
|
|
|
|
job = ''
|
|
description "vsftpd server"
|
|
|
|
start on network-interfaces/started
|
|
stop on network-interfaces/stop
|
|
|
|
start script
|
|
cat > /etc/vsftpd.conf <<EOF
|
|
${yesNoOption anonymousUser "anonymous_enable"}
|
|
${yesNoOption localUsers "local_enable"}
|
|
${yesNoOption writeEnable "write_enable"}
|
|
${yesNoOption anonymousUploadEnable "anon_upload_enable"}
|
|
${yesNoOption anonymousMkdirEnable "anon_mkdir_write_enable"}
|
|
${yesNoOption chrootlocalUser "chroot_local_user"}
|
|
${yesNoOption userlistEnable "userlist_enable"}
|
|
${yesNoOption userlistDeny "userlist_deny"}
|
|
background=NO
|
|
listen=YES
|
|
nopriv_user=vsftpd
|
|
secure_chroot_dir=/var/ftp/empty
|
|
EOF
|
|
|
|
mkdir -p /home/ftp &&
|
|
chown -R ftp:ftp /home/ftp
|
|
end script
|
|
|
|
respawn ${vsftpd}/sbin/vsftpd /etc/vsftpd.conf
|
|
'';
|
|
|
|
}];
|
|
};
|
|
}
|