nixpkgs-suyu/modules/services/networking/vsftpd.nix
Eelco Dolstra 5ebdee3577 * Continued refactoring the tree: moved most Upstart jobs (namely
those that run daemons) to modules/services.  This probably broke
  some things since there are a few relative paths in modules
  (e.g. imports of system/ids.nix).
* Moved some PAM modules out of etc/pam.d to the directories of NixOS
  modules that use them.

svn path=/nixos/branches/modular-nixos/; revision=15717
2009-05-24 23:13:23 +00:00

153 lines
3.5 KiB
Nix

{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
vsftpd = {
enable = mkOption {
default = false;
description = "
Whether to enable the vsftpd FTP server.
";
};
anonymousUser = mkOption {
default = false;
description = "
Whether to enable the anonymous FTP user.
";
};
localUsers = mkOption {
default = false;
description = "
Whether to enable FTP for the local users.
";
};
writeEnable = mkOption {
default = false;
description = "
Whether any write activity is permitted to users.
";
};
anonymousUploadEnable = mkOption {
default = false;
description = "
Whether any uploads are permitted to anonymous users.
";
};
anonymousMkdirEnable = mkOption {
default = false;
description = "
Whether mkdir is permitted to anonymous users.
";
};
chrootlocalUser = mkOption {
default = false;
description = "
Whether u can like out of ur home dir.
";
};
userlistEnable = mkOption {
default = false;
description = "
Whether users are included.
";
};
userlistDeny = mkOption {
default = false;
description = "
Whether users are excluded.
";
};
};
};
};
in
###### implementation
let
inherit (config.services.vsftpd) anonymousUser localUsers writeEnable anonymousUploadEnable anonymousMkdirEnable
chrootlocalUser userlistEnable userlistDeny;
inherit (pkgs) vsftpd;
yesNoOption = p : name :
"${name}=${if p then "YES" else "NO"}";
in
mkIf config.services.vsftpd.enable {
require = [
options
];
users = {
extraUsers = [
{ name = "vsftpd";
uid = (import ../../../system/ids.nix).uids.vsftpd;
description = "VSFTPD user";
home = "/homeless-shelter";
}
] ++ pkgs.lib.optional anonymousUser
{ name = "ftp";
uid = (import ../../../system/ids.nix).uids.ftp;
group = "ftp";
description = "Anonymous ftp user";
home = "/home/ftp";
};
extraGroups = [
{ name = "ftp";
gid = (import ../../../system/ids.nix).gids.ftp;
}
];
};
services = {
extraJobs = [{
name = "vsftpd";
job = ''
description "vsftpd server"
start on network-interfaces/started
stop on network-interfaces/stop
start script
cat > /etc/vsftpd.conf <<EOF
${yesNoOption anonymousUser "anonymous_enable"}
${yesNoOption localUsers "local_enable"}
${yesNoOption writeEnable "write_enable"}
${yesNoOption anonymousUploadEnable "anon_upload_enable"}
${yesNoOption anonymousMkdirEnable "anon_mkdir_write_enable"}
${yesNoOption chrootlocalUser "chroot_local_user"}
${yesNoOption userlistEnable "userlist_enable"}
${yesNoOption userlistDeny "userlist_deny"}
background=NO
listen=YES
nopriv_user=vsftpd
secure_chroot_dir=/var/ftp/empty
EOF
mkdir -p /home/ftp &&
chown -R ftp:ftp /home/ftp
end script
respawn ${vsftpd}/sbin/vsftpd /etc/vsftpd.conf
'';
}];
};
}