blob: a0630de77ccd844eb674557fa1541943d8bdca23 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption mkIf;
options = {
services = {
vsftpd = {
enable = mkOption {
default = false;
description = "
Whether to enable the vsftpd FTP server.
";
};
anonymousUser = mkOption {
default = false;
description = "
Whether to enable the anonymous FTP user.
";
};
anonymousUserHome = mkOption {
default = "/home/ftp";
description = "
Path to anonymous user data.
";
};
localUsers = mkOption {
default = false;
description = "
Whether to enable FTP for the local users.
";
};
writeEnable = mkOption {
default = false;
description = "
Whether any write activity is permitted to users.
";
};
anonymousUploadEnable = mkOption {
default = false;
description = "
Whether any uploads are permitted to anonymous users.
";
};
anonymousMkdirEnable = mkOption {
default = false;
description = "
Whether mkdir is permitted to anonymous users.
";
};
chrootlocalUser = mkOption {
default = false;
description = "
Whether u can like out of ur home dir.
";
};
userlistEnable = mkOption {
default = false;
description = "
Whether users are included.
";
};
userlistDeny = mkOption {
default = false;
description = "
Whether users are excluded.
";
};
};
};
};
in
###### implementation
let
inherit (config.services.vsftpd) anonymousUser anonymousUserHome localUsers writeEnable anonymousUploadEnable anonymousMkdirEnable
chrootlocalUser userlistEnable userlistDeny;
inherit (pkgs) vsftpd;
yesNoOption = p : name :
"${name}=${if p then "YES" else "NO"}";
in
mkIf config.services.vsftpd.enable {
require = [
options
];
users = {
extraUsers = [
{ name = "vsftpd";
uid = config.ids.uids.vsftpd;
description = "VSFTPD user";
home = "/homeless-shelter";
}
] ++ pkgs.lib.optional anonymousUser
{ name = "ftp";
uid = config.ids.uids.ftp;
group = "ftp";
description = "Anonymous ftp user";
home = anonymousUserHome;
};
extraGroups = [
{ name = "ftp";
gid = config.ids.gids.ftp;
}
];
};
services = {
extraJobs = [{
name = "vsftpd";
job = ''
description "vsftpd server"
start on network-interfaces/started
stop on network-interfaces/stop
start script
cat > /etc/vsftpd.conf <<EOF
${yesNoOption anonymousUser "anonymous_enable"}
${yesNoOption localUsers "local_enable"}
${yesNoOption writeEnable "write_enable"}
${yesNoOption anonymousUploadEnable "anon_upload_enable"}
${yesNoOption anonymousMkdirEnable "anon_mkdir_write_enable"}
${yesNoOption chrootlocalUser "chroot_local_user"}
${yesNoOption userlistEnable "userlist_enable"}
${yesNoOption userlistDeny "userlist_deny"}
background=NO
listen=YES
nopriv_user=vsftpd
secure_chroot_dir=/var/ftp/empty
EOF
mkdir -p ${anonymousUserHome} &&
chown -R ftp:ftp ${anonymousUserHome}
end script
respawn ${vsftpd}/sbin/vsftpd /etc/vsftpd.conf
'';
}];
};
}
|