nix config for vsftpd

vsftpd.nix

{pkgs, ...}:

{
  services.vsftpd = {
    allowWriteableChroot = false;
    anonymousMkdirEnable = true;
    anonymousUmask = "077";
    anonymousUploadEnable = true;
    anonymousUser = false;
    anonymousUserHome = "/home/ftp/";
    anonymousUserNoPassword = false;
    chrootlocalUser = false;
    # enable = false;
    enable = true;
    enableVirtualUsers = false;
    extraConfig =
    ''
      listen_port=21
      ftp_data_port=20
      pasv_min_port=56250
      pasv_max_port=56260
    '';
    forceLocalDataSSL = false;
    forceLocalLoginsSSL = false;
    localRoot = "/home/ftp/$USER";
    localUsers = true;
    portPromiscuous = false;
    rsaCertFile = null;
    rsaKeyFile = null;
    ssl_sslv2 = true;
    ssl_sslv3 = true;
    ssl_tlsv1 = true;
    userDbPath = null;
    userlist = [ "kiwi" ];
    userlistDeny = false;
    userlistEnable = true;
    # userlistFile =
    #   ''
    #   pkgs.writeText "userlist" (concatMapStrings (x: "${x}
    #   ") cfg.userlist)
    #   '';
    virtualUseLocalPrivs = false;
    # writeEnable = false;
    writeEnable = true;
  };
  networking.firewall.allowedTCPPorts = [ 21 ];
  networking.firewall.allowedTCPPortRanges = [ { from = 56250; to = 56260; } ];
}