]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
fe696f35 IB |
2 | let |
3 | package = pkgs.pure-ftpd.override { ldapFtpId = "immaeFtp"; }; | |
4 | in | |
439049e5 IB |
5 | { |
6 | options = { | |
7 | services.pure-ftpd.enable = lib.mkOption { | |
8 | type = lib.types.bool; | |
9 | default = false; | |
10 | description = '' | |
11 | Whether to enable pure-ftpd. | |
12 | ''; | |
13 | }; | |
14 | }; | |
15 | ||
16 | config = lib.mkIf config.services.pure-ftpd.enable { | |
d2e703c5 | 17 | services.duplyBackup.profiles.ftp = { |
6a8252b1 | 18 | rootDir = "/var/lib/ftp"; |
546864bc | 19 | remotes = [ "eriomem" "ovh" ]; |
6a8252b1 | 20 | }; |
5400b9b6 | 21 | security.acme.certs."ftp" = config.myServices.certificates.certConfig // { |
439049e5 | 22 | domain = "eldiron.immae.eu"; |
740f9843 IB |
23 | postRun = '' |
24 | systemctl restart pure-ftpd.service | |
25 | ''; | |
19be5cd2 | 26 | extraDomains = { "ftp.immae.eu" = null; }; |
439049e5 IB |
27 | }; |
28 | ||
439049e5 IB |
29 | networking = { |
30 | firewall = { | |
31 | allowedTCPPorts = [ 21 ]; | |
32 | allowedTCPPortRanges = [ { from = 40000; to = 50000; } ]; | |
33 | }; | |
34 | }; | |
35 | ||
258dd18b IB |
36 | users.users.ftp = { |
37 | uid = config.ids.uids.ftp; # 8 | |
38 | group = "ftp"; | |
39 | description = "Anonymous FTP user"; | |
40 | home = "/homeless-shelter"; | |
41 | extraGroups = [ "keys" ]; | |
42 | }; | |
439049e5 IB |
43 | |
44 | users.groups.ftp.gid = config.ids.gids.ftp; | |
45 | ||
46 | system.activationScripts.pure-ftpd = '' | |
47 | install -m 0755 -o ftp -g ftp -d /var/lib/ftp | |
48 | ''; | |
49 | ||
1a718805 | 50 | secrets.keys = [{ |
742697c9 | 51 | dest = "pure-ftpd-ldap"; |
926a4007 IB |
52 | permissions = "0400"; |
53 | user = "ftp"; | |
54 | group = "ftp"; | |
55 | text = '' | |
ab8f306d | 56 | LDAPServer ${config.myEnv.ftp.ldap.host} |
439049e5 IB |
57 | LDAPPort 389 |
58 | LDAPUseTLS True | |
ab8f306d IB |
59 | LDAPBaseDN ${config.myEnv.ftp.ldap.base} |
60 | LDAPBindDN ${config.myEnv.ftp.ldap.dn} | |
61 | LDAPBindPW ${config.myEnv.ftp.ldap.password} | |
439049e5 IB |
62 | LDAPDefaultUID 500 |
63 | LDAPForceDefaultUID False | |
64 | LDAPDefaultGID 100 | |
65 | LDAPForceDefaultGID False | |
ab8f306d | 66 | LDAPFilter ${config.myEnv.ftp.ldap.filter} |
439049e5 IB |
67 | |
68 | LDAPAuthMethod BIND | |
69 | ||
926a4007 IB |
70 | # Pas de possibilite de donner l'Uid/Gid ! |
71 | # Compile dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid | |
439049e5 IB |
72 | LDAPHomeDir immaeFtpDirectory |
73 | ''; | |
742697c9 | 74 | }]; |
926a4007 | 75 | |
17f6eae9 IB |
76 | services.filesWatcher.pure-ftpd = { |
77 | restart = true; | |
78 | paths = [ "/var/secrets/pure-ftpd-ldap" ]; | |
79 | }; | |
80 | ||
926a4007 | 81 | systemd.services.pure-ftpd = let |
439049e5 IB |
82 | configFile = pkgs.writeText "pure-ftpd.conf" '' |
83 | PassivePortRange 40000 50000 | |
84 | ChrootEveryone yes | |
85 | CreateHomeDir yes | |
86 | BrokenClientsCompatibility yes | |
87 | MaxClientsNumber 50 | |
88 | Daemonize yes | |
89 | MaxClientsPerIP 8 | |
90 | VerboseLog no | |
91 | DisplayDotFiles yes | |
92 | AnonymousOnly no | |
93 | NoAnonymous no | |
94 | SyslogFacility ftp | |
95 | DontResolve yes | |
96 | MaxIdleTime 15 | |
742697c9 | 97 | LDAPConfigFile /var/secrets/pure-ftpd-ldap |
439049e5 IB |
98 | LimitRecursion 10000 8 |
99 | AnonymousCanCreateDirs no | |
100 | MaxLoad 4 | |
101 | AntiWarez yes | |
102 | Umask 133:022 | |
103 | # ftp | |
104 | MinUID 8 | |
105 | AllowUserFXP no | |
106 | AllowAnonymousFXP no | |
107 | ProhibitDotFilesWrite no | |
108 | ProhibitDotFilesRead no | |
109 | AutoRename no | |
110 | AnonymousCantUpload no | |
111 | MaxDiskUsage 99 | |
112 | CustomerProof yes | |
113 | TLS 1 | |
5400b9b6 | 114 | CertFile ${config.security.acme.certs.ftp.directory}/full.pem |
439049e5 IB |
115 | ''; |
116 | in { | |
117 | description = "Pure-FTPd server"; | |
118 | wantedBy = [ "multi-user.target" ]; | |
119 | after = [ "network.target" ]; | |
120 | ||
fe696f35 | 121 | serviceConfig.ExecStart = "${package}/bin/pure-ftpd ${configFile}"; |
439049e5 IB |
122 | serviceConfig.Type = "forking"; |
123 | serviceConfig.PIDFile = "/run/pure-ftpd.pid"; | |
124 | }; | |
125 | }; | |
126 | ||
127 | } |