1 { lib, pkgs, config, ... }:
3 package = pkgs.pure-ftpd.override { ldapFtpId = "immaeFtp"; };
7 services.pure-ftpd.enable = lib.mkOption {
11 Whether to enable pure-ftpd.
16 config = lib.mkIf config.services.pure-ftpd.enable {
17 services.duplyBackup.profiles.ftp = {
18 rootDir = "/var/lib/ftp";
19 remotes = [ "eriomem" "ovh" ];
21 security.acme.certs."ftp" = config.myServices.certificates.certConfig // {
22 domain = "eldiron.immae.eu";
24 systemctl restart pure-ftpd.service
26 extraDomains = { "ftp.immae.eu" = null; };
31 allowedTCPPorts = [ 21 ];
32 allowedTCPPortRanges = [ { from = 40000; to = 50000; } ];
37 uid = config.ids.uids.ftp; # 8
39 description = "Anonymous FTP user";
40 home = "/homeless-shelter";
41 extraGroups = [ "keys" ];
44 users.groups.ftp.gid = config.ids.gids.ftp;
46 system.activationScripts.pure-ftpd = ''
47 install -m 0755 -o ftp -g ftp -d /var/lib/ftp
51 dest = "pure-ftpd-ldap";
56 LDAPServer ${config.myEnv.ftp.ldap.host}
59 LDAPBaseDN ${config.myEnv.ftp.ldap.base}
60 LDAPBindDN ${config.myEnv.ftp.ldap.dn}
61 LDAPBindPW ${config.myEnv.ftp.ldap.password}
63 LDAPForceDefaultUID False
65 LDAPForceDefaultGID False
66 LDAPFilter ${config.myEnv.ftp.ldap.filter}
70 # Pas de possibilite de donner l'Uid/Gid !
71 # Compile dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid
72 LDAPHomeDir immaeFtpDirectory
76 services.filesWatcher.pure-ftpd = {
78 paths = [ config.secrets.fullPaths."pure-ftpd-ldap" ];
81 systemd.services.pure-ftpd = let
82 configFile = pkgs.writeText "pure-ftpd.conf" ''
83 PassivePortRange 40000 50000
86 BrokenClientsCompatibility yes
97 LDAPConfigFile ${config.secrets.fullPaths."pure-ftpd-ldap"}
98 LimitRecursion 10000 8
99 AnonymousCanCreateDirs no
107 ProhibitDotFilesWrite no
108 ProhibitDotFilesRead no
110 AnonymousCantUpload no
114 CertFile ${config.security.acme.certs.ftp.directory}/full.pem
117 description = "Pure-FTPd server";
118 wantedBy = [ "multi-user.target" ];
119 after = [ "network.target" ];
121 serviceConfig.ExecStart = "${package}/bin/pure-ftpd ${configFile}";
122 serviceConfig.Type = "forking";
123 serviceConfig.PIDFile = "/run/pure-ftpd.pid";