1 { lib, pkgs, config, myconfig, ... }:
4 services.pure-ftpd.enable = lib.mkOption {
8 Whether to enable pure-ftpd.
13 config = lib.mkIf config.services.pure-ftpd.enable {
14 security.acme.certs."ftp" = config.services.myCertificates.certConfig // {
15 domain = "eldiron.immae.eu";
17 systemctl restart pure-ftpd.service
19 extraDomains = { "ftp.immae.eu" = null; };
22 nixpkgs.overlays = [ (self: super: {
23 pure-ftpd = self.callPackage ./pure-ftpd.nix {};
28 allowedTCPPorts = [ 21 ];
29 allowedTCPPortRanges = [ { from = 40000; to = 50000; } ];
36 uid = config.ids.uids.ftp; # 8
38 description = "Anonymous FTP user";
39 home = "/homeless-shelter";
40 extraGroups = [ "keys" ];
44 users.groups.ftp.gid = config.ids.gids.ftp;
46 system.activationScripts.pure-ftpd = ''
47 install -m 0755 -o ftp -g ftp -d /var/lib/ftp
50 deployment.keys.pure-ftpd-ldap = {
55 LDAPServer ${myconfig.env.ftp.ldap.host}
58 LDAPBaseDN ${myconfig.env.ftp.ldap.base}
59 LDAPBindDN ${myconfig.env.ftp.ldap.dn}
60 LDAPBindPW ${myconfig.env.ftp.ldap.password}
62 LDAPForceDefaultUID False
64 LDAPForceDefaultGID False
65 LDAPFilter ${myconfig.env.ftp.ldap.filter}
69 # Pas de possibilite de donner l'Uid/Gid !
70 # Compile dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid
71 LDAPHomeDir immaeFtpDirectory
75 systemd.services.pure-ftpd = let
76 configFile = pkgs.writeText "pure-ftpd.conf" ''
77 PassivePortRange 40000 50000
80 BrokenClientsCompatibility yes
91 LDAPConfigFile /run/keys/pure-ftpd-ldap
92 LimitRecursion 10000 8
93 AnonymousCanCreateDirs no
101 ProhibitDotFilesWrite no
102 ProhibitDotFilesRead no
104 AnonymousCantUpload no
108 CertFile /var/lib/acme/ftp/full.pem
111 description = "Pure-FTPd server";
112 wantedBy = [ "multi-user.target" ];
113 after = [ "network.target" ];
115 serviceConfig.ExecStart = "${pkgs.pure-ftpd}/bin/pure-ftpd ${configFile}";
116 serviceConfig.Type = "forking";
117 serviceConfig.PIDFile = "/run/pure-ftpd.pid";