-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
+let
+ package = pkgs.pure-ftpd.override { ldapFtpId = "immaeFtp"; };
+in
{
options = {
services.pure-ftpd.enable = lib.mkOption {
};
config = lib.mkIf config.services.pure-ftpd.enable {
- security.acme.certs."ftp" = config.services.myCertificates.certConfig // {
+ services.duplyBackup.profiles.ftp = {
+ rootDir = "/var/lib/ftp";
+ };
+ security.acme.certs."ftp" = config.myServices.certificates.certConfig // {
domain = "eldiron.immae.eu";
postRun = ''
systemctl restart pure-ftpd.service
user = "ftp";
group = "ftp";
text = ''
- LDAPServer ${myconfig.env.ftp.ldap.host}
+ LDAPServer ${config.myEnv.ftp.ldap.host}
LDAPPort 389
LDAPUseTLS True
- LDAPBaseDN ${myconfig.env.ftp.ldap.base}
- LDAPBindDN ${myconfig.env.ftp.ldap.dn}
- LDAPBindPW ${myconfig.env.ftp.ldap.password}
+ LDAPBaseDN ${config.myEnv.ftp.ldap.base}
+ LDAPBindDN ${config.myEnv.ftp.ldap.dn}
+ LDAPBindPW ${config.myEnv.ftp.ldap.password}
LDAPDefaultUID 500
LDAPForceDefaultUID False
LDAPDefaultGID 100
LDAPForceDefaultGID False
- LDAPFilter ${myconfig.env.ftp.ldap.filter}
+ LDAPFilter ${config.myEnv.ftp.ldap.filter}
LDAPAuthMethod BIND
'';
}];
+ services.filesWatcher.pure-ftpd = {
+ restart = true;
+ paths = [ "/var/secrets/pure-ftpd-ldap" ];
+ };
+
systemd.services.pure-ftpd = let
configFile = pkgs.writeText "pure-ftpd.conf" ''
PassivePortRange 40000 50000
MaxDiskUsage 99
CustomerProof yes
TLS 1
- CertFile ${config.security.acme.directory}/ftp/full.pem
+ CertFile ${config.security.acme.certs.ftp.directory}/full.pem
'';
in {
description = "Pure-FTPd server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
- serviceConfig.ExecStart = "${pkgs.pure-ftpd}/bin/pure-ftpd ${configFile}";
+ serviceConfig.ExecStart = "${package}/bin/pure-ftpd ${configFile}";
serviceConfig.Type = "forking";
serviceConfig.PIDFile = "/run/pure-ftpd.pid";
};
projects / perso / Immae / Config / Nix.git / blobdiff