X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fftp%2Fdefault.nix;h=541e1197ab6c54b167366617a56396db218502f2;hb=3a1461cf44102e6cd8cdee5e0f1ff1d7992894ad;hp=af9a75c0f04c2f9961a1077285587060042c1ff1;hpb=2368a4b7e827b985c3758ad0bfe13e4a08d27c36;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/ftp/default.nix b/nixops/modules/ftp/default.nix index af9a75c..541e119 100644 --- a/nixops/modules/ftp/default.nix +++ b/nixops/modules/ftp/default.nix @@ -19,10 +19,6 @@ extraDomains = { "ftp.immae.eu" = null; }; }; - nixpkgs.overlays = [ (self: super: { - pure-ftpd = self.callPackage ./pure-ftpd.nix {}; - }) ]; - networking = { firewall = { allowedTCPPorts = [ 21 ]; @@ -33,10 +29,11 @@ users.users = [ { name = "ftp"; - uid = config.ids.uids.ftp; + uid = config.ids.uids.ftp; # 8 group = "ftp"; description = "Anonymous FTP user"; home = "/homeless-shelter"; + extraGroups = [ "keys" ]; } ]; @@ -46,8 +43,12 @@ install -m 0755 -o ftp -g ftp -d /var/lib/ftp ''; - systemd.services.pure-ftpd = let - ldapConfigFile = pkgs.writeText "pure-ftpd-ldap.conf" '' + mySecrets.keys = [{ + dest = "pure-ftpd-ldap"; + permissions = "0400"; + user = "ftp"; + group = "ftp"; + text = '' LDAPServer ${myconfig.env.ftp.ldap.host} LDAPPort 389 LDAPUseTLS True @@ -62,10 +63,13 @@ LDAPAuthMethod BIND - # Pas de possibilité de donner l'Uid/Gid ! - # Compilé dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid + # Pas de possibilite de donner l'Uid/Gid ! + # Compile dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid LDAPHomeDir immaeFtpDirectory ''; + }]; + + systemd.services.pure-ftpd = let configFile = pkgs.writeText "pure-ftpd.conf" '' PassivePortRange 40000 50000 ChrootEveryone yes @@ -81,7 +85,7 @@ SyslogFacility ftp DontResolve yes MaxIdleTime 15 - LDAPConfigFile ${ldapConfigFile} + LDAPConfigFile /var/secrets/pure-ftpd-ldap LimitRecursion 10000 8 AnonymousCanCreateDirs no MaxLoad 4