X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fftp%2Fdefault.nix;h=541e1197ab6c54b167366617a56396db218502f2;hb=6e2dc958bc8c5aac4871d2a618741fa4628ed126;hp=c717bfdd194aa487d551a4fb761d539ca1c1017c;hpb=439049e58f9638eefaf1648b1898fdb1d964d97e;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/ftp/default.nix b/nixops/modules/ftp/default.nix
index c717bfd..541e119 100644
--- a/nixops/modules/ftp/default.nix
+++ b/nixops/modules/ftp/default.nix
@@ -13,10 +13,10 @@
   config = lib.mkIf config.services.pure-ftpd.enable {
     security.acme.certs."ftp" = config.services.myCertificates.certConfig // {
       domain = "eldiron.immae.eu";
-    };
-
-    nixpkgs.config.packageOverrides = oldpkgs: rec {
-      pure-ftpd = pkgs.callPackage ./pure-ftpd.nix {};
+      postRun = ''
+        systemctl restart pure-ftpd.service
+      '';
+      extraDomains = { "ftp.immae.eu" = null; };
     };
 
     networking = {
@@ -29,10 +29,11 @@
     users.users = [
       {
         name = "ftp";
-        uid = config.ids.uids.ftp;
+        uid = config.ids.uids.ftp; # 8
         group = "ftp";
         description = "Anonymous FTP user";
         home = "/homeless-shelter";
+        extraGroups = [ "keys" ];
       }
     ];
 
@@ -42,8 +43,12 @@
       install -m 0755 -o ftp -g ftp -d /var/lib/ftp
       '';
 
-    systemd.services.pure-ftpd = let
-      ldapConfigFile = pkgs.writeText "pure-ftpd-ldap.conf" ''
+    mySecrets.keys = [{
+      dest = "pure-ftpd-ldap";
+      permissions = "0400";
+      user = "ftp";
+      group = "ftp";
+      text = ''
         LDAPServer          ${myconfig.env.ftp.ldap.host}
         LDAPPort            389
         LDAPUseTLS          True
@@ -58,10 +63,13 @@
 
         LDAPAuthMethod      BIND
 
-        # Pas de possibilité de donner l'Uid/Gid !
-        # Compilé dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid
+        # Pas de possibilite de donner l'Uid/Gid !
+        # Compile dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid
         LDAPHomeDir         immaeFtpDirectory
         '';
+    }];
+
+    systemd.services.pure-ftpd = let
       configFile = pkgs.writeText "pure-ftpd.conf" ''
         PassivePortRange             40000 50000
         ChrootEveryone               yes
@@ -77,7 +85,7 @@
         SyslogFacility               ftp
         DontResolve                  yes
         MaxIdleTime                  15
-        LDAPConfigFile               ${ldapConfigFile}
+        LDAPConfigFile               /var/secrets/pure-ftpd-ldap
         LimitRecursion               10000 8
         AnonymousCanCreateDirs       no
         MaxLoad                      4