X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Feldiron%2Fftp.nix;fp=modules%2Fprivate%2Fftp.nix;h=6aa1afc731cd95c0c8128ca099126ee7ead3aa60;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=cae25c1dc5fdc2828efa59701213e15ffcba4f3f;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/ftp.nix b/systems/eldiron/ftp.nix
similarity index 68%
rename from modules/private/ftp.nix
rename to systems/eldiron/ftp.nix
index cae25c1..6aa1afc 100644
--- a/modules/private/ftp.nix
+++ b/systems/eldiron/ftp.nix
@@ -30,14 +30,88 @@ in
   };
 
   config = lib.mkIf config.myServices.ftp.enable {
-    security.acme.certs."ftp" = config.myServices.certificates.certConfig // {
+    myServices.dns.zones."immae.eu".subdomains.ftp =
+      with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
+
+    myServices.chatonsProperties.services.espace-de-stockage = {
+      file.datetime = "2022-08-22T01:00:00";
+      service = {
+        name = "Espace de stockage";
+        description = "Compte FTP/SFTP";
+        logo = if pure-ftpd-enabled
+          then "https://www.pureftpd.org/project/pure-ftpd/images/favicon.png"
+          else if proftpd-enabled
+          then "http://proftpd.org/proftpd.png"
+          else "";
+        website = "ftp.immae.eu";
+        status.level = "OK";
+        status.description = "OK";
+        registration."" = ["MEMBER" "CLIENT"];
+        registration.load = "OPEN";
+        install.type = "PACKAGE";
+      };
+      software = if pure-ftpd-enabled then {
+        name = "Pure-ftpd";
+        website = "https://www.pureftpd.org/project/pure-ftpd/";
+        license.url = "https://github.com/jedisct1/pure-ftpd/blob/master/COPYING";
+        license.name = "MIT Licence";
+        version = package.version;
+        source.url = "https://github.com/jedisct1/pure-ftpd/";
+        modules = "openssh";
+      } else if proftpd-enabled then {
+        name = "ProFTPD";
+        website = "http://proftpd.org/";
+        license.url = "https://github.com/proftpd/proftpd/blob/master/COPYING";
+        license.name = "GNU General Public License v2.0";
+        version = pkgs.proftpd.version;
+        source.url = "https://github.com/proftpd/proftpd/";
+        modules = "openssh";
+      } else {};
+    };
+    #myServices.chatonsProperties.services.ftp = {
+    #  file.datetime = "2022-08-22T01:00:00";
+    #  service = {
+    #    name = "Comptes FTP";
+    #    description = "Compte FTP/SFTP";
+    #    logo = if pure-ftpd-enabled
+    #      then "https://www.pureftpd.org/project/pure-ftpd/images/favicon.png"
+    #      else if proftpd-enabled
+    #      then "http://proftpd.org/proftpd.png"
+    #      else "";
+    #    website = "ftp.immae.eu";
+    #    status.level = "OK";
+    #    status.description = "OK";
+    #    registration."" = ["MEMBER" "CLIENT"];
+    #    registration.load = "OPEN";
+    #    install.type = "PACKAGE";
+    #  };
+    #  software = if pure-ftpd-enabled then {
+    #    name = "Pure-ftpd";
+    #    website = "https://www.pureftpd.org/project/pure-ftpd/";
+    #    license.url = "https://github.com/jedisct1/pure-ftpd/blob/master/COPYING";
+    #    license.name = "MIT Licence";
+    #    version = package.version;
+    #    source.url = "https://github.com/jedisct1/pure-ftpd/";
+    #  } else if proftpd-enabled then {
+    #    name = "ProFTPD";
+    #    website = "http://proftpd.org/";
+    #    license.url = "https://github.com/proftpd/proftpd/blob/master/COPYING";
+    #    license.name = "GNU General Public License v2.0";
+    #    version = pkgs.proftpd.version;
+    #    source.url = "https://github.com/proftpd/proftpd/";
+    #  } else {};
+    #};
+    security.acme.certs."ftp" = {
       domain = "eldiron.immae.eu";
+      # FIXME: make it global
+      extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"];
+      extraLegoRenewFlags = ["--preferred-chain" "ISRG Root X1"];
       postRun = (lib.optionalString pure-ftpd-enabled ''
         systemctl restart pure-ftpd.service
       '') + (lib.optionalString proftpd-enabled ''
         systemctl restart proftpd.service
       '');
-      extraDomains = { "ftp.immae.eu" = null; };
+      extraDomainNames = [ "ftp.immae.eu" ];
     };
 
     networking = {
@@ -227,6 +301,7 @@ in
           SFTPAuthMethods		password publickey
 
           SFTPOptions			IgnoreSFTPSetOwners
+          AllowChrootSymlinks		off
         </VirtualHost>
         '';
     in lib.mkIf proftpd-enabled {
@@ -243,6 +318,22 @@ in
     services.cron.systemCronJobs = lib.mkIf proftpd-enabled [
       "*/2 * * * * nobody ${./ftp_sync.sh}"
     ];
+
+    myServices.monitoring.fromMasterActivatedPlugins = [ "ftp" ];
+    myServices.monitoring.fromMasterObjects.service = [
+      {
+        service_description = "ftp has access to database for authentication";
+        host_name = config.hostEnv.fqdn;
+        use = "external-service";
+        check_command = "check_ftp_database";
+
+        servicegroups = "webstatus-remote-services";
+        _webstatus_name = "FTP";
+        _webstatus_url = "ftp.immae.eu";
+      }
+
+    ];
+
   };
 
 }