1 { lib, pkgs, config, myconfig, ... }:
4 services.pure-ftpd.enable = lib.mkOption {
8 Whether to enable pure-ftpd.
13 config = lib.mkIf config.services.pure-ftpd.enable {
14 security.acme.certs."ftp" = config.services.myCertificates.certConfig // {
15 domain = "eldiron.immae.eu";
18 nixpkgs.config.packageOverrides = oldpkgs: rec {
19 pure-ftpd = pkgs.callPackage ./pure-ftpd.nix {};
24 allowedTCPPorts = [ 21 ];
25 allowedTCPPortRanges = [ { from = 40000; to = 50000; } ];
32 uid = config.ids.uids.ftp;
34 description = "Anonymous FTP user";
35 home = "/homeless-shelter";
39 users.groups.ftp.gid = config.ids.gids.ftp;
41 system.activationScripts.pure-ftpd = ''
42 install -m 0755 -o ftp -g ftp -d /var/lib/ftp
45 systemd.services.pure-ftpd = let
46 ldapConfigFile = pkgs.writeText "pure-ftpd-ldap.conf" ''
47 LDAPServer ${myconfig.env.ftp.ldap.host}
50 LDAPBaseDN ${myconfig.env.ftp.ldap.base}
51 LDAPBindDN ${myconfig.env.ftp.ldap.dn}
52 LDAPBindPW ${myconfig.env.ftp.ldap.password}
54 LDAPForceDefaultUID False
56 LDAPForceDefaultGID False
57 LDAPFilter ${myconfig.env.ftp.ldap.filter}
61 # Pas de possibilité de donner l'Uid/Gid !
62 # Compilé dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid
63 LDAPHomeDir immaeFtpDirectory
65 configFile = pkgs.writeText "pure-ftpd.conf" ''
66 PassivePortRange 40000 50000
69 BrokenClientsCompatibility yes
80 LDAPConfigFile ${ldapConfigFile}
81 LimitRecursion 10000 8
82 AnonymousCanCreateDirs no
90 ProhibitDotFilesWrite no
91 ProhibitDotFilesRead no
93 AnonymousCantUpload no
97 CertFile /var/lib/acme/ftp/full.pem
100 description = "Pure-FTPd server";
101 wantedBy = [ "multi-user.target" ];
102 after = [ "network.target" ];
104 serviceConfig.ExecStart = "${pkgs.pure-ftpd}/bin/pure-ftpd ${configFile}";
105 serviceConfig.Type = "forking";
106 serviceConfig.PIDFile = "/run/pure-ftpd.pid";