Add new machine to nixops

[perso/Immae/Config/Nix.git] / modules / private / ftp.nix

diff --git a/modules/private/ftp.nix b/modules/private/ftp.nix
index 842d2d6540bbe65d0347c3989d0f243a24884b9f..a1da32f5925808125f4d1d64d40442c407a36748 100644 (file)
--- a/modules/private/ftp.nix
+++ b/modules/private/ftp.nix
@@ -1,4 +1,7 @@
 { lib, pkgs, config, myconfig, ... }:
+let
+  package = pkgs.pure-ftpd.override { ldapFtpId = "immaeFtp"; };
+in
 {
   options = {
     services.pure-ftpd.enable = lib.mkOption {
@@ -11,7 +14,10 @@
   };
 
   config = lib.mkIf config.services.pure-ftpd.enable {
-    security.acme.certs."ftp" = config.services.myCertificates.certConfig // {
+    services.backup.profiles.ftp = {
+      rootDir = "/var/lib/ftp";
+    };
+    security.acme.certs."ftp" = config.myServices.certificates.certConfig // {
       domain = "eldiron.immae.eu";
       postRun = ''
         systemctl restart pure-ftpd.service
@@ -69,6 +75,11 @@
         '';
     }];
 
+    services.filesWatcher.pure-ftpd = {
+      restart = true;
+      paths = [ "/var/secrets/pure-ftpd-ldap" ];
+    };
+
     systemd.services.pure-ftpd = let
       configFile = pkgs.writeText "pure-ftpd.conf" ''
         PassivePortRange             40000 50000
@@ -109,7 +120,7 @@
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];
 
-      serviceConfig.ExecStart = "${pkgs.pure-ftpd}/bin/pure-ftpd ${configFile}";
+      serviceConfig.ExecStart = "${package}/bin/pure-ftpd ${configFile}";
       serviceConfig.Type = "forking";
       serviceConfig.PIDFile = "/run/pure-ftpd.pid";
     };