};
config = lib.mkIf config.myServices.ftp.enable {
- security.acme.certs."ftp" = config.myServices.certificates.certConfig // {
+ myServices.dns.zones."immae.eu".subdomains.ftp =
+ with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
+
+ myServices.chatonsProperties.services.espace-de-stockage = {
+ file.datetime = "2022-08-22T01:00:00";
+ service = {
+ name = "Espace de stockage";
+ description = "Compte FTP/SFTP";
+ logo = if pure-ftpd-enabled
+ then "https://www.pureftpd.org/project/pure-ftpd/images/favicon.png"
+ else if proftpd-enabled
+ then "http://proftpd.org/proftpd.png"
+ else "";
+ website = "ftp.immae.eu";
+ status.level = "OK";
+ status.description = "OK";
+ registration."" = ["MEMBER" "CLIENT"];
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ };
+ software = if pure-ftpd-enabled then {
+ name = "Pure-ftpd";
+ website = "https://www.pureftpd.org/project/pure-ftpd/";
+ license.url = "https://github.com/jedisct1/pure-ftpd/blob/master/COPYING";
+ license.name = "MIT Licence";
+ version = package.version;
+ source.url = "https://github.com/jedisct1/pure-ftpd/";
+ modules = "openssh";
+ } else if proftpd-enabled then {
+ name = "ProFTPD";
+ website = "http://proftpd.org/";
+ license.url = "https://github.com/proftpd/proftpd/blob/master/COPYING";
+ license.name = "GNU General Public License v2.0";
+ version = pkgs.proftpd.version;
+ source.url = "https://github.com/proftpd/proftpd/";
+ modules = "openssh";
+ } else {};
+ };
+ #myServices.chatonsProperties.services.ftp = {
+ # file.datetime = "2022-08-22T01:00:00";
+ # service = {
+ # name = "Comptes FTP";
+ # description = "Compte FTP/SFTP";
+ # logo = if pure-ftpd-enabled
+ # then "https://www.pureftpd.org/project/pure-ftpd/images/favicon.png"
+ # else if proftpd-enabled
+ # then "http://proftpd.org/proftpd.png"
+ # else "";
+ # website = "ftp.immae.eu";
+ # status.level = "OK";
+ # status.description = "OK";
+ # registration."" = ["MEMBER" "CLIENT"];
+ # registration.load = "OPEN";
+ # install.type = "PACKAGE";
+ # };
+ # software = if pure-ftpd-enabled then {
+ # name = "Pure-ftpd";
+ # website = "https://www.pureftpd.org/project/pure-ftpd/";
+ # license.url = "https://github.com/jedisct1/pure-ftpd/blob/master/COPYING";
+ # license.name = "MIT Licence";
+ # version = package.version;
+ # source.url = "https://github.com/jedisct1/pure-ftpd/";
+ # } else if proftpd-enabled then {
+ # name = "ProFTPD";
+ # website = "http://proftpd.org/";
+ # license.url = "https://github.com/proftpd/proftpd/blob/master/COPYING";
+ # license.name = "GNU General Public License v2.0";
+ # version = pkgs.proftpd.version;
+ # source.url = "https://github.com/proftpd/proftpd/";
+ # } else {};
+ #};
+ security.acme.certs."ftp" = {
domain = "eldiron.immae.eu";
+ # FIXME: make it global
+ extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"];
+ extraLegoRenewFlags = ["--preferred-chain" "ISRG Root X1"];
postRun = (lib.optionalString pure-ftpd-enabled ''
systemctl restart pure-ftpd.service
'') + (lib.optionalString proftpd-enabled ''
systemctl restart proftpd.service
'');
- extraDomains = { "ftp.immae.eu" = null; };
+ extraDomainNames = [ "ftp.immae.eu" ];
};
networking = {
SFTPAuthMethods password publickey
SFTPOptions IgnoreSFTPSetOwners
+ AllowChrootSymlinks off
</VirtualHost>
'';
in lib.mkIf proftpd-enabled {
services.cron.systemCronJobs = lib.mkIf proftpd-enabled [
"*/2 * * * * nobody ${./ftp_sync.sh}"
];
+
+ myServices.monitoring.fromMasterActivatedPlugins = [ "ftp" ];
+ myServices.monitoring.fromMasterObjects.service = [
+ {
+ service_description = "ftp has access to database for authentication";
+ host_name = config.hostEnv.fqdn;
+ use = "external-service";
+ check_command = "check_ftp_database";
+
+ servicegroups = "webstatus-remote-services";
+ _webstatus_name = "FTP";
+ _webstatus_url = "ftp.immae.eu";
+ }
+
+ ];
+
};
}
projects / perso / Immae / Config / Nix.git / blobdiff