From: Ismaël Bouya Date: Sat, 20 Apr 2019 15:13:41 +0000 (+0200) Subject: Move ftp password file to secure location X-Git-Tag: nur_publish~126 X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=926a4007ae464c08363c75aa177d978d803366a6 Move ftp password file to secure location Related issue: https://git.immae.eu/mantisbt/view.php?id=122 --- diff --git a/nixops/modules/ftp/default.nix b/nixops/modules/ftp/default.nix index af9a75c..0409f23 100644 --- a/nixops/modules/ftp/default.nix +++ b/nixops/modules/ftp/default.nix @@ -33,10 +33,11 @@ users.users = [ { name = "ftp"; - uid = config.ids.uids.ftp; + uid = config.ids.uids.ftp; # 8 group = "ftp"; description = "Anonymous FTP user"; home = "/homeless-shelter"; + extraGroups = [ "keys" ]; } ]; @@ -46,8 +47,11 @@ install -m 0755 -o ftp -g ftp -d /var/lib/ftp ''; - systemd.services.pure-ftpd = let - ldapConfigFile = pkgs.writeText "pure-ftpd-ldap.conf" '' + deployment.keys.pure-ftpd-ldap = { + permissions = "0400"; + user = "ftp"; + group = "ftp"; + text = '' LDAPServer ${myconfig.env.ftp.ldap.host} LDAPPort 389 LDAPUseTLS True @@ -62,10 +66,13 @@ LDAPAuthMethod BIND - # Pas de possibilité de donner l'Uid/Gid ! - # Compilé dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid + # Pas de possibilite de donner l'Uid/Gid ! + # Compile dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid LDAPHomeDir immaeFtpDirectory ''; + }; + + systemd.services.pure-ftpd = let configFile = pkgs.writeText "pure-ftpd.conf" '' PassivePortRange 40000 50000 ChrootEveryone yes @@ -81,7 +88,7 @@ SyslogFacility ftp DontResolve yes MaxIdleTime 15 - LDAPConfigFile ${ldapConfigFile} + LDAPConfigFile /run/keys/pure-ftpd-ldap LimitRecursion 10000 8 AnonymousCanCreateDirs no MaxLoad 4