Move directories with only default.nix to standalone file

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-07 15:07:00 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-07 15:07:00 +0200
commit: 79d2de8b83d765721b2cb720b2bc59673df54a4a (patch)
tree: db989f06302e31a1468832d106d25d611717e363 /nixops/modules/ftp
parent: 86663f1789aecdb62e44a4be46e0ed111b795a09 (diff)
download: Nix-79d2de8b83d765721b2cb720b2bc59673df54a4a.tar.gz
Nix-79d2de8b83d765721b2cb720b2bc59673df54a4a.tar.zst
Nix-79d2de8b83d765721b2cb720b2bc59673df54a4a.zip
1 files changed, 0 insertions, 118 deletions
diff --git a/nixops/modules/ftp/default.nix b/nixops/modules/ftp/default.nix
deleted file mode 100644
index 541e119..0000000
--- a/nixops/modules/ftp/default.nix
+++ /dev/null
@@ -1,118 +0,0 @@
-{ lib, pkgs, config, myconfig, ... }:
-{
-  options = {
-    services.pure-ftpd.enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = ''
-        Whether to enable pure-ftpd.
-      '';
-    };
-  };
-  config = lib.mkIf config.services.pure-ftpd.enable {
-    security.acme.certs."ftp" = config.services.myCertificates.certConfig // {
-      domain = "eldiron.immae.eu";
-      postRun = ''
-        systemctl restart pure-ftpd.service
-      '';
-      extraDomains = { "ftp.immae.eu" = null; };
-    };
-    networking = {
-      firewall = {
-        allowedTCPPorts = [ 21 ];
-        allowedTCPPortRanges = [ { from = 40000; to = 50000; } ];
-      };
-    };
-    users.users = [
-      {
-        name = "ftp";
-        uid = config.ids.uids.ftp; # 8
-        group = "ftp";
-        description = "Anonymous FTP user";
-        home = "/homeless-shelter";
-        extraGroups = [ "keys" ];
-      }
-    ];
-    users.groups.ftp.gid = config.ids.gids.ftp;
-    system.activationScripts.pure-ftpd = ''
-      install -m 0755 -o ftp -g ftp -d /var/lib/ftp
-      '';
-    mySecrets.keys = [{
-      dest = "pure-ftpd-ldap";
-      permissions = "0400";
-      user = "ftp";
-      group = "ftp";
-      text = ''
-        LDAPServer          ${myconfig.env.ftp.ldap.host}
-        LDAPPort            389
-        LDAPUseTLS          True
-        LDAPBaseDN          ${myconfig.env.ftp.ldap.base}
-        LDAPBindDN          ${myconfig.env.ftp.ldap.dn}
-        LDAPBindPW          ${myconfig.env.ftp.ldap.password}
-        LDAPDefaultUID      500
-        LDAPForceDefaultUID False
-        LDAPDefaultGID      100
-        LDAPForceDefaultGID False
-        LDAPFilter          ${myconfig.env.ftp.ldap.filter}
-        LDAPAuthMethod      BIND
-        # Pas de possibilite de donner l'Uid/Gid !
-        # Compile dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid
-        LDAPHomeDir         immaeFtpDirectory
-        '';
-    }];
-    systemd.services.pure-ftpd = let
-      configFile = pkgs.writeText "pure-ftpd.conf" ''
-        PassivePortRange             40000 50000
-        ChrootEveryone               yes
-        CreateHomeDir                yes
-        BrokenClientsCompatibility   yes
-        MaxClientsNumber             50
-        Daemonize                    yes
-        MaxClientsPerIP              8
-        VerboseLog                   no
-        DisplayDotFiles              yes
-        AnonymousOnly                no
-        NoAnonymous                  no
-        SyslogFacility               ftp
-        DontResolve                  yes
-        MaxIdleTime                  15
-        LDAPConfigFile               /var/secrets/pure-ftpd-ldap
-        LimitRecursion               10000 8
-        AnonymousCanCreateDirs       no
-        MaxLoad                      4
-        AntiWarez                    yes
-        Umask                        133:022
-        # ftp
-        MinUID                       8
-        AllowUserFXP                 no
-        AllowAnonymousFXP            no
-        ProhibitDotFilesWrite        no
-        ProhibitDotFilesRead         no
-        AutoRename                   no
-        AnonymousCantUpload          no
-        MaxDiskUsage                 99
-        CustomerProof                yes
-        TLS                          1
-        CertFile                     /var/lib/acme/ftp/full.pem
-        '';
-    in {
-      description = "Pure-FTPd server";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-      serviceConfig.ExecStart = "${pkgs.pure-ftpd}/bin/pure-ftpd ${configFile}";
-      serviceConfig.Type = "forking";
-      serviceConfig.PIDFile = "/run/pure-ftpd.pid";
-    };
-  };
-}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-07 15:07:00 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-07 15:07:00 +0200
commit	79d2de8b83d765721b2cb720b2bc59673df54a4a (patch)
tree	db989f06302e31a1468832d106d25d611717e363 /nixops/modules/ftp
parent	86663f1789aecdb62e44a4be46e0ed111b795a09 (diff)
download	Nix-79d2de8b83d765721b2cb720b2bc59673df54a4a.tar.gz Nix-79d2de8b83d765721b2cb720b2bc59673df54a4a.tar.zst Nix-79d2de8b83d765721b2cb720b2bc59673df54a4a.zip

diff --git a/nixops/modules/ftp/default.nix b/nixops/modules/ftp/default.nix deleted file mode 100644 index 541e119..0000000 --- a/nixops/modules/ftp/default.nix +++ /dev/null
@@ -1,118 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	{
3	options = {
4	services.pure-ftpd.enable = lib.mkOption {
5	type = lib.types.bool;
6	default = false;
7	description = ''
8	Whether to enable pure-ftpd.
9	'';
10	};
11	};
12
13	config = lib.mkIf config.services.pure-ftpd.enable {
14	security.acme.certs."ftp" = config.services.myCertificates.certConfig // {
15	domain = "eldiron.immae.eu";
16	postRun = ''
17	systemctl restart pure-ftpd.service
18	'';
19	extraDomains = { "ftp.immae.eu" = null; };
20	};
21
22	networking = {
23	firewall = {
24	allowedTCPPorts = [ 21 ];
25	allowedTCPPortRanges = [ { from = 40000; to = 50000; } ];
26	};
27	};
28
29	users.users = [
30	{
31	name = "ftp";
32	uid = config.ids.uids.ftp; # 8
33	group = "ftp";
34	description = "Anonymous FTP user";
35	home = "/homeless-shelter";
36	extraGroups = [ "keys" ];
37	}
38	];
39
40	users.groups.ftp.gid = config.ids.gids.ftp;
41
42	system.activationScripts.pure-ftpd = ''
43	install -m 0755 -o ftp -g ftp -d /var/lib/ftp
44	'';
45
46	mySecrets.keys = [{
47	dest = "pure-ftpd-ldap";
48	permissions = "0400";
49	user = "ftp";
50	group = "ftp";
51	text = ''
52	LDAPServer ${myconfig.env.ftp.ldap.host}
53	LDAPPort 389
54	LDAPUseTLS True
55	LDAPBaseDN ${myconfig.env.ftp.ldap.base}
56	LDAPBindDN ${myconfig.env.ftp.ldap.dn}
57	LDAPBindPW ${myconfig.env.ftp.ldap.password}
58	LDAPDefaultUID 500
59	LDAPForceDefaultUID False
60	LDAPDefaultGID 100
61	LDAPForceDefaultGID False
62	LDAPFilter ${myconfig.env.ftp.ldap.filter}
63
64	LDAPAuthMethod BIND
65
66	# Pas de possibilite de donner l'Uid/Gid !
67	# Compile dans pure-ftpd directement avec immaeFtpUid / immaeFtpGid
68	LDAPHomeDir immaeFtpDirectory
69	'';
70	}];
71
72	systemd.services.pure-ftpd = let
73	configFile = pkgs.writeText "pure-ftpd.conf" ''
74	PassivePortRange 40000 50000
75	ChrootEveryone yes
76	CreateHomeDir yes
77	BrokenClientsCompatibility yes
78	MaxClientsNumber 50
79	Daemonize yes
80	MaxClientsPerIP 8
81	VerboseLog no
82	DisplayDotFiles yes
83	AnonymousOnly no
84	NoAnonymous no
85	SyslogFacility ftp
86	DontResolve yes
87	MaxIdleTime 15
88	LDAPConfigFile /var/secrets/pure-ftpd-ldap
89	LimitRecursion 10000 8
90	AnonymousCanCreateDirs no
91	MaxLoad 4
92	AntiWarez yes
93	Umask 133:022
94	# ftp
95	MinUID 8
96	AllowUserFXP no
97	AllowAnonymousFXP no
98	ProhibitDotFilesWrite no
99	ProhibitDotFilesRead no
100	AutoRename no
101	AnonymousCantUpload no
102	MaxDiskUsage 99
103	CustomerProof yes
104	TLS 1
105	CertFile /var/lib/acme/ftp/full.pem
106	'';
107	in {
108	description = "Pure-FTPd server";
109	wantedBy = [ "multi-user.target" ];
110	after = [ "network.target" ];
111
112	serviceConfig.ExecStart = "${pkgs.pure-ftpd}/bin/pure-ftpd ${configFile}";
113	serviceConfig.Type = "forking";
114	serviceConfig.PIDFile = "/run/pure-ftpd.pid";
115	};
116	};
117
118	}