Add: sftp ftpuser config

2025-09-26 08:36:37 +02:00 · 2025-09-26 08:36:37 +02:00 · 2a3cd04a31
commit 2a3cd04a31
parent ee2ba3ddf6
3 changed files with 21 additions and 2 deletions
--- a/modules/services/ftp.nix
+++ b/modules/services/ftp.nix
@ -8,10 +8,20 @@
    home          = "/srv/ftp/ftpuser";
    createHome    = true;
    group         = "ftpuser";
-    shell         = "/usr/sbin/nologin";
+    shell         = "/usr/bin/nologin";
  };
  users.groups.ftpuser = {};

+  services.openssh = {
+    extraConfig = ''
+      Match User ftpuser
+        ChrootDirectory /srv/ftp/ftpuser
+        ForceCommand internal-sftp 
+        AllowTcpForwarding no 
+        X11Forwarding no
+    '';
+    };
+
  # -------------------------------------------------
  # 2️⃣ Permissions du répertoire home (méthode A)
  # -------------------------------------------------
--- a/profiles/server-selfhosted.nix
+++ b/profiles/server-selfhosted.nix
@ -9,7 +9,13 @@
    ../modules/sites/levr.porzh.me.nix
  ];

-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false ;
+      PubkeyAuthentication = true ;
+      };
+  };

  environment.systemPackages = with pkgs; [
    btrfs-progs
--- a/secrets/admin-passwd
+++ b/secrets/admin-passwd
@ -0,0 +1,3 @@
+basicauth * {
+            admin $2a$14$RFcSei0IvYK.B7DJ3s6Yn.1i/bjiU.67TrV1RLaL4pxWniHhM8d62
+          }