DuN0z/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Delete: ftp.nix

Browse source
This commit is contained in:
DuN0z 2025-10-18 05:58:11 +02:00
parent 53c0163ccc
commit e8b1d7c269
1 changed files with 0 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

67
modules/services/ftp.nix
View file

@ -1,67 +0,0 @@
_: {
# -------------------------------------------------
# 1⃣ Création de lutilisateur système dédié FTP
# -------------------------------------------------
users.users.ftpuser = {
isSystemUser = true; # pas de login shell
description = "Compte FTP dédié";
home = "/srv/ftp/ftpuser";
createHome = true;
group = "ftpuser";
shell = "/usr/bin/nologin";
};
users.groups.ftpuser = {};
services.openssh = {
extraConfig = ''
Match User ftpuser
ChrootDirectory /srv/ftp/ftpuser
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
'';
};
# -------------------------------------------------
# 2⃣ Permissions du répertoire home (méthode A)
# -------------------------------------------------
system.activationScripts.setupFtp = ''
# Répertoire racine du chroot lectureseule
chmod a-w /srv/ftp/ftpuser
# Sousrépertoire où lon peut écrire
mkdir -p /srv/ftp/ftpuser/upload
chown ftpuser:ftpuser /srv/ftp/ftpuser/upload
chmod 755 /srv/ftp/ftpuser/upload
'';
# -------------------------------------------------
# 3⃣ Configuration du serveur vsftpd
# -------------------------------------------------
services.vsftpd = {
enable = true;
# Autoriser les comptes locaux (system users)
localUsers = true;
# Refuser laccès anonyme (sécurité renforcée)
anonymousUser = false;
# Chroot chaque utilisateur local dans son $HOME
chrootlocalUser = true;
allowWriteableChroot = true;
extraConfig = ''
pasv_min_port=40000
pasv_max_port=40004
'';
};
# -------------------------------------------------
# 4⃣ Ouverture des ports dans le firewall NixOS
# -------------------------------------------------
networking.firewall = {
allowedTCPPorts = [21 40000 40001 40002 40003 40004];
# Si vous utilisez FTPS implicite (port 990) :
# allowedTCPPorts = [ 21 990 40000 40001 40002 40003 40004 ];
};
}