instance-default.cfg.in

[buildout]
parts =
  promises
  cron-service
  cron-entry-logrotate
  logrotate-entry-proftpd
  publish-connection-parameter

extends = {{ template_monitor }}

[instance-parameter]
# TODO: this is not needed
recipe = slapos.cookbook:slapconfiguration
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}

[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}

[directory]
recipe = slapos.cookbook:mkdirectory
home = ${buildout:directory}
etc = ${:home}/etc
var = ${:home}/var
log = ${:var}/log
srv = ${:home}/srv
service = ${:etc}/service
proftpd-dir = ${:srv}/proftpd/
ssh-authorized-keys-dir = ${:etc}/authorized_keys/

[config-file]
recipe = slapos.recipe.template:jinja2
url = {{ software_parts_directory }}/${:_buildout_section_name_}/${:_buildout_section_name_}.cfg.in
output = ${directory:etc}/${:_buildout_section_name_}.cfg
extensions = jinja2.ext.do

[proftpd-userinfo]
recipe = slapos.cookbook:userinfo


[proftpd-password]
recipe = slapos.cookbook:generate.password
username = proftpd
bytes = 12

[proftpd]
ipv6 = ${instance-parameter:ipv6-random}
ipv4 = ${instance-parameter:ipv4-random}
host = ${:ipv6}
sftp-port = {{ slapparameter_dict.get('port', 8022) }}
url = sftp://[${:host}]:${:sftp-port}
data-dir = ${directory:proftpd-dir}
user=${proftpd-userinfo:pw-name}
group=${proftpd-userinfo:gr-name}
scoreboard-file=${directory:var}/proftpd.scoreboard
pid-file=${directory:var}/proftpd.pid
sftp-log=${directory:log}/proftpd-sftp.log
xfer-log=${directory:log}/proftpd-xfer.log
ban-log=${directory:log}/proftpd-ban.log
ssh-host-rsa-key=${ssh-host-rsa-key:output}
ssh-host-dsa-key=${ssh-host-dsa-key:output}
ssh-host-ecdsa-key=${ssh-host-ecdsa-key:output}
ssh-authorized-key = ${ssh-authorized-keys:output}
ban-table=${directory:srv}/proftpd-ban-table
control-socket=${directory:var}/proftpd.sock
auth-user-file=${auth-user-file:output}
authentication-url = {{ slapparameter_dict.get('authentication-url', '')}}

recipe = slapos.cookbook:wrapper
command-line =
   {{ proftpd_bin }} --nodaemon --config ${proftpd-config-file:output}
wrapper-path = ${directory:service}/proftpd

[ssh-authorized-keys]
output = ${directory:ssh-authorized-keys-dir}/authorized_keys
{% if slapparameter_dict.get('ssh-key') %}
recipe = slapos.recipe.template
inline ={{ slapparameter_dict['ssh-key'] | indent }}
{% endif %}

[proftpd-listen-promise]
<= monitor-promise-base
promise = check_socket_listening
name = ${:_buildout_section_name_}.py
config-host = ${proftpd:ipv6}
config-port = ${proftpd:sftp-port}


[ftpasswd]
# command line to add a user, invoke with:
#   ftpasswd --name=bob
# to prompt for password, or --stdin to read password from stdin
recipe = slapos.cookbook:wrapper
wrapper-path =${buildout:bin-directory}/${:_buildout_section_name_}
command-line =
  {{ ftpasswd_bin }} --passwd --home=${proftpd:data-dir} --shell=/bin/false --uid=${proftpd-userinfo:pw-uid} --gid=${proftpd-userinfo:gr-gid}  --file ${auth-user-file:output}

[auth-user-file]
recipe = plone.recipe.command
output = ${directory:etc}/ftpd.passwd
command =
  echo ${proftpd-password:passwd} | ${ftpasswd:wrapper-path} --name=${proftpd-password:username} --stdin
update-command = ${:command}


[ssh-keygen-base]
recipe = plone.recipe.command
output = ${directory:etc}/${:_buildout_section_name_}
command = {{ ssh_keygen_bin }} -f ${:output} -N '' ${:extra-args}

[ssh-host-rsa-key]
<=ssh-keygen-base
extra-args=-t rsa
[ssh-host-dsa-key]
<=ssh-keygen-base
extra-args=-t dsa
[ssh-host-ecdsa-key]
<=ssh-keygen-base
extra-args=-t ecdsa -b 521


[proftpd-config-file]
<= config-file
context =
  section proftpd proftpd
  key slapparameter_dict slap-configuration:configuration


[promises]
recipe =
instance-promises =
  ${proftpd-listen-promise:name}

[logrotate-entry-proftpd]
<= logrotate-entry-base
name = proftpd
log =
  ${proftpd:sftp-log}
  ${proftpd:xfer-log}
  ${proftpd:ban-log}
post =
  test ! -s ${proftpd:pid-file} || kill -HUP $(cat "${proftpd:pid-file}")

[publish-connection-parameter]
recipe = slapos.cookbook:publish
url = ${proftpd:url}
{% if not slapparameter_dict.get('authentication-url') %}
username = ${proftpd-password:username}
{%   if not slapparameter_dict.get('ssh-key') %}
password = ${proftpd-password:passwd}
{%   endif %}
{% endif %}