instance-default.cfg.in 4.26 KB
Newer Older
Jérome Perrin's avatar
Jérome Perrin committed
1 2 3 4 5
[buildout]
parts =
  promises
  publish-connection-parameter

6
extends = {{ template_monitor }}
Jérome Perrin's avatar
Jérome Perrin committed
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60

[instance-parameter]
# TODO: this is not needed
recipe = slapos.cookbook:slapconfiguration
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}

[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}

[directory]
recipe = slapos.cookbook:mkdirectory
home = ${buildout:directory}
etc = ${:home}/etc
var = ${:home}/var
log = ${:var}/log
srv = ${:home}/srv
service = ${:etc}/service
proftpd-dir = ${:srv}/proftpd/
ssh-authorized-keys-dir = ${:etc}/authorized_keys/

[config-file]
recipe = slapos.recipe.template:jinja2
template = {{ software_parts_directory }}/${:_buildout_section_name_}/${:_buildout_section_name_}.cfg.in
rendered = ${directory:etc}/${:_buildout_section_name_}.cfg
mode = 0644
extensions = jinja2.ext.do

[proftpd-userinfo]
recipe = slapos.cookbook:userinfo


[proftpd-password]
recipe = slapos.cookbook:generate.password
username = proftpd
bytes = 12

[proftpd]
ipv6 = ${instance-parameter:ipv6-random}
ipv4 = ${instance-parameter:ipv4-random}
host = ${:ipv6}
sftp-port = {{ slapparameter_dict.get('port', 8022) }}
url = sftp://[${:host}]:${:sftp-port}
data-dir = ${directory:proftpd-dir}
user=${proftpd-userinfo:pw-name}
group=${proftpd-userinfo:gr-name}
61 62
scoreboard-file=${directory:var}/proftpd.scoreboard
pid-file=${directory:var}/proftpd.pid
Jérome Perrin's avatar
Jérome Perrin committed
63 64 65 66 67 68
sftp-log=${directory:log}/proftpd-sftp.log
xfer-log=${directory:log}/proftpd-xfer.log
ban-log=${directory:log}/proftpd-ban.log
ssh-host-rsa-key=${ssh-host-rsa-key:output}
ssh-host-dsa-key=${ssh-host-dsa-key:output}
ssh-host-ecdsa-key=${ssh-host-ecdsa-key:output}
69
ssh-authorized-key = ${ssh-authorized-keys:rendered}
Jérome Perrin's avatar
Jérome Perrin committed
70
ban-table=${directory:srv}/proftpd-ban-table
71
control-socket=${directory:var}/proftpd.sock
Jérome Perrin's avatar
Jérome Perrin committed
72
auth-user-file=${auth-user-file:output}
73
authentication-url = {{ slapparameter_dict.get('authentication-url', '')}}
Jérome Perrin's avatar
Jérome Perrin committed
74 75 76 77 78 79

recipe = slapos.cookbook:wrapper
command-line =
   {{ proftpd_bin }} --nodaemon --config ${proftpd-config-file:rendered}
wrapper-path = ${directory:service}/proftpd

80 81 82 83 84 85 86
[ssh-authorized-keys]
rendered = ${directory:ssh-authorized-keys-dir}/authorized_keys
{% if slapparameter_dict.get('ssh-key') %}
recipe = slapos.recipe.template:jinja2
template = inline:{{ slapparameter_dict['ssh-key'] | indent }}
{% endif %}

Jérome Perrin's avatar
Jérome Perrin committed
87
[proftpd-listen-promise]
88 89 90 91 92
<= monitor-promise-base
module = check_port_listening
name = ${:_buildout_section_name_}.py
config-hostname = ${proftpd:ipv6}
config-port = ${proftpd:sftp-port}
Jérome Perrin's avatar
Jérome Perrin committed
93 94 95 96 97 98


[ftpasswd]
# command line to add a user, invoke with:
#   ftpasswd --name=bob
# to prompt for password, or --stdin to read password from stdin
99 100 101 102
recipe = slapos.cookbook:wrapper
wrapper-path =${buildout:bin-directory}/${:_buildout_section_name_}
command-line =
  {{ perl_bin }} {{ ftpasswd_bin }} --passwd --home=${proftpd:data-dir} --shell=/bin/false --uid=${proftpd-userinfo:pw-uid} --gid=${proftpd-userinfo:gr-gid}  --file ${auth-user-file:output}
Jérome Perrin's avatar
Jérome Perrin committed
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137

[auth-user-file]
recipe = plone.recipe.command
output = ${directory:etc}/ftpd.passwd
command =
  echo ${proftpd-password:passwd} | ${ftpasswd:wrapper-path} --name=${proftpd-password:username} --stdin
update-command = ${:command}


[ssh-keygen-base]
recipe = plone.recipe.command
output = ${directory:etc}/${:_buildout_section_name_}
command = {{ ssh_keygen_bin }} -f ${:output} -N '' ${:extra-args}

[ssh-host-rsa-key]
<=ssh-keygen-base
extra-args=-t rsa
[ssh-host-dsa-key]
<=ssh-keygen-base
extra-args=-t dsa
[ssh-host-ecdsa-key]
<=ssh-keygen-base
extra-args=-t ecdsa -b 521


[proftpd-config-file]
<= config-file
context =
  section proftpd proftpd
  key slapparameter_dict slap-configuration:configuration


[promises]
recipe =
instance-promises =
138
  ${proftpd-listen-promise:name}
Jérome Perrin's avatar
Jérome Perrin committed
139 140 141 142 143


[publish-connection-parameter]
recipe = slapos.cookbook:publish
url = ${proftpd:url}
144
{% if not slapparameter_dict.get('authentication-url') %}
Jérome Perrin's avatar
Jérome Perrin committed
145
username = ${proftpd-password:username}
146
{%   if not slapparameter_dict.get('ssh-key') %}
Jérome Perrin's avatar
Jérome Perrin committed
147
password = ${proftpd-password:passwd}
148
{%   endif %}
149
{% endif %}