home.paperless: add proftpd for paperless ingest

2024-09-08 19:42:27 +02:00 · 2024-09-08 19:42:27 +02:00 · 3f9f84f230
commit 3f9f84f230
parent 40fcaf56ee
4 changed files with 119 additions and 0 deletions
--- a/bundles/proftpd/items.py
+++ b/bundles/proftpd/items.py
@ -0,0 +1,13 @@
+files['/etc/proftpd/proftpd.conf'] = {
+    'source': f'{node.name}.conf',
+    'triggers': {
+        'svc_systemd:proftpd:restart',
+    },
+}
+
+svc_systemd['proftpd'] = {
+    'needs': {
+        'file:/etc/proftpd/proftpd.conf',
+        'pkg_apt:proftpd-core',
+    },
+}
--- a/bundles/proftpd/metadata.py
+++ b/bundles/proftpd/metadata.py
@ -0,0 +1,26 @@
+from bundlewrap.metadata import atomic
+
+defaults = {
+    'apt': {
+        'packages': {
+            'proftpd-core': {},
+        },
+    },
+}
+
+
+@metadata_reactor.provides(
+    'firewall/port_rules',
+)
+def firewall(metadata):
+    sources = atomic(metadata.get('mosquitto/restrict-to', set()))
+
+    return {
+        'firewall': {
+            'port_rules': {
+                '20/tcp': sources,
+                '21/tcp': sources,
+                '49152-50192/tcp': sources,
+            },
+        },
+    }
--- a/data/proftpd/files/home.paperless.conf
+++ b/data/proftpd/files/home.paperless.conf
@ -0,0 +1,74 @@
+Include /etc/proftpd/modules.conf
+
+UseIPv6 on
+<IfModule mod_ident.c>
+    IdentLookups off
+</IfModule>
+
+ServerName "home.paperless"
+ServerType standalone
+DeferWelcome off
+
+DefaultServer on
+ShowSymlinks on
+
+TimeoutNoTransfer 600
+TimeoutStalled 600
+TimeoutIdle 1200
+
+DisplayLogin welcome.msg
+DisplayChdir .message true
+ListOptions "-l"
+
+DenyFilter \*.*/
+
+RequireValidShell off
+
+Port 21
+
+PassivePorts 49152 50192
+
+MaxInstances 30
+
+User proftpd
+Group nogroup
+
+Umask 022 022
+AllowOverwrite on
+
+TransferLog /var/log/proftpd/xferlog
+SystemLog /var/log/proftpd/proftpd.log
+
+<IfModule mod_quotatab.c>
+    QuotaEngine off
+</IfModule>
+
+<IfModule mod_ratio.c>
+    Ratios off
+</IfModule>
+
+<IfModule mod_delay.c>
+    DelayEngine on
+</IfModule>
+
+<IfModule mod_ctrls.c>
+    ControlsEngine off
+    ControlsMaxClients 2
+    ControlsLog /var/log/proftpd/controls.log
+    ControlsInterval 5
+    ControlsSocket /var/run/proftpd/proftpd.sock
+</IfModule>
+
+<IfModule mod_ctrls_admin.c>
+    AdminControlsEngine off
+</IfModule>
+
+<Anonymous /mnt/paperless/consume/>
+    User nobody
+    Group nogroup
+    UserAlias anonymous ftp
+
+    <Directory *>
+        AllowAll
+    </Directory>
+</Anonymous>
--- a/nodes/home/paperless.py
+++ b/nodes/home/paperless.py
@ -6,6 +6,7 @@ nodes['home.paperless'] = {
        'redis',
        'postgresql',
        'paperless-ng',
+        'proftpd',
    },
    'groups': {
        'debian-bookworm',
@ -53,6 +54,11 @@ nodes['home.paperless'] = {
        'postgresql': {
            'version': 15,
        },
+        'proftpd': {
+            'restrict-to': {
+                'home.fujitsu-n7100',
+            },
+        },
        'vm': {
            'cpu': 2,
            'ram': 2,