Manually merging SFTPGo PR

home/dot_local/etc/cloudflared/config.yml.tmpl

@@ -20,6 +20,8 @@ ingress:
     service: rdp://localhost:3389
   - hostname: samba.{{ $baseDomain }}
     service: localhost:8445
+  - hostname: sftp.{{ $baseDomain }}
+    service: tcp://localhost:2022
   - hostname: vnc.{{ $baseDomain }}
     service: tcp://localhost:5901
 {{- if eq .host.softwareGroup "Kubernetes" }}

home/dot_local/etc/sftpgo/banner

@@ -0,0 +1,5 @@
+WARNING! Authorized use only. Your IP address has been logged.
+
+If you choose to ignore this warning and discover a vulnerability
+that you can explain how to remediate, then please contact brian@megabyte.space
+for a bounty.

home/dot_local/etc/sftpgo/sftpgo.json.tmpl

@@ -60,10 +60,8 @@
       ]
     },
     "acme": {
-    "domains": [
-      "sftp.{{- $baseDomain -}}"
-    ],
-    "email": "{{- .user.cloudflare.username -}}",
+      "domains": ["sftp.{{ $baseDomain }}"],
+      "email": "{{ .user.cloudflare.username }}",
       "key_type": "4096",
       "certs_path": "certs",
       "ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory",
@@ -96,7 +94,7 @@
       "macs": [],
       "trusted_user_ca_keys": [],
       "revoked_user_certs_file": "",
-    "login_banner_file": "",
+      "login_banner_file": "/usr/local/etc/sftpgo/banner",
       "enabled_ssh_commands": [
         "md5sum",
         "sha1sum",
@@ -311,9 +309,9 @@
             "web_admin": {
               "name": "",
               "short_name": "",
-            "favicon_path": "",
-            "logo_path": "",
-            "login_image_path": "",
+              "favicon_path": "/usr/local/etc/branding/favicon.ico",
+              "logo_path": "/usr/local/etc/branding/logo-color-256x256.png",
+              "login_image_path": "/usr/local/etc/branding/logo-color-900x900.png",
               "disclaimer_name": "",
               "disclaimer_path": "",
               "default_css": "",
@@ -322,9 +320,9 @@
             "web_client": {
               "name": "",
               "short_name": "",
-            "favicon_path": "",
-            "logo_path": "",
-            "login_image_path": "",
+              "favicon_path": "/usr/local/etc/branding/favicon.ico",
+              "logo_path": "/usr/local/etc/branding/logo-color-256x256.png",
+              "login_image_path": "/usr/local/etc/branding/logo-color-900x900.png",
               "disclaimer_name": "",
               "disclaimer_path": "",
               "default_css": "",
@@ -363,7 +361,7 @@
       "hide_support_link": true
     },
     "telemetry": {
-    "bind_port": 0,
+      "bind_port": 57500,
       "bind_address": "127.0.0.1",
       "enable_profiler": false,
       "auth_user_file": "",
@@ -397,8 +395,8 @@
     "mfa": {
       "totp": [
         {
-        "name": "Install Doctor",
-        "issuer": "SFTPGo - Install Doctor",
+          "name": "CombineOS",
+          "issuer": "CombineOS - SFTPGo",
           "algo": "sha1"
         }
       ]
@@ -406,13 +404,30 @@
     "smtp": {
       "host": "smtp.sendgrid.net",
       "port": 587,
-    "from": "SFTPGo <no-reply@{{ .host.domain }}",
+      "from": "CombineOS SFTPGo <no-reply@{{ .host.domain }}",
       "user": "apikey",
-    "password": "{{- if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SENDGRID_API_KEY")) -}}{{- includeTemplate "secrets/SENDGRID_API_KEY" | decrypt | trim -}}{{- else -}}{{- env "SENDGRID_API_KEY" -}}{{- end -}}",
+      "password": "{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SENDGRID_API_KEY")) }}{{ includeTemplate "secrets/SENDGRID_API_KEY" | decrypt | trim }}{{ else }}{{ env "SENDGRID_API_KEY" }}",
       "auth_type": 0,
       "encryption": 1,
       "domain": "",
       "templates_path": "templates"
     },
-  "plugins": []
+     "plugins": [
+      {
+        "cmd": "/usr/local/bin/sftpgo-plugin-auth",
+        "type": "auth",
+        "auth_options": {
+          "scope": 1
+        },
+        "args": [
+          "serve",
+          "--ldap-url=ldap://ldap.jumpcloud.com:389",
+          "--ldap-base-dn=ou=Users,o={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_ORG_ID")) }}{{ includeTemplate "secrets/JUMPCLOUD_ORG_ID" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_ORG_ID" }},dc=jumpcloud,dc=com",
+          "--ldap-bind-dn=uid={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_BINDDN_USER")) }}{{ includeTemplate "secrets/JUMPCLOUD_BINDDN_USER" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_BINDDN_USER" }},ou=Users,o={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_ORG_ID")) }}{{ includeTemplate "secrets/JUMPCLOUD_ORG_ID" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_ORG_ID" }},dc=jumpcloud,dc=com",
+          "--ldap-password={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_BINDDN_PASSWORD")) }}{{ includeTemplate "secrets/JUMPCLOUD_BINDDN_PASSWORD" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_BINDDN_PASSWORD" }}",
+          "--ldap-search-query=(objectClass=inetOrgPerson)"
+        ],
+        "auto_mtls": true
+      }
+    ]
   }

software.yml

@@ -7828,15 +7828,20 @@ softwarePackages:
           fi
           logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/ to $NETDATA_ETC" && sudo cp -rf "${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/" "$NETDATA_ETC"
           
-          ### Blocky
-          logg info "Adding Blocky metrics collection to $NETDATA_ETC/go.d/prometheus.conf"
           if command -v gsed > /dev/null; then
             SED_UTIL="gsed"
           else
             SED_UTIL="sed"
           fi
+
+          ### Blocky
+          logg info "Adding Blocky metrics collection to $NETDATA_ETC/go.d/prometheus.conf"
           sudo "$SED_UTIL" -i "/jobs:/a\  - name: blocky_local \n    url: 'http://127.0.0.1:4000/metrics'" "$NETDATA_ETC/go.d/prometheus.conf"
           
+          ### SFTPGo
+          logg info "Adding SFTPGo metrics collection to $NETDATA_ETC/go.d/prometheus.conf"
+          sudo "$SED_UTIL" -i "/jobs:/a\  - name: sftpgo_local \n    url: 'http://127.0.0.1:57500/metrics'" "$NETDATA_ETC/go.d/prometheus.conf"
+
           # Backup current health alarm configuration and apply new one
           if [ -d /usr/local/lib/netdata ]; then
             NETDATA_LIB='/usr/local/lib/netdata'
@@ -10346,7 +10351,20 @@ softwarePackages:
     _name: serverless
     brew: serverless
     npm: serverless
+  sftpgo-plugin-auth:
+    _bin: sftpgo-plugin-auth
+    _desc: A plugin for SFTPGo to enable LDAP/Active Directory authentication
+    _docs: null
+    _github: https://github.com/sftpgo/sftpgo-plugin-auth
+    _home: null
+    _name: SFTPGo Authentication Plugin
+    _post: |
+      #!/usr/bin/env bash
+      sudo mv -f $(which sftpgo-plugin-auth) /usr/local/bin/sftpgo-plugin-auth
+    go: github.com/sftpgo/sftpgo-plugin-auth@latest
   sftpgo:
+    _deps:
+      - sftpgo-plugin-auth
     _bin: sftpgo
     _desc: Fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob
     _docs: null
@@ -10357,6 +10375,11 @@ softwarePackages:
       #!/usr/bin/env bash
       sudo mkdir -p /usr/local/etc/sftpgo
       sudo cp -f "$HOME/.local/etc/sftpgo/sftpgo.json" /usr/local/etc/sftpgo/sftpgo.json
+      sudo cp -f "$HOME/.local/etc/sftpgo/banner" /usr/local/etc/sftpgo/banner
+      sudo mkdir -p /usr/local/etc/branding
+      sudo cp -f "$HOME/.local/etc/branding/favicon.ico" /usr/local/etc/branding/favicon.ico
+      sudo cp -f "$HOME/.local/etc/branding/logo-color-256x256.png" /usr/local/etc/branding/logo-color-256x256.png
+      sudo cp -f "$HOME/.local/etc/branding/logo-color-900x900.png" /usr/local/etc/branding/logo-color-900x900.png
       sudo sftpgo initprovider
     _service: sftpgo
     _service:brew: