{{- $baseDomain := (join (join .host.hostname ".") .host.domain) -}} {{- if eq .host.qubes true -}} {{- $baseDomain := (join (join .host.hostname "-qube.") .host.domain) -}} {{- end -}} { "common": { "idle_timeout": 15, "upload_mode": 0, "actions": { "execute_on": [], "execute_sync": [], "hook": "" }, "setstat_mode": 0, "temp_path": "", "proxy_protocol": 0, "proxy_allowed": [], "startup_hook": "", "post_connect_hook": "", "post_disconnect_hook": "", "data_retention_hook": "", "max_total_connections": 0, "max_per_host_connections": 20, "whitelist_file": "", "allow_self_connections": 0, "defender": { "enabled": true, "driver": "memory", "ban_time": 30, "ban_time_increment": 50, "threshold": 15, "score_invalid": 2, "score_valid": 1, "score_limit_exceeded": 3, "observation_time": 30, "entries_soft_limit": 100, "entries_hard_limit": 150, "safelist_file": "", "blocklist_file": "", "safelist": [], "blocklist": [] }, "rate_limiters": [ { "average": 0, "period": 1000, "burst": 1, "type": 2, "protocols": [ "SSH", "FTP", "DAV", "HTTP" ], "allow_list": [], "generate_defender_events": false, "entries_soft_limit": 100, "entries_hard_limit": 150 } ] }, "acme": { "domains": [ "sftp.{{ $baseDomain }}" ], "email": "{{ .user.cloudflare.username }}", "key_type": "4096", "certs_path": "certs", "ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory", "renew_days": 30, "http01_challenge": { "port": 80, "proxy_header": "", "webroot": "" }, "tls_alpn01_challenge": { "port": 0 } }, "sftpd": { "bindings": [ { "port": 2022, "address": "", "apply_proxy_config": true } ], "max_auth_tries": 0, "banner": "", "host_keys": [], "host_certificates": [], "host_key_algorithms": [], "moduli": [], "kex_algorithms": [], "ciphers": [], "macs": [], "trusted_user_ca_keys": [], "revoked_user_certs_file": "", "login_banner_file": "/usr/local/etc/sftpgo/banner", "enabled_ssh_commands": [ "md5sum", "sha1sum", "sha256sum", "cd", "pwd", "scp" ], "keyboard_interactive_authentication": false, "keyboard_interactive_auth_hook": "", "password_authentication": true, "folder_prefix": "" }, "ftpd": { "bindings": [ { "port": 0, "address": "", "apply_proxy_config": true, "tls_mode": 0, "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "force_passive_ip": "", "passive_ip_overrides": [], "client_auth_type": 0, "tls_cipher_suites": [], "passive_connections_security": 0, "active_connections_security": 0, "debug": false } ], "banner": "", "banner_file": "", "active_transfers_port_non_20": true, "passive_port_range": { "start": 50000, "end": 50100 }, "disable_active_mode": false, "enable_site": false, "hash_support": 0, "combine_support": 0, "certificate_file": "", "certificate_key_file": "", "ca_certificates": [], "ca_revocation_lists": [] }, "webdavd": { "bindings": [ { "port": 0, "address": "", "enable_https": false, "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "client_auth_type": 0, "tls_cipher_suites": [], "prefix": "", "proxy_allowed": [], "client_ip_proxy_header": "", "client_ip_header_depth": 0, "disable_www_auth_header": false } ], "certificate_file": "", "certificate_key_file": "", "ca_certificates": [], "ca_revocation_lists": [], "cors": { "enabled": false, "allowed_origins": [], "allowed_methods": [], "allowed_headers": [], "exposed_headers": [], "allow_credentials": false, "max_age": 0, "options_passthrough": false, "options_success_status": 0, "allow_private_network": false }, "cache": { "users": { "expiration_time": 0, "max_size": 50 }, "mime_types": { "enabled": true, "max_size": 1000 } } }, "data_provider": { "driver": "sqlite", "name": "/usr/local/etc/sftpgo/sftpgo.db", "host": "", "port": 0, "username": "", "password": "", "sslmode": 0, "disable_sni": false, "target_session_attrs": "", "root_cert": "", "client_cert": "", "client_key": "", "connection_string": "", "sql_tables_prefix": "", "track_quota": 2, "delayed_quota_update": 0, "pool_size": 0, "users_base_dir": "/usr/local/var/sftpgo/data", "actions": { "execute_on": [], "execute_for": [], "hook": "" }, "external_auth_hook": "", "external_auth_scope": 0, "pre_login_hook": "", "post_login_hook": "", "post_login_scope": 0, "check_password_hook": "", "check_password_scope": 0, "password_hashing": { "bcrypt_options": { "cost": 10 }, "argon2_options": { "memory": 65536, "iterations": 1, "parallelism": 2 }, "algo": "bcrypt" }, "password_validation": { "admins": { "min_entropy": 0 }, "users": { "min_entropy": 0 } }, "password_caching": true, "update_mode": 0, "create_default_admin": true, "naming_rules": 1, "is_shared": 0, "node": { "host": "", "port": 0, "proto": "http" }, "backups_path": "backups" }, "httpd": { "bindings": [ { "port": 11101, "address": "", "enable_web_admin": true, "enable_web_client": true, "enable_rest_api": true, "enabled_login_methods": 0, "enable_https": false, "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "client_auth_type": 0, "tls_cipher_suites": [], "proxy_allowed": [], "client_ip_proxy_header": "", "client_ip_header_depth": 0, "hide_login_url": 0, "render_openapi": true, "web_client_integrations": [], "oidc": { "client_id": "", "client_secret": "", "config_url": "", "redirect_base_url": "", "scopes": [ "openid", "profile", "email" ], "username_field": "", "role_field": "", "implicit_roles": false, "custom_fields": [], "insecure_skip_signature_check": false, "debug": false }, "security": { "enabled": false, "allowed_hosts": [], "allowed_hosts_are_regex": false, "hosts_proxy_headers": [], "https_redirect": false, "https_host": "", "https_proxy_headers": [], "sts_seconds": 0, "sts_include_subdomains": false, "sts_preload": false, "content_type_nosniff": false, "content_security_policy": "", "permissions_policy": "", "cross_origin_opener_policy": "", "expect_ct_header": "" }, "branding": { "web_admin": { "name": "", "short_name": "", "favicon_path": "/usr/local/etc/branding/favicon.ico", "logo_path": "/usr/local/etc/branding/logo-color-256x256.png", "login_image_path": "/usr/local/etc/branding/logo-color-900x900.png", "disclaimer_name": "", "disclaimer_path": "", "default_css": "", "extra_css": [] }, "web_client": { "name": "", "short_name": "", "favicon_path": "/usr/local/etc/branding/favicon.ico", "logo_path": "/usr/local/etc/branding/logo-color-256x256.png", "login_image_path": "/usr/local/etc/branding/logo-color-900x900.png", "disclaimer_name": "", "disclaimer_path": "", "default_css": "", "extra_css": [] } } } ], "templates_path": "templates", "static_files_path": "static", "openapi_path": "openapi", "web_root": "", "certificate_file": "", "certificate_key_file": "", "ca_certificates": [], "ca_revocation_lists": [], "signing_passphrase": "", "token_validation": 0, "max_upload_file_size": 1048576000, "cors": { "enabled": false, "allowed_origins": [], "allowed_methods": [], "allowed_headers": [], "exposed_headers": [], "allow_credentials": false, "max_age": 0, "options_passthrough": false, "options_success_status": 0, "allow_private_network": false }, "setup": { "installation_code": "", "installation_code_hint": "Installation code" }, "hide_support_link": true }, "telemetry": { "bind_port": 57500, "bind_address": "127.0.0.1", "enable_profiler": false, "auth_user_file": "", "certificate_file": "", "certificate_key_file": "", "min_tls_version": 12, "tls_cipher_suites": [] }, "http": { "timeout": 20, "retry_wait_min": 2, "retry_wait_max": 30, "retry_max": 3, "ca_certificates": [], "certificates": [], "skip_tls_verify": false, "headers": [] }, "command": { "timeout": 30, "env": [], "commands": [] }, "kms": { "secrets": { "url": "", "master_key": "", "master_key_path": "" } }, "mfa": { "totp": [ { "name": "CombineOS", "issuer": "CombineOS - SFTPGo", "algo": "sha1" } ] }, "smtp": { "host": "{{ .host.smtp.host }}", "port": {{ .host.smtp.port }}, "from": "{{ .host.smtp.from }}", "user": "{{ .host.smtp.user }}", "password": "{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SENDGRID_API_KEY")) }}{{ includeTemplate "secrets/SENDGRID_API_KEY" | decrypt | trim }}{{ else }}{{ env "SENDGRID_API_KEY" }}{{ end }}", "auth_type": 0, "encryption": 1, "domain": "", "templates_path": "templates" }, "plugins": [ { "cmd": "/usr/local/bin/sftpgo-plugin-auth", "type": "auth", "auth_options": { "scope": 1 }, "args": [ "serve", "--ldap-url=ldap://ldap.jumpcloud.com:389", "--ldap-base-dn=ou=Users,o={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_ORG_ID")) }}{{ includeTemplate "secrets/JUMPCLOUD_ORG_ID" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_ORG_ID" }}{{ end }},dc=jumpcloud,dc=com", "--ldap-bind-dn=uid={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_BINDDN_USER")) }}{{ includeTemplate "secrets/JUMPCLOUD_BINDDN_USER" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_BINDDN_USER" }}{{ end }},ou=Users,o={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_ORG_ID")) }}{{ includeTemplate "secrets/JUMPCLOUD_ORG_ID" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_ORG_ID" }}{{ end }},dc=jumpcloud,dc=com", "--ldap-password={{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JUMPCLOUD_BINDDN_PASSWORD")) }}{{ includeTemplate "secrets/JUMPCLOUD_BINDDN_PASSWORD" | decrypt | trim }}{{ else }}{{ env "JUMPCLOUD_BINDDN_PASSWORD" }}{{ end }}", "--ldap-search-query=(objectClass=inetOrgPerson)" ], "auto_mtls": true } ] }