ServerName "ProFTPD SlapOS"
ServerType standalone
MaxInstances  30
DefaultAddress {{ proftpd['ipv6'] }} {{ proftpd['ipv4']}}
SocketBindTight on
DefaultServer off
Port {{ proftpd['sftp-port'] }}

User {{ proftpd['user'] }}
Group {{ proftpd['group'] }}

Umask 022
AllowOverwrite on

# SFTP
SFTPEngine on
SFTPHostKey {{ proftpd['ssh-host-rsa-key'] }}
SFTPHostKey {{ proftpd['ssh-host-dsa-key'] }}
SFTPHostKey {{ proftpd['ssh-host-ecdsa-key'] }}
#SFTPAuthorizedUserKeys file:{{ proftpd['ssh-authorized-keys-dir'] }}%u


# Logging
TransferLog {{ proftpd['xfer-log'] }}
SFTPLog {{ proftpd['sftp-log'] }}
BanLog {{ proftpd['ban-log'] }}


# Virtual users
RequireValidShell off
AuthUserFile {{ proftpd['auth-user-file'] }}


# Prevent partially uploaded files to be visible
HiddenStores on
DeleteAbortedStores on
AllowStoreRestart off


# Limitations of running as non-root user
WtmpLog off
# ( we cannot use DefaultRoot ~ )

# Prevent user for escaping their home
<Directory />
  <Limit ALL>
    DenyAll
  </Limit>
</Directory>

<Directory {{ proftpd['data-dir'] }}>
  <Limit ALL>
    AllowAll
  </Limit>
</Directory>



# Ban failed logins
MaxLoginAttempts 1
BanEngine on
BanTable {{ proftpd['ban-table'] }}
# 5 failed login attemps in 5 minutes -> ban for 20 minutes
BanOnEvent MaxLoginAttempts 5/00:05:00 00:20:00 "Too many Failed Login Attempts"
BanControlsACLs all allow user {{ proftpd['user'] }}