forked from evolix/ansible-roles
proftpd: remove whitelist block if feature is disabled
This commit is contained in:
parent
1d5415237c
commit
e3746d18fb
|
@ -13,6 +13,8 @@ The **patch** part is incremented if multiple releases happen the same month
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
proftpd: optional configuration of IP whitelists per groups of users
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
* autosysadmin-agent: upstream release 24.03.2
|
* autosysadmin-agent: upstream release 24.03.2
|
||||||
|
|
|
@ -61,7 +61,7 @@
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: Whitelist ip for users (SFTP)
|
- name: IP Whitelists for SFTP users are present
|
||||||
ansible.builtin.blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
dest: /etc/proftpd/conf.d/sftp.conf
|
dest: /etc/proftpd/conf.d/sftp.conf
|
||||||
marker: "# {mark} ANSIBLE MANAGED BLOCK - Whitelist ip for users"
|
marker: "# {mark} ANSIBLE MANAGED BLOCK - Whitelist ip for users"
|
||||||
|
@ -82,6 +82,14 @@
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
when: proftpd_sftp_enable_user_whitelist | bool
|
when: proftpd_sftp_enable_user_whitelist | bool
|
||||||
|
|
||||||
|
- name: IP Whitelists for SFTP users are absent
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
dest: /etc/proftpd/conf.d/sftp.conf
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK - Whitelist ip for users"
|
||||||
|
state: absent
|
||||||
|
notify: restart proftpd
|
||||||
|
when: not (proftpd_sftp_enable_user_whitelist | bool)
|
||||||
|
|
||||||
- name: Allow keys for SFTP account
|
- name: Allow keys for SFTP account
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
|
dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
|
||||||
|
|
Loading…
Reference in a new issue