forked from evolix/ansible-roles
proftpd: add whitelist ip in virtualhost sftp
This commit is contained in:
parent
bc9609ce48
commit
eda69725d5
|
@ -35,6 +35,7 @@ The **patch** part is incremented if multiple releases happen the same month
|
|||
* autosysadmin-restart_nrpe: add role
|
||||
* certbot: Renewal hook for NRPE
|
||||
* kvm-host: add minifirewall rules if DRBD interface is configured
|
||||
* proftpd: add whitelist ip
|
||||
|
||||
### Changed
|
||||
|
||||
|
|
|
@ -61,6 +61,27 @@
|
|||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: Whitelist ip for users (SFTP)
|
||||
ansible.builtin.blockinfile:
|
||||
dest: /etc/proftpd/conf.d/sftp.conf
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK - Whitelist ip for users"
|
||||
block: |
|
||||
{% for user in proftpd_accounts_final %}
|
||||
{% if user.group is defined %}
|
||||
<IfUser {{ user.name }}>
|
||||
<Limit LOGIN>
|
||||
{% for ip in proftpd_sftp_ips_whitelist[user.group] %}
|
||||
Allow from {{ ip }}
|
||||
{% endfor %}
|
||||
DenyAll
|
||||
</Limit>
|
||||
</IfUser>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
insertbefore: "</IfModule>"
|
||||
notify: restart proftpd
|
||||
when: proftpd_sftp_enable_user_whitelist | bool
|
||||
|
||||
- name: Allow keys for SFTP account
|
||||
ansible.builtin.template:
|
||||
dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
|
||||
|
|
Loading…
Reference in a new issue