forked from evolix/ansible-roles
75 lines
1.8 KiB
YAML
75 lines
1.8 KiB
YAML
---
|
|
- name: Check if FTP account exist
|
|
ansible.builtin.command:
|
|
cmd: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd
|
|
failed_when: False
|
|
check_mode: no
|
|
changed_when: check_ftp_account.rc != 0
|
|
register: check_ftp_account
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Generate FTP password
|
|
ansible.builtin.command:
|
|
cmd: apg -n1
|
|
register: ftp_password
|
|
check_mode: no
|
|
when: check_ftp_account.rc != 0
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Print generated password
|
|
ansible.builtin.debug:
|
|
msg: "{{ ftp_password.stdout }}"
|
|
when: check_ftp_account.rc != 0
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Hash generated FTP password
|
|
ansible.builtin.set_fact:
|
|
proftpd_password: "{{ ftp_password.stdout | password_hash('sha512') }}"
|
|
check_mode: no
|
|
when: check_ftp_account.rc != 0
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Get current FTP password
|
|
ansible.builtin.shell:
|
|
cmd: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
|
|
register: hashed_ftp_password
|
|
check_mode: no
|
|
when: check_ftp_account.rc == 0
|
|
changed_when: False
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Get current FTP password
|
|
ansible.builtin.set_fact:
|
|
proftpd_password: "{{ hashed_ftp_password.stdout }}"
|
|
check_mode: no
|
|
when: check_ftp_account.rc == 0
|
|
changed_when: False
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Create FTP account
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/proftpd/vpasswd
|
|
state: present
|
|
create: yes
|
|
mode: "0440"
|
|
line: "{{ proftpd_name }}:{{ proftpd_password }}:{{ proftpd_uid }}:{{ proftpd_gid }}::{{ proftpd_home }}:/bin/false"
|
|
notify: restart proftpd
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Allow FTP account
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
|
state: present
|
|
line: " AllowUser {{ proftpd_name }}"
|
|
insertbefore: "DenyAll"
|
|
notify: restart proftpd
|
|
tags:
|
|
- proftpd
|