From 101c2828469c608d503d1db3fa2ec20d1085a388 Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Thu, 8 Dec 2022 17:32:53 +0100 Subject: [PATCH] proftpd: Fix format of public key files controlled by ansible The comments used by ansible's blockinfile module break the format expected by proftpd for public ssh keys, making them unusable. Replace with a template, we will just have to accept that we need to use ansible for all changes to these file. --- CHANGELOG.md | 1 + proftpd/tasks/accounts.yml | 10 +++++----- proftpd/templates/authorized_keys.j2 | 3 +++ 3 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 proftpd/templates/authorized_keys.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b6e6388..af42fcb4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -53,6 +53,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * evolinux-user: Fix sudoers privilege for check php\_fpm80 * nagios-nrpe: Fix check opendkim for recent change in listening port * varnish: fix missing state, that blocked the task +* proftpd: Fix format of public key files controlled by ansible ### Removed diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml index 0ff57272..833cc1c1 100644 --- a/proftpd/tasks/accounts.yml +++ b/proftpd/tasks/accounts.yml @@ -62,13 +62,13 @@ - proftpd - name: Allow keys for SFTP account - blockinfile: - dest: "/etc/proftpd/sftp.authorized_keys/{{ item.name }}" - state: present - block: "{{ item.sshkeys }}" - create: yes + template: + dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}" + src: authorized_keys.j2 mode: 0600 loop: "{{ proftpd_accounts_final }}" + loop_control: + loop_var: _proftpd_account notify: restart proftpd when: - proftpd_sftp_enable | bool diff --git a/proftpd/templates/authorized_keys.j2 b/proftpd/templates/authorized_keys.j2 new file mode 100644 index 00000000..620e50f9 --- /dev/null +++ b/proftpd/templates/authorized_keys.j2 @@ -0,0 +1,3 @@ +{%- for key in _proftpd_account.sshkeys %} +{{ key }} +{%- endfor %}