From 1394052fd601e391ba7547b2230dfe52709d75cd Mon Sep 17 00:00:00 2001
From: William Hirigoyen <whirigoyen+git@evolix.fr>
Date: Wed, 15 Nov 2023 10:53:22 +0100
Subject: [PATCH] ProFTPd: set missing default listen IP for SFTP, enable
 ed25525549 key only for Debian >= 11

---
 CHANGELOG.md                   | 3 ++-
 proftpd/defaults/main.yml      | 2 +-
 proftpd/templates/sftp.conf.j2 | 2 ++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e03d4964..5118693e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,7 +23,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * evocheck: upstream release 23.10
 * add-vm.sh: allow VM name max length > 20
 * nagios: rename var `nagios_nrpe_process_processes` into `nagios_nrpe_processes` and check systemd-timesyncd instead of ntpd in Debian 12
-* ProFTPd: in SFTP vhost, enable SSH keys login, enable ed25549 host key
+* ProFTPd: in SFTP vhost, enable SSH keys login, enable ed25549 host key for Debian >= 11
 
 ### Fixed
 
@@ -35,6 +35,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * webapps/nextcloud: fix missing gid
 * webapps/nextcloud: fix misplaced gid attribute
 * webapps/nextcloud: added check that nexctcloud uid is over 3000
+* ProFTPd: set missing default listen IP for SFTP
 
 ### Removed
 
diff --git a/proftpd/defaults/main.yml b/proftpd/defaults/main.yml
index 9473731e..0bcaa40f 100644
--- a/proftpd/defaults/main.yml
+++ b/proftpd/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 proftpd_hostname: "{{ ansible_hostname }}"
 proftpd_fqdn: "{{ ansible_fqdn }}"
-proftpd_default_address: []
+proftpd_default_address: ["0.0.0.0"]
 proftpd_ftp_enable: True
 proftpd_ftp_override: False
 proftpd_port: 21
diff --git a/proftpd/templates/sftp.conf.j2 b/proftpd/templates/sftp.conf.j2
index c0eaf171..e70aa71c 100644
--- a/proftpd/templates/sftp.conf.j2
+++ b/proftpd/templates/sftp.conf.j2
@@ -27,7 +27,9 @@
 
     SFTPHostKey /etc/ssh/ssh_host_ecdsa_key
     SFTPHostKey /etc/ssh/ssh_host_rsa_key
+    {% if ansible_distribution_major_version is version('11', '>=') %}
     SFTPHostKey /etc/ssh/ssh_host_ed25519_key
+    {% endif %}
     
     RequireValidShell off