proftpd: add whitelist ip in virtualhost sftp
This commit is contained in:
parent
bc9609ce48
commit
eda69725d5
|
@ -35,6 +35,7 @@ The **patch** part is incremented if multiple releases happen the same month
|
||||||
* autosysadmin-restart_nrpe: add role
|
* autosysadmin-restart_nrpe: add role
|
||||||
* certbot: Renewal hook for NRPE
|
* certbot: Renewal hook for NRPE
|
||||||
* kvm-host: add minifirewall rules if DRBD interface is configured
|
* kvm-host: add minifirewall rules if DRBD interface is configured
|
||||||
|
* proftpd: add whitelist ip
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
|
|
@ -61,6 +61,27 @@
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
|
- name: Whitelist ip for users (SFTP)
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
dest: /etc/proftpd/conf.d/sftp.conf
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK - Whitelist ip for users"
|
||||||
|
block: |
|
||||||
|
{% for user in proftpd_accounts_final %}
|
||||||
|
{% if user.group is defined %}
|
||||||
|
<IfUser {{ user.name }}>
|
||||||
|
<Limit LOGIN>
|
||||||
|
{% for ip in proftpd_sftp_ips_whitelist[user.group] %}
|
||||||
|
Allow from {{ ip }}
|
||||||
|
{% endfor %}
|
||||||
|
DenyAll
|
||||||
|
</Limit>
|
||||||
|
</IfUser>
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
insertbefore: "</IfModule>"
|
||||||
|
notify: restart proftpd
|
||||||
|
when: proftpd_sftp_enable_user_whitelist | bool
|
||||||
|
|
||||||
- name: Allow keys for SFTP account
|
- name: Allow keys for SFTP account
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
|
dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
|
||||||
|
|
Loading…
Reference in a new issue