rename backup-server-state to dump-server-state #150
|
@ -19,6 +19,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
* inspect-domains: Add role
|
* inspect-domains: Add role
|
||||||
* memcached: NRPE check for multi-instance setup
|
* memcached: NRPE check for multi-instance setup
|
||||||
* proftpd: Add options to override configs
|
* proftpd: Add options to override configs
|
||||||
|
* proftpd: Allow user auth with ssh keys
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,7 @@ proftpd_ftps_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
||||||
proftpd_ftps_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
|
proftpd_ftps_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
|
||||||
proftpd_sftp_enable: False
|
proftpd_sftp_enable: False
|
||||||
proftpd_sftp_override: False
|
proftpd_sftp_override: False
|
||||||
|
proftpd_sftp_use_publickeys: False
|
||||||
proftpd_sftp_port: 22222
|
proftpd_sftp_port: 22222
|
||||||
proftpd_accounts: []
|
proftpd_accounts: []
|
||||||
proftpd_accounts_final: []
|
proftpd_accounts_final: []
|
||||||
|
|
|
@ -60,3 +60,18 @@
|
||||||
when: proftpd_sftp_enable | bool
|
when: proftpd_sftp_enable | bool
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
|
- name: Allow keys for SFTP account
|
||||||
|
blockinfile:
|
||||||
|
dest: "/etc/proftpd/sftp.authorized_keys/{{ item.name }}"
|
||||||
|
state: present
|
||||||
|
block: "{{ item.sshkeys }}"
|
||||||
|
create: yes
|
||||||
|
mode: 0600
|
||||||
|
loop: "{{ proftpd_accounts_final }}"
|
||||||
|
notify: restart proftpd
|
||||||
|
when:
|
||||||
|
- proftpd_sftp_enable | bool
|
||||||
|
- proftpd_sftp_use_publickeys | bool
|
||||||
|
tags:
|
||||||
|
- proftpd
|
||||||
|
|
|
@ -48,6 +48,20 @@
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
|
- name: SFTP key folder exists if needed
|
||||||
|
file:
|
||||||
|
path: /etc/proftpd/sftp.authorized_keys/
|
||||||
|
state: directory
|
||||||
|
mode: "0700"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
notify: restart proftpd
|
||||||
|
when:
|
||||||
|
- proftpd_sftp_enable | bool
|
||||||
|
- proftpd_sftp_use_publickeys | bool
|
||||||
|
tags:
|
||||||
|
- proftpd
|
||||||
|
|
||||||
- name: mod_tls_memcache is disabled
|
- name: mod_tls_memcache is disabled
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/proftpd/modules.conf
|
dest: /etc/proftpd/modules.conf
|
||||||
|
|
|
@ -13,8 +13,14 @@
|
||||||
|
|
||||||
SFTPLog /var/log/proftpd/sftp.log
|
SFTPLog /var/log/proftpd/sftp.log
|
||||||
TransferLog /var/log/proftpd/xferlog
|
TransferLog /var/log/proftpd/xferlog
|
||||||
|
|
||||||
|
{% if proftpd_sftp_use_publickeys %}
|
||||||
|
SFTPAuthMethods publickey password
|
||||||
|
SFTPAuthorizedUserKeys file:/etc/proftpd/sftp.authorized_keys/%u
|
||||||
|
{% else %}
|
||||||
SFTPAuthMethods password
|
SFTPAuthMethods password
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
SFTPHostKey /etc/ssh/ssh_host_ecdsa_key
|
SFTPHostKey /etc/ssh/ssh_host_ecdsa_key
|
||||||
SFTPHostKey /etc/ssh/ssh_host_rsa_key
|
SFTPHostKey /etc/ssh/ssh_host_rsa_key
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue