--- - ansible.builtin.include: accounts_password.yml when: item.password is undefined loop: "{{ proftpd_accounts }}" tags: - proftpd - ansible.builtin.set_fact: proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}" when: item.password is defined loop: "{{ proftpd_accounts }}" tags: - proftpd - name: Create FTP account ansible.builtin.lineinfile: dest: /etc/proftpd/vpasswd state: present create: yes mode: "0440" line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false" regexp: "^{{ item.name }}:.*" loop: "{{ proftpd_accounts_final }}" notify: restart proftpd tags: - proftpd - name: Allow FTP account (FTP) ansible.builtin.lineinfile: dest: /etc/proftpd/conf.d/z-evolinux.conf state: present line: "\tAllowUser {{ item.name }}" insertbefore: "DenyAll" loop: "{{ proftpd_accounts_final }}" notify: restart proftpd when: proftpd_ftp_enable | bool tags: - proftpd - name: Allow FTP account (FTPS) ansible.builtin.lineinfile: dest: /etc/proftpd/conf.d/ftps.conf state: present line: "\tAllowUser {{ item.name }}" insertbefore: "DenyAll" loop: "{{ proftpd_accounts_final }}" notify: restart proftpd when: proftpd_ftps_enable | bool tags: - proftpd - name: Allow FTP account (SFTP) ansible.builtin.lineinfile: dest: /etc/proftpd/conf.d/sftp.conf state: present line: "\tAllowUser {{ item.name }}" insertbefore: "DenyAll" loop: "{{ proftpd_accounts_final }}" notify: restart proftpd when: proftpd_sftp_enable | bool tags: - proftpd - name: IP Whitelists for SFTP users are present ansible.builtin.blockinfile: dest: /etc/proftpd/conf.d/sftp.conf marker: "# {mark} ANSIBLE MANAGED BLOCK - Whitelist ip for users" block: | {% for user in proftpd_accounts_final %} {% if user.group is defined %} {% for ip in proftpd_sftp_ips_whitelist[user.group] %} Allow from {{ ip }} {% endfor %} DenyAll {% endif %} {% endfor %} insertbefore: "" notify: restart proftpd when: proftpd_sftp_enable_user_whitelist | bool - name: IP Whitelists for SFTP users are absent ansible.builtin.blockinfile: dest: /etc/proftpd/conf.d/sftp.conf marker: "# {mark} ANSIBLE MANAGED BLOCK - Whitelist ip for users" state: absent notify: restart proftpd when: not (proftpd_sftp_enable_user_whitelist | bool) - name: Allow keys for SFTP account ansible.builtin.template: dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}" src: authorized_keys.j2 mode: 0644 loop: "{{ proftpd_accounts_final }}" loop_control: loop_var: _proftpd_account notify: restart proftpd when: - proftpd_sftp_enable | bool - proftpd_sftp_use_publickeys | bool - _proftpd_account.sshkeys is defined tags: - proftpd