--- - name: package is installed ansible.builtin.apt: name: proftpd-basic state: present tags: - proftpd - packages - name: ftpusers groupe exists ansible.builtin.group: name: ftpusers state: present notify: restart proftpd tags: - proftpd - name: FTP jail is installed ansible.builtin.template: src: evolinux.conf.j2 dest: /etc/proftpd/conf.d/z-evolinux.conf mode: "0644" force: "{{ proftpd_ftp_override }}" notify: restart proftpd when: proftpd_ftp_enable | bool tags: - proftpd - name: FTPS jail is installed ansible.builtin.template: src: ftps.conf.j2 dest: /etc/proftpd/conf.d/ftps.conf mode: "0644" force: "{{ proftpd_ftps_override }}" notify: restart proftpd when: proftpd_ftps_enable | bool tags: - proftpd - name: SFTP jail is installed ansible.builtin.template: src: sftp.conf.j2 dest: /etc/proftpd/conf.d/sftp.conf mode: "0644" force: "{{ proftpd_sftp_override }}" notify: restart proftpd when: proftpd_sftp_enable | bool tags: - proftpd - name: SFTP key folder exists if needed ansible.builtin.file: path: /etc/proftpd/sftp.authorized_keys/ state: directory mode: "0755" owner: root group: root notify: restart proftpd when: - proftpd_sftp_enable | bool - proftpd_sftp_use_publickeys | bool tags: - proftpd - name: mod_tls_memcache is disabled ansible.builtin.replace: dest: /etc/proftpd/modules.conf regexp: '^LoadModule mod_tls_memcache.c' replace: '#LoadModule mod_tls_memcache.c' notify: restart proftpd tags: - proftpd - name: Put empty vpasswd file if missing ansible.builtin.copy: src: vpasswd dest: /etc/proftpd/vpasswd force: false notify: restart proftpd tags: - proftpd # Why 440? Because should be edited with ftpasswd. # So, readonly when opened with vim. # Then readable by group. - name: Enforce permissions on password file ansible.builtin.file: path: /etc/proftpd/vpasswd mode: "0440" owner: root group: root notify: restart proftpd tags: - proftpd - ansible.builtin.include: accounts.yml when: proftpd_accounts | length > 0