---
- name: package is installed
  apt:
    name: proftpd-basic
    state: present
  tags:
    - proftpd
    - packages

- name: ftpusers groupe exists
  group:
    name: ftpusers
    state: present
  notify: restart proftpd
  tags:
    - proftpd

- name: FTP jail is installed
  template:
    src: evolinux.conf.j2
    dest: /etc/proftpd/conf.d/z-evolinux.conf
    mode: "0644"
    force: "{{ proftpd_ftp_override }}"
  notify: restart proftpd
  when: proftpd_ftp_enable | bool
  tags:
    - proftpd

- name: FTPS jail is installed
  template:
    src: ftps.conf.j2
    dest: /etc/proftpd/conf.d/ftps.conf
    mode: "0644"
    force: "{{ proftpd_ftps_override }}"
  notify: restart proftpd
  when: proftpd_ftps_enable | bool
  tags:
    - proftpd

- name: SFTP jail is installed
  template:
    src: sftp.conf.j2
    dest: /etc/proftpd/conf.d/sftp.conf
    mode: "0644"
    force: "{{ proftpd_sftp_override }}"
  notify: restart proftpd
  when: proftpd_sftp_enable | bool
  tags:
    - proftpd

- name: SFTP key folder exists if needed
  file:
    path: /etc/proftpd/sftp.authorized_keys/
    state: directory
    mode: "0755"
    owner: root
    group: root
  notify: restart proftpd
  when: 
    - proftpd_sftp_enable | bool
    - proftpd_sftp_use_publickeys | bool
  tags:
    - proftpd

- name: mod_tls_memcache is disabled
  replace:
    dest: /etc/proftpd/modules.conf
    regexp: '^LoadModule mod_tls_memcache.c'
    replace: '#LoadModule mod_tls_memcache.c'
  notify: restart proftpd
  tags:
    - proftpd

- name: Put empty vpasswd file if missing
  copy:
    src: vpasswd
    dest: /etc/proftpd/vpasswd
    force: no
  notify: restart proftpd
  tags:
    - proftpd

# Why 440? Because should be edited with ftpasswd.
# So, readonly when opened with vim.
# Then readable by group.
- name: Enforce permissions on password file
  file:
    path: /etc/proftpd/vpasswd
    mode: "0440"
    owner: root
    group: root
  notify: restart proftpd
  tags:
    - proftpd

- include: accounts.yml
  when: proftpd_accounts | length > 0