---
- include: accounts_password.yml
  when: item.password is undefined
  loop: "{{ proftpd_accounts }}"
  tags:
    - proftpd

- set_fact:
    proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}"
  when: item.password is defined
  loop: "{{ proftpd_accounts }}"
  tags:
    - proftpd

- name: Create FTP account
  lineinfile:
    dest: /etc/proftpd/vpasswd
    state: present
    create: yes
    mode: "0440"
    line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false"
    regexp: "^{{ item.name }}:.*"
  loop: "{{ proftpd_accounts_final }}"
  notify: restart proftpd
  tags:
    - proftpd

- name: Allow FTP account (FTP)
  lineinfile:
    dest: /etc/proftpd/conf.d/z-evolinux.conf
    state: present
    line: "\tAllowUser {{ item.name }}"
    insertbefore: "DenyAll"
  loop: "{{ proftpd_accounts_final }}"
  notify: restart proftpd
  when: proftpd_ftp_enable | bool
  tags:
    - proftpd

- name: Allow FTP account (FTPS)
  lineinfile:
    dest: /etc/proftpd/conf.d/ftps.conf
    state: present
    line: "\tAllowUser {{ item.name }}"
    insertbefore: "DenyAll"
  loop: "{{ proftpd_accounts_final }}"
  notify: restart proftpd
  when: proftpd_ftps_enable | bool
  tags:
    - proftpd

- name: Allow FTP account (SFTP)
  lineinfile:
    dest: /etc/proftpd/conf.d/sftp.conf
    state: present
    line: "\tAllowUser {{ item.name }}"
    insertbefore: "DenyAll"
  loop: "{{ proftpd_accounts_final }}"
  notify: restart proftpd
  when: proftpd_sftp_enable | bool
  tags:
    - proftpd

- name: Allow keys for SFTP account
  template:
    dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
    src: authorized_keys.j2
    mode: 0644
  loop: "{{ proftpd_accounts_final }}"
  loop_control:
    loop_var: _proftpd_account
  notify: restart proftpd
  when:
    - proftpd_sftp_enable | bool
    - proftpd_sftp_use_publickeys | bool
  tags:
    - proftpd