Mathieu Trossevin
101c282846
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
The comments used by ansible's blockinfile module break the format expected by proftpd for public ssh keys, making them unusable. Replace with a template, we will just have to accept that we need to use ansible for all changes to these file.
78 lines
1.9 KiB
YAML
78 lines
1.9 KiB
YAML
---
|
|
- include: accounts_password.yml
|
|
when: item.password is undefined
|
|
loop: "{{ proftpd_accounts }}"
|
|
tags:
|
|
- proftpd
|
|
|
|
- set_fact:
|
|
proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}"
|
|
when: item.password is defined
|
|
loop: "{{ proftpd_accounts }}"
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Create FTP account
|
|
lineinfile:
|
|
dest: /etc/proftpd/vpasswd
|
|
state: present
|
|
create: yes
|
|
mode: "0440"
|
|
line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false"
|
|
regexp: "^{{ item.name }}:.*"
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
notify: restart proftpd
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Allow FTP account (FTP)
|
|
lineinfile:
|
|
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
|
state: present
|
|
line: "\tAllowUser {{ item.name }}"
|
|
insertbefore: "DenyAll"
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
notify: restart proftpd
|
|
when: proftpd_ftp_enable | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Allow FTP account (FTPS)
|
|
lineinfile:
|
|
dest: /etc/proftpd/conf.d/ftps.conf
|
|
state: present
|
|
line: "\tAllowUser {{ item.name }}"
|
|
insertbefore: "DenyAll"
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
notify: restart proftpd
|
|
when: proftpd_ftps_enable | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Allow FTP account (SFTP)
|
|
lineinfile:
|
|
dest: /etc/proftpd/conf.d/sftp.conf
|
|
state: present
|
|
line: "\tAllowUser {{ item.name }}"
|
|
insertbefore: "DenyAll"
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
notify: restart proftpd
|
|
when: proftpd_sftp_enable | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Allow keys for SFTP account
|
|
template:
|
|
dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
|
|
src: authorized_keys.j2
|
|
mode: 0600
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
loop_control:
|
|
loop_var: _proftpd_account
|
|
notify: restart proftpd
|
|
when:
|
|
- proftpd_sftp_enable | bool
|
|
- proftpd_sftp_use_publickeys | bool
|
|
tags:
|
|
- proftpd
|