7c632352a0
The behaviour of the `include` module is badly defined (it try to choose between statically importing the tasks and dynamically including them) and can cause problems depending on any number of constraints (mostly if it choose the wrong behaviour). Replace it with the `import_tasks` (always statically import tasks) unless the `include` is in a loop in which case we replace it with `include_tasks` (always dynamically include tasks).
78 lines
1.9 KiB
YAML
78 lines
1.9 KiB
YAML
---
|
|
- import_tasks: accounts_password.yml
|
|
when: item.password is undefined
|
|
loop: "{{ proftpd_accounts }}"
|
|
tags:
|
|
- proftpd
|
|
|
|
- set_fact:
|
|
proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}"
|
|
when: item.password is defined
|
|
loop: "{{ proftpd_accounts }}"
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Create FTP account
|
|
lineinfile:
|
|
dest: /etc/proftpd/vpasswd
|
|
state: present
|
|
create: yes
|
|
mode: "0440"
|
|
line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false"
|
|
regexp: "^{{ item.name }}:.*"
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
notify: restart proftpd
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Allow FTP account (FTP)
|
|
lineinfile:
|
|
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
|
state: present
|
|
line: "\tAllowUser {{ item.name }}"
|
|
insertbefore: "DenyAll"
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
notify: restart proftpd
|
|
when: proftpd_ftp_enable | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Allow FTP account (FTPS)
|
|
lineinfile:
|
|
dest: /etc/proftpd/conf.d/ftps.conf
|
|
state: present
|
|
line: "\tAllowUser {{ item.name }}"
|
|
insertbefore: "DenyAll"
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
notify: restart proftpd
|
|
when: proftpd_ftps_enable | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Allow FTP account (SFTP)
|
|
lineinfile:
|
|
dest: /etc/proftpd/conf.d/sftp.conf
|
|
state: present
|
|
line: "\tAllowUser {{ item.name }}"
|
|
insertbefore: "DenyAll"
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
notify: restart proftpd
|
|
when: proftpd_sftp_enable | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Allow keys for SFTP account
|
|
template:
|
|
dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
|
|
src: authorized_keys.j2
|
|
mode: 0644
|
|
loop: "{{ proftpd_accounts_final }}"
|
|
loop_control:
|
|
loop_var: _proftpd_account
|
|
notify: restart proftpd
|
|
when:
|
|
- proftpd_sftp_enable | bool
|
|
- proftpd_sftp_use_publickeys | bool
|
|
tags:
|
|
- proftpd
|