7c632352a0
The behaviour of the `include` module is badly defined (it try to choose between statically importing the tasks and dynamically including them) and can cause problems depending on any number of constraints (mostly if it choose the wrong behaviour). Replace it with the `import_tasks` (always statically import tasks) unless the `include` is in a loop in which case we replace it with `include_tasks` (always dynamically include tasks).
98 lines
2 KiB
YAML
98 lines
2 KiB
YAML
---
|
|
- name: package is installed
|
|
apt:
|
|
name: proftpd-basic
|
|
state: present
|
|
tags:
|
|
- proftpd
|
|
- packages
|
|
|
|
- name: ftpusers groupe exists
|
|
group:
|
|
name: ftpusers
|
|
state: present
|
|
notify: restart proftpd
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: FTP jail is installed
|
|
template:
|
|
src: evolinux.conf.j2
|
|
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
|
mode: "0644"
|
|
force: "{{ proftpd_ftp_override }}"
|
|
notify: restart proftpd
|
|
when: proftpd_ftp_enable | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: FTPS jail is installed
|
|
template:
|
|
src: ftps.conf.j2
|
|
dest: /etc/proftpd/conf.d/ftps.conf
|
|
mode: "0644"
|
|
force: "{{ proftpd_ftps_override }}"
|
|
notify: restart proftpd
|
|
when: proftpd_ftps_enable | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: SFTP jail is installed
|
|
template:
|
|
src: sftp.conf.j2
|
|
dest: /etc/proftpd/conf.d/sftp.conf
|
|
mode: "0644"
|
|
force: "{{ proftpd_sftp_override }}"
|
|
notify: restart proftpd
|
|
when: proftpd_sftp_enable | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: SFTP key folder exists if needed
|
|
file:
|
|
path: /etc/proftpd/sftp.authorized_keys/
|
|
state: directory
|
|
mode: "0755"
|
|
owner: root
|
|
group: root
|
|
notify: restart proftpd
|
|
when:
|
|
- proftpd_sftp_enable | bool
|
|
- proftpd_sftp_use_publickeys | bool
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: mod_tls_memcache is disabled
|
|
replace:
|
|
dest: /etc/proftpd/modules.conf
|
|
regexp: '^LoadModule mod_tls_memcache.c'
|
|
replace: '#LoadModule mod_tls_memcache.c'
|
|
notify: restart proftpd
|
|
tags:
|
|
- proftpd
|
|
|
|
- name: Put empty vpasswd file if missing
|
|
copy:
|
|
src: vpasswd
|
|
dest: /etc/proftpd/vpasswd
|
|
force: no
|
|
notify: restart proftpd
|
|
tags:
|
|
- proftpd
|
|
|
|
# Why 440? Because should be edited with ftpasswd.
|
|
# So, readonly when opened with vim.
|
|
# Then readable by group.
|
|
- name: Enforce permissions on password file
|
|
file:
|
|
path: /etc/proftpd/vpasswd
|
|
mode: "0440"
|
|
owner: root
|
|
group: root
|
|
notify: restart proftpd
|
|
tags:
|
|
- proftpd
|
|
|
|
- import_tasks: accounts.yml
|
|
when: proftpd_accounts | length > 0
|