Fixed some TLS options, added user specific options.

defaults/main.yml

@@ -10,9 +10,11 @@ vsftpd_ls_recurse_enable: "NO"
 vsftpd_local_root: /dev/null
 vsftpd_pasv_min_port: 49152
 vsftpd_pasv_max_port: 65534
-vsftpd_global_confi_dir: /etc/vsftpd  
+vsftpd_global_config_dir: /etc/vsftpd
+vsftpd_user_config_enabled: False
+vsftpd_user_config_dir: '{{ vsftpd_global_config_dir }}/users'
 vsftpd_chroot_list_enable: "YES"
-vsftpd_chroot_list_file: '{{ vsftpd_global_confi_dir }}/chroot_list'
+vsftpd_chroot_list_file: '{{ vsftpd_global_config_dir }}/chroot_list'
 vsftpd_chroot_passwd_enable: "NO"
 vsftpd_chroot_local_user: "NO"
 vsftpd_iptables_rules: True
@@ -20,12 +22,11 @@ vsftpd_iptables_allowed_hosts:
   - 0.0.0.0/0
 
 vsftp_chrooted_users: []
-#  - { login: 'user1' }
+#  - { login: 'user1', conf: [ 'local_umask=022', 'local_root=/some/foo/path' ] }
 #  - { login: 'user2' }
 
-vsftpd_manage_user_acls: True
-vsftpd_manage_real_users: False
 vsftpd_manage_valid_shells: False
+vsftpd_valid_shell: '/bin/true'
 
 vsftpd_tls_enabled: True
 vsftpd_force_tls: True

tasks/main.yml

@@ -18,7 +18,7 @@
     yum: pkg=vsftpd state=present
 
   - name: Install the vsftpd configuration file
-    template: src=vsftpd.conf.j2 dest={{ vsftpd_global_confi_dir }}/vsftpd.conf mode=0444 owner=root group=root
+    template: src=vsftpd.conf.j2 dest={{ vsftpd_global_config_dir }}/vsftpd.conf mode=0444 owner=root group=root
     notify: Restart the vsftpd server
     tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ] 
 
@@ -27,9 +27,27 @@
 
 - name: Global configuration
   block:
+  - name: Create the global config directory
+    file: dest={{ vsftpd_global_config_dir }} state=directory mode='0755' owner=root group=root
+
   - name: Install the chroot list file
     template: src=vsftpd_chroot_list.j2 dest={{ vsftpd_chroot_list_file }} mode=0444 owner=root group=root
 
+  - name: Create the user configs directory
+    file: dest={{ vsftpd_user_config_dir }} state=directory mode='0750' owner=root group=root
+    when: vsftpd_user_config_enabled
+
+  - name: Install the users configurations
+    template: src=vsftpd_user_config.j2 dest={{ vsftpd_user_config_dir }}/{{ item.login }} mode=0444 owner=root group=root
+    with_items: '{{ vsftp_chrooted_users }}'
+    when:
+      - vsftpd_user_config_enabled
+      - item.conf is defined
+
+  - name: Make /bin/true a valid shell
+    lineinfile: name=/etc/shells line="{{ vsftpd_valid_shell }}"
+    when: vsftpd_manage_valid_shells
+
   tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ] 
 
 - name: vsftpd service

templates/vsftpd.conf.j2

@@ -122,11 +122,15 @@ pam_service_name=vsftpd
 ssl_enable=YES
 ssl_sslv2=NO
 ssl_sslv3=NO
-{% if ansible_distribution_version is version_compare('18.04', '>=') %}
+{% if ansible_distribution_version is version_compare('18.04', '==') and ansible_distribution_file_variety == "Debian" %}
+ssl_tlsv1=NO
+{% endif %}
+{% if ansible_distribution_version is version_compare('20.04', '>=') and ansible_distribution_file_variety == "Debian" %}
 ssl_tlsv1=NO
 ssl_tlsv1_1=NO
 ssl_tlsv1_2=YES
-{% else %}
+{% endif %}
+{% if ansible_distribution_version is version_compare('16.04', '<=') and ansible_distribution_file_variety == "Debian" %}
 ssl_tlsv1=YES
 {% endif %}
 ca_certs_file={{ vsftpd_ssl_ca_certificate }}
@@ -150,3 +154,6 @@ chroot_list_file={{ vsftpd_chroot_list_file }}
 passwd_chroot_enable={{ vsftpd_chroot_passwd_enable }}
 chroot_local_user={{ vsftpd_chroot_local_user }}
 
+{% if vsftpd_user_config_enabled %}
+user_config_dir={{ vsftpd_user_config_dir }}
+{% endif %}

templates/vsftpd_user_config.j2

@@ -0,0 +1,5 @@
+{% if item.conf is defined %}
+{% for data in item.conf %}
+{{ data }}
+{% endfor %}
+{% endif %}