diff --git a/defaults/main.yml b/defaults/main.yml index ba1c608..8598846 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -10,9 +10,11 @@ vsftpd_ls_recurse_enable: "NO" vsftpd_local_root: /dev/null vsftpd_pasv_min_port: 49152 vsftpd_pasv_max_port: 65534 -vsftpd_global_confi_dir: /etc/vsftpd +vsftpd_global_config_dir: /etc/vsftpd +vsftpd_user_config_enabled: False +vsftpd_user_config_dir: '{{ vsftpd_global_config_dir }}/users' vsftpd_chroot_list_enable: "YES" -vsftpd_chroot_list_file: '{{ vsftpd_global_confi_dir }}/chroot_list' +vsftpd_chroot_list_file: '{{ vsftpd_global_config_dir }}/chroot_list' vsftpd_chroot_passwd_enable: "NO" vsftpd_chroot_local_user: "NO" vsftpd_iptables_rules: True @@ -20,12 +22,11 @@ vsftpd_iptables_allowed_hosts: - 0.0.0.0/0 vsftp_chrooted_users: [] -# - { login: 'user1' } +# - { login: 'user1', conf: [ 'local_umask=022', 'local_root=/some/foo/path' ] } # - { login: 'user2' } -vsftpd_manage_user_acls: True -vsftpd_manage_real_users: False vsftpd_manage_valid_shells: False +vsftpd_valid_shell: '/bin/true' vsftpd_tls_enabled: True vsftpd_force_tls: True diff --git a/tasks/main.yml b/tasks/main.yml index dfe3a1f..94b4463 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -18,7 +18,7 @@ yum: pkg=vsftpd state=present - name: Install the vsftpd configuration file - template: src=vsftpd.conf.j2 dest={{ vsftpd_global_confi_dir }}/vsftpd.conf mode=0444 owner=root group=root + template: src=vsftpd.conf.j2 dest={{ vsftpd_global_config_dir }}/vsftpd.conf mode=0444 owner=root group=root notify: Restart the vsftpd server tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ] @@ -27,9 +27,27 @@ - name: Global configuration block: + - name: Create the global config directory + file: dest={{ vsftpd_global_config_dir }} state=directory mode='0755' owner=root group=root + - name: Install the chroot list file template: src=vsftpd_chroot_list.j2 dest={{ vsftpd_chroot_list_file }} mode=0444 owner=root group=root + - name: Create the user configs directory + file: dest={{ vsftpd_user_config_dir }} state=directory mode='0750' owner=root group=root + when: vsftpd_user_config_enabled + + - name: Install the users configurations + template: src=vsftpd_user_config.j2 dest={{ vsftpd_user_config_dir }}/{{ item.login }} mode=0444 owner=root group=root + with_items: '{{ vsftp_chrooted_users }}' + when: + - vsftpd_user_config_enabled + - item.conf is defined + + - name: Make /bin/true a valid shell + lineinfile: name=/etc/shells line="{{ vsftpd_valid_shell }}" + when: vsftpd_manage_valid_shells + tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ] - name: vsftpd service diff --git a/templates/vsftpd.conf.j2 b/templates/vsftpd.conf.j2 index a2eeeea..a88d5eb 100644 --- a/templates/vsftpd.conf.j2 +++ b/templates/vsftpd.conf.j2 @@ -122,11 +122,15 @@ pam_service_name=vsftpd ssl_enable=YES ssl_sslv2=NO ssl_sslv3=NO -{% if ansible_distribution_version is version_compare('18.04', '>=') %} +{% if ansible_distribution_version is version_compare('18.04', '==') and ansible_distribution_file_variety == "Debian" %} +ssl_tlsv1=NO +{% endif %} +{% if ansible_distribution_version is version_compare('20.04', '>=') and ansible_distribution_file_variety == "Debian" %} ssl_tlsv1=NO ssl_tlsv1_1=NO ssl_tlsv1_2=YES -{% else %} +{% endif %} +{% if ansible_distribution_version is version_compare('16.04', '<=') and ansible_distribution_file_variety == "Debian" %} ssl_tlsv1=YES {% endif %} ca_certs_file={{ vsftpd_ssl_ca_certificate }} @@ -150,3 +154,6 @@ chroot_list_file={{ vsftpd_chroot_list_file }} passwd_chroot_enable={{ vsftpd_chroot_passwd_enable }} chroot_local_user={{ vsftpd_chroot_local_user }} +{% if vsftpd_user_config_enabled %} +user_config_dir={{ vsftpd_user_config_dir }} +{% endif %} diff --git a/templates/vsftpd_user_config.j2 b/templates/vsftpd_user_config.j2 new file mode 100644 index 0000000..55ebc7a --- /dev/null +++ b/templates/vsftpd_user_config.j2 @@ -0,0 +1,5 @@ +{% if item.conf is defined %} +{% for data in item.conf %} +{{ data }} +{% endfor %} +{% endif %}