98 lines
3.3 KiB
YAML
98 lines
3.3 KiB
YAML
---
|
|
- name: Package, and config, deb distributions
|
|
block:
|
|
- name: Install the vsftpd package on deb distributions
|
|
apt: pkg=vsftpd state=present update_cache=yes cache_valid_time=3600
|
|
|
|
- name: Install the vsftpd configuration file
|
|
template: src=vsftpd.conf.j2 dest=/etc/vsftpd.conf mode=0444 owner=root group=root
|
|
notify: Restart the vsftpd server
|
|
tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ]
|
|
|
|
when: ansible_distribution_file_variety == "Debian"
|
|
tags: [ 'vsftpd', 'ftp' ]
|
|
|
|
- name: Package, and config, el
|
|
block:
|
|
- name: Install the vsftpd package on el distributions
|
|
yum: pkg=vsftpd state=present
|
|
|
|
- name: Install the vsftpd configuration file
|
|
template: src=vsftpd.conf.j2 dest={{ vsftpd_global_config_dir }}/vsftpd.conf mode=0444 owner=root group=root
|
|
notify: Restart the vsftpd server
|
|
tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ]
|
|
|
|
when: ansible_distribution_file_variety == "RedHat"
|
|
tags: [ 'vsftpd', 'ftp' ]
|
|
|
|
- name: Global configuration
|
|
block:
|
|
- name: Create the global config directory
|
|
file: dest={{ vsftpd_global_config_dir }} state=directory mode='0755' owner=root group=root
|
|
|
|
- name: Install the chroot list file
|
|
template: src=vsftpd_chroot_list.j2 dest={{ vsftpd_chroot_list_file }} mode=0444 owner=root group=root
|
|
|
|
- name: Create the user configs directory
|
|
file: dest={{ vsftpd_user_config_dir }} state=directory mode='0750' owner=root group=root
|
|
when: vsftpd_user_config_enabled
|
|
|
|
- name: Install the users configurations
|
|
template: src=vsftpd_user_config.j2 dest={{ vsftpd_user_config_dir }}/{{ item.login }} mode=0444 owner=root group=root
|
|
with_items: '{{ vsftp_chrooted_users }}'
|
|
when:
|
|
- vsftpd_user_config_enabled
|
|
- item.conf is defined
|
|
|
|
- name: Make /bin/true a valid shell
|
|
lineinfile: name=/etc/shells line="{{ vsftpd_valid_shell }}"
|
|
when: vsftpd_manage_valid_shells
|
|
|
|
tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ]
|
|
|
|
- name: vsftpd service
|
|
block:
|
|
- name: Start and enable the vsftpd server
|
|
service: name=vsftpd state=started enabled=yes
|
|
when: vsftpd_server_enabled
|
|
tags: [ 'vsftpd', 'ftp' ]
|
|
|
|
- name: Stop and disable the vsftpd server
|
|
service: name=vsftpd state=stopped
|
|
when: not vsftpd_server_enabled
|
|
|
|
tags: [ 'vsftpd', 'ftp' ]
|
|
|
|
- name: Letsencrypt certificates
|
|
block:
|
|
- name: Create the acme hooks directory if it does not yet exist
|
|
ansible.builtin.file:
|
|
dest: '{{ letsencrypt_acme_sh_services_scripts_dir }}'
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Create a directory where to put the certificate file to control the renewal date
|
|
ansible.builtin.file:
|
|
dest: /etc/pki/vsftpd
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Copy the certificate file
|
|
ansible.builtin.copy:
|
|
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/cert'
|
|
dest: /etc/pki/vsftpd/vsftpd.pem
|
|
remote_src: yes
|
|
|
|
- name: Install a script that restarts the vsftpd server when a certificate is being renewed
|
|
ansible.builtin.template:
|
|
src: vsftpd-letsencrypt-acme.sh.j2
|
|
dest: '{{ letsencrypt_acme_sh_services_scripts_dir }}/vsftpd'
|
|
owner: root
|
|
group: root
|
|
mode: 4555
|
|
|
|
when: letsencrypt_acme_install is defined and letsencrypt_acme_install
|
|
tags: [ 'vsftpd', 'ftp', 'letsencrypt', 'letsencrypt_acme_sh', 'vsftpd_letsencrypt' ]
|