---
- name: Install the ftp server packages
  yum: pkg={{ vsftpd_pkgs }} state={{ pkg_state }}
  tags:
    - ftp
    - vsftpd

- name: Install the vsftpd blacklist files
  copy: src={{ item }} dest=/etc/vsftpd/{{ item }} owner=root group=root mode=0400
  with_items: vsftpd_blacklist_files
  notify: Restart vsftpd
  tags:
    - ftp
    - vsftpd

- name: Install the vsftpd config file
  template: src=vsftpd.conf.j2 dest=/etc/vsftpd/vsftpd.conf owner=root group=root mode=0400
  notify: Restart vsftpd
  tags:
    - ftp
    - vsftpd
    - vsftpd_config

- name: Set the needed SELinux booleans when local users are enabled
  seboolean: name={{ item }} state=yes persistent=yes
  with_items:
    - ftp_home_dir
    - ftpd_full_access
  when: vsftpd_local | bool
  tags:
    - ftp
    - vsftpd

- name: Set the needed SELinux booleans when anonymous users uploads are enabled
  seboolean: name={{ item }} state=yes persistent=yes
  with_items:
    - allow_ftpd_full_access
    - allow_ftpd_anon_write
  when: vsftpd_anonymous_upload | bool
  tags:
    - ftp
    - vsftpd

- name: Ensure that the vsftpd service is started and enabled
  service: name=vsftpd enabled=yes
  tags:
    - ftp
    - vsftpd
  
- name: Manage the letsencrypt hook
  block: 
    - name: Create the acme hooks directory if it does not yet exist
      file: dest={{ letsencrypt_acme_sh_services_scripts_dir }} state=directory owner=root group=root

    - name: Install the vsftp hook for letsencrypt
      template: src=vsftpd-letsencrypt-hook.sh.j2 dest=/usr/lib/acme/hooks/vsftpd owner=root group=root mode=0550

  when: vsftpd_tls_letsencrypt | bool
  tags: [ 'ftp', 'vsftpd', 'vsftpd_config', 'letsencrypt' ]