tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request 'master' (#162) from adellam/ansible-roles:master into master

This commit is contained in:
Andrea Dell'Amico 2020-03-19 13:33:12 +01:00
parent ee602bd005 5de6afff94
commit 29de1e93f4
3 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/roles/apache/tasks/apache-letsencrypt.yml
View File

@ -3,16 +3,19 @@
- name: Enable the proxy modules needed by letsencrypt - name: Enable the proxy modules needed by letsencrypt
apache2_module: name={{ item }} state=present apache2_module: name={{ item }} state=present
with_items: '{{ apache_letsencrypt_proxy_modules }}' with_items: '{{ apache_letsencrypt_proxy_modules }}'
ignore_errors: True
notify: apache2 reload notify: apache2 reload
- name: Install the apache letsencrypt directives on trusty - name: Install the apache letsencrypt directives on trusty
template: src={{ item }}.j2 dest=/etc/apache2/conf-available/{{ item }} owner=root group=root mode=0644 template: src={{ item }}.j2 dest=/etc/apache2/conf-available/{{ item }} owner=root group=root mode=0644
with_items: '{{ apache_letsencrypt_proxy_conf }}' with_items: '{{ apache_letsencrypt_proxy_conf }}'
ignore_errors: True
notify: apache2 reload notify: apache2 reload
- name: Enable the apache letsencrypt directives on trusty - name: Enable the apache letsencrypt directives on trusty
file: src=/etc/apache2/conf-available/{{ item }} dest=/etc/apache2/conf-enabled/{{ item }} state=link file: src=/etc/apache2/conf-available/{{ item }} dest=/etc/apache2/conf-enabled/{{ item }} state=link
with_items: '{{ apache_letsencrypt_proxy_conf }}' with_items: '{{ apache_letsencrypt_proxy_conf }}'
ignore_errors: True
notify: apache2 reload notify: apache2 reload
- name: Create the acme hooks directory if it does not yet exist - name: Create the acme hooks directory if it does not yet exist
@ -29,6 +32,7 @@
- block: - block:
- name: Disable the letsencrypt conf - name: Disable the letsencrypt conf
file: dest=/etc/apache2/conf-enabled/letsencrypt-proxy.conf state=absent file: dest=/etc/apache2/conf-enabled/letsencrypt-proxy.conf state=absent
ignore_errors: True
notify: apache2 reload notify: apache2 reload
- name: Remove the letsencrypt hook for apache - name: Remove the letsencrypt hook for apache

7
library/roles/vsftpd/defaults/main.yml
View File

@ -22,3 +22,10 @@ vsftpd_manage_user_acls: True
vsftpd_manage_real_users: False vsftpd_manage_real_users: False
vsftpd_manage_valid_shells: False vsftpd_manage_valid_shells: False
vsftpd_tls_enabled: True
vsftpd_force_tls: True
vsftpd_tls_letsencrypt: True
vsftpd_ssl_ca_certificate: '{{ letsencrypt_acme_certs_dir }}/fullchain'
vsftpd_ssl_certificate: '{{ letsencrypt_acme_certs_dir }}/cert'
vsftpd_ssl_certificate_key: '{{ letsencrypt_acme_certs_dir }}/privkey'

22
library/roles/vsftpd/templates/vsftpd.conf.j2
View File

@ -117,10 +117,30 @@ secure_chroot_dir=/var/run/vsftpd/empty
# This string is the name of the PAM service vsftpd will use. # This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd pam_service_name=vsftpd
# #
{% if vsftpd_tls_enabled %}
# SSL/TLS
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
{% if ansible_distribution_version is version_compare('18.04', '>=') %}
ssl_tlsv1=NO
ssl_tlsv1_1=NO
ssl_tlsv1_2=YES
{% else %}
ssl_tlsv1=YES
{% endif %}
ca_certs_file={{ vsftpd_ssl_ca_certificate }}
rsa_cert_file={{ vsftpd_ssl_certificate }}
rsa_private_key_file={{ vsftpd_ssl_certificate_key }}
{% if vsftpd_force_tls %}
force_local_logins_ssl=YES
force_local_data_ssl=YES
{% endif %}
{% else %}
# This option specifies the location of the RSA certificate to use for SSL # This option specifies the location of the RSA certificate to use for SSL
# encrypted connections. # encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_cert_file=/etc/ssl/private/vsftpd.pem
{% endif %}
local_root={{ vsftpd_local_root }} local_root={{ vsftpd_local_root }}
pasv_min_port={{ vsftpd_pasv_min_port }} pasv_min_port={{ vsftpd_pasv_min_port }}