Newer
Older
- name: Install packages.
apt:
name: [ "proftpd-basic" ]
- name: Ensure group auth exists.
file:
state: touch
path: /etc/proftpd/ftpd.group
mode: 0600
- name: Create FTP users.
shell:
cmd: "echo {{ eci_passwords[item] }}|ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name={{ item }} --uid={{ eci_users_uid[item] }} --gid={{ ansible_facts.getent_group['eci'][1] }} --home=/eci-users/{{item}} --shell=/bin/false --stdin"
- name: Configure ProFTPd umask.
ansible.builtin.lineinfile:
regexp: '^Umask'
line: Umask 002 002
path: /etc/proftpd/proftpd.conf
notify: restart-ftp
blockinfile:
path: /etc/proftpd/proftpd.conf
block: |
DefaultRoot ~
RequireValidShell off
AuthUserFile /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/proftpd/ftpd.group
ServerName "{{hostvars[inventory_hostname].ansible_hostname}}"
AuthOrder mod_auth_file.c
PassivePorts 50000 65534
notify: restart-ftp
- name: Touch tls.conf.
tags: proftpd-conf-text
file:
path: /etc/proftpd/conf.d/tls.conf
state: touch
- name: Add TLS to ProFTPd.
tags: proftpd-conf-text
blockinfile:
path: /etc/proftpd/conf.d/tls.conf
block: |
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/eci-platform/pub/certificate.key
TLSRSACertificateKeyFile /etc/eci-platform/priv/certificate.key
TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
TLSCipherSuite ALL :!ADH:!DES
TLSVerifyClient off
TLSRenegotiate required off
TLSLog /var/log/proftpd/tls.log