main.yml

- name: Install packages.
  apt:
    name: [ "proftpd-basic" ]

- name: Ensure group auth exists.
  file:
    state: touch
    path: /etc/proftpd/ftpd.group
    mode: 0600

- name: Create FTP users.
  shell:
    cmd: "echo {{ eci_passwords[item] }}|ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name={{ item }} --uid={{ eci_users_uid[item] }} --gid={{ ansible_facts.getent_group['eci'][1] }} --home=/eci-users/{{item}} --shell=/bin/false --stdin"
  loop: "{{eci_users}}"
  notify: restart-ftp



- name: Configure ProFTPd umask.
  ansible.builtin.lineinfile:
    regexp: '^Umask'
    line: Umask 002 002
    path: /etc/proftpd/proftpd.conf
  notify: restart-ftp
  
- name: Configure ProFTPd for multiple virtual users.
  tags: proftpd-conf-text
  blockinfile:
    path: /etc/proftpd/proftpd.conf
    block: |
      DefaultRoot ~
      RequireValidShell off
      AuthUserFile /etc/proftpd/ftpd.passwd
      AuthGroupFile /etc/proftpd/ftpd.group
      ServerName "{{hostvars[inventory_hostname].ansible_hostname}}"
      AuthOrder mod_auth_file.c
      PassivePorts                  50000 65534
  notify: restart-ftp

- name: Touch tls.conf.
  tags: proftpd-conf-text
  file:
    path: /etc/proftpd/conf.d/tls.conf
    state: touch
    
- name: Add TLS to ProFTPd.
  tags: proftpd-conf-text
  blockinfile:
    path: /etc/proftpd/conf.d/tls.conf
    block: |
      TLSEngine on
      TLSRequired on
      TLSRSACertificateFile  /etc/eci-platform/pub/certificate.key
      TLSRSACertificateKeyFile /etc/eci-platform/priv/certificate.key
      TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
      TLSCipherSuite ALL :!ADH:!DES
      TLSVerifyClient off
      TLSRenegotiate required off
      TLSLog /var/log/proftpd/tls.log
  notify: restart-ftp