9 years ago · e2fed7dbe2
--- a/roles/ftpserver/defaults/main.yml
+++ b/roles/ftpserver/defaults/main.yml
@@ -3,6 +3,8 @@
 
				 #
			
 
				 
			
 
				 with_ftp: False
			
 
				+with_ftp_tls: False
			
 
				+ftp_tls_domain: Null
			
 
				 ftp_accounts: Null
			
 
				 
			
 
				 # vim: ft=yaml
			
--- a/roles/ftpserver/tasks/pure-ftpd.yml
+++ b/roles/ftpserver/tasks/pure-ftpd.yml
@@ -7,6 +7,37 @@
 
				     - 'pure-ftpd'
			
 
				   when: with_ftp
			
 
				 
			
 
				+- name: 'Install pure-ftpd configuration (TLS settings)'
			
 
				+  lineinfile:
			
 
				+    dest: '/etc/pure-ftpd/conf/{{ item.dest }}'
			
 
				+    regexp: '{{ item.regexp }}'
			
 
				+    line: '{{ item.line }}'
			
 
				+    create: yes
			
 
				+  with_items:
			
 
				+    - { dest: 'TLS', regexp: '^[0-9]+$', line: '3' }
			
 
				+    - { dest: 'TLSCipherSuite', regexp: '^.*$', line: 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!SSLv3:!SSLv2:!TLSv1' }
			
 
				+  notify:
			
 
				+    - 'Restart pure-ftpd'
			
 
				+  when: with_ftp and with_ftp_tls
			
 
				+
			
 
				+- name: 'Create pure-ftpd SSL bundle certificate symlink'
			
 
				+  file:
			
 
				+    src: '/etc/ssl/local/certs/{{ ftp_tls_domain }}/bundle.pem'
			
 
				+    path: '/etc/ssl/private/pure-ftpd.pem'
			
 
				+    state: 'link'
			
 
				+  notify:
			
 
				+    - 'Restart pure-ftpd'
			
 
				+  when: with_ftp and with_ftp_tls and ftp_tls_domain
			
 
				+
			
 
				+- name: 'Create pure-ftpd Diffie Hellman Param file symlink'
			
 
				+  file:
			
 
				+    src: '/etc/ssl/private/dh2048.pem'
			
 
				+    path: '/etc/ssl/private/pure-ftpd-dhparams.pem'
			
 
				+    state: 'link'
			
 
				+  notify:
			
 
				+    - 'Restart pure-ftpd'
			
 
				+  when: with_ftp and with_ftp_tls
			
 
				+
			
 
				 - name: 'Install pure-ftpd configuration'
			
 
				   lineinfile:
			
 
				     dest: '/etc/pure-ftpd/conf/{{ item.dest }}'
			
@@ -22,6 +53,7 @@
 
				     - { dest: 'PAMAuthentication', regexp: '^(yes|no)', line: 'yes' }
			
 
				     - { dest: 'VerboseLog', regexp: '^(yes|no)', line: 'no' }
			
 
				     - { dest: 'MinUID', regexp: '^[0-9]+$', line: '34' } # Debian's uid(backup) = 34
			
 
				+    - { dest: 'PassivePortRange', regexp: '^[0-9]+ [0-9]+$', line: '64000 65000' }
			
 
				   notify:
			
 
				     - 'Restart pure-ftpd'
			
 
				   when: with_ftp