- name: 'Install pure-ftpd related packages' apt: pkg: - 'pure-ftpd' state: 'present' tags: - 'ftp' - 'pure-ftpd' - name: 'Install pure-ftpd configuration (TLS settings)' lineinfile: dest: '/etc/pure-ftpd/conf/{{ item.dest }}' regexp: '{{ item.regexp }}' line: '{{ item.line }}' create: yes with_items: - { dest: 'TLS', regexp: '^[0-9]+$', line: '3' } - { dest: 'TLSCipherSuite', regexp: '^.*$', line: 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!SSLv3:!SSLv2:!TLSv1' } notify: - 'Restart pure-ftpd' when: with_ftp_tls|bool tags: - 'ftp' - 'pure-ftpd' - name: 'Create pure-ftpd SSL bundle certificate symlink' file: src: '/etc/ssl/local/certs/{{ ftp_tls_domain }}/bundle.pem' path: '/etc/ssl/private/pure-ftpd.pem' state: 'link' notify: - 'Restart pure-ftpd' when: with_ftp_tls|bool and ftp_tls_domain tags: - 'ftp' - 'pure-ftpd' - name: 'Create pure-ftpd Diffie Hellman Param file symlink' file: src: '/etc/ssl/private/dh2048.pem' path: '/etc/ssl/private/pure-ftpd-dhparams.pem' state: 'link' notify: - 'Restart pure-ftpd' when: with_ftp_tls|bool tags: - 'ftp' - 'pure-ftpd' - name: 'Install pure-ftpd configuration' lineinfile: dest: '/etc/pure-ftpd/conf/{{ item.dest }}' regexp: '{{ item.regexp }}' line: '{{ item.line }}' create: yes with_items: - { dest: 'BrokenClientsCompatibility', regexp: '^(yes|no)', line: 'yes' } - { dest: 'ChrootEveryone', regexp: '^(yes|no)', line: 'yes' } - { dest: 'DontResolve', regexp: '^(yes|no)', line: 'yes' } - { dest: 'NoAnonymous', regexp: '^(yes|no)', line: 'yes' } - { dest: 'NoChmod', regexp: '^(yes|no)', line: 'yes' } - { dest: 'PAMAuthentication', regexp: '^(yes|no)', line: 'yes' } - { dest: 'VerboseLog', regexp: '^(yes|no)', line: 'no' } - { dest: 'MinUID', regexp: '^[0-9]+$', line: '34' } # Debian's uid(backup) = 34 - { dest: 'PassivePortRange', regexp: '^[0-9]+ [0-9]+$', line: '64000 65000' } notify: - 'Restart pure-ftpd' tags: - 'ftp' - 'pure-ftpd' - name: 'Enable pure-ftpd internal DB' file: src: '/etc/pure-ftpd/conf/PureDB' path: '/etc/pure-ftpd/auth/80puredb' state: 'link' notify: - 'Restart pure-ftpd' tags: - 'ftp' - 'pure-ftpd' - name: 'Clean up pure-ftpd internal DB' raw: pure-pw list 2>/dev/null | sed -r 's/^(\S+)\s.*$/\1/' | while read u ; do pure-pw userdel "${u}" ; done changed_when: False tags: - 'ftp' - 'pure-ftpd' - name: 'Create FTP accounts home directory' file: path: '{{ item.home }}' owner: '{{ item.uid }}' group: '{{ item.gid }}' mode: 0755 state: 'directory' with_items: '{{ ftp_accounts }}' when: ftp_accounts|length > 0 and (item.create_home is not defined or (item.create_home is defined and item.create_home)) tags: - 'ftp' - 'pure-ftpd' - name: 'Add FTP accounts in pure-ftpd' raw: printf "{{ item.password }}\n{{ item.password }}\n" | pure-pw useradd "{{ item.user }}" -d "{{ item.home }}" -u "{{ item.uid }}" -g "{{ item.gid }}" with_items: '{{ ftp_accounts }}' changed_when: False when: with_ftp|bool and ftp_accounts|length > 0 tags: - 'ftp' - 'pure-ftpd' - name: 'Rebuild pure-ftpd internal DB' raw: pure-pw mkdb 2>/dev/null changed_when: False tags: - 'ftp' - 'pure-ftpd' - name: 'Ensure pure-ftpd is running' service: name: 'pure-ftpd' state: 'started' tags: - 'ftp' - 'pure-ftpd' # vim: ft=yaml.ansible