kolter
/
ansible-playbooks


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
							- name: 'Install pure-ftpd related packages'
  apt:
    pkg: '{{ item }}'
    state: 'installed'
  with_items:
    - 'pure-ftpd'

- name: 'Install pure-ftpd configuration (TLS settings)'
  lineinfile:
    dest: '/etc/pure-ftpd/conf/{{ item.dest }}'
    regexp: '{{ item.regexp }}'
    line: '{{ item.line }}'
    create: yes
  with_items:
    - { dest: 'TLS', regexp: '^[0-9]+$', line: '3' }
    - { dest: 'TLSCipherSuite', regexp: '^.*$', line: 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!SSLv3:!SSLv2:!TLSv1' }
  notify:
    - 'Restart pure-ftpd'
  when: with_ftp_tls

- name: 'Create pure-ftpd SSL bundle certificate symlink'
  file:
    src: '/etc/ssl/local/certs/{{ ftp_tls_domain }}/bundle.pem'
    path: '/etc/ssl/private/pure-ftpd.pem'
    state: 'link'
  notify:
    - 'Restart pure-ftpd'
  when: with_ftp_tls and ftp_tls_domain

- name: 'Create pure-ftpd Diffie Hellman Param file symlink'
  file:
    src: '/etc/ssl/private/dh2048.pem'
    path: '/etc/ssl/private/pure-ftpd-dhparams.pem'
    state: 'link'
  notify:
    - 'Restart pure-ftpd'
  when: with_ftp_tls

- name: 'Install pure-ftpd configuration'
  lineinfile:
    dest: '/etc/pure-ftpd/conf/{{ item.dest }}'
    regexp: '{{ item.regexp }}'
    line: '{{ item.line }}'
    create: yes
  with_items:
    - { dest: 'BrokenClientsCompatibility', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'ChrootEveryone', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'DontResolve', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'NoAnonymous', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'NoChmod', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'PAMAuthentication', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'VerboseLog', regexp: '^(yes|no)', line: 'no' }
    - { dest: 'MinUID', regexp: '^[0-9]+$', line: '34' } # Debian's uid(backup) = 34
    - { dest: 'PassivePortRange', regexp: '^[0-9]+ [0-9]+$', line: '64000 65000' }
  notify:
    - 'Restart pure-ftpd'

- name: 'Enable pure-ftpd internal DB'
  file:
    src: '/etc/pure-ftpd/conf/PureDB'
    path: '/etc/pure-ftpd/auth/80puredb'
    state: 'link'
  notify:
    - 'Restart pure-ftpd'

- name: 'Clean up pure-ftpd internal DB'
  raw: pure-pw list 2>/dev/null | sed -r 's/^(\S+)\s.*$/\1/' | while read u ; do pure-pw userdel "${u}" ; done
  changed_when: False

- name: 'Create FTP accounts home directory'
  file:
    path: '{{item.home}}'
    owner: '{{item.uid}}'
    group: '{{item.gid}}'
    mode: 0755
    state: 'directory'
  with_items: '{{ ftp_accounts }}'
  when: ftp_accounts

- name: 'Add FTP accounts in pure-ftpd'
  raw: printf "{{item.password}}\n{{item.password}}\n" | pure-pw useradd "{{item.user}}" -d "{{item.home}}" -u "{{item.uid}}" -g "{{item.gid}}"
  with_items: '{{ ftp_accounts }}'
  changed_when: False
  when: ftp_accounts and with_ftp

- name: 'Rebuild pure-ftpd internal DB'
  raw: pure-pw mkdb 2>/dev/null
  changed_when: False

- name: 'Ensure pure-ftpd is running'
  service:
    name: 'pure-ftpd'
    state: 'started'