Home Explore Help
Sign In
kolter
/
ansible-playbooks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 3e8d030857
Branches Tags
ansible-playboo...
/
roles
/
ftpserver
/
tasks
/
pure-ftpd.yml

pure-ftpd.yml 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 
  1. - name: 'Install pure-ftpd related packages'
    2. 

  2.   apt:
    3. 

  3.     pkg:
    4. 

  4.       - 'pure-ftpd'
    5. 

  5.     state: 'present'
    6. 

  6.   tags:
    7. 

  7.     - 'ftp'
    8. 

  8.     - 'pure-ftpd'
    9. 

  9. 

  10. - name: 'Install pure-ftpd configuration (TLS settings)'
    11. 

  11.   lineinfile:
    12. 

  12.     dest: '/etc/pure-ftpd/conf/{{ item.dest }}'
    13. 

  13.     regexp: '{{ item.regexp }}'
    14. 

  14.     line: '{{ item.line }}'
    15. 

  15.     create: yes
    16. 

  16.   with_items:
    17. 

  17.     - { dest: 'TLS', regexp: '^[0-9]+$', line: '3' }
    18. 

  18.     - { dest: 'TLSCipherSuite', regexp: '^.*$', line: 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!SSLv3:!SSLv2:!TLSv1' }
    19. 

  19.   notify:
    20. 

  20.     - 'Restart pure-ftpd'
    21. 

  21.   when: with_ftp_tls|bool
    22. 

  22.   tags:
    23. 

  23.     - 'ftp'
    24. 

  24.     - 'pure-ftpd'
    25. 

  25. 

  26. - name: 'Create pure-ftpd SSL bundle certificate symlink'
    27. 

  27.   file:
    28. 

  28.     src: '/etc/ssl/local/certs/{{ ftp_tls_domain }}/bundle.pem'
    29. 

  29.     path: '/etc/ssl/private/pure-ftpd.pem'
    30. 

  30.     state: 'link'
    31. 

  31.   notify:
    32. 

  32.     - 'Restart pure-ftpd'
    33. 

  33.   when: with_ftp_tls|bool and ftp_tls_domain
    34. 

  34.   tags:
    35. 

  35.     - 'ftp'
    36. 

  36.     - 'pure-ftpd'
    37. 

  37. 

  38. - name: 'Create pure-ftpd Diffie Hellman Param file symlink'
    39. 

  39.   file:
    40. 

  40.     src: '/etc/ssl/private/dh2048.pem'
    41. 

  41.     path: '/etc/ssl/private/pure-ftpd-dhparams.pem'
    42. 

  42.     state: 'link'
    43. 

  43.   notify:
    44. 

  44.     - 'Restart pure-ftpd'
    45. 

  45.   when: with_ftp_tls|bool
    46. 

  46.   tags:
    47. 

  47.     - 'ftp'
    48. 

  48.     - 'pure-ftpd'
    49. 

  49. 

  50. - name: 'Install pure-ftpd configuration'
    51. 

  51.   lineinfile:
    52. 

  52.     dest: '/etc/pure-ftpd/conf/{{ item.dest }}'
    53. 

  53.     regexp: '{{ item.regexp }}'
    54. 

  54.     line: '{{ item.line }}'
    55. 

  55.     create: yes
    56. 

  56.   with_items:
    57. 

  57.     - { dest: 'BrokenClientsCompatibility', regexp: '^(yes|no)', line: 'yes' }
    58. 

  58.     - { dest: 'ChrootEveryone', regexp: '^(yes|no)', line: 'yes' }
    59. 

  59.     - { dest: 'DontResolve', regexp: '^(yes|no)', line: 'yes' }
    60. 

  60.     - { dest: 'NoAnonymous', regexp: '^(yes|no)', line: 'yes' }
    61. 

  61.     - { dest: 'NoChmod', regexp: '^(yes|no)', line: 'yes' }
    62. 

  62.     - { dest: 'PAMAuthentication', regexp: '^(yes|no)', line: 'yes' }
    63. 

  63.     - { dest: 'VerboseLog', regexp: '^(yes|no)', line: 'no' }
    64. 

  64.     - { dest: 'MinUID', regexp: '^[0-9]+$', line: '34' } # Debian's uid(backup) = 34
    65. 

  65.     - { dest: 'PassivePortRange', regexp: '^[0-9]+ [0-9]+$', line: '64000 65000' }
    66. 

  66.   notify:
    67. 

  67.     - 'Restart pure-ftpd'
    68. 

  68.   tags:
    69. 

  69.     - 'ftp'
    70. 

  70.     - 'pure-ftpd'
    71. 

  71. 

  72. - name: 'Enable pure-ftpd internal DB'
    73. 

  73.   file:
    74. 

  74.     src: '/etc/pure-ftpd/conf/PureDB'
    75. 

  75.     path: '/etc/pure-ftpd/auth/80puredb'
    76. 

  76.     state: 'link'
    77. 

  77.   notify:
    78. 

  78.     - 'Restart pure-ftpd'
    79. 

  79.   tags:
    80. 

  80.     - 'ftp'
    81. 

  81.     - 'pure-ftpd'
    82. 

  82. 

  83. - name: 'Clean up pure-ftpd internal DB'
    84. 

  84.   raw: pure-pw list 2>/dev/null | sed -r 's/^(\S+)\s.*$/\1/' | while read u ; do pure-pw userdel "${u}" ; done
    85. 

  85.   changed_when: False
    86. 

  86.   tags:
    87. 

  87.     - 'ftp'
    88. 

  88.     - 'pure-ftpd'
    89. 

  89. 

  90. - name: 'Create FTP accounts home directory'
    91. 

  91.   file:
    92. 

  92.     path: '{{ item.home }}'
    93. 

  93.     owner: '{{ item.uid }}'
    94. 

  94.     group: '{{ item.gid }}'
    95. 

  95.     mode: 0755
    96. 

  96.     state: 'directory'
    97. 

  97.   with_items: '{{ ftp_accounts }}'
    98. 

  98.   when: ftp_accounts|length > 0 and (item.create_home is not defined or (item.create_home is defined and item.create_home))
    99. 

  99.   tags:
    100. 

  100.     - 'ftp'
    101. 

  101.     - 'pure-ftpd'
    102. 

  102. 

  103. - name: 'Add FTP accounts in pure-ftpd'
    104. 

  104.   raw: printf "{{ item.password }}\n{{ item.password }}\n" | pure-pw useradd "{{ item.user }}" -d "{{ item.home }}" -u "{{ item.uid }}" -g "{{ item.gid }}"
    105. 

  105.   with_items: '{{ ftp_accounts }}'
    106. 

  106.   changed_when: False
    107. 

  107.   when: with_ftp|bool and ftp_accounts|length > 0
    108. 

  108.   tags:
    109. 

  109.     - 'ftp'
    110. 

  110.     - 'pure-ftpd'
    111. 

  111. 

  112. - name: 'Rebuild pure-ftpd internal DB'
    113. 

  113.   raw: pure-pw mkdb 2>/dev/null
    114. 

  114.   changed_when: False
    115. 

  115.   tags:
    116. 

  116.     - 'ftp'
    117. 

  117.     - 'pure-ftpd'
    118. 

  118. 

  119. - name: 'Ensure pure-ftpd is running'
    120. 

  120.   service:
    121. 

  121.     name: 'pure-ftpd'
    122. 

  122.     state: 'started'
    123. 

  123.   tags:
    124. 

  124.     - 'ftp'
    125. 

  125.     - 'pure-ftpd'
    126. 

  126. 

  127. # vim: ft=yaml.ansible
    128.