ansible-playbooks/roles/ftpserver/tasks/pure-ftpd.yml

- name: 'Install pure-ftpd related packages'
  apt:
    pkg: '{{ item }}'
    state: 'present'
  with_items:
    - 'pure-ftpd'
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Install pure-ftpd configuration (TLS settings)'
  lineinfile:
    dest: '/etc/pure-ftpd/conf/{{ item.dest }}'
    regexp: '{{ item.regexp }}'
    line: '{{ item.line }}'
    create: yes
  with_items:
    - { dest: 'TLS', regexp: '^[0-9]+$', line: '3' }
    - { dest: 'TLSCipherSuite', regexp: '^.*$', line: 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!SSLv3:!SSLv2:!TLSv1' }
  notify:
    - 'Restart pure-ftpd'
  when: with_ftp_tls
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Create pure-ftpd SSL bundle certificate symlink'
  file:
    src: '/etc/ssl/local/certs/{{ ftp_tls_domain }}/bundle.pem'
    path: '/etc/ssl/private/pure-ftpd.pem'
    state: 'link'
  notify:
    - 'Restart pure-ftpd'
  when: with_ftp_tls and ftp_tls_domain
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Create pure-ftpd Diffie Hellman Param file symlink'
  file:
    src: '/etc/ssl/private/dh2048.pem'
    path: '/etc/ssl/private/pure-ftpd-dhparams.pem'
    state: 'link'
  notify:
    - 'Restart pure-ftpd'
  when: with_ftp_tls
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Install pure-ftpd configuration'
  lineinfile:
    dest: '/etc/pure-ftpd/conf/{{ item.dest }}'
    regexp: '{{ item.regexp }}'
    line: '{{ item.line }}'
    create: yes
  with_items:
    - { dest: 'BrokenClientsCompatibility', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'ChrootEveryone', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'DontResolve', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'NoAnonymous', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'NoChmod', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'PAMAuthentication', regexp: '^(yes|no)', line: 'yes' }
    - { dest: 'VerboseLog', regexp: '^(yes|no)', line: 'no' }
    - { dest: 'MinUID', regexp: '^[0-9]+$', line: '34' } # Debian's uid(backup) = 34
    - { dest: 'PassivePortRange', regexp: '^[0-9]+ [0-9]+$', line: '64000 65000' }
  notify:
    - 'Restart pure-ftpd'
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Enable pure-ftpd internal DB'
  file:
    src: '/etc/pure-ftpd/conf/PureDB'
    path: '/etc/pure-ftpd/auth/80puredb'
    state: 'link'
  notify:
    - 'Restart pure-ftpd'
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Clean up pure-ftpd internal DB'
  raw: pure-pw list 2>/dev/null | sed -r 's/^(\S+)\s.*$/\1/' | while read u ; do pure-pw userdel "${u}" ; done
  changed_when: False
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Create FTP accounts home directory'
  file:
    path: '{{ item.home }}'
    owner: '{{ item.uid }}'
    group: '{{ item.gid }}'
    mode: 0755
    state: 'directory'
  with_items: '{{ ftp_accounts }}'
  when: ftp_accounts
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Add FTP accounts in pure-ftpd'
  raw: printf "{{ item.password }}\n{{ item.password }}\n" | pure-pw useradd "{{ item.user }}" -d "{{ item.home }}" -u "{{ item.uid }}" -g "{{ item.gid }}"
  with_items: '{{ ftp_accounts }}'
  changed_when: False
  when: ftp_accounts and with_ftp
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Rebuild pure-ftpd internal DB'
  raw: pure-pw mkdb 2>/dev/null
  changed_when: False
  tags:
    - 'ftp'
    - 'pure-ftpd'

- name: 'Ensure pure-ftpd is running'
  service:
    name: 'pure-ftpd'
    state: 'started'
  tags:
    - 'ftp'
    - 'pure-ftpd'

# vim: ft=yaml.ansible