diff options
author | Jonas Gunz <himself@jonasgunz.de> | 2021-09-30 18:06:45 +0200 |
---|---|---|
committer | Jonas Gunz <himself@jonasgunz.de> | 2021-09-30 18:06:45 +0200 |
commit | 89b4408e0b91ee670bda0c6ea5a1f9d183e2504a (patch) | |
tree | e72b217a769708ab8a3f678ac93a7b58d3330125 | |
parent | ac9d4a9a0150f525c2ac5b4105bc0c11a24d8e38 (diff) | |
download | ansible_collection-89b4408e0b91ee670bda0c6ea5a1f9d183e2504a.tar.gz |
ftp: add role
-rw-r--r-- | galaxy.yml | 2 | ||||
-rw-r--r-- | roles/ftp/Readme.md | 25 | ||||
-rw-r--r-- | roles/ftp/defaults/main.yml | 15 | ||||
-rw-r--r-- | roles/ftp/files/pure-ftpd-custom.service | 12 | ||||
-rw-r--r-- | roles/ftp/handlers/main.yml | 7 | ||||
-rw-r--r-- | roles/ftp/tasks/main.yml | 36 | ||||
-rw-r--r-- | roles/ftp/templates/ldap.conf.j2 | 15 | ||||
-rw-r--r-- | roles/ftp/templates/pure-ftpd.conf.j2 | 48 |
8 files changed, 159 insertions, 1 deletions
@@ -1,6 +1,6 @@ namespace: kompetenzbolzen name: stuff -version: 0.2.1 +version: 0.3.0 readme: README.md authors: - Jonas Gunz <himself@jonasgunz.de> diff --git a/roles/ftp/Readme.md b/roles/ftp/Readme.md new file mode 100644 index 0000000..e68df3a --- /dev/null +++ b/roles/ftp/Readme.md @@ -0,0 +1,25 @@ +# FTP + +Simple PB for pure-ftpd FTP server. + +LDAP mode is untested. + +Creates a new unit, the Debian wrapper for pure-ftpd is stupid to automate. + +``` +--- +ftp: + ldap: + enable: false + host: 'ldap.example.com' + port: 636 + bind_dn: '' + bind_pw: '' + base: '' + filter: '(&(objectClass=posixAccount)(uid=\L))' + enable_pam: false + tls: + enable: false + cert: '' + key: '' +``` diff --git a/roles/ftp/defaults/main.yml b/roles/ftp/defaults/main.yml new file mode 100644 index 0000000..e5142ba --- /dev/null +++ b/roles/ftp/defaults/main.yml @@ -0,0 +1,15 @@ +--- +ftp: + ldap: + enable: false + host: 'ldap.example.com' + port: 636 + bind_dn: '' + bind_pw: '' + base: '' + filter: '(&(objectClass=posixAccount)(uid=\L))' + enable_pam: false + tls: + enable: false + cert: '' + key: '' diff --git a/roles/ftp/files/pure-ftpd-custom.service b/roles/ftp/files/pure-ftpd-custom.service new file mode 100644 index 0000000..da5b712 --- /dev/null +++ b/roles/ftp/files/pure-ftpd-custom.service @@ -0,0 +1,12 @@ +[Unit] +Description=Pure FTPd +After=syslog.target +After=network.target + +[Service] +Type=simple +Restart=no +ExecStart=/usr/sbin/pure-ftpd-ldap /etc/pure-ftpd/pure-ftpd.conf + +[Install] +WantedBy=multi-user.target diff --git a/roles/ftp/handlers/main.yml b/roles/ftp/handlers/main.yml new file mode 100644 index 0000000..256b7b0 --- /dev/null +++ b/roles/ftp/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: restart + systemd: + name: pure-ftpd-custom.service + enabled: yes + state: restarted + become: yes diff --git a/roles/ftp/tasks/main.yml b/roles/ftp/tasks/main.yml new file mode 100644 index 0000000..c3135ee --- /dev/null +++ b/roles/ftp/tasks/main.yml @@ -0,0 +1,36 @@ +--- +- name: Install FTP + apt: + name: + - pure-ftpd-ldap + become: yes + +- name: Install Config + template: + src: pure-ftpd.conf.j2 + dest: /etc/pure-ftpd/pure-ftpd.conf + become: yes + notify: restart + +- name: Install Config + template: + src: ldap.conf.j2 + dest: /etc/pure-ftpd/db/ldap.conf + mode: '0600' + when: ftp.ldap.enable + become: yes + notify: restart + +- name: Remove original systemd unit + systemd: + name: pure-ftpd-ldap.service + state: stopped + enabled: no + become: yes + +- name: Install custom unit file + copy: + src: pure-ftpd-custom.service + dest: /etc/systemd/system/pure-ftpd-custom.service + become: yes + notify: restart diff --git a/roles/ftp/templates/ldap.conf.j2 b/roles/ftp/templates/ldap.conf.j2 new file mode 100644 index 0000000..33b663f --- /dev/null +++ b/roles/ftp/templates/ldap.conf.j2 @@ -0,0 +1,15 @@ +# Managed by Ansible. Do NOT change. + +LDAPScheme ldaps +LDAPServer {{ ftp.ldap.host }} +LDAPPort {{ ftp.ldap.port }} +LDAPVersion 3 + +LDAPBaseDN {{ ftp.ldap.base }} + +LDAPBindDN {{ ftp.ldap.bind_dn }} +LDAPBindPW {{ ftp.ldap.bind_pw }} + +LDAPAuthMethod BIND + +LDAPFilter {{ ftp.ldap.filter }} diff --git a/roles/ftp/templates/pure-ftpd.conf.j2 b/roles/ftp/templates/pure-ftpd.conf.j2 new file mode 100644 index 0000000..9faccf5 --- /dev/null +++ b/roles/ftp/templates/pure-ftpd.conf.j2 @@ -0,0 +1,48 @@ +# Managed by Ansible. Do NOT change. + +ChrootEveryone yes +BrokenClientsCompatibility no +MaxClientsNumber 50 +Daemonize no +MaxClientsPerIP 8 +VerboseLog yes +DisplayDotFiles yes +AnonymousOnly no +NoAnonymous yes +#SyslogFacility ftp +DontResolve yes +MaxIdleTime 15 + +{% if ftp.ldap.enable %} +LDAPConfigFile /etc/pure-ftpd/db/ldap.conf +{% endif %} + +{% if ftp.enable_pam %} +PAMAuthentication yes +{% endif %} + +{% if ftp.tls.enable %} +TLS 2 +TLSCipherSuite HIGH +CertFileAndKey "{{ ftp.tls.cert }}" "{{ ftp.tls.key }}" +{% endif %} + +LimitRecursion 10000 8 +AnonymousCanCreateDirs no +MaxLoad 4 +AntiWarez yes + +# File creation mask. <umask for files>:<umask for dirs> . +# 177:077 if you feel paranoid. +Umask 177:077 + +MinUID 100 +AllowUserFXP no +AllowAnonymousFXP no +ProhibitDotFilesWrite no +ProhibitDotFilesRead no +AutoRename no +AnonymousCantUpload yes +CreateHomeDir yes +MaxDiskUsage 99 +CustomerProof yes |