-
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path03-vsftpd.yml
More file actions
133 lines (119 loc) · 3.74 KB
/
03-vsftpd.yml
File metadata and controls
133 lines (119 loc) · 3.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
---
# tasks file for zero_footprint_qbittorrent_seedbox/03-vsftpd
- name: VSFTPD | 3.1 Install required packages
ansible.builtin.dnf:
name: "{{ item }}"
state: present
disable_gpg_check: true
become: true
loop: "{{ vsftpd_required_rpms }}"
tags:
- vsftpd
- name: VSFTPD | 3.2 Create a directory structure for SSL certificates
ansible.builtin.file:
path: "/etc/ssl/private"
state: "directory"
mode: "0755"
become: true
tags:
- vsftpd
- name: VSFTPD | 3.3 Determine public IPv4 address
ansible.builtin.uri:
url: "{{ public_ip_checker }}"
return_content: true
changed_when: false
register: public_ip
tags:
- vsftpd
- name: VSFTPD | 3.4 Store public IPv4 address as a fact
ansible.builtin.set_fact:
ansible_public_ipv4: "{{ public_ip.content | trim }}"
cacheable: true
tags:
- vsftpd
- name: VSFTPD | 3.5 Create private key (RSA, 4096 bits)
community.crypto.openssl_privatekey:
path: "{{ vsftpd_private_key_path }}"
become: true
tags:
- vsftpd
- name: VSFTPD | 3.6 Generate an OpenSSL Certificate \
Signing Request with Subject information
community.crypto.openssl_csr:
path: "{{ vsftpd_request_key_path }}"
privatekey_path: "{{ vsftpd_private_key_path }}"
country_name: "{{ vsftpd_cert_country }}"
organization_name: "{{ vsftpd_cert_org }}"
organizational_unit_name: "{{ vsftpd_cert_ou }}"
email_address: "{{ vsftpd_cert_email }}"
common_name: "{{ ansible_public_ipv4 }}"
backup: true
become: true
tags:
- vsftpd
- name: VSFTPD | 3.7 Generate a Self Signed OpenSSL certificate
community.crypto.x509_certificate:
path: "{{ vsftpd_public_key_path }}"
privatekey_path: "{{ vsftpd_private_key_path }}"
csr_path: "{{ vsftpd_request_key_path }}"
provider: "selfsigned"
backup: true
become: true
tags:
- vsftpd
- name: VSFTPD | 3.8 Template the configuration for vsftpd
ansible.builtin.template:
src: "vsftpd/vsftpd.conf.j2"
dest: "{{ vsftpd_config_file }}"
mode: "0600"
backup: true
become: true
tags:
- vsftpd
- name: VSFTPD | 3.9 Configure vsftpd for multiple users (in users.txt)
when: not single_user
become: true
tags:
- vsftpd
block:
- name: VSFTPD | 3.9.1 Copy the users.txt
ansible.builtin.copy:
src: "vsftpd/users.txt"
dest: "/home/{{ ansible_user }}"
backup: false
mode: "0644"
- name: VSFTPD | 3.9.2 Get only the users from \
users.txt, except for ansible_user
ansible.builtin.shell:
cmd: "set -o pipefail && awk '{if(NR%2!=0)print}' /home/{{ \
ansible_user }}/users.txt | grep -Fxv {{ ansible_user }} \
|| true"
executable: "/bin/bash"
become: true
changed_when: false
register: "vsftpd_additional_users_output"
- name: VSFTPD | 3.9.3 Add users from users.txt without ability to SSH
ansible.builtin.user:
name: "{{ item }}"
home: "/home/{{ ansible_user }}"
create_home: false
group: "{{ ansible_user }}"
shell: "/sbin/nologin"
become: true
loop: "{{ vsftpd_additional_users_output.stdout_lines }}"
when: "item | length > 0"
- name: VSFTPD | 3.9.4 Generate login database
ansible.builtin.command: "db_load -T -t hash -f \
/home/{{ ansible_user }}/users.txt /etc/vsftpd/login.db"
become: true
changed_when: true
- name: VSFTPD | 3.9.5 Remove unnecessary file
ansible.builtin.file:
path: "/home/{{ ansible_user }}/users.txt"
state: "absent"
- name: VSFTPD | 3.9.6 Copy the vsftpd configuration for PAM
ansible.builtin.copy:
src: "pam/vsftpd"
dest: "{{ vsftpd_pam_config_file }}"
backup: true
mode: "0644"