Skip to content

Commit

Permalink
Modernise syntax
Browse files Browse the repository at this point in the history
  • Loading branch information
@johanmeiring
johanmeiring committed Feb 1, 2017
1 parent aa59e8f commit 636761e
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 28 deletions.
5 changes: 3 additions & 2 deletions handlers/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
---
- name: SFTP-Server | Restart sshd
service: name={{ 'ssh' if ansible_os_family == 'Debian' else 'sshd' }}
state=restarted
service:
name: "{{ 'ssh' if ansible_os_family == 'Debian' else 'sshd' }}"
state: restarted
ignore_errors: Yes
63 changes: 37 additions & 26 deletions tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,17 @@
---
# Creates group for SFTP users.
- name: SFTP-Server | Create sftp user group
group: name={{ sftp_group_name }}
state=present
group:
name: "{{ sftp_group_name }}"
state: present

# Necessary for chrooting of SFTP users.
- name: SFTP-Server | Alter sftp subsystem entry
lineinfile: dest=/etc/ssh/sshd_config
regexp="^Subsystem(\s+)sftp"
line="Subsystem sftp internal-sftp -f AUTH -l VERBOSE"
state=present
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^Subsystem(\s+)sftp'
line: "Subsystem sftp internal-sftp -f AUTH -l VERBOSE"
state: present
notify: SFTP-Server | Restart sshd

# Some sed magic to grab the entire sshd_config, excluding our custom config block.
Expand All @@ -19,7 +21,9 @@
changed_when: True == False

- name: SFTP-Server | Ensure SELinux management package is present
package: name=libsemanage-python state=present
package:
name: libsemanage-python
state: present
when: ansible_selinux

- name: SFTP-Server | Set SELinux booleans
Expand All @@ -34,48 +38,55 @@

# Create/recreate ssh_config.
- name: SFTP-Server | Apply sshd_config template
template: src=sshd_config.j2
dest=/etc/ssh/sshd_config
owner=root
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
notify: SFTP-Server | Restart sshd

# Create each SFTP user with home directory on the correct patition, and add to SFTP group.
- name: SFTP-Server | Create sftp users
user: name={{ item.name }}
groups={{ sftp_group_name }}
home="{{ sftp_home_partition }}/{{ item.name }}"
state=present
user:
name: "{{ item.name }}"
groups: "{{ sftp_group_name }}"
home: "{{ sftp_home_partition }}/{{ item.name }}"
state: present
with_items: "{{ sftp_users }}"

# A working chrooted SFTP setup requires root:sftgroup ownership of a user's home directory.
- name: SFTP-Server | Correct ownership and permission of home directories
file: path="{{ sftp_home_partition }}/{{ item.name }}"
owner=root
group={{ sftp_group_name }}
mode="0750"
file:
path: "{{ sftp_home_partition }}/{{ item.name }}"
owner: root
group: "{{ sftp_group_name }}"
mode: "0750"
with_items: "{{ sftp_users }}"

# Install all relevant public keys.
- name: SFTP-Server | Install public keys
authorized_key: user={{ item.0.name }} key='{{ lookup('file', item.1) }}'
authorized_key:
user: "{{ item.0.name }}"
key: "{{ lookup('file', item.1) }}"
with_subelements:
- "{{ sftp_users }}"
- authorized

# Update user passwords, if they were specified.
- name: SFTP-Server | Update user passwords
user: name={{ item.name }}
password={{ item.password }}
user:
name: "{{ item.name }}"
password: "{{ item.password }}"
with_items: "{{ sftp_users }}"
when: item.password is defined

# Create directories for SFTP users. Optional, but recommended.
- name: SFTP-Server | Create directories
file: path="{{ sftp_home_partition }}/{{ item[0].name }}/{{ item[1].name | default(item[1]) }}"
owner={{ item[0].name }}
group={{ item[0].name }}
mode="{{ item[1].mode | default(0750) }}"
state=directory
file:
path: "{{ sftp_home_partition }}/{{ item[0].name }}/{{ item[1].name | default(item[1]) }}"
owner: "{{ item[0].name }}"
group: "{{ item[0].name }}"
mode: "{{ item[1].mode | default(0750) }}"
state: directory
with_nested:
- "{{ sftp_users }}"
- "{{ sftp_directories }}"

0 comments on commit 636761e

Please sign in to comment.