From 00486fbc8da700120436dd57e1ca72123c6e7850 Mon Sep 17 00:00:00 2001
From: Alex Tavarez <admin@sukaato.moe>
Date: Fri, 29 May 2026 07:40:38 -0400
Subject: [PATCH] changed variable used in conditional case, altered task
 modifying/creating sftp configuration file for SSH to use blockinfile module

---
 roles/init-server/tasks/lock.yml | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/roles/init-server/tasks/lock.yml b/roles/init-server/tasks/lock.yml
index bf0639a..970462b 100644
--- a/roles/init-server/tasks/lock.yml
+++ b/roles/init-server/tasks/lock.yml
@@ -3,7 +3,7 @@
 # tasks file for roles/init-vps
 # @TODO complete below tasks
 - name: Checking whether administrative login used
-  when: ansible_facts["user_id"] not in (admins | map(attribute="username") | list)
+  when: ansible_user not in (admins | map(attribute="username") | list)
   ansible.builtin.fail:
     msg: Must use administrative user for subsequent tasks
 - name: Setting approved SSH authentication procedures
@@ -34,7 +34,7 @@
     backup: true
     validate: "sshd -t %s"
 - name: Create groups for FTP services
-  when: "'internal-sftp' in item.service or 'proftpd' in item.service or 'vsftpd' in item.service"
+  when: "'sftp-server' in item.service or 'proftpd' in item.service or 'vsftpd' in item.service"
   become: true
   ansible.builtin.group:
     name: "{{ item.username }}"
@@ -45,13 +45,25 @@
 - name: Configuring SFTP for FTP group
   when: ansible_facts["system"] == "Linux"
   become: true
-  ansible.builtin.template:
-    src: sshd_config.d/sftp.conf.j2
-    dest: /etc/ssh/sshd_config.d/sftp.conf
+  ansible.builtin.blockinfile:
+    # src: sshd_config.d/sftp.conf.j2
+    # dest: /etc/ssh/sshd_config.d/sftp.conf
+    path: /etc/ssh/sshd_config.d/sftp.conf
+    block: |
+      Match Group {{ item.name }}
+          ForceCommand internal-sftp -d /%u
+          ChrootDirectory /srv/{{ item.name}}
+          AllowAgentForwarding no
+          AllowTcpForwarding no
+          X11Forwarding no
+    append_newline: true
+    marker_begin: "BEGIN FTP GROUP SSH MATCH BLOCK"
+    create: true
     owner: root
     group: root
     mode: "644"
-    force: true
     backup: true
     validate: "sshd -t %s"
+    state: present
+  loop: "{{ ftp_groups.results }}"
   register: configured_sftp
\ No newline at end of file