From 856704f9d74f7b2e26b00d1e7abc3587fe74be4d Mon Sep 17 00:00:00 2001
From: Alex Tavarez <admin@sukaato.moe>
Date: Sun, 16 Nov 2025 14:00:43 -0500
Subject: [PATCH] Added some configuration information for ProFTPd to be used
 by its configuration file templates ireferred to by its handler

---
 roles/bootstrap/vars/main/software.yml | 48 ++++++++++++++++++++------
 1 file changed, 37 insertions(+), 11 deletions(-)

diff --git a/roles/bootstrap/vars/main/software.yml b/roles/bootstrap/vars/main/software.yml
index 07a36f4..7a43df8 100644
--- a/roles/bootstrap/vars/main/software.yml
+++ b/roles/bootstrap/vars/main/software.yml
@@ -186,6 +186,13 @@ software:
     proftpd-mod-crypto:
       name:
         apt: proftpd-mod-crypto
+    proftpd-mod-ldap:
+      name:
+        apt: proftpd-mod-ldap
+    # @TODO manually install the commented below on current active new VPS, then uncomment
+    # proftpd-mod-clamav:
+    #   name:
+    #     apt: proftpd-mod-clamav
     proftpd:
       name:
         apt: proftpd
@@ -216,20 +223,39 @@ config:
       editor: nvim
   proftpd:
     name: "{{ hostvars[inventory_hostname].fqdn.split('.')[0] }}"
+    auth_filepaths:
+      users_path: /etc/proftpd/ftpd.passwd
+      groups_path: /etc/proftpd/ftpd.group
+    msg:
+      welcome: "Our head librarians Furcas and Marbas welcome you!"  
     vusers:
-      # webmaster:
-      #   username: webmaster
-      #   chroot: "/srv/www/{{ fqdn }}"
-      #   chown: "caddy:caddy"
-      #   # @TODO create vaulted password for this ProFTPd virtual user
-      #   password: ~
+      webmaster:
+        username: webmaster
+        id_of: "{{ ['caddy', 'www-data'][0] }}"
+        gid_of: "{{ ['caddy', 'www-data'][0] }}"
+        # @TODO create vaulted password for this ProFTPd virtual user
+        password: !vault |
+          $ANSIBLE_VAULT;1.2;AES256;vps1-webmaster
+          63633938633139636663623166343836643839306538373762393834393230336334383334303163
+          3465323831366163386265353664313932383664373838660a363463303364373963353638396462
+          65356135623030653533333766623865643065303739386538636662303537376466333039613363
+          3932313334643163650a303336623031613964356433363536373236303266663735343939383930
+          3636
+        services: [http,https]
       smuggler:
         username: smuggler
-        chroot: /srv/ftp/smuggler
-        chown: "{{ hostvars[inventory_hostname].users.ftp.username }}:{{ hostvars[inventory_hostname].users.ftp.group | default(hostvars[inventory_hostname].users.ftp.username) }}"
+        id_of: "{{ hostvars[inventory_hostname].users.ftp.username }}"
+        gid_of: "{{ hostvars[inventory_hostname].users.ftp.group | default(hostvars[inventory_hostname].users.ftp.username) }}"
         # @TODO create vaulted password for this ProFTPd virtual user
-        password: ~
+        password: !vault |
+          $ANSIBLE_VAULT;1.2;AES256;vps1-smuggler
+          38396565313866383761303137343431613830643436666431316434393362623035623031656263
+          6537313630393433336133643166363564383163616232320a623034636664353864613862353366
+          38303663363665663366336131663431383936306131616262376162653837326163393561323465
+          3734333031323330300a353562353035323731303732323534613938353935393433646235356137
+          62336333666362383665623466353337303134623966663061366235303261653333
+        services: []
     tls_paths:
-      cert: /etc/proftpd/certs/cert.pem
-      privkey: /etc/proftpd/certs/private-key.pem
+      cert: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.crt"
+      privkey: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.key"