Added some configuration information for ProFTPd to be used by its configuration file templates ireferred to by its handler

2025-11-16 14:00:43 -05:00
parent f74482c400
commit 856704f9d7
1 changed files with 37 additions and 11 deletions
--- a/roles/bootstrap/vars/main/software.yml
+++ b/roles/bootstrap/vars/main/software.yml
@@ -186,6 +186,13 @@ software:
    proftpd-mod-crypto:
      name:
        apt: proftpd-mod-crypto
+    proftpd-mod-ldap:
+      name:
+        apt: proftpd-mod-ldap
+    # @TODO manually install the commented below on current active new VPS, then uncomment
+    # proftpd-mod-clamav:
+    #   name:
+    #     apt: proftpd-mod-clamav
    proftpd:
      name:
        apt: proftpd
@@ -216,20 +223,39 @@ config:
      editor: nvim
  proftpd:
    name: "{{ hostvars[inventory_hostname].fqdn.split('.')[0] }}"
+    auth_filepaths:
+      users_path: /etc/proftpd/ftpd.passwd
+      groups_path: /etc/proftpd/ftpd.group
+    msg:
+      welcome: "Our head librarians Furcas and Marbas welcome you!"  
    vusers:
-      # webmaster:
-      #   username: webmaster
-      #   chroot: "/srv/www/{{ fqdn }}"
-      #   chown: "caddy:caddy"
-      #   # @TODO create vaulted password for this ProFTPd virtual user
-      #   password: ~
+      webmaster:
+        username: webmaster
+        id_of: "{{ ['caddy', 'www-data'][0] }}"
+        gid_of: "{{ ['caddy', 'www-data'][0] }}"
+        # @TODO create vaulted password for this ProFTPd virtual user
+        password: !vault |
+          $ANSIBLE_VAULT;1.2;AES256;vps1-webmaster
+          63633938633139636663623166343836643839306538373762393834393230336334383334303163
+          3465323831366163386265353664313932383664373838660a363463303364373963353638396462
+          65356135623030653533333766623865643065303739386538636662303537376466333039613363
+          3932313334643163650a303336623031613964356433363536373236303266663735343939383930
+          3636
+        services: [http,https]
      smuggler:
        username: smuggler
-        chroot: /srv/ftp/smuggler
-        chown: "{{ hostvars[inventory_hostname].users.ftp.username }}:{{ hostvars[inventory_hostname].users.ftp.group | default(hostvars[inventory_hostname].users.ftp.username) }}"
+        id_of: "{{ hostvars[inventory_hostname].users.ftp.username }}"
+        gid_of: "{{ hostvars[inventory_hostname].users.ftp.group | default(hostvars[inventory_hostname].users.ftp.username) }}"
        # @TODO create vaulted password for this ProFTPd virtual user
-        password: ~
+        password: !vault |
+          $ANSIBLE_VAULT;1.2;AES256;vps1-smuggler
+          38396565313866383761303137343431613830643436666431316434393362623035623031656263
+          6537313630393433336133643166363564383163616232320a623034636664353864613862353366
+          38303663363665663366336131663431383936306131616262376162653837326163393561323465
+          3734333031323330300a353562353035323731303732323534613938353935393433646235356137
+          62336333666362383665623466353337303134623966663061366235303261653333
+        services: []
    tls_paths:
-      cert: /etc/proftpd/certs/cert.pem
-      privkey: /etc/proftpd/certs/private-key.pem
+      cert: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.crt"
+      privkey: "/usr/local/share/ca-certificates/{{ hostvars[inventory_hostname].fqdn }}.key"