From ea7d9f7caf2bcad2b89e6234c6da45ff7cdc9038 Mon Sep 17 00:00:00 2001 From: Alex Tavarez Date: Sun, 21 Dec 2025 16:53:52 -0500 Subject: [PATCH] changed some fields/keys/attributes and changed references to reflect those changes --- roles/bootstrap/handlers/proftpd.yml | 22 +++++++++---------- roles/bootstrap/templates/aria2/aria2.conf.j2 | 2 +- .../conf.d/vhost@vps1-fq.dn.conf.example.j2 | 4 ++-- roles/bootstrap/vars/main/software.yml | 18 +++++++-------- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/roles/bootstrap/handlers/proftpd.yml b/roles/bootstrap/handlers/proftpd.yml index 125e6db..6fd9b6f 100644 --- a/roles/bootstrap/handlers/proftpd.yml +++ b/roles/bootstrap/handlers/proftpd.yml @@ -14,7 +14,7 @@ group: "{{ item[0]['group'] | default(item[0]['username']) }}" path: "{{ item[0]['home'] | default('/home/' ~ item[0]['username']) }}/{{ item[1]['username'] }}" state: directory - loop: "{{ hostvars[inventory_hostname]['users'].values() | product(config['proftpd']['vusers'].values()) }}" + loop: "{{ hostvars[inventory_hostname]['users'].values() | product(config['proftpd']['users'].values()) }}" - name: Create ProFTPd FTP public directory for anonymous logins when: "'ftps' in item.value['services']" ansible.builtin.file: @@ -65,7 +65,7 @@ owner: root path: "{{ item.value }}" state: touch - loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['auth_filepaths']) }}" + loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['auth_paths']) }}" - name: Create the virtual users when: "not 'caddy' in item.value['services'] and not 'httpd' in item.value['services'] and not 'www-data' in item.value['services'] and not 'http' in item.value['services'] and not 'https' in item.value['services']" ansible.builtin.command: @@ -73,14 +73,14 @@ - ftpasswd - --passwd - "--name={{ item.value['username'] }}" - - "--uid=$(id -u {{ item.value['id_of'] }})" - - "--gid=$(id -g {{ item.value['gid_of'] }})" + - "--uid=$(id -u {{ item.value['id'] }})" + - "--gid=$(id -g {{ item.value['gid'] }})" - "--home={{ hostvars[inventory_hostname]['users']['ftp']['home'] | default('/srv/ftp') }}/{{ item.value['username'] }}" - --shell=/sbin/nologin - - --file={{ config['proftpd']['auth_filepaths']['users_path'] }} + - --file={{ config['proftpd']['auth_paths']['users'] }} - --stdin stdin: "{{ item.value['password'] }}" - loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['vusers']) }}" + loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['users']) }}" - name: Create the virtual groups of virtual users when: "not 'caddy' in item.value['services'] and not 'httpd' in item.value['services'] and not 'www-data' in item.value['services'] and not 'http' in item.value['services'] and not 'https' in item.value['services']" ansible.builtin.command: @@ -88,10 +88,10 @@ - ftpasswd - --group - "--name={{ item.value['username'] }}" - - "--gid=$(id -g {{ item.value['gid_of'] }})" + - "--gid=$(id -g {{ item.value['gid'] }})" - "--member={{ item.value['username'] }}" - - --file={{ config['proftpd']['auth_filepaths']['groups_path'] }} - loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['vusers']) }}" + - --file={{ config['proftpd']['auth_paths']['groups'] }} + loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['users']) }}" # @TODO create tasks in block integrating LDAP users to ProFTPd # - name: Integrate LDAP users into ProFTPd - name: Create ProFTPd FTPS virtual host @@ -108,9 +108,9 @@ validate: proftpd --configtest vars: ftp_server_name: "{{ config['proftpd']['name'].uppercase() }}'s Archive'" - allowed_users: "{{ ','.join(list(map(lambda u: u['username'], filter(lambda u: not 'http' in u['services'] and not 'https' in u['services'] and not 'httpd' in u['services'] and not 'caddy' in u['services'] and not 'www-data' in u['services'], config['proftpd']['vusers'].values())))) }}" + allowed_users: "{{ ','.join(list(map(lambda u: u['username'], filter(lambda u: not 'http' in u['services'] and not 'https' in u['services'] and not 'httpd' in u['services'] and not 'caddy' in u['services'] and not 'www-data' in u['services'], config['proftpd']['users'].values())))) }}" anon_root: "{{ map(lambda u: u['home'], filter(lambda u: 'ftps' in u['services'] or 'proftpd' in u['services'], hostvars[inventory_hostname]['users'].values())) | list | random }}/public" - anon_user: "{{ config['proftpd']['vusers']['smuggler']['username'] }}" + anon_user: "{{ config['proftpd']['users']['smuggler']['username'] }}" - name: Set ProFTPd jail in fail2ban block: - name: Create fail2ban system configuration directory diff --git a/roles/bootstrap/templates/aria2/aria2.conf.j2 b/roles/bootstrap/templates/aria2/aria2.conf.j2 index e386be3..3670622 100644 --- a/roles/bootstrap/templates/aria2/aria2.conf.j2 +++ b/roles/bootstrap/templates/aria2/aria2.conf.j2 @@ -15,7 +15,7 @@ rpc-allow-origin-all=true rpc-max-request-size=10M rpc-listen-all=true rpc-listen-port=6800 -rpc-secret={{ config.aria.secret }} +rpc-secret={{ config['aria']['api_key'] }} # rpc-certificate= # rpc-private-key= # rpc-secure=true diff --git a/roles/bootstrap/templates/proftpd/conf.d/vhost@vps1-fq.dn.conf.example.j2 b/roles/bootstrap/templates/proftpd/conf.d/vhost@vps1-fq.dn.conf.example.j2 index a68c4dc..f58d1b8 100644 --- a/roles/bootstrap/templates/proftpd/conf.d/vhost@vps1-fq.dn.conf.example.j2 +++ b/roles/bootstrap/templates/proftpd/conf.d/vhost@vps1-fq.dn.conf.example.j2 @@ -20,8 +20,8 @@ # AuthOrder mod_auth_pam.c mod_auth_unix.c* AuthOrder mod_auth_file.c - AuthUserFile {{ config.proftpd.auth_filepaths.users_path }} - AuthGroupFile {{ config.proftpd.auth_filepaths.groups_path }} + AuthUserFile {{ config.proftpd.auth_paths.users }} + AuthGroupFile {{ config.proftpd.auth_paths.groups }} AuthFileOptions SyntaxCheck TLSEngine on diff --git a/roles/bootstrap/vars/main/software.yml b/roles/bootstrap/vars/main/software.yml index 340db27..7d3680a 100644 --- a/roles/bootstrap/vars/main/software.yml +++ b/roles/bootstrap/vars/main/software.yml @@ -249,16 +249,16 @@ config: editor: nvim proftpd: name: "{{ hostvars[inventory_hostname].fqdn.split('.')[0] }}" - auth_filepaths: - users_path: /etc/proftpd/ftpd.passwd - groups_path: /etc/proftpd/ftpd.group + auth_paths: + users: /etc/proftpd/ftpd.passwd + groups: /etc/proftpd/ftpd.group msg: welcome: "Our head librarians Furcas and Marbas welcome you!" - vusers: + users: webmaster: username: webmaster - id_of: "{{ ['caddy', 'www-data'][0] }}" - gid_of: "{{ ['caddy', 'www-data'][0] }}" + id: "{{ ['caddy', 'www-data'][0] }}" + gid: "{{ ['caddy', 'www-data'][0] }}" # @TODO create vaulted password for this ProFTPd virtual user password: !vault | $ANSIBLE_VAULT;1.2;AES256;vps1-webmaster @@ -270,8 +270,8 @@ config: services: [http,https] smuggler: username: smuggler - id_of: "{{ hostvars[inventory_hostname].users.ftp.username }}" - gid_of: "{{ hostvars[inventory_hostname].users.ftp.group | default(hostvars[inventory_hostname].users.ftp.username) }}" + id: "{{ hostvars[inventory_hostname].users.ftp.username }}" + gid: "{{ hostvars[inventory_hostname].users.ftp.group | default(hostvars[inventory_hostname].users.ftp.username) }}" # @TODO create vaulted password for this ProFTPd virtual user password: !vault | $ANSIBLE_VAULT;1.2;AES256;vps1-smuggler @@ -293,5 +293,5 @@ config: phone_region: US aria: checksum: ~ - secret: ~ + api_key: ~