diff --git a/README.md b/README.md index 3231820..ccedeec 100644 --- a/README.md +++ b/README.md @@ -155,7 +155,7 @@ Install ProFTPD for Galaxy with TLS: proftpd_ssl_src_dir: files/ssl roles: - - galaxyprojectdotorg.proftpd + - galaxyproject.proftpd ``` If using virtual servers in conjunction with Galaxy authentication, [DefaultRoot][proftpd-default-root]'s `chroot(2)` diff --git a/defaults/main.yml b/defaults/main.yml index 7bfef32..1414249 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -# defaults file for galaxyprojectdotorg.proftpd +# defaults file for galaxyproject.proftpd proftpd_ssl_src_dir: files/ssl @@ -23,6 +23,8 @@ proftpd_galaxy_auth_context: 'server' proftpd_tls_sesscache_timeout: 300 proftpd_tls_renegotiate: null +proftpd_tls_options: null +proftpd_use_mod_tls_shmcache: true proftpd_deploy_ssl: false diff --git a/handlers/main.yml b/handlers/main.yml index b0ccabb..bb51359 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,5 @@ --- -# handlers file for galaxyprojectdotorg.proftpd +# handlers file for galaxyproject.proftpd - name: reload proftpd service: diff --git a/tasks/debian.yml b/tasks/debian.yml index 2102c37..bea5370 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -1,9 +1,13 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Install ProFTPD (apt) apt: - name: "{{ item }}" - with_items: - - proftpd-basic - - proftpd-mod-pgsql + name: ['proftpd-basic', 'proftpd-mod-pgsql'] + +- name: Change Include + replace: + path: "{{ proftpd_config_file }}" + regexp: "Include {{ proftpd_config_dir }}/conf.d/$" + backup: yes + replace: "Include {{ proftpd_config_include_dir }}/*.conf" diff --git a/tasks/galaxy_auth.yml b/tasks/galaxy_auth.yml index a019324..44e6a82 100644 --- a/tasks/galaxy_auth.yml +++ b/tasks/galaxy_auth.yml @@ -1,5 +1,5 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Comment Galaxy proftpd.conf options lineinfile: diff --git a/tasks/main.yml b/tasks/main.yml index 022a173..ec18dfc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,5 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Set OS-specific variables include_vars: "{{ ansible_os_family | lower }}.yml" diff --git a/tasks/redhat.yml b/tasks/redhat.yml index ccb6662..051deac 100644 --- a/tasks/redhat.yml +++ b/tasks/redhat.yml @@ -1,5 +1,5 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Install ProFTPD (yum) yum: diff --git a/tasks/tls.yml b/tasks/tls.yml index da8f454..d90e24d 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -1,5 +1,5 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Configure TLS options template: diff --git a/templates/tls.conf.j2 b/templates/tls.conf.j2 index a81ff33..874267a 100644 --- a/templates/tls.conf.j2 +++ b/templates/tls.conf.j2 @@ -3,8 +3,11 @@ ## # Enable session reuse (must be in the server context) + +{% if proftpd_use_mod_tls_shmcache %} LoadModule mod_tls_shmcache.c TLSSessionCache shm:/file={{ proftpd_tls_sesscache_path }}&size=8388608 {{ proftpd_tls_sesscache_timeout }} +{% endif %} {{ 'TLSRenegotiate ' ~ proftpd_tls_renegotiate if proftpd_tls_renegotiate else '' }} {% if proftpd_tls_context == 'global' %} @@ -21,6 +24,8 @@ TLSProtocol {{ proftpd_tls_protocol | default('TLSv1.1 TLSv1.2') }} # Require TLS TLSRequired {{ proftpd_tls_required | default('on') }} +{{ 'TLSOptions ' ~ proftpd_tls_options if proftpd_tls_options else '' }} + # Limit TLS ciphers TLSServerCipherPreference on TLSCipherSuite {{ proftpd_tls_cipher_suite | default('EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS') }} diff --git a/tests/test.yml b/tests/test.yml index 7bef5ef..c854171 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -2,4 +2,4 @@ - hosts: localhost remote_user: root roles: - - galaxyprojectdotorg.proftpd \ No newline at end of file + - galaxyproject.proftpd \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index 6b5fbfb..56eb2d4 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,2 @@ --- -# vars file for galaxyprojectdotorg.proftpd +# vars file for galaxyproject.proftpd