From 80e41101aa1537d6913f4e7031b5acf6a7b47161 Mon Sep 17 00:00:00 2001 From: Lucille Delisle Date: Thu, 25 Feb 2021 18:59:49 +0100 Subject: [PATCH 1/4] solve a warning from ansible --- tasks/debian.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tasks/debian.yml b/tasks/debian.yml index 2102c37..278739e 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -3,7 +3,4 @@ - name: Install ProFTPD (apt) apt: - name: "{{ item }}" - with_items: - - proftpd-basic - - proftpd-mod-pgsql + name: ['proftpd-basic', 'proftpd-mod-pgsql'] From ebd79b0384c7863a12e2542ac53f214bfa875e02 Mon Sep 17 00:00:00 2001 From: Lucille Delisle Date: Thu, 25 Feb 2021 21:23:49 +0100 Subject: [PATCH 2/4] Do not include backup config files --- tasks/debian.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tasks/debian.yml b/tasks/debian.yml index 278739e..42fd69a 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -4,3 +4,10 @@ - name: Install ProFTPD (apt) apt: name: ['proftpd-basic', 'proftpd-mod-pgsql'] + +- name: Change Include + replace: + path: "{{ proftpd_config_file }}" + regexp: "Include {{ proftpd_config_dir }}/conf.d/$" + backup: yes + replace: "Include {{ proftpd_config_include_dir }}/*.conf" From ad3adc0476d4283d23547538459779d262f2b3f0 Mon Sep 17 00:00:00 2001 From: Lucille Delisle Date: Thu, 25 Feb 2021 21:24:14 +0100 Subject: [PATCH 3/4] Put more options for tls --- defaults/main.yml | 2 ++ templates/tls.conf.j2 | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 7bfef32..02bd007 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -23,6 +23,8 @@ proftpd_galaxy_auth_context: 'server' proftpd_tls_sesscache_timeout: 300 proftpd_tls_renegotiate: null +proftpd_tls_options: null +proftpd_use_mod_tls_shmcache: true proftpd_deploy_ssl: false diff --git a/templates/tls.conf.j2 b/templates/tls.conf.j2 index a81ff33..874267a 100644 --- a/templates/tls.conf.j2 +++ b/templates/tls.conf.j2 @@ -3,8 +3,11 @@ ## # Enable session reuse (must be in the server context) + +{% if proftpd_use_mod_tls_shmcache %} LoadModule mod_tls_shmcache.c TLSSessionCache shm:/file={{ proftpd_tls_sesscache_path }}&size=8388608 {{ proftpd_tls_sesscache_timeout }} +{% endif %} {{ 'TLSRenegotiate ' ~ proftpd_tls_renegotiate if proftpd_tls_renegotiate else '' }} {% if proftpd_tls_context == 'global' %} @@ -21,6 +24,8 @@ TLSProtocol {{ proftpd_tls_protocol | default('TLSv1.1 TLSv1.2') }} # Require TLS TLSRequired {{ proftpd_tls_required | default('on') }} +{{ 'TLSOptions ' ~ proftpd_tls_options if proftpd_tls_options else '' }} + # Limit TLS ciphers TLSServerCipherPreference on TLSCipherSuite {{ proftpd_tls_cipher_suite | default('EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS') }} From bf11bfe32ab1ac2c876f524fb854a61bae46ecec Mon Sep 17 00:00:00 2001 From: Lucille Delisle Date: Thu, 25 Feb 2021 21:55:36 +0100 Subject: [PATCH 4/4] replace galaxyprojectdotorg by galaxyproject --- README.md | 2 +- defaults/main.yml | 2 +- handlers/main.yml | 2 +- tasks/debian.yml | 2 +- tasks/galaxy_auth.yml | 2 +- tasks/main.yml | 2 +- tasks/redhat.yml | 2 +- tasks/tls.yml | 2 +- tests/test.yml | 2 +- vars/main.yml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 3231820..ccedeec 100644 --- a/README.md +++ b/README.md @@ -155,7 +155,7 @@ Install ProFTPD for Galaxy with TLS: proftpd_ssl_src_dir: files/ssl roles: - - galaxyprojectdotorg.proftpd + - galaxyproject.proftpd ``` If using virtual servers in conjunction with Galaxy authentication, [DefaultRoot][proftpd-default-root]'s `chroot(2)` diff --git a/defaults/main.yml b/defaults/main.yml index 02bd007..1414249 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -# defaults file for galaxyprojectdotorg.proftpd +# defaults file for galaxyproject.proftpd proftpd_ssl_src_dir: files/ssl diff --git a/handlers/main.yml b/handlers/main.yml index b0ccabb..bb51359 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,5 @@ --- -# handlers file for galaxyprojectdotorg.proftpd +# handlers file for galaxyproject.proftpd - name: reload proftpd service: diff --git a/tasks/debian.yml b/tasks/debian.yml index 42fd69a..bea5370 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -1,5 +1,5 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Install ProFTPD (apt) apt: diff --git a/tasks/galaxy_auth.yml b/tasks/galaxy_auth.yml index a019324..44e6a82 100644 --- a/tasks/galaxy_auth.yml +++ b/tasks/galaxy_auth.yml @@ -1,5 +1,5 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Comment Galaxy proftpd.conf options lineinfile: diff --git a/tasks/main.yml b/tasks/main.yml index 022a173..ec18dfc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,5 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Set OS-specific variables include_vars: "{{ ansible_os_family | lower }}.yml" diff --git a/tasks/redhat.yml b/tasks/redhat.yml index ccb6662..051deac 100644 --- a/tasks/redhat.yml +++ b/tasks/redhat.yml @@ -1,5 +1,5 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Install ProFTPD (yum) yum: diff --git a/tasks/tls.yml b/tasks/tls.yml index da8f454..d90e24d 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -1,5 +1,5 @@ --- -# tasks file for galaxyprojectdotorg.proftpd +# tasks file for galaxyproject.proftpd - name: Configure TLS options template: diff --git a/tests/test.yml b/tests/test.yml index 7bef5ef..c854171 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -2,4 +2,4 @@ - hosts: localhost remote_user: root roles: - - galaxyprojectdotorg.proftpd \ No newline at end of file + - galaxyproject.proftpd \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index 6b5fbfb..56eb2d4 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,2 @@ --- -# vars file for galaxyprojectdotorg.proftpd +# vars file for galaxyproject.proftpd