tasks/config_sftp.yml

   1 - name: Ajout de l'utilisateur site_SIGLE_SITE dans le group sftponly et modification du home
   2   ansible.builtin.user:
   3     name: "site_{{ SIGLE }}_{{ SITE }}"
   4     home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}"
   5     shell: /bin/false
   6     groups: sftponly
   7     append: true
   8     create_home: false
   9
  10 - name: Boucle création ou modifications du repertoire .ssh et vérif des permissions/owner du home
  11   ansible.builtin.file:
  12     path: "{{ item.path }}"
  13     state: "{{ item.state }}"
  14     owner: "{{ item.owner }}"
  15     group: "{{ item.group }}"
  16     mode: "{{ item.mode }}"
  17   loop_control:
  18     label: "{{ item.path }}"
  19   loop:
  20     - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}"
  21       state: directory
  22       owner: 'root'
  23       group: 'www-data'
  24       mode: '2751'
  25     - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh"
  26       state: directory
  27       owner: "site_{{ SIGLE }}_{{ SITE }}"
  28       group: "site_{{ SIGLE }}_{{ SITE }}"
  29       mode: '2700'
  30
  31 - name: Création du fichier authorized_keys
  32   ansible.builtin.template:
  33     src: "templates/authorized_keys.j2"
  34     dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh/authorized_keys"
  35     owner: "site_{{ SIGLE }}_{{ SITE }}"
  36     group: "site_{{ SIGLE }}_{{ SITE }}"
  37     mode: '600'
  38   when: sftp_key is defined
  39
  40 # verif le serveur openssh est bien config et sinon le faire? + reload