From: rominique <romain.legoff@heureux-cyclage.org>
Date: Tue, 9 Apr 2024 15:39:02 +0000 (+0200)
Subject: ajout du support SFTP
X-Git-Url: https://git.cyclocoop.org/?a=commitdiff_plain;h=058c0e0c1ce6fc1fb225fceb18cc8898f9a2a063;p=lhc%2Fansible.git

ajout du support SFTP
---

diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml
index becb28f..9923ad6 100644
--- a/creation_nouveau_site.yml
+++ b/creation_nouveau_site.yml
@@ -126,4 +126,6 @@
     - name: Inclure le configuration du backup
       ansible.builtin.include_tasks: tasks/config_backup.yml
 
-# SFTP key
+    - name: Inclure le configuration SFTP
+      ansible.builtin.include_tasks: tasks/config_sftp.yml
+      when: sftp == 'oui'
diff --git a/tasks/config_sftp.yml b/tasks/config_sftp.yml
new file mode 100644
index 0000000..54bc7dc
--- /dev/null
+++ b/tasks/config_sftp.yml
@@ -0,0 +1,34 @@
+- name: Ajout de l'utilisateur site_SIGLE_SITE dans le group sftponly
+  ansible.builtin.user:
+    name: "site_{{ SIGLE }}_{{ SITE }}"
+    groups: sftponly
+    append: true
+
+# verif si le home appartient bien à root avec un mode 2750 ou 2770?
+
+- name: Boucle création ou modifications du repertoire .ssh
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: "{{ item.state }}"
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
+  loop_control:
+    label: "{{ item.path }}"
+  loop:
+    - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/.ssh"
+      state: directory
+      owner: "site_{{ SIGLE }}_{{ SITE }}"
+      group: "site_{{ SIGLE }}_{{ SITE }}"
+      mode: '2700'
+
+- name: Création du fichier authorized_keys
+  ansible.builtin.template:
+    src: "templates/authorized_keys.j2"
+    dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/.ssh/authorized_keys"
+    owner: "site_{{ SIGLE }}_{{ SITE }}"
+    group: "site_{{ SIGLE }}_{{ SITE }}"
+    mode: '640'
+  when: sftp_key is defined
+
+# verif le serveur openssh est bien config et sinon le faire? + reload
diff --git a/templates/authorized_keys.j2 b/templates/authorized_keys.j2
new file mode 100644
index 0000000..bc661dd
--- /dev/null
+++ b/templates/authorized_keys.j2
@@ -0,0 +1 @@
+{{ sftp_key }}
\ No newline at end of file