Extend sftp to support multiple groups and directories

dee6fe7d · jurgenhaas · e238205a · dee6fe7d · dee6fe7d · dee6fe7d
Commit dee6fe7d authored 6 years ago by jurgenhaas
--- a/defaults/main.yml
+++ b/defaults/main.yml
+sftp_basepath: '/var/sftp'
+sftp_groups:
+  sftp:
+    path: 'data'
+    user: []
 sftp_user: []
 sftp_devpath: false
--- a/tasks/groups.yml
+++ b/tasks/groups.yml
+---
+# file: roles/sftp/tasks/groups.yml
+
+- name: "Add Users to Group"
+  user:
+    name: '{{ item }}'
+    groups: '{{ group }}'
+    append: yes
+  with_items:
+  - '{{ sftp_groups[group].user }}'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -7,40 +7,47 @@

 - block:

-  - name: "SFTP | Ensure Group"
+  - name: "Ensure Groups"
    group:
-      name=sftp
-      state=present
+      name: '{{ item }}'
+      state: 'present'
+    with_items: '{{ sftp_groups }}'

-  - name: "SFTP | Ensure SFTP Directory"
+  - name: "Ensure SFTP Base-Directory"
    file:
-      dest=/var/sftp
-      owner=root
-      group=root
-      state=directory
-      mode='755'
+      dest: '{{ sftp_basepath }}'
+      owner: 'root'
+      group: 'root'
+      state: 'directory'
+      mode: '755'

-  - name: "SFTP | Create User"
+  - name: "Ensure SFTP Directories"
+    file:
+      dest: '{{ sftp_basepath }}/{{ sftp_groups[item].path }}'
+      owner: 'root'
+      group: '{{ item }}'
+      state: 'directory'
+      mode: '770'
+    with_items: '{{ sftp_groups }}'
+
+  - name: "Create Users"
    user:
-      name={{ item.username }}
-      group=sftp
-      home=/home/{{ item.username }}
-      shell=/bin/false
+      name: '{{ item.username }}'
+      home: '/home/{{ item.username }}'
+      shell: '/bin/false'
    with_items: '{{ sftp_user }}'

-  - name: "SFTP | Install Key"
+  - name: "Install Keys"
    authorized_key:
-      user={{ item.username }}
-      key="{{ item.key }}"
+      user: '{{ item.username }}'
+      key: '{{ item.key }}'
    with_items: '{{ sftp_user }}'

-  - name: "SFTP | Create Data Directory"
-    file:
-      dest=/var/sftp/data
-      owner=root
-      group=sftp
-      state=directory
-      mode='775'
+  - name: "User-Group-Relations"
+    include_tasks: 'groups.yml'
+    loop_control:
+      loop_var: group
+    with_items: '{{ sftp_groups }}'

  - import_tasks: mount.yml
    when: sftp_devpath