Initial commit

roles/common/tasks/pure-ftpd/tls-certificate.yml

@@ -0,0 +1,40 @@
+---
+ 
+# ---
+# TLS Certificate
+# ---
+
+# - method 'generate'
+
+- name: Generate Pure-FTPd TLS certificate.
+  command: openssl req -x509 -nodes -newkey rsa:{{ pureftpd_tls_certificate_openssl.size | default(4096) }} -sha256 -days {{ pureftpd_tls_certificate_openssl.days | default(365) }} -keyout {{ pureftpd_tls_certificate_pem }} -out {{ pureftpd_tls_certificate_pem }} -subj "/C={{ pureftpd_tls_certificate_openssl.country | default('') }}/ST={{ pureftpd_tls_certificate_openssl.state | default('') }}/L={{ pureftpd_tls_certificate_openssl.locality | default('') }}/O={{ pureftpd_tls_certificate_openssl.organization | default('') }}/OU={{ pureftpd_tls_certificate_openssl.unit | default('') }}/CN={{ pureftpd_tls_certificate_openssl.fqdn }}"
+  args:
+    creates: "{{ pureftpd_tls_certificate_pem }}"
+  when: 
+    - pureftpd_tls_certificate_method == 'generate'
+    - pureftpd_tls_certificate_openssl | length > 0
+  notify: restart Pure-FTPd
+
+- name: Ensure Pure-FTPd TLS certificate permissions.
+  file:
+    path: "{{ pureftpd_tls_certificate_pem }}"
+    owner: root
+    group: root
+    mode: '0600'
+    state: file
+  when: 
+    - pureftpd_tls_certificate_method == 'generate'
+    - pureftpd_tls_certificate_openssl | length > 0
+
+# - final checks
+
+- name: (pure-ftpd-install.yml) Verify TLS certificate exists.
+  stat:
+    path: "{{ pureftpd_tls_certificate_pem }}"
+  register: pureftpd_tls_certificate
+
+- name: (pure-ftpd-install.yml) Fail when no certificate is found.
+  fail:
+    msg: |
+        The certificate file was not found at {{ pureftpd_tls_certificate_pem }}
+  when: not pureftpd_tls_certificate.stat.exists | default(False)