Startseite Erkunden Hilfe
Registrieren Anmelden
fphammerle
/
ansible-role-sftpd
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: 2b236c0a76
Branches Tags
ansible-role-sf...
/
tasks
/
main.yml

main.yml 1.5 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 
  1. - docker_container:
    2. 

  2.     name: '{{ sftpd_container_name }}'
    3. 

  3.     image: '{{ sftpd_container_image }}'
    4. 

  4.     env:
    5. 

  5.       SSH_CLIENT_PUBLIC_KEYS: "{{ sftpd_client_public_keys }}"
    6. 

  6.     read_only: yes
    7. 

  7.     mounts:
    8. 

  8.     - type: volume
    9. 

  9.       source: '{{ sftpd_container_name }}_host_keys'
    10. 

  10.       target: /etc/ssh/host_keys
    11. 

  11.       read_only: no
    12. 

  12.     - type: volume
    13. 

  13.       source: '{{ sftpd_data_volume_name }}'
    14. 

  14.       target: /data
    15. 

  15.       read_only: yes
    16. 

  16.     - type: tmpfs
    17. 

  17.       target: /home/nonroot/.ssh # authorized_keys
    18. 

  18.       tmpfs_size: 16k
    19. 

  19.       tmpfs_mode: '1777'
    20. 

  20.     network_mode: '{{ sftpd_network_mode | default(omit) }}'
    21. 

  21.     published_ports: ['0.0.0.0:{{ sftpd_published_port }}:2200']
    22. 

  22.     cap_drop: [ALL]
    23. 

  23.     # ChrootDirectory
    24. 

  24.     capabilities: [SETUID, SETGID, SYS_CHROOT]
    25. 

  25.     security_opts: [no-new-privileges]
    26. 

  26.     cpus: 0.8
    27. 

  27.     memory: 64M
    28. 

  28.     restart_policy: unless-stopped
    29. 

  29.     state: started
    30. 

  30.   register:  _container
    31. 

  31. - name: wait for host keys
    32. 

  32.   wait_for:
    33. 

  33.     path: >-
    34. 

  34.       {{ (_container.container.Mounts
    35. 

  35.           | items2dict(key_name='Destination', value_name='Source'))
    36. 

  36.          ['/etc/ssh/host_keys'] }}/{{ item }}.pub
    37. 

  37.   loop: [rsa, ed25519]
    38. 

  38.   register: _host_keys_files
    39. 

  39. - name: read host keys
    40. 

  40.   slurp:
    41. 

  41.     src: '{{ item }}'
    42. 

  42.   loop: "{{ _host_keys_files.results | map(attribute='path') | list }}"
    43. 

  43.   register: _host_keys_base64
    44. 

  44. - name: decode host keys
    45. 

  45.   set_fact:
    46. 

  46.     sftpd_host_keys: >-
    47. 

  47.       {{ _host_keys_base64.results | map(attribute='content')
    48. 

  48.          | map('b64decode') | map('trim') | list }}
    49.