Home Explore Help
Sign In
fphammerle
/
ansible-role-sftpd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ae1af8bc27
Branches Tags
ansible-role-sf...
/
tasks
/
main.yml

main.yml 1.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. - docker_container:
    2. 

  2.     name: '{{ sftpd_container_name }}'
    3. 

  3.     image: '{{ sftpd_container_image }}'
    4. 

  4.     env:
    5. 

  5.       SSH_CLIENT_PUBLIC_KEYS: "{{ sftpd_client_public_keys }}"
    6. 

  6.     read_only: yes
    7. 

  7.     mounts:
    8. 

  8.     - type: volume
    9. 

  9.       source: '{{ sftpd_container_name }}_host_keys'
    10. 

  10.       target: /etc/ssh/host_keys
    11. 

  11.       read_only: no
    12. 

  12.     - type: volume
    13. 

  13.       source: '{{ sftpd_data_volume_name }}'
    14. 

  14.       target: /data
    15. 

  15.       read_only: yes
    16. 

  16.     - type: tmpfs
    17. 

  17.       target: /home/nonroot/.ssh # authorized_keys
    18. 

  18.       tmpfs_size: 16k
    19. 

  19.       tmpfs_mode: '1777'
    20. 

  20.     published_ports: ['0.0.0.0:{{ sftpd_published_port }}:2200']
    21. 

  21.     cap_drop: [ALL]
    22. 

  22.     # ChrootDirectory
    23. 

  23.     capabilities: [SETUID, SETGID, SYS_CHROOT]
    24. 

  24.     security_opts: [no-new-privileges]
    25. 

  25.     cpus: 0.8
    26. 

  26.     memory: 64M
    27. 

  27.     restart_policy: unless-stopped
    28. 

  28.     state: started
    29. 

  29.   register:  _container
    30. 

  30. - name: wait for host keys
    31. 

  31.   wait_for:
    32. 

  32.     path: >-
    33. 

  33.       {{ (_container.container.Mounts
    34. 

  34.           | items2dict(key_name='Destination', value_name='Source'))
    35. 

  35.          ['/etc/ssh/host_keys'] }}/{{ item }}.pub
    36. 

  36.   loop: [rsa, ed25519]
    37. 

  37.   register: _host_keys_files
    38. 

  38. - name: read host keys
    39. 

  39.   slurp:
    40. 

  40.     src: '{{ item }}'
    41. 

  41.   loop: "{{ _host_keys_files.results | map(attribute='path') | list }}"
    42. 

  42.   register: _host_keys_base64
    43. 

  43. - name: decode host keys
    44. 

  44.   set_fact:
    45. 

  45.     sftpd_host_keys: >-
    46. 

  46.       {{ _host_keys_base64.results | map(attribute='content')
    47. 

  47.          | map('b64decode') | map('trim') | list }}
    48.