- name: activate userlist
  lineinfile:
    dest: /etc/vsftpd.conf
    line: 'userlist_enable=YES'
    regexp: '#? *userlist_enable=.*'
  become: yes
  notify: reload vsftpd
- name: restrict access to explicitly listed users
  lineinfile:
    dest: /etc/vsftpd.conf
    # option only examined if userlist_enable is activated
    line: 'userlist_deny=NO'
    regexp: '#? *userlist_deny=.*'
  become: yes
  notify: reload vsftpd
- name: set path to userlist
  lineinfile:
    dest: /etc/vsftpd.conf
    # vsftpd default: /etc/vsftpd.user_list
    line: 'userlist_file=/etc/vsftpd.user_list'
    regexp: '#? *userlist_file=.*'
  become: yes
  notify: reload vsftpd
- name: create userlist
  copy:
    dest: /etc/vsftpd.user_list
    content: |
      {% for user in vsftpd_allowed_users %}
      {{user}}
      {% endfor %}
    mode: u=rw,g=,o=
  become: yes