aneesh-c · jardaKalus · Dec 14, 2017 · Dec 14, 2017 · Dec 14, 2017 · Mar 28, 2019
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -16,52 +16,109 @@
 #
 
 class vsftpd (
-  $package_name           = [ 'vsftpd' ],
-  $configfile             = $::vsftpd::params::configfile,
-  $template               = 'vsftpd/configfile.erb',
-  $anonymous_enable       = undef,
-  $local_enable           = undef,
-  $write_enable           = undef,
-  $local_umask            = undef,
-  $dirmessage_enable      = undef,
-  $xferlog_enable         = undef,
-  $connect_from_port_20   = undef,
-  $xferlog_std_format     = undef,
-  $chroot_local_user      = undef,
-  $listen                 = undef,
-  $listen_ipv6            = undef,
-  $pam_service_name       = undef,
-  $userlist_enable        = undef,
-  $tcp_wrappers           = undef,
-  $use_localtime          = undef,
-  $secure_chroot_dir      = undef,
-  $rsa_cert_file          = undef,
-  $rsa_private_key_file   = undef,
-  $ssl_enable             = undef,
-  $allow_writeable_chroot = undef,
-  $pasv_enable            = undef,
-  $pasv_min_port          = undef,
-  $pasv_max_port          = undef,
-  $pasv_address           = undef,
-  $allow_anon_ssl         = undef,
-  $force_local_data_ssl   = undef,
-  $force_local_logins_ssl = undef,
-  $ssl_tlsv1              = undef,
-  $ssl_sslv2              = undef,
-  $ssl_sslv3              = undef,
-  $require_ssl_reuse      = undef,
-  $ssl_ciphers            = undef,
+  $package_name            = [ 'vsftpd' ],
+  $configfile              = $::vsftpd::params::configfile,
+  $template                = 'vsftpd/configfile.erb',
+  $anonymous_enable        = undef,
+  $local_enable            = undef,
+  $write_enable            = undef,
+  $local_umask             = undef,
+  $dirmessage_enable       = undef,
+  $xferlog_enable          = undef,
+  $connect_from_port_20    = undef,
+  $xferlog_std_format      = undef,
+  $chroot_local_user       = undef,
+  $listen                  = undef,
+  $listen_ipv6             = undef,
+  $pam_service_name        = undef,
+  $userlist_enable         = undef,
+  $tcp_wrappers            = undef,
+  $use_localtime           = undef,
+  $secure_chroot_dir       = undef,
+  $rsa_cert_file           = undef,
+  $rsa_private_key_file    = undef,
+  $ssl_enable              = undef,
+  $allow_writeable_chroot  = undef,
+  $pasv_enable             = undef,
+  $pasv_min_port           = undef,
+  $pasv_max_port           = undef,
+  $pasv_address            = undef,
+  $allow_anon_ssl          = undef,
+  $force_local_data_ssl    = undef,
+  $force_local_logins_ssl  = undef,
+  $ssl_tlsv1               = undef,
+  $ssl_sslv2               = undef,
+  $ssl_sslv3               = undef,
+  $require_ssl_reuse       = undef,
+  $ssl_ciphers             = undef,
+  $async_abor_enable       = undef,
+  $data_connection_timeout = undef,
+  $debug_ssl               = undef,
+  $force_dot_files         = undef,
+  $idle_session_timeout    = undef,
+  $passwd_chroot_enable    = undef,
+  $session_support         = undef,
+  $xferlog_file            = undef,
+  $manage_service          = true,
+  Boolean $letsencryptcert = false,
+  Optional[String] $lemail = undef,
+  Boolean $leprod          = false,
+  Array[String[1]] $lename = [$facts['fqdn']],
+  Optional[Boolean] $lecron = false,
+  Optional[String] $leconf = '/etc/letsencrypt',
+  Optional[String] $lecron_before = undef,
+  Optional[String] $lecron_success = undef
 ) inherits ::vsftpd::params {
   package { $package_name: ensure => installed }
   file { $configfile:
     require => Package[$package_name],
     backup  => '.backup',
     content => template($template),
   }
-  if $::osfamily == 'RedHat' {
-    service { 'vsftpd':
-      require => Package[$package_name],
-      enable  => true,
+  if $letsencryptcert == true {
+    if $lemail { 
+      if $leprod {
+        $leserver = 'https://acme-v02.api.letsencrypt.org/directory'
+      } else {
+        $leserver = 'https://acme-staging.api.letsencrypt.org/directory'
+      }
+      class {'letsencrypt':
+        email       => $lemail,
+        config_dir  => $leconf,
+        config_file => "${leconf}/cli.ini",
+        config      => {
+          server => $leserver,
+        },
+      }
+      letsencrypt::certonly { pick($lename):
+        domains              => $lename,
+        manage_cron          => $lecron,
+        config_dir           => $leconf,
+        additional_args      => ["--config-dir ${leconf}"],
+        cron_hour            => '0',
+        cron_minute          => '30',
+        cron_before_command  => $lecron_before,
+        cron_success_command => $lecron_success,
+        suppress_cron_output => true,
+      }
+    }
+  }
+  if $manage_service {
+    case $facts['osfamily'] {
+      'RedHat': {
+         service { 'vsftpd':
+           require => Package[$package_name],
+           enable  => true,
+         }
+      }
+      'Debian': {
+         if $facts['operatingsystemmajrelease'] > 8 {
+            service { 'vsftpd':
+              require => Package[$package_name],
+              enable  => true,
+            }
+         }
+      }
     }
   }
 }
diff --git a/templates/configfile.erb b/templates/configfile.erb
@@ -65,6 +65,9 @@ connect_from_port_20=<%= @connect_from_port_20 %>
 # You may override where the log file goes if you like. The default is shown
 # below.
 #xferlog_file=/var/log/xferlog
+<% if @xferlog_file -%>
+xferlog_file=<%= @xferlog_file %>
+<% end -%>
 #
 # If you want, you can have your log file in standard ftpd xferlog format.
 # Note that the default log file location is /var/log/xferlog in this case.
@@ -73,10 +76,22 @@ xferlog_std_format=<%= @xferlog_std_format %>
 <% end -%>
 #
 # You may change the default value for timing out an idle session.
-#idle_session_timeout=600
+<% if @idle_session_timeout -%>
+idle_session_timeout=<%= @idle_session_timeout %>
+<% end -%>
+#
+#This controls whether vsftpd attempts to maintain sessions for logins.
+#If vsftpd is maintaining sessions, it will try and update utmp and wtmp.
+#It will also open a pam_session if using PAM to authenticate,
+# and only close this upon logout.
+<% if @session_support -%>
+session_support=<%= @session_support %>
+<% end -%>
 #
 # You may change the default value for timing out a data connection.
-#data_connection_timeout=120
+<% if @data_connection_timeout -%>
+data_connection_timeout=<%= @data_connection_timeout %>
+<% end -%>
 #
 # It is recommended that you define on your system a unique user which the
 # ftp server can use as a totally isolated and unprivileged user.
@@ -85,7 +100,9 @@ xferlog_std_format=<%= @xferlog_std_format %>
 # Enable this and the server will recognise asynchronous ABOR requests. Not
 # recommended for security (the code is non-trivial). Not enabling it,
 # however, may confuse older FTP clients.
-#async_abor_enable=YES
+<% if @async_abor_enable -%>
+async_abor_enable=<%= @async_abor_enable %>
+<% end -%>
 #
 # By default the server will pretend to allow ASCII mode but in fact ignore
 # the request. Turn on the below options to have the server actually do ASCII
@@ -116,6 +133,9 @@ xferlog_std_format=<%= @xferlog_std_format %>
 <% if @chroot_local_user -%>
 chroot_local_user=<%= @chroot_local_user %>
 <% end -%>
+<% if @passwd_chroot_enable -%>
+passwd_chroot_enable=<%= @passwd_chroot_enable %>
+<% end -%>
 #chroot_list_enable=YES
 # (default follows)
 #chroot_list_file=/etc/vsftpd/chroot_list
@@ -222,3 +242,13 @@ require_ssl_reuse=<%= @require_ssl_reuse %>
 <% if @ssl_ciphers -%>
 ssl_ciphers=<%= @ssl_ciphers %>
 <% end -%>
+<% if @debug_ssl -%>
+debug_ssl=<%= @debug_ssl %>
+<% end -%>
+#
+#If activated, files and directories starting with . will be shown in directory
+#listings even if the "a" flag was not used by the client.
+#This override excludes the "." and ".." entries.
+<% if @force_dot_files -%>
+force_dot_files=<%= @force_dot_files %>
+<% end -%>