From f19e4601f9dd4df4f5c512ed372c5edb668ce8ea Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Wed, 11 Jan 2023 16:46:02 +0100
Subject: [PATCH] [vsftpd] goes boom boom

---
 group_vars/vsftpd_mirror.yml               |   7 -
 host_vars/eclat.adm.crans.org.yml          |   4 -
 host_vars/ptf.adm.crans.org.yml            |   4 -
 roles/vsftpd/handlers/main.yml             |   5 -
 roles/vsftpd/tasks/main.yml                |  28 ----
 roles/vsftpd/templates/vsftpd.conf.j2      | 173 ---------------------
 roles/vsftpd/templates/vsftpd.user_list.j2 |   3 -
 7 files changed, 224 deletions(-)
 delete mode 100644 group_vars/vsftpd_mirror.yml
 delete mode 100644 roles/vsftpd/handlers/main.yml
 delete mode 100644 roles/vsftpd/tasks/main.yml
 delete mode 100644 roles/vsftpd/templates/vsftpd.conf.j2
 delete mode 100644 roles/vsftpd/templates/vsftpd.user_list.j2

diff --git a/group_vars/vsftpd_mirror.yml b/group_vars/vsftpd_mirror.yml
deleted file mode 100644
index 892dbecb..00000000
--- a/group_vars/vsftpd_mirror.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-glob_vsftpd_mirror:
-  ssl:
-    cert: /etc/letsencrypt/live/crans.org/cert.pem
-    private_key: /etc/letsencrypt/live/crans.org/privkey.pem
-  anonymous: {}
-  passive: yes
diff --git a/host_vars/eclat.adm.crans.org.yml b/host_vars/eclat.adm.crans.org.yml
index c68d80b2..3cb60555 100644
--- a/host_vars/eclat.adm.crans.org.yml
+++ b/host_vars/eclat.adm.crans.org.yml
@@ -55,7 +55,3 @@ loc_nginx:
             - "autoindex_exact_size off"
             - "add_before_body /.html/HEADER.html"
             - "add_after_body /.html/FOOTER.html"
-
-loc_vsftpd:
-  anonymous:
-    root: /mirror/pub
diff --git a/host_vars/ptf.adm.crans.org.yml b/host_vars/ptf.adm.crans.org.yml
index 373de3b3..f3dbec9b 100644
--- a/host_vars/ptf.adm.crans.org.yml
+++ b/host_vars/ptf.adm.crans.org.yml
@@ -74,7 +74,3 @@ loc_nginx:
             - "mp4"
             - "mp4_buffer_size 1m"
             - "mp4_max_buffer_size 5m"
-
-loc_vsftpd:
-  anonymous:
-    root: /ftp
diff --git a/roles/vsftpd/handlers/main.yml b/roles/vsftpd/handlers/main.yml
deleted file mode 100644
index 061d4f21..00000000
--- a/roles/vsftpd/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: systemctl restart vsftpd
-  service:
-    name: vsftpd
-    state: restarted
diff --git a/roles/vsftpd/tasks/main.yml b/roles/vsftpd/tasks/main.yml
deleted file mode 100644
index dcda24a1..00000000
--- a/roles/vsftpd/tasks/main.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-- name: Install vsftpd
-  apt:
-    update_cache: true
-    name: vsftpd
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
-- name: Configure vsftpd
-  template:
-    src: vsftpd.conf.j2
-    dest: /etc/vsftpd.conf
-    mode: 0644
-  notify: systemctl restart vsftpd
-
-- name: Deploy userlist
-  template:
-    src: vsftpd.user_list.j2
-    dest: /etc/vsftpd.user_list
-  notify: systemctl restart vsftpd
-  when: vsftpd.userlist is defined
-
-- name: systemctl enable --now service
-  systemd:
-    name: vsftpd
-    enabled: true
-    state: started
diff --git a/roles/vsftpd/templates/vsftpd.conf.j2 b/roles/vsftpd/templates/vsftpd.conf.j2
deleted file mode 100644
index 27850c9b..00000000
--- a/roles/vsftpd/templates/vsftpd.conf.j2
+++ /dev/null
@@ -1,173 +0,0 @@
-# Example config file /etc/vsftpd.conf
-#
-# The default compiled in settings are fairly paranoid. This sample file
-# loosens things up a bit, to make the ftp daemon more usable.
-# Please see vsftpd.conf.5 for all compiled in defaults.
-#
-# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
-# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
-# capabilities.
-#
-#
-# Run standalone?  vsftpd can run either from an inetd or as a standalone
-# daemon started from an initscript.
-#listen=NO
-#
-# Run standalone with IPv6?
-# Like the listen parameter, except vsftpd will listen on an IPv6 socket
-# instead of an IPv4 one. This parameter and the listen parameter are mutually
-# exclusive.
-listen_ipv6=YES
-#
-# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
-{% if vsftpd.anonymous is defined%}
-anonymous_enable=YES
-{% if vsftpd.ssl is defined and vsftpd.ssl %}
-allow_anon_ssl=YES
-{% endif %}
-anon_root={{ vsftpd.anonymous.root }}
-{% endif %}
-
-#banner_file=/etc/ftp.banner
-#
-# Uncomment this to allow local users to log in.
-{% if vsftpd.local is defined and vsftpd.local %}
-local_enable=YES
-{% else %}
-#local_enable=YES
-{% endif %}
-#
-# Uncomment this to enable any form of FTP write command.
-{% if vsftpd.write is defined and vsftpd.write %}
-write_enable=YES
-{% else %}
-#write_enable=YES
-{% endif %}
-{% if vsftpd.userlist is defined %}
-userlist_deny=NO
-userlist_enable=YES
-{% endif %}
-#
-# Default umask for local users is 077. You may wish to change this to 022,
-# if your users expect that (022 is used by most other ftpd's)
-#local_umask=022
-#
-# Uncomment this to allow the anonymous FTP user to upload files. This only
-# has an effect if the above global write enable is activated. Also, you will
-# obviously need to create a directory writable by the FTP user.
-#anon_upload_enable=YES
-#
-# Uncomment this if you want the anonymous FTP user to be able to create
-# new directories.
-#anon_mkdir_write_enable=YES
-#
-# Activate directory messages - messages given to remote users when they
-# go into a certain directory.
-#dirmessage_enable=YES
-#
-# Activate logging of uploads/downloads.
-xferlog_enable=YES
-#
-# Make sure PORT transfer connections originate from port 20 (ftp-data).
-#connect_from_port_20=YES
-#
-# If you want, you can arrange for uploaded anonymous files to be owned by
-# a different user. Note! Using "root" for uploaded files is not
-# recommended!
-#chown_uploads=YES
-#chown_username=whoever
-#
-# You may override where the log file goes if you like. The default is shown
-# below.
-#xferlog_file=/var/log/xferlog
-#
-# If you want, you can have your log file in standard ftpd xferlog format
-#xferlog_std_format=YES
-#
-# You may change the default value for timing out an idle session.
-#idle_session_timeout=600
-#
-# You may change the default value for timing out a data connection.
-#data_connection_timeout=120
-#
-# It is recommended that you define on your system a unique user which the
-# ftp server can use as a totally isolated and unprivileged user.
-#nopriv_user=ftpsecure
-#
-# Enable this and the server will recognise asynchronous ABOR requests. Not
-# recommended for security (the code is non-trivial). Not enabling it,
-# however, may confuse older FTP clients.
-#async_abor_enable=YES
-#
-# By default the server will pretend to allow ASCII mode but in fact ignore
-# the request. Turn on the below options to have the server actually do ASCII
-# mangling on files when in ASCII mode.
-# Beware that on some FTP servers, ASCII support allows a denial of service
-# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
-# predicted this attack and has always been safe, reporting the size of the
-# raw file.
-# ASCII mangling is a horrible feature of the protocol.
-#ascii_upload_enable=YES
-#ascii_download_enable=YES
-#
-# You may fully customise the login banner string:
-#ftpd_banner=Welcome to blah FTP service.
-#
-# You may specify a file of disallowed anonymous e-mail addresses. Apparently
-# useful for combatting certain DoS attacks.
-#deny_email_enable=YES
-# (default follows)
-#banned_email_file=/etc/vsftpd.banned_emails
-#
-# You may restrict local users to their home directories.  See the FAQ for
-# the possible risks in this before using chroot_local_user or
-# chroot_list_enable below.
-{% if vsftpd.local is defined and vsftpd.local %}
-chroot_local_user=YES
-{% else %}
-#chroot_local_user=YES
-{%endif%}
-#
-# You may specify an explicit list of local users to chroot() to their home
-# directory. If chroot_local_user is YES, then this list becomes a list of
-# users to NOT chroot().
-#chroot_list_enable=YES
-# (default follows)
-#chroot_list_file=/etc/vsftpd.chroot_list
-#
-# You may activate the "-R" option to the builtin ls. This is disabled by
-# default to avoid remote users being able to cause excessive I/O on large
-# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
-# the presence of the "-R" option, so there is a strong case for enabling it.
-#ls_recurse_enable=YES
-#
-#
-# Debian customization
-#
-# Some of vsftpd's settings don't fit the Debian filesystem layout by
-# default.  These settings are more Debian-friendly.
-#
-# This option should be the name of a directory which is empty.  Also, the
-# directory should not be writable by the ftp user. This directory is used
-# as a secure chroot() jail at times vsftpd does not require filesystem
-# access.
-#secure_chroot_dir=/var/run/vsftpd/empty
-#
-# This string is the name of the PAM service vsftpd will use.
-#pam_service_name=vsftpd
-#
-# This option specifies the location of the RSA certificate to use for SSL
-# encrypted connections.
-{% if vsftpd.ssl is defined %}
-rsa_cert_file= {{ vsftpd.ssl.cert }}
-rsa_private_key_file= {{ vsftpd.ssl.private_key }}
-ssl_enable=YES
-{% endif %}
-
-# Limitation à 5Mo pour les connexions anonymes
-#anon_max_rate=5242880
-{% if vsftpd.passive is defined and vsftpd.passive %}
-pasv_enable=YES
-pasv_min_port=45000
-pasv_max_port=48000
-{% endif %}
diff --git a/roles/vsftpd/templates/vsftpd.user_list.j2 b/roles/vsftpd/templates/vsftpd.user_list.j2
deleted file mode 100644
index b9953aa6..00000000
--- a/roles/vsftpd/templates/vsftpd.user_list.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-{% for user in vsftpd.userlist %}
-{{ user }}
-{% endfor %}