sftp and infuse role

roles/sftp_conf/README.md

@@ -0,0 +1,2 @@
+# sftp
+disables password auth for ssh, then creates a user for infuse and allows it to use sftp with password anyway

roles/sftp_conf/files/10-nopassword.conf

@@ -0,0 +1,3 @@
+# disable password auth
+PasswordAuthentication no
+ChallengeResponseAuthentication no

roles/sftp_conf/files/11-sftpaccess.conf

@@ -0,0 +1,4 @@
+# allow password only for infuse
+Match User infuse
+PasswordAuthentication yes
+ForceCommand internal-sftp

roles/sftp_conf/files/99-dropmatch.conf

@@ -0,0 +1,2 @@
+# drop user matches again
+Match all

roles/sftp_conf/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: Add infuse user
+  become: true
+  ansible.builtin.user:
+    name: infuse
+    uid: 1001
+    shell: /usr/sbin/nologin
+    password: $6$PsOR1shOjC3iPF17$RiSD0NjSHNbnfN.cf5xqeLfzR9M4ySq3fnBPQ6Ng/zznALcMdwLbZ.OBft6gXn2F6qf.HxTvo.i4NxwmVdIQE/
+
+- name: Add sftp-config
+  become: true
+  ansible.builtin.copy:
+    src: "{{ item.src }}"
+    dest: /etc/ssh/sshd_config.d/{{ item.src }}
+    mode: "0644"
+  loop:
+    - src: 10-nopassword.conf
+    - src: 11-sftpaccess.conf
+    - src: 99-dropmatch.conf