ansible_cache/dnaclab_linux/roles/ncafsa-backup/tasks/main.yaml

---
- name: Create account for backup services
  ansible.builtin.user:
    name: "{{ item }}"
    password: "{{ password }}"
    shell: /bin/bash
  loop: "{{ services }}"

- name: Create backup directory tree 
  ansible.builtin.file:
    path: "/backups/{{ item }}"
    state: directory
    owner: "{{ item }}"
    group: "{{ item }}"
  loop: "{{ services }}"

- name: Install NFS, SFTP and TFTP services
  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
  loop:
    - nfs-kernel-server
    - openssh-server 
    - tftpd-hpa

- name: Configure SFTP for ISE backups
  ansible.builtin.template:
    src: sftp.conf.j2
    dest: /etc/ssh/sshd_config
  vars:
    user: "ise"

- name: Fix permissions for SFTP folder
  ansible.builtin.file:
    path: "/backups/{{ user }}"
    state: directory
    owner: root
    group: root
  vars:
    user: "ise"

- name: Restart SSH service (allows SFTP changes to work)
  ansible.builtin.service:
    name: ssh
    state: restarted