debops.tftpd default variables

APT packages

tftpd__base_packages

List of base APT packages to install for TFTP server support.

tftpd__base_packages: [ 'tftpd-hpa' ]
tftpd__packages

List of additional APT packages to install with TFTP server.

tftpd__packages: []

TFTP server configuration

tftpd__address

Address and port on which TFTP server is listening for new connections.

tftpd__address: '[::]:69'
tftpd__directory

Root directory with files served over TFTP.

tftpd__directory: '/srv/tftp'
tftpd__username

UNIX system account used by the TFTP server.

tftpd__username: 'tftp'
tftpd__options

Additional options passed to the tftpd-hpa daemon, defined as a string or a YAML list (lists will be flattened automatically).

tftpd__options:
  - '--secure'
  - '{{ [ "--permissive", "--create", ("--umask " + tftpd__upload_umask) ]
        if tftpd__upload_enabled|bool else [] }}'

Support for file uploads

tftpd__upload_enabled

Enable or disable support for file uploads over TFTP service.

tftpd__upload_enabled: '{{ True if tftpd__allow|d() else False }}'
tftpd__upload_directory

Name of the upload subdirectory located in the TFTP root directory which will be owned by the TFTP user with write access.

tftpd__upload_directory: 'upload'
tftpd__upload_group

Specify the primary UNIX group of the upload directory.

tftpd__upload_group: 'tftp'
tftpd__upload_mode

Specify the UNIX attributes of the upload directory.

tftpd__upload_mode: '0751'
tftpd__upload_umask

Specify the umask(2) used during file uploads by the TFTP server.

tftpd__upload_umask: '0002'

Firewall and TCP Wrappers configuration

tftpd__allow

List of IP addresses or CIDR subnets which are allowed to connect to TFTP server. If it's empty, anybody can connect to the FTP server.

tftpd__allow: []

Configuration for other Ansible roles

tftpd__ferm__dependent_rules

Configuration for the debops.ferm Ansible role.

tftpd__ferm__dependent_rules:

  - type: 'accept'
    protocols: [ 'udp' ]
    dport: [ 'tftp' ]
    saddr: '{{ tftpd__allow }}'
    accept_any: True
    weight: '50'
    filename: 'tftpd_dependency_accept'
tftpd__tcpwrappers__dependent_allow

Configuration for the debops.tcpwrappers Ansible role.

tftpd__tcpwrappers__dependent_allow:

  - daemon: 'in.tftpd'
    client: '{{ tftpd__allow }}'
    accept_any: True
    weight: '50'
    filename: 'tftpd_dependency_allow'
    comment: 'Allow remote connections to TFTP server'