debops.tftpd default variables¶
Sections
APT packages¶
-
tftpd__base_packages
¶
List of base APT packages to install for TFTP server support.
tftpd__base_packages: [ 'tftpd-hpa' ]
-
tftpd__packages
¶
List of additional APT packages to install with TFTP server.
tftpd__packages: []
TFTP server configuration¶
-
tftpd__address
¶
Address and port on which TFTP server is listening for new connections.
tftpd__address: '[::]:69'
-
tftpd__directory
¶
Root directory with files served over TFTP.
tftpd__directory: '/srv/tftp'
-
tftpd__username
¶
UNIX system account used by the TFTP server.
tftpd__username: 'tftp'
-
tftpd__options
¶
Additional options passed to the tftpd-hpa daemon, defined as a string or a YAML list (lists will be flattened automatically).
tftpd__options:
- '--secure'
- '{{ [ "--permissive", "--create", ("--umask " + tftpd__upload_umask) ]
if tftpd__upload_enabled|bool else [] }}'
Support for file uploads¶
-
tftpd__upload_enabled
¶
Enable or disable support for file uploads over TFTP service.
tftpd__upload_enabled: '{{ True if tftpd__allow|d() else False }}'
-
tftpd__upload_directory
¶
Name of the upload subdirectory located in the TFTP root directory which will be owned by the TFTP user with write access.
tftpd__upload_directory: 'upload'
-
tftpd__upload_group
¶
Specify the primary UNIX group of the upload directory.
tftpd__upload_group: 'tftp'
-
tftpd__upload_mode
¶
Specify the UNIX attributes of the upload directory.
tftpd__upload_mode: '0751'
-
tftpd__upload_umask
¶
Specify the umask(2) used during file uploads by the TFTP server.
tftpd__upload_umask: '0002'
Firewall and TCP Wrappers configuration¶
-
tftpd__allow
¶
List of IP addresses or CIDR subnets which are allowed to connect to TFTP server. If it's empty, anybody can connect to the FTP server.
tftpd__allow: []
Configuration for other Ansible roles¶
-
tftpd__ferm__dependent_rules
¶
Configuration for the debops.ferm Ansible role.
tftpd__ferm__dependent_rules:
- type: 'accept'
protocols: [ 'udp' ]
dport: [ 'tftp' ]
saddr: '{{ tftpd__allow }}'
accept_any: True
weight: '50'
filename: 'tftpd_dependency_accept'
-
tftpd__tcpwrappers__dependent_allow
¶
Configuration for the debops.tcpwrappers Ansible role.
tftpd__tcpwrappers__dependent_allow:
- daemon: 'in.tftpd'
client: '{{ tftpd__allow }}'
accept_any: True
weight: '50'
filename: 'tftpd_dependency_allow'
comment: 'Allow remote connections to TFTP server'