From a594df471f44dac26c33cf51452869735a2b01aa Mon Sep 17 00:00:00 2001 From: Christoph Date: Sun, 27 Sep 2020 23:23:21 +0200 Subject: [PATCH] update.. --- ansible-facts_file-akb.lst | 1126 +++++++++++++++++ group_vars/all/main.yml | 202 ++- hosts | 4 + roles/common/handlers/main.yml | 9 + roles/common/tasks/apt.yml | 107 +- roles/common/tasks/main.yml | 8 + roles/common/tasks/pure-ftpd-install.yml | 220 ++++ .../pure-ftpd/create-virtual-ftp-user.yml | 38 + .../templates/etc/default/pure-ftpd-common.j2 | 27 + .../templates/etc/pure-ftpd/conf/config.j2 | 2 + tatus | 394 ++++++ 11 files changed, 2128 insertions(+), 9 deletions(-) create mode 100644 ansible-facts_file-akb.lst create mode 100644 roles/common/tasks/pure-ftpd-install.yml create mode 100644 roles/common/tasks/pure-ftpd/create-virtual-ftp-user.yml create mode 100644 roles/common/templates/etc/default/pure-ftpd-common.j2 create mode 100644 roles/common/templates/etc/pure-ftpd/conf/config.j2 create mode 100644 tatus diff --git a/ansible-facts_file-akb.lst b/ansible-facts_file-akb.lst new file mode 100644 index 0000000..40d9347 --- /dev/null +++ b/ansible-facts_file-akb.lst @@ -0,0 +1,1126 @@ +file-akb.akb.netz | SUCCESS => { + "ansible_facts": { + "ansible_all_ipv4_addresses": [ + "192.168.82.10" + ], + "ansible_all_ipv6_addresses": [ + "2003:a:134e:e6fd:ae1f:6bff:fee7:d222", + "fe80::ae1f:6bff:fee7:d222" + ], + "ansible_apparmor": { + "status": "enabled" + }, + "ansible_architecture": "x86_64", + "ansible_bios_date": "02/21/2020", + "ansible_bios_version": "2.1", + "ansible_cmdline": { + "BOOT_IMAGE": "/boot/vmlinuz-4.19.0-11-amd64", + "quiet": true, + "ro": true, + "root": "UUID=b3b22f93-1d43-43fd-a123-f2d0eb7a7d5f" + }, + "ansible_date_time": { + "date": "2020-09-27", + "day": "27", + "epoch": "1601198073", + "hour": "11", + "iso8601": "2020-09-27T09:14:33Z", + "iso8601_basic": "20200927T111433320315", + "iso8601_basic_short": "20200927T111433", + "iso8601_micro": "2020-09-27T09:14:33.320490Z", + "minute": "14", + "month": "09", + "second": "33", + "time": "11:14:33", + "tz": "CEST", + "tz_offset": "+0200", + "weekday": "Sonntag", + "weekday_number": "0", + "weeknumber": "38", + "year": "2020" + }, + "ansible_default_ipv4": { + "address": "192.168.82.10", + "alias": "eno1", + "broadcast": "192.168.82.255", + "gateway": "192.168.82.254", + "interface": "eno1", + "macaddress": "ac:1f:6b:e7:d2:22", + "mtu": 1500, + "netmask": "255.255.255.0", + "network": "192.168.82.0", + "type": "ether" + }, + "ansible_default_ipv6": { + "address": "2003:a:134e:e6fd:ae1f:6bff:fee7:d222", + "gateway": "fe80::ae1f:6bff:fe7e:59d5", + "interface": "eno1", + "macaddress": "ac:1f:6b:e7:d2:22", + "mtu": 1500, + "prefix": "64", + "scope": "global", + "type": "ether" + }, + "ansible_device_links": { + "ids": { + "md0": [ + "md-name-file-akb:0", + "md-uuid-7e50d3b3:e023bb8a:73964b35:117bcb3b" + ], + "md1": [ + "md-name-file-akb:1", + "md-uuid-ea91f60a:caf49d13:116a659d:ad2e8a1a" + ], + "md2": [ + "md-name-file-akb:2", + "md-uuid-6707f105:b54dd59d:3ebb63c0:df86a7f2" + ], + "sda": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01050ETT240AGN", + "wwn-0x55cd2e4151f089c5" + ], + "sda1": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01050ETT240AGN-part1", + "wwn-0x55cd2e4151f089c5-part1" + ], + "sda2": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01050ETT240AGN-part2", + "wwn-0x55cd2e4151f089c5-part2" + ], + "sda3": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01050ETT240AGN-part3", + "wwn-0x55cd2e4151f089c5-part3" + ], + "sdb": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01140478240AGN", + "wwn-0x55cd2e4151f4fc86" + ], + "sdb1": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01140478240AGN-part1", + "wwn-0x55cd2e4151f4fc86-part1" + ], + "sdb2": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01140478240AGN-part2", + "wwn-0x55cd2e4151f4fc86-part2" + ], + "sdb3": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01140478240AGN-part3", + "wwn-0x55cd2e4151f4fc86-part3" + ], + "sdc": [ + "ata-HGST_HUS726T4TALE6L4_V1H42MRG", + "wwn-0x5000cca0bccff2e2" + ], + "sdc1": [ + "ata-HGST_HUS726T4TALE6L4_V1H42MRG-part1", + "wwn-0x5000cca0bccff2e2-part1" + ], + "sdd": [ + "ata-HGST_HUS726T4TALE6L4_V1H3Y46G", + "wwn-0x5000cca0bccfe1fd" + ], + "sdd1": [ + "ata-HGST_HUS726T4TALE6L4_V1H3Y46G-part1", + "wwn-0x5000cca0bccfe1fd-part1" + ] + }, + "labels": {}, + "masters": { + "sda1": [ + "md0" + ], + "sda3": [ + "md1" + ], + "sdb1": [ + "md0" + ], + "sdb3": [ + "md1" + ], + "sdc1": [ + "md2" + ], + "sdd1": [ + "md2" + ] + }, + "uuids": { + "md0": [ + "b3b22f93-1d43-43fd-a123-f2d0eb7a7d5f" + ], + "md1": [ + "15836f6f-5482-4600-beb5-4979cde5eabe" + ], + "md2": [ + "6c852f44-e191-4846-a8ff-feb285d5b959" + ], + "sda2": [ + "97040f45-bb9f-4d8d-adf8-ac6ba97bdf35" + ], + "sdb2": [ + "265293ba-5068-4086-84a4-e8033c4d314d" + ] + } + }, + "ansible_devices": { + "md0": { + "holders": [], + "host": "", + "links": { + "ids": [ + "md-name-file-akb:0", + "md-uuid-7e50d3b3:e023bb8a:73964b35:117bcb3b" + ], + "labels": [], + "masters": [], + "uuids": [ + "b3b22f93-1d43-43fd-a123-f2d0eb7a7d5f" + ] + }, + "model": null, + "partitions": {}, + "removable": "0", + "rotational": "0", + "sas_address": null, + "sas_device_handle": null, + "scheduler_mode": "", + "sectors": "41908224", + "sectorsize": "512", + "size": "19.98 GB", + "support_discard": "4096", + "vendor": null, + "virtual": 1 + }, + "md1": { + "holders": [], + "host": "", + "links": { + "ids": [ + "md-name-file-akb:1", + "md-uuid-ea91f60a:caf49d13:116a659d:ad2e8a1a" + ], + "labels": [], + "masters": [], + "uuids": [ + "15836f6f-5482-4600-beb5-4979cde5eabe" + ] + }, + "model": null, + "partitions": {}, + "removable": "0", + "rotational": "0", + "sas_address": null, + "sas_device_handle": null, + "scheduler_mode": "", + "sectors": "409875584", + "sectorsize": "512", + "size": "195.44 GB", + "support_discard": "4096", + "vendor": null, + "virtual": 1 + }, + "md2": { + "holders": [], + "host": "", + "links": { + "ids": [ + "md-name-file-akb:2", + "md-uuid-6707f105:b54dd59d:3ebb63c0:df86a7f2" + ], + "labels": [], + "masters": [], + "uuids": [ + "6c852f44-e191-4846-a8ff-feb285d5b959" + ] + }, + "model": null, + "partitions": {}, + "removable": "0", + "rotational": "1", + "sas_address": null, + "sas_device_handle": null, + "scheduler_mode": "", + "sectors": "7813769216", + "sectorsize": "512", + "size": "3.64 TB", + "support_discard": "0", + "vendor": null, + "virtual": 1 + }, + "sda": { + "holders": [], + "host": "SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 51)", + "links": { + "ids": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01050ETT240AGN", + "wwn-0x55cd2e4151f089c5" + ], + "labels": [], + "masters": [], + "uuids": [] + }, + "model": "INTEL SSDSC2KB24", + "partitions": { + "sda1": { + "holders": [], + "links": { + "ids": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01050ETT240AGN-part1", + "wwn-0x55cd2e4151f089c5-part1" + ], + "labels": [], + "masters": [ + "md0" + ], + "uuids": [] + }, + "sectors": "41943040", + "sectorsize": 512, + "size": "20.00 GB", + "start": "2048", + "uuid": null + }, + "sda2": { + "holders": [], + "links": { + "ids": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01050ETT240AGN-part2", + "wwn-0x55cd2e4151f089c5-part2" + ], + "labels": [], + "masters": [], + "uuids": [ + "97040f45-bb9f-4d8d-adf8-ac6ba97bdf35" + ] + }, + "sectors": "16777216", + "sectorsize": 512, + "size": "8.00 GB", + "start": "41945088", + "uuid": "97040f45-bb9f-4d8d-adf8-ac6ba97bdf35" + }, + "sda3": { + "holders": [], + "links": { + "ids": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01050ETT240AGN-part3", + "wwn-0x55cd2e4151f089c5-part3" + ], + "labels": [], + "masters": [ + "md1" + ], + "uuids": [] + }, + "sectors": "410139824", + "sectorsize": 512, + "size": "195.57 GB", + "start": "58722304", + "uuid": null + } + }, + "removable": "1", + "rotational": "0", + "sas_address": null, + "sas_device_handle": null, + "scheduler_mode": "mq-deadline", + "sectors": "468862128", + "sectorsize": "512", + "size": "223.57 GB", + "support_discard": "4096", + "vendor": "ATA", + "virtual": 1, + "wwn": "0x55cd2e4151f089c5" + }, + "sdb": { + "holders": [], + "host": "SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 51)", + "links": { + "ids": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01140478240AGN", + "wwn-0x55cd2e4151f4fc86" + ], + "labels": [], + "masters": [], + "uuids": [] + }, + "model": "INTEL SSDSC2KB24", + "partitions": { + "sdb1": { + "holders": [], + "links": { + "ids": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01140478240AGN-part1", + "wwn-0x55cd2e4151f4fc86-part1" + ], + "labels": [], + "masters": [ + "md0" + ], + "uuids": [] + }, + "sectors": "41943040", + "sectorsize": 512, + "size": "20.00 GB", + "start": "2048", + "uuid": null + }, + "sdb2": { + "holders": [], + "links": { + "ids": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01140478240AGN-part2", + "wwn-0x55cd2e4151f4fc86-part2" + ], + "labels": [], + "masters": [], + "uuids": [ + "265293ba-5068-4086-84a4-e8033c4d314d" + ] + }, + "sectors": "16777216", + "sectorsize": 512, + "size": "8.00 GB", + "start": "41945088", + "uuid": "265293ba-5068-4086-84a4-e8033c4d314d" + }, + "sdb3": { + "holders": [], + "links": { + "ids": [ + "ata-INTEL_SSDSC2KB240G8_BTYF01140478240AGN-part3", + "wwn-0x55cd2e4151f4fc86-part3" + ], + "labels": [], + "masters": [ + "md1" + ], + "uuids": [] + }, + "sectors": "410139824", + "sectorsize": 512, + "size": "195.57 GB", + "start": "58722304", + "uuid": null + } + }, + "removable": "1", + "rotational": "0", + "sas_address": null, + "sas_device_handle": null, + "scheduler_mode": "mq-deadline", + "sectors": "468862128", + "sectorsize": "512", + "size": "223.57 GB", + "support_discard": "4096", + "vendor": "ATA", + "virtual": 1, + "wwn": "0x55cd2e4151f4fc86" + }, + "sdc": { + "holders": [], + "host": "SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 51)", + "links": { + "ids": [ + "ata-HGST_HUS726T4TALE6L4_V1H42MRG", + "wwn-0x5000cca0bccff2e2" + ], + "labels": [], + "masters": [], + "uuids": [] + }, + "model": "HGST HUS726T4TAL", + "partitions": { + "sdc1": { + "holders": [], + "links": { + "ids": [ + "ata-HGST_HUS726T4TALE6L4_V1H42MRG-part1", + "wwn-0x5000cca0bccff2e2-part1" + ], + "labels": [], + "masters": [ + "md2" + ], + "uuids": [] + }, + "sectors": "7814033408", + "sectorsize": 512, + "size": "3.64 TB", + "start": "2048", + "uuid": null + } + }, + "removable": "1", + "rotational": "1", + "sas_address": null, + "sas_device_handle": null, + "scheduler_mode": "mq-deadline", + "sectors": "7814037168", + "sectorsize": "512", + "size": "3.64 TB", + "support_discard": "0", + "vendor": "ATA", + "virtual": 1, + "wwn": "0x5000cca0bccff2e2" + }, + "sdd": { + "holders": [], + "host": "SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 51)", + "links": { + "ids": [ + "ata-HGST_HUS726T4TALE6L4_V1H3Y46G", + "wwn-0x5000cca0bccfe1fd" + ], + "labels": [], + "masters": [], + "uuids": [] + }, + "model": "HGST HUS726T4TAL", + "partitions": { + "sdd1": { + "holders": [], + "links": { + "ids": [ + "ata-HGST_HUS726T4TALE6L4_V1H3Y46G-part1", + "wwn-0x5000cca0bccfe1fd-part1" + ], + "labels": [], + "masters": [ + "md2" + ], + "uuids": [] + }, + "sectors": "7814033408", + "sectorsize": 512, + "size": "3.64 TB", + "start": "2048", + "uuid": null + } + }, + "removable": "1", + "rotational": "1", + "sas_address": null, + "sas_device_handle": null, + "scheduler_mode": "mq-deadline", + "sectors": "7814037168", + "sectorsize": "512", + "size": "3.64 TB", + "support_discard": "0", + "vendor": "ATA", + "virtual": 1, + "wwn": "0x5000cca0bccfe1fd" + } + }, + "ansible_distribution": "Debian", + "ansible_distribution_file_parsed": true, + "ansible_distribution_file_path": "/etc/os-release", + "ansible_distribution_file_variety": "Debian", + "ansible_distribution_major_version": "10", + "ansible_distribution_release": "buster", + "ansible_distribution_version": "10", + "ansible_dns": { + "nameservers": [ + "192.168.82.1" + ], + "search": [ + "akb.netz" + ] + }, + "ansible_domain": "akb.netz", + "ansible_effective_group_id": 0, + "ansible_effective_user_id": 0, + "ansible_eno1": { + "active": true, + "device": "eno1", + "features": { + "esp_hw_offload": "off [fixed]", + "esp_tx_csum_hw_offload": "off [fixed]", + "fcoe_mtu": "off [fixed]", + "generic_receive_offload": "on", + "generic_segmentation_offload": "on", + "highdma": "on [fixed]", + "hw_tc_offload": "on", + "l2_fwd_offload": "off [fixed]", + "large_receive_offload": "off [fixed]", + "loopback": "off [fixed]", + "netns_local": "off [fixed]", + "ntuple_filters": "off", + "receive_hashing": "on", + "rx_all": "off", + "rx_checksumming": "on", + "rx_fcs": "off [fixed]", + "rx_gro_hw": "off [fixed]", + "rx_udp_tunnel_port_offload": "off [fixed]", + "rx_vlan_filter": "on [fixed]", + "rx_vlan_offload": "on", + "rx_vlan_stag_filter": "off [fixed]", + "rx_vlan_stag_hw_parse": "off [fixed]", + "scatter_gather": "on", + "tcp_segmentation_offload": "on", + "tls_hw_record": "off [fixed]", + "tls_hw_rx_offload": "off [fixed]", + "tls_hw_tx_offload": "off [fixed]", + "tx_checksum_fcoe_crc": "off [fixed]", + "tx_checksum_ip_generic": "on", + "tx_checksum_ipv4": "off [fixed]", + "tx_checksum_ipv6": "off [fixed]", + "tx_checksum_sctp": "on", + "tx_checksumming": "on", + "tx_esp_segmentation": "off [fixed]", + "tx_fcoe_segmentation": "off [fixed]", + "tx_gre_csum_segmentation": "on", + "tx_gre_segmentation": "on", + "tx_gso_partial": "on", + "tx_gso_robust": "off [fixed]", + "tx_ipxip4_segmentation": "on", + "tx_ipxip6_segmentation": "on", + "tx_lockless": "off [fixed]", + "tx_nocache_copy": "off", + "tx_scatter_gather": "on", + "tx_scatter_gather_fraglist": "off [fixed]", + "tx_sctp_segmentation": "off [fixed]", + "tx_tcp6_segmentation": "on", + "tx_tcp_ecn_segmentation": "off [fixed]", + "tx_tcp_mangleid_segmentation": "off", + "tx_tcp_segmentation": "on", + "tx_udp_segmentation": "off [fixed]", + "tx_udp_tnl_csum_segmentation": "on", + "tx_udp_tnl_segmentation": "on", + "tx_vlan_offload": "on", + "tx_vlan_stag_hw_insert": "off [fixed]", + "udp_fragmentation_offload": "off", + "vlan_challenged": "off [fixed]" + }, + "hw_timestamp_filters": [ + "none", + "all" + ], + "ipv4": { + "address": "192.168.82.10", + "broadcast": "192.168.82.255", + "netmask": "255.255.255.0", + "network": "192.168.82.0" + }, + "ipv6": [ + { + "address": "2003:a:134e:e6fd:ae1f:6bff:fee7:d222", + "prefix": "64", + "scope": "global" + }, + { + "address": "fe80::ae1f:6bff:fee7:d222", + "prefix": "64", + "scope": "link" + } + ], + "macaddress": "ac:1f:6b:e7:d2:22", + "module": "igb", + "mtu": 1500, + "pciid": "0000:04:00.0", + "phc_index": 0, + "promisc": false, + "speed": 100, + "timestamping": [ + "tx_hardware", + "tx_software", + "rx_hardware", + "rx_software", + "software", + "raw_hardware" + ], + "type": "ether" + }, + "ansible_eno2": { + "active": false, + "device": "eno2", + "features": { + "esp_hw_offload": "off [fixed]", + "esp_tx_csum_hw_offload": "off [fixed]", + "fcoe_mtu": "off [fixed]", + "generic_receive_offload": "on", + "generic_segmentation_offload": "on", + "highdma": "on [fixed]", + "hw_tc_offload": "on", + "l2_fwd_offload": "off [fixed]", + "large_receive_offload": "off [fixed]", + "loopback": "off [fixed]", + "netns_local": "off [fixed]", + "ntuple_filters": "off", + "receive_hashing": "on", + "rx_all": "off", + "rx_checksumming": "on", + "rx_fcs": "off [fixed]", + "rx_gro_hw": "off [fixed]", + "rx_udp_tunnel_port_offload": "off [fixed]", + "rx_vlan_filter": "on [fixed]", + "rx_vlan_offload": "on", + "rx_vlan_stag_filter": "off [fixed]", + "rx_vlan_stag_hw_parse": "off [fixed]", + "scatter_gather": "on", + "tcp_segmentation_offload": "on", + "tls_hw_record": "off [fixed]", + "tls_hw_rx_offload": "off [fixed]", + "tls_hw_tx_offload": "off [fixed]", + "tx_checksum_fcoe_crc": "off [fixed]", + "tx_checksum_ip_generic": "on", + "tx_checksum_ipv4": "off [fixed]", + "tx_checksum_ipv6": "off [fixed]", + "tx_checksum_sctp": "on", + "tx_checksumming": "on", + "tx_esp_segmentation": "off [fixed]", + "tx_fcoe_segmentation": "off [fixed]", + "tx_gre_csum_segmentation": "on", + "tx_gre_segmentation": "on", + "tx_gso_partial": "on", + "tx_gso_robust": "off [fixed]", + "tx_ipxip4_segmentation": "on", + "tx_ipxip6_segmentation": "on", + "tx_lockless": "off [fixed]", + "tx_nocache_copy": "off", + "tx_scatter_gather": "on", + "tx_scatter_gather_fraglist": "off [fixed]", + "tx_sctp_segmentation": "off [fixed]", + "tx_tcp6_segmentation": "on", + "tx_tcp_ecn_segmentation": "off [fixed]", + "tx_tcp_mangleid_segmentation": "off", + "tx_tcp_segmentation": "on", + "tx_udp_segmentation": "off [fixed]", + "tx_udp_tnl_csum_segmentation": "on", + "tx_udp_tnl_segmentation": "on", + "tx_vlan_offload": "on", + "tx_vlan_stag_hw_insert": "off [fixed]", + "udp_fragmentation_offload": "off", + "vlan_challenged": "off [fixed]" + }, + "hw_timestamp_filters": [ + "none", + "all" + ], + "macaddress": "ac:1f:6b:e7:d2:23", + "module": "igb", + "mtu": 1500, + "pciid": "0000:05:00.0", + "phc_index": 1, + "promisc": false, + "timestamping": [ + "tx_hardware", + "tx_software", + "rx_hardware", + "rx_software", + "software", + "raw_hardware" + ], + "type": "ether" + }, + "ansible_env": { + "EDITOR": "vim", + "HISTCONTROL": "ignoreboth", + "HOME": "/root", + "LANG": "de_DE.UTF-8", + "LC_MESSAGES": "de_DE.UTF-8", + "LINES": "64", + "LOGNAME": "root", + "LS_COLORS": "rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:", + "LS_OPTIONS": "--color=auto", + "MAIL": "/var/mail/root", + "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "PWD": "/root", + "SHELL": "/bin/bash", + "SHLVL": "1", + "SSH_AUTH_SOCK": "/tmp/ssh-4aBamW5cqX/agent.18491", + "SSH_CLIENT": "192.168.63.20 44574 22", + "SSH_CONNECTION": "192.168.63.20 44574 192.168.82.10 22", + "SSH_TTY": "/dev/pts/1", + "TERM": "xterm", + "USER": "root", + "_": "/usr/bin/python3" + }, + "ansible_fibre_channel_wwn": [], + "ansible_fips": false, + "ansible_form_factor": "Main Server Chassis", + "ansible_fqdn": "file-akb.akb.netz", + "ansible_hostname": "file-akb", + "ansible_hostnqn": "", + "ansible_interfaces": [ + "eno1", + "lo", + "eno2" + ], + "ansible_is_chroot": false, + "ansible_iscsi_iqn": "", + "ansible_kernel": "4.19.0-11-amd64", + "ansible_kernel_version": "#1 SMP Debian 4.19.146-1 (2020-09-17)", + "ansible_lo": { + "active": true, + "device": "lo", + "features": { + "esp_hw_offload": "off [fixed]", + "esp_tx_csum_hw_offload": "off [fixed]", + "fcoe_mtu": "off [fixed]", + "generic_receive_offload": "on", + "generic_segmentation_offload": "on", + "highdma": "on [fixed]", + "hw_tc_offload": "off [fixed]", + "l2_fwd_offload": "off [fixed]", + "large_receive_offload": "off [fixed]", + "loopback": "on [fixed]", + "netns_local": "on [fixed]", + "ntuple_filters": "off [fixed]", + "receive_hashing": "off [fixed]", + "rx_all": "off [fixed]", + "rx_checksumming": "on [fixed]", + "rx_fcs": "off [fixed]", + "rx_gro_hw": "off [fixed]", + "rx_udp_tunnel_port_offload": "off [fixed]", + "rx_vlan_filter": "off [fixed]", + "rx_vlan_offload": "off [fixed]", + "rx_vlan_stag_filter": "off [fixed]", + "rx_vlan_stag_hw_parse": "off [fixed]", + "scatter_gather": "on", + "tcp_segmentation_offload": "on", + "tls_hw_record": "off [fixed]", + "tls_hw_rx_offload": "off [fixed]", + "tls_hw_tx_offload": "off [fixed]", + "tx_checksum_fcoe_crc": "off [fixed]", + "tx_checksum_ip_generic": "on [fixed]", + "tx_checksum_ipv4": "off [fixed]", + "tx_checksum_ipv6": "off [fixed]", + "tx_checksum_sctp": "on [fixed]", + "tx_checksumming": "on", + "tx_esp_segmentation": "off [fixed]", + "tx_fcoe_segmentation": "off [fixed]", + "tx_gre_csum_segmentation": "off [fixed]", + "tx_gre_segmentation": "off [fixed]", + "tx_gso_partial": "off [fixed]", + "tx_gso_robust": "off [fixed]", + "tx_ipxip4_segmentation": "off [fixed]", + "tx_ipxip6_segmentation": "off [fixed]", + "tx_lockless": "on [fixed]", + "tx_nocache_copy": "off [fixed]", + "tx_scatter_gather": "on [fixed]", + "tx_scatter_gather_fraglist": "on [fixed]", + "tx_sctp_segmentation": "on", + "tx_tcp6_segmentation": "on", + "tx_tcp_ecn_segmentation": "on", + "tx_tcp_mangleid_segmentation": "on", + "tx_tcp_segmentation": "on", + "tx_udp_segmentation": "off [fixed]", + "tx_udp_tnl_csum_segmentation": "off [fixed]", + "tx_udp_tnl_segmentation": "off [fixed]", + "tx_vlan_offload": "off [fixed]", + "tx_vlan_stag_hw_insert": "off [fixed]", + "udp_fragmentation_offload": "off", + "vlan_challenged": "on [fixed]" + }, + "hw_timestamp_filters": [], + "ipv4": { + "address": "127.0.0.1", + "broadcast": "host", + "netmask": "255.0.0.0", + "network": "127.0.0.0" + }, + "ipv6": [ + { + "address": "::1", + "prefix": "128", + "scope": "host" + } + ], + "mtu": 65536, + "promisc": false, + "timestamping": [ + "tx_software", + "rx_software", + "software" + ], + "type": "loopback" + }, + "ansible_local": {}, + "ansible_lsb": { + "codename": "buster", + "description": "Debian GNU/Linux 10 (buster)", + "id": "Debian", + "major_release": "10", + "release": "10" + }, + "ansible_machine": "x86_64", + "ansible_machine_id": "8be0c18cadd94859aa78eaa4ee51fc04", + "ansible_memfree_mb": 324, + "ansible_memory_mb": { + "nocache": { + "free": 30914, + "used": 1129 + }, + "real": { + "free": 324, + "total": 32043, + "used": 31719 + }, + "swap": { + "cached": 0, + "free": 16260, + "total": 16383, + "used": 123 + } + }, + "ansible_memtotal_mb": 32043, + "ansible_mounts": [ + { + "block_available": 4269226, + "block_size": 4096, + "block_total": 5123476, + "block_used": 854250, + "device": "/dev/md0", + "fstype": "ext4", + "inode_available": 1237062, + "inode_total": 1310720, + "inode_used": 73658, + "mount": "/", + "options": "rw,relatime,errors=remount-ro", + "size_available": 17486749696, + "size_total": 20985757696, + "uuid": "b3b22f93-1d43-43fd-a123-f2d0eb7a7d5f" + }, + { + "block_available": 47586833, + "block_size": 4096, + "block_total": 50168018, + "block_used": 2581185, + "device": "/dev/md1", + "fstype": "ext4", + "inode_available": 12812277, + "inode_total": 12812288, + "inode_used": 11, + "mount": "/home", + "options": "rw,relatime", + "size_available": 194915667968, + "size_total": 205488201728, + "uuid": "15836f6f-5482-4600-beb5-4979cde5eabe" + }, + { + "block_available": 376287523, + "block_size": 4096, + "block_total": 961127422, + "block_used": 584839899, + "device": "/dev/md2", + "fstype": "ext4", + "inode_available": 243358598, + "inode_total": 244187136, + "inode_used": 828538, + "mount": "/data", + "options": "rw,relatime", + "size_available": 1541273694208, + "size_total": 3936777920512, + "uuid": "6c852f44-e191-4846-a8ff-feb285d5b959" + } + ], + "ansible_nodename": "file-akb", + "ansible_os_family": "Debian", + "ansible_pkg_mgr": "apt", + "ansible_proc_cmdline": { + "BOOT_IMAGE": "/boot/vmlinuz-4.19.0-11-amd64", + "quiet": true, + "ro": true, + "root": "UUID=b3b22f93-1d43-43fd-a123-f2d0eb7a7d5f" + }, + "ansible_processor": [ + "0", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "1", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "2", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "3", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "4", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "5", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "6", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "7", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "8", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "9", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "10", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "11", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "12", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "13", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "14", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "15", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "16", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "17", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "18", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "19", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "20", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "21", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "22", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "23", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "24", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "25", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "26", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "27", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "28", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "29", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "30", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor", + "31", + "AuthenticAMD", + "AMD EPYC 7281 16-Core Processor" + ], + "ansible_processor_cores": 16, + "ansible_processor_count": 1, + "ansible_processor_threads_per_core": 2, + "ansible_processor_vcpus": 32, + "ansible_product_name": "GN#15986", + "ansible_product_serial": "GN#15986", + "ansible_product_uuid": "00000000-0000-0000-0000-ac1f6be7d222", + "ansible_product_version": "GN#15986", + "ansible_python": { + "executable": "/usr/bin/python3", + "has_sslcontext": true, + "type": "cpython", + "version": { + "major": 3, + "micro": 3, + "minor": 7, + "releaselevel": "final", + "serial": 0 + }, + "version_info": [ + 3, + 7, + 3, + "final", + 0 + ] + }, + "ansible_python_version": "3.7.3", + "ansible_real_group_id": 0, + "ansible_real_user_id": 0, + "ansible_selinux": { + "status": "Missing selinux Python library" + }, + "ansible_selinux_python_present": false, + "ansible_service_mgr": "systemd", + "ansible_ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDtZTxcrIPG2N+VOa3TvQjGtcTHKN95MXyAnebZMCgTM0uv2ftpXXblIhdK2s79gU+V5yjfJG5xZAMYVEGFktaI=", + "ansible_ssh_host_key_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAINync1pzMRRuFE/EW4iL1e6jAd8xZC3elaJnN1dVAlfq", + "ansible_ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDeTylDNhg1QQW4A2uTQvKHssQ5h7quFsU/roVYjbDfDVCf4ISZyf0P8CqAVJiggGadKLPlyrckpgHUCVsnwcMXm7LfqkPcK534pU4tV/ssU3WMXp4qTujrTJNaSSQXQ06tYOQxXTsSHqkwd//c3pNbhZnntX63Sc6ycGK6vShjaplZ3PPBnfyMSMTtBGktvehCNs2q4Gpq0fW/aaLiIUafYQsSXA757uSohoIIm1JFLL0ArrPitKlUn0x/4v8kEWyzKNaynthyaGnedpP+7n0/UoSU0OaIlsZOrKD+p6IEaKsGM8FHcazOFBSd8zlcpxY85m8ztZZYv4k63lN7Q/Bf", + "ansible_swapfree_mb": 16260, + "ansible_swaptotal_mb": 16383, + "ansible_system": "Linux", + "ansible_system_capabilities": [ + "cap_chown", + "cap_dac_override", + "cap_dac_read_search", + "cap_fowner", + "cap_fsetid", + "cap_kill", + "cap_setgid", + "cap_setuid", + "cap_setpcap", + "cap_linux_immutable", + "cap_net_bind_service", + "cap_net_broadcast", + "cap_net_admin", + "cap_net_raw", + "cap_ipc_lock", + "cap_ipc_owner", + "cap_sys_module", + "cap_sys_rawio", + "cap_sys_chroot", + "cap_sys_ptrace", + "cap_sys_pacct", + "cap_sys_admin", + "cap_sys_boot", + "cap_sys_nice", + "cap_sys_resource", + "cap_sys_time", + "cap_sys_tty_config", + "cap_mknod", + "cap_lease", + "cap_audit_write", + "cap_audit_control", + "cap_setfcap", + "cap_mac_override", + "cap_mac_admin", + "cap_syslog", + "cap_wake_alarm", + "cap_block_suspend", + "cap_audit_read+ep" + ], + "ansible_system_capabilities_enforced": "True", + "ansible_system_vendor": "www.1he-server.com", + "ansible_uptime_seconds": 29546, + "ansible_user_dir": "/root", + "ansible_user_gecos": "root", + "ansible_user_gid": 0, + "ansible_user_id": "root", + "ansible_user_shell": "/bin/bash", + "ansible_user_uid": 0, + "ansible_userspace_architecture": "x86_64", + "ansible_userspace_bits": "64", + "ansible_virtualization_role": "host", + "ansible_virtualization_type": "kvm", + "gather_subset": [ + "all" + ], + "module_setup": true + }, + "changed": false +} diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 7b325e6..3b5405a 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -554,10 +554,18 @@ apt_initial_install_bionic: - ifupdown - socat -microcode_package: +microcode_intel_package: - intel-microcode + +microcode_amd_package: - amd64-microcode +firmware_packages: + - firmware-linux + +firmware_non_free_packages: + - firmware-linux-nonfree + apt_install_state: latest apt_remove: @@ -727,6 +735,198 @@ apt_install_client_samba: samba_server: file-akb.akb.netz +# ========== +# vars used by roles/common/tasks/pure-ftpd-install.yml +# ========== + +pureftpd_global_config_file: /etc/default/pure-ftpd-common + +pureftpd_config_dir: /etc/pure-ftpd +pureftpd_config_conf_dir: "{{ pureftpd_config_dir }}/conf" +pureftpd_config_auth_dir: "{{ pureftpd_config_dir }}/auth" +pureftpd_config_db_dir: "{{ pureftpd_config_dir }}/db" + +pureftpd_config_fortune_file: "{{ pureftpd_config_dir }}/pureftpd-fortune.txt" + +pureftpd_tls_certificate_pem: /etc/ssl/private/pure-ftpd.pem + +pureftpd_packages: + - pure-ftpd-common + - pure-ftpd + +# pure-ftpd-common.j2 +pureftpd_global_config_mode: standalone +pureftpd_global_config_virtualchroot: false +pureftpd_global_config_uploadscript: '' +pureftpd_global_config_uploaduid: '' +pureftpd_global_config_uploadgid: '' + +pureftpd_config: + AltLog: 'clf:/var/log/pure-ftpd/transfer.log' + AnonymousCantUpload: 'yes' + Bind: ',21' + CustomerProof: 'yes' + DisplayDotFiles: 'yes' + DontResolve: 'yes' + FSCharset: 'UTF-8' + ForcePassiveIP: '' + MaxDiskUsage: '80' + MinUID: '1000' + NoAnonymous: 'yes' + PAMAuthentication: 'no' + PassivePortRange: '50000 50400' + ProhibitDotFilesRead: 'no' + ProhibitDotFilesWrite: 'yes' + PureDB: '/etc/pure-ftpd/pureftpd.pdb' + SyslogFacility: 'ftp' + TLS: '1' + TLSCipherSuite: 'HIGH' + UnixAuthentication: 'no' + # + # Available properties + # + # Available properties + # AllowAnonymousFXP: 'no' + # AllowUserFXP: 'no' + # AltLog: 'clf:/var/log/pure-ftpd/transfer.log' + # AnonymousBandwidth: '8' + # AnonymousCanCreateDirs: 'no' + # AnonymousCantUpload: 'yes' + # AnonymousOnly: 'no' + # AnonymousRatio: '1 10' + # AntiWarez: 'yes' + # AutoRename: 'no' + # Bind: '127.0.0.1,21' + # BrokenClientsCompatibility: 'no' + # CallUploadScript: 'yes' + # ChrootEveryone: 'yes' + # ClientCharset: 'UTF-8' + # CreateHomeDir: 'yes' + # CustomerProof: 'yes' + # Daemonize: 'yes' + # DisplayDotFiles: 'yes' + # DontResolve: 'yes' + # ExtAuth: /var/run/ftpd.sock + # ForcePassiveIP: '192.168.0.1' + # FortunesFile: '/etc/pure-ftpd/cookie' + # FSCharset: 'utf8' + # IPV4Only: 'yes' + # IPV6Only: 'yes' + # KeepAllFiles: 'yes' + # LDAPConfigFile: /etc/pureftpd-ldap.conf + # LimitRecursion: '10000 8' + # LogPID: 'yes' + # MaxClientsNumber: '10' + # MaxClientsPerIP: "{{ ansible_processor_cores }}" + # MaxDiskUsage: '80' + # MaxIdleTime: '15' + # MaxLoad: '4' + # MinUID: '1000' + # MySQLConfigFile: /etc/pure-ftpd/mysql.conf + # NoAnonymous: 'yes' + # NoChmod: 'yes' + # NoRename: 'yes' + # NoTruncate: 'yes' + # PAMAuthentication: 'no' + # PassivePortRange: '30000 50000' + # PerUserLimits: '3 20' + # PGSQLConfigFile: /etc/pureftpd-pgsql.conf + # PIDFile: '/var/run/pure-ftpd.pid' + # ProhibitDotFilesRead: 'yes' + # ProhibitDotFilesWrite: 'yes' + # PureDB: /etc/pure-ftpd/pureftpd.pdb + # Quota: '1000 10' + # SyslogFacility: 'ftp' + # TLS: '0' + # TLSCipherSuite: 'ALL:!aNULL:!SSLv3' + # TrustedIP: '10.1.1.1' + # Umask: '113 002' + # UnixAuthentication: 'no' + # UserBandwidth: '8' + # UserRatio: '1 10' + # VerboseLog: 'no' + +pureftpd_auth_puredb: 50 +pureftpd_auth_mysql: 0 +pureftpd_auth_postgresql: 0 +pureftpd_auth_ldap: 0 +pureftpd_auth_unix: 65 +pureftpd_auth_pam: 70 + +# Default FTP user/group +pureftpd_virtual_users_group: nobody +pureftpd_virtual_users_user: nogroup +# pureftpd_virtual_users_gid: '65534' +# pureftpd_virtual_users_uid: '65534' + +pureftpd_virtual_users: + - name: maica_scan + password: maica_scan + homedir: /data/samba/Scans/Maica_scans + uid: maica + gid: users + - name: buero_scan + password: buero_scan + homedir: /data/samba/Scans/Buero_Scans + uid: buero + gid: users + - name: jibran_scan + password: jibran_scan + homedir: /data/samba/Scans/Jibran_scan_Scans + uid: jibran + gid: users + # Available properties + # - name: vuser1 + # password: p4ssW0rd + # homedir: /var/ftp/vuser1 + # uid: 2000 + # gid: 2000 + # quota_files: 2000 + # quota_size: 500 + # bandwidth_ul: 5 + # bandwidth_dl: 5 + # ratio_ul: 10 + # ratio_dl: 1 + +pureftpd_virtual_deleted_users: [] + # Available properties + # - name: vuser2 + +pureftpd_virtual_users_import: false + +# pureftpd_tls_certificate_method +# +# possible values: +# - generate +# - certbot - Not YET integrated +# - upload - Not YET integrated +# +pureftpd_tls_certificate_method: 'generate' + +# for method 'generate' +# +pureftpd_tls_certificate_openssl: + size: 4096 + days: 3650 + fqdn: file-akb.akb.netz + country: 'DE' + state: 'Brandenburg' + locality: 'Potsdam' + organization: 'O.OPEN' + unit: 'Network services' + # Available properties + # size: 4096 + # days: 365 + # fqdn: ftp.example.com + # country: '' + # state: '' + # locality: '' + # organization: '' + # unit: '' + + + + # ========== # vars used by roles/common/tasks/user.yml # ========== diff --git a/hosts b/hosts index 98add24..e3079cd 100644 --- a/hosts +++ b/hosts @@ -53,4 +53,8 @@ file-akb.akb.netz ansible_user=root file-akb.akb.netz ansible_user=root 192.168.82.20 ansible_user=root +[ftp_server] +file-akb.akb.netz ansible_user=root +192.168.82.20 ansible_user=root + [gateway_server] diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index f9391f6..be73450 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -59,3 +59,12 @@ name: cups-browsed daemon_reload: yes state: restarted + +- name: reload Pure-FTPd users + command: pure-pw mkdb + +- name: restart Pure-FTPd + service: + name: pure-ftpd + state: restarted + diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 466edd1..77fd1c4 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -96,12 +96,17 @@ tags: - apt-initial-install -- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch) +# --- +# Microcode +# --- + +- name: (apt.yml) Ensure we have CPU microcode from backports for Intel CPU (debian stretch) apt: - name: "{{ microcode_package }}" + name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}-backports" when: + - apt_backports_enable - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version'] == "9" - ansible_facts['processor']|string is search("Intel") @@ -109,9 +114,24 @@ - apt-initial-install - apt-microcode -- name: (apt.yml) Install CPU microcode (debian buster) +- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch) apt: - name: "{{ microcode_package }}" + name: "{{ microcode_amd_package }}" + state: present + default_release: "{{ ansible_distribution_release }}-backports" + when: + - apt_backports_enable + - apt_debian_contrib_nonfree_enable + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "9" + - ansible_facts['processor']|string is search("AMD") + tags: + - apt-initial-install + - apt-microcode + +- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster) + apt: + name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}" when: @@ -122,9 +142,23 @@ - apt-initial-install - apt-microcode -- name: (apt.yml) Install CPU microcode (ubuntu bionic) +- name: (apt.yml) Install CPU microcode for AMD CPU (debian buster) apt: - name: "{{ microcode_package }}" + name: "{{ microcode_amd_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - apt_debian_contrib_nonfree_enable + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "10" + - ansible_facts['processor']|string is search("AMD") + tags: + - apt-initial-install + - apt-microcode + +- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic) + apt: + name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}" when: @@ -135,9 +169,23 @@ - apt-initial-install - apt-microcode -- name: (apt.yml) Install CPU microcode (ubuntu xenial) +- name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic) apt: - name: "{{ microcode_package }}" + name: "{{ microcode_amd_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - apt_debian_contrib_nonfree_enable + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_release'] == "bionic" + - ansible_facts['processor']|string is search("AMD") + tags: + - apt-initial-install + - apt-microcode + +- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial) + apt: + name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}" when: @@ -148,6 +196,49 @@ - apt-initial-install - apt-microcode +- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial) + apt: + name: "{{ microcode_amd_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - apt_debian_contrib_nonfree_enable + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_release'] == "xenial" + - ansible_facts['processor']|string is search("AMD") + tags: + - apt-initial-install + - apt-microcode + +# --- +# Firmware +# --- + +- name: (apt.yml) Install Firmware packages + apt: + name: "{{ firmware_non_free_packages }}" + state: present + default_release: "{{ ansible_distribution_release }}" + tags: + - apt-initial-install + - apt-firmware + +- name: (apt.yml) Install non-free Firmware packages + apt: + name: "{{ firmware_non_free_packages }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - apt_debian_contrib_nonfree_enable + tags: + - apt-initial-install + - apt-firmware + + +# --- +# unwanted packages +# --- + - name: (apt.yml) Remove unwanted packages apt: name: "{{ apt_remove }}" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index cba68be..b9802b6 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -55,6 +55,14 @@ tags: - cups +# tags supported inside cups-install.yml: +# +- import_tasks: pure-ftpd-install.yml + when: + - groups['ftp_server']|string is search(inventory_hostname) + tags: + - pure-ftpd + # tags supported inside nfs.yml: # # nfs-server diff --git a/roles/common/tasks/pure-ftpd-install.yml b/roles/common/tasks/pure-ftpd-install.yml new file mode 100644 index 0000000..d21f410 --- /dev/null +++ b/roles/common/tasks/pure-ftpd-install.yml @@ -0,0 +1,220 @@ +--- + +# --- +# Install PureFTP Daemon +# --- + +- name: (pure-ftpd-install.yml) Ensure Pure-FTPd is installed. + apt: + name: "{{ pureftpd_packages }}" + state: present + cache_valid_time: 3600 + update_cache: yes + +- name: (pure-ftpd-install.yml) Upload Pure-FTPd global configuration file. + template: + src: etc/default/pure-ftpd-common.j2 + dest: "{{ pureftpd_global_config_file }}" + owner: root + group: root + mode: '0644' + notify: restart Pure-FTPd + + +# --- +# Configure PureFTP Daemon +# --- + +# Remove old current configurations if exists + +- name: (pure-ftpd-install.yml) Compile Pure-FTPd configurations (set fact..). + set_fact: + pureftpd_config_compiled: "{{ pureftpd_config }}" + +- name: (pure-ftpd-install.yml) Get current configuration. + command: ls -1 {{ pureftpd_config_conf_dir }} + register: pureftpd_current_config + changed_when: false + +- name: (pure-ftpd-install.yml) Delete old configuration. + file: + path: "{{ pureftpd_config_conf_dir }}/{{ item }}" + state: absent + when: pureftpd_config_compiled[item] is not defined + with_items: "{{ pureftpd_current_config.stdout_lines }}" + notify: restart Pure-FTPd + +# write new configuration + +- name: (pure-ftpd-install.yml) Write configuration. + template: + src: etc/pure-ftpd/conf/config.j2 + dest: "{{ pureftpd_config_conf_dir }}/{{ item.key }}" + owner: root + group: root + mode: '0644' + with_dict: '{{ pureftpd_config_compiled }}' + notify: restart Pure-FTPd + +# Authentication Configuration + +- name: (pure-ftpd-install.yml) Get current authentications. + command: ls -1 {{ pureftpd_config_auth_dir }} + register: pureftpd_current_auth + changed_when: false + +- name: (pure-ftpd-install.yml) Define empty pureftpd_authentications variable. + set_fact: + pureftpd_authentications: [] + +- name: (pure-ftpd-install.yml) Enable PureDB authentication. + file: + src: "{{ pureftpd_config_conf_dir }}/PureDB" + dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_puredb }}pure" + state: link + when: pureftpd_auth_puredb > 0 and pureftpd_config['PureDB'] is defined + notify: restart Pure-FTPd + +- name: (pure-ftpd-install.yml) Add PureDB to Pure-FTPd authentications. + set_fact: + pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_puredb }}pure']" + when: pureftpd_auth_puredb > 0 and pureftpd_config['PureDB'] is defined + +- name: (pure-ftpd-install.yml) Add PAM to Pure-FTPd authentications. + set_fact: + pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_pam }}pam']" + when: pureftpd_auth_pam > 0 and pureftpd_config['PAMAuthentication'] is defined + + +- name: (pure-ftpd-install.yml) Enable UNIX authentication. + file: + src: "{{ pureftpd_config_conf_dir }}/UnixAuthentication" + dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_unix }}unix" + state: link + when: pureftpd_auth_unix > 0 and pureftpd_config['UnixAuthentication'] is defined + notify: restart Pure-FTPd + +- name: (pure-ftpd-install.yml) Add UnixAuthentication to Pure-FTPd authentications. + set_fact: + pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_unix }}unix']" + when: pureftpd_auth_unix > 0 and pureftpd_config['UnixAuthentication'] is defined + + +- name: (pure-ftpd-install.yml) Enable PAM authentication. + file: + src: "{{ pureftpd_config_conf_dir }}/PAMAuthentication" + dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_pam }}pam" + state: link + when: pureftpd_auth_pam > 0 and pureftpd_config['PAMAuthentication'] is defined + notify: restart Pure-FTPd + +# --- +# Delete unused authentification if exists +# --- + +- name: (pure-ftpd-install.yml) Delete old authentications. + file: + path: "{{ pureftpd_config_auth_dir }}/{{ item }}" + state: absent + when: item not in pureftpd_authentications + with_items: "{{ pureftpd_current_auth.stdout_lines }}" + notify: restart Pure-FTPd + + +# --- +# Defaults +# --- + +- name: (pure-ftpd-install.yml) Ensure Pure-FTPd group exists. + group: + name: "{{ pureftpd_virtual_users_group }}" + gid: "{{ pureftpd_virtual_users_gid | default(omit) }}" + system: no + state: present + when: pureftpd_virtual_users | length > 0 + +- name: (pure-ftpd-install.yml) Ensure Pure-FTPd user exists. + user: + name: "{{ pureftpd_virtual_users_user }}" + uid: "{{ pureftpd_virtual_users_uid | default(omit) }}" + group: "{{ pureftpd_virtual_users_group }}" + home: /dev/null + shell: /usr/sbin/nologin + system: no + state: present + when: pureftpd_virtual_users | length > 0 + +- name: (pure-ftpd-install.yml) Verify virtual users database existence. + stat: + path: "{{ pureftpd_config_dir }}/pureftpd.passwd" + register: pureftpd_virtual_users_database + +- name: (pure-ftpd-install.yml) Ensure virtual users database exists. + file: + path: "{{ pureftpd_config_dir }}/pureftpd.passwd" + owner: root + group: root + mode: '0600' + state: touch + when: (pureftpd_virtual_users | length > 0) and not pureftpd_virtual_users_database.stat.exists | default(False) + + +# --- +# virtual users +# --- + +- include_tasks: pure-ftpd/create-virtual-ftp-user.yml + vars: + user: "{{ item }}" + with_items: "{{ pureftpd_virtual_users }}" + when: pureftpd_virtual_users | length > 0 + no_log: true + + +# --- +# TLS Certificate +# --- + +# - method 'generate' + +- name: Generate Pure-FTPd TLS certificate. + command: openssl req -x509 -nodes -newkey rsa:{{ pureftpd_tls_certificate_openssl.size | default(4096) }} -sha256 -days {{ pureftpd_tls_certificate_openssl.days | default(365) }} -keyout {{ pureftpd_tls_certificate_pem }} -out {{ pureftpd_tls_certificate_pem }} -subj "/C={{ pureftpd_tls_certificate_openssl.country | default('') }}/ST={{ pureftpd_tls_certificate_openssl.state | default('') }}/L={{ pureftpd_tls_certificate_openssl.locality | default('') }}/O={{ pureftpd_tls_certificate_openssl.organization | default('') }}/OU={{ pureftpd_tls_certificate_openssl.unit | default('') }}/CN={{ pureftpd_tls_certificate_openssl.fqdn }}" + args: + creates: "{{ pureftpd_tls_certificate_pem }}" + when: + - pureftpd_tls_certificate_method == 'generate' + - pureftpd_tls_certificate_openssl | length > 0 + notify: restart Pure-FTPd + +- name: Ensure Pure-FTPd TLS certificate permissions. + file: + path: "{{ pureftpd_tls_certificate_pem }}" + owner: root + group: root + mode: '0600' + state: file + when: + - pureftpd_tls_certificate_method == 'generate' + - pureftpd_tls_certificate_openssl | length > 0 + +# - final checks + +- name: (pure-ftpd-install.yml) Verify TLS certificate exists. + stat: + path: "{{ pureftpd_tls_certificate_pem }}" + register: pureftpd_tls_certificate + +- name: (pure-ftpd-install.yml) Fail when no certificate is found. + fail: + msg: | + The certificate file was not found at {{ pureftpd_tls_certificate_pem }} + when: not pureftpd_tls_certificate.stat.exists | default(False) + +# --- + +- name: (pure-ftpd-install.yml) Ensure Pure-FTPd service is started enabled on startup. + service: + name: pure-ftpd + state: started + enabled: yes + diff --git a/roles/common/tasks/pure-ftpd/create-virtual-ftp-user.yml b/roles/common/tasks/pure-ftpd/create-virtual-ftp-user.yml new file mode 100644 index 0000000..0654722 --- /dev/null +++ b/roles/common/tasks/pure-ftpd/create-virtual-ftp-user.yml @@ -0,0 +1,38 @@ +--- + +# --- +# virtual ftp users +# --- + +- name: "(create-virtual-ftp-user.yml) Verify if virtual ftp it user {{ user.name }} exists" + command: pure-pw show {{ user.name }} + register: pureftpd_virtual_user_exists + changed_when: "pureftpd_virtual_user_exists.rc != 0" + failed_when: + - "pureftpd_virtual_user_exists.rc != 0" + - "pureftpd_virtual_user_exists.rc != 16" + ignore_errors: true + loop_control: + label: '{{ user.name }}' + +#- name: "Debug Verify if virtual ftp it user {{ user.name }} exists" +# debug: +# msg: "{{ pureftpd_virtual_user_exists }}" + +- name: "(create-virtual-ftp-user.yml) Create virtual ftp user {{ user.name }} ." + shell: "(echo {{ user.password }}; echo {{ user.password }}) | pure-pw useradd {{ user.name }} -u {{ user.uid | default(pureftpd_virtual_users_user) }} -g {{ user.gid | default(pureftpd_virtual_users_group) }} -d {{ user.homedir }} -n {{ user.quota_files | default('\"\"') }} -N {{ user.quota_size | default('\"\"') }} -t {{ user.bandwidth_dl | default('\"\"') }} -T {{ user.bandwidth_ul | default('\"\"') }} -q {{ user.ratio_ul | default('\"\"') }} -Q {{ user.ratio_dl | default('\"\"') }}" + #when: pureftpd_virtual_user_exists.failed is defined and pureftpd_virtual_user_exists.failed + when: pureftpd_virtual_user_exists.changed + notify: reload Pure-FTPd users + +- name: "User {{ user.name }}: Update virtual user" + command: "pure-pw usermod {{ user.name }} -u {{ user.uid | default(pureftpd_virtual_users_user) }} -g {{ user.gid | default(pureftpd_virtual_users_group) }} -d {{ user.homedir }} -n {{ user.quota_files | default('\"\"') }} -N {{ user.quota_size | default('\"\"') }} -t {{ user.bandwidth_dl | default('\"\"') }} -T {{ user.bandwidth_ul | default('\"\"') }} -q {{ user.ratio_ul | default('\"\"') }} -Q {{ user.ratio_dl | default('\"\"') }}" + #when: pureftpd_virtual_user_exists.failed is defined and not pureftpd_virtual_user_exists.failed + when: not pureftpd_virtual_user_exists.changed + notify: reload Pure-FTPd users + +- name: "User {{ user.name }}: Update virtual user password" + shell: "(echo {{ user.password }}; echo {{ user.password }}) | pure-pw passwd {{ user.name }}" + when: not pureftpd_virtual_user_exists.changed + notify: reload Pure-FTPd users + diff --git a/roles/common/templates/etc/default/pure-ftpd-common.j2 b/roles/common/templates/etc/default/pure-ftpd-common.j2 new file mode 100644 index 0000000..68bb729 --- /dev/null +++ b/roles/common/templates/etc/default/pure-ftpd-common.j2 @@ -0,0 +1,27 @@ +# {{ ansible_managed }} +# Configuration for pure-ftpd +# (this file is sourced by /bin/sh, edit accordingly) + +# STANDALONE_OR_INETD +# valid values are "standalone" and "inetd". +# Any change here overrides the setting in debconf. +STANDALONE_OR_INETD={{ pureftpd_global_config_mode }} + +# VIRTUALCHROOT: +# whether to use binary with virtualchroot support +# valid values are "true" or "false" +# Any change here overrides the setting in debconf. +VIRTUALCHROOT={{ pureftpd_global_config_virtualchroot }} + +# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode, +# pure-uploadscript will also be run to spawn the program given below +# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or +# pure-uploadscript(8) + +# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl +UPLOADSCRIPT={{ pureftpd_global_config_uploadscript }} + +# if set, pure-uploadscript will spawn running as the +# given uid and gid +UPLOADUID={{ pureftpd_global_config_uploaduid }} +UPLOADGID={{ pureftpd_global_config_uploadgid }} diff --git a/roles/common/templates/etc/pure-ftpd/conf/config.j2 b/roles/common/templates/etc/pure-ftpd/conf/config.j2 new file mode 100644 index 0000000..88728db --- /dev/null +++ b/roles/common/templates/etc/pure-ftpd/conf/config.j2 @@ -0,0 +1,2 @@ +# {{ ansible_managed }} +{{ item.value }} diff --git a/tatus b/tatus new file mode 100644 index 0000000..4dd4404 --- /dev/null +++ b/tatus @@ -0,0 +1,394 @@ +diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml +index 7b325e6..603929a 100644 +--- a/group_vars/all/main.yml ++++ b/group_vars/all/main.yml +@@ -554,10 +554,18 @@ apt_initial_install_bionic: + - ifupdown + - socat +  +-microcode_package:  ++microcode_intel_package:  + - intel-microcode ++ ++microcode_amd_package:  + - amd64-microcode +  ++firmware_packages: ++ - firmware-linux ++ ++firmware_non_free_packages: ++ - firmware-linux-nonfree ++ + apt_install_state: latest +  + apt_remove: +@@ -727,6 +735,167 @@ apt_install_client_samba: + samba_server: file-akb.akb.netz +  +  ++# ========== ++# vars used by roles/common/tasks/pure-ftpd-install.yml ++# ========== ++ ++pureftpd_global_config_file: /etc/default/pure-ftpd-common ++ ++pureftpd_config_dir: /etc/pure-ftpd ++pureftpd_config_conf_dir: "{{ pureftpd_config_dir }}/conf" ++pureftpd_config_auth_dir: "{{ pureftpd_config_dir }}/auth" ++pureftpd_config_db_dir: "{{ pureftpd_config_dir }}/db" ++ ++pureftpd_config_fortune_file: "{{ pureftpd_config_dir }}/pureftpd-fortune.txt" ++ ++pureftpd_tls_certificate_pem: /etc/ssl/private/pure-ftpd.pem ++ ++pureftpd_packages: ++ - pure-ftpd-common ++ - pure-ftpd ++ ++# pure-ftpd-common.j2 ++pureftpd_global_config_mode: standalone ++pureftpd_global_config_virtualchroot: false ++pureftpd_global_config_uploadscript: ''  ++pureftpd_global_config_uploaduid: '' ++pureftpd_global_config_uploadgid: '' ++ ++pureftpd_config: ++ AltLog: 'clf:/var/log/pure-ftpd/transfer.log' ++ AnonymousCantUpload: 'yes' ++ Bind: ',21' ++ CustomerProof: 'yes' ++ DisplayDotFiles: 'yes' ++ DontResolve: 'yes' ++ FSCharset: 'UTF-8' ++ ForcePassiveIP: '' ++ MaxDiskUsage: '80' ++ MinUID: '1000' ++ NoAnonymous: 'yes' ++ PAMAuthentication: 'no' ++ PassivePortRange: '50000 50400' ++ ProhibitDotFilesRead: 'no' ++ ProhibitDotFilesWrite: 'yes' ++ PureDB: '/etc/pure-ftpd/pureftpd.pdb' ++ SyslogFacility: 'ftp' ++ TLS: '1' ++ TLSCipherSuite: 'HIGH' ++ UnixAuthentication: 'no' ++ #  ++ # Available properties ++ # ++ # Available properties ++ # AllowAnonymousFXP: 'no' ++ # AllowUserFXP: 'no' ++ # AltLog: 'clf:/var/log/pure-ftpd/transfer.log' ++ # AnonymousBandwidth: '8' ++ # AnonymousCanCreateDirs: 'no' ++ # AnonymousCantUpload: 'yes' ++ # AnonymousOnly: 'no' ++ # AnonymousRatio: '1 10' ++ # AntiWarez: 'yes' ++ # AutoRename: 'no' ++ # Bind: '127.0.0.1,21' ++ # BrokenClientsCompatibility: 'no' ++ # CallUploadScript: 'yes' ++ # ChrootEveryone: 'yes' ++ # ClientCharset: 'UTF-8' ++ # CreateHomeDir: 'yes' ++ # CustomerProof: 'yes' ++ # Daemonize: 'yes' ++ # DisplayDotFiles: 'yes' ++ # DontResolve: 'yes' ++ # ExtAuth: /var/run/ftpd.sock ++ # ForcePassiveIP: '192.168.0.1' ++ # FortunesFile: '/etc/pure-ftpd/cookie' ++ # FSCharset: 'utf8' ++ # IPV4Only: 'yes' ++ # IPV6Only: 'yes' ++ # KeepAllFiles: 'yes' ++ # LDAPConfigFile: /etc/pureftpd-ldap.conf ++ # LimitRecursion: '10000 8' ++ # LogPID: 'yes' ++ # MaxClientsNumber: '10' ++ # MaxClientsPerIP: "{{ ansible_processor_cores }}" ++ # MaxDiskUsage: '80' ++ # MaxIdleTime: '15' ++ # MaxLoad: '4' ++ # MinUID: '1000' ++ # MySQLConfigFile: /etc/pure-ftpd/mysql.conf ++ # NoAnonymous: 'yes' ++ # NoChmod: 'yes' ++ # NoRename: 'yes' ++ # NoTruncate: 'yes' ++ # PAMAuthentication: 'no' ++ # PassivePortRange: '30000 50000' ++ # PerUserLimits: '3 20' ++ # PGSQLConfigFile: /etc/pureftpd-pgsql.conf ++ # PIDFile: '/var/run/pure-ftpd.pid' ++ # ProhibitDotFilesRead: 'yes' ++ # ProhibitDotFilesWrite: 'yes' ++ # PureDB: /etc/pure-ftpd/pureftpd.pdb ++ # Quota: '1000 10' ++ # SyslogFacility: 'ftp' ++ # TLS: '0' ++ # TLSCipherSuite: 'ALL:!aNULL:!SSLv3' ++ # TrustedIP: '10.1.1.1' ++ # Umask: '113 002' ++ # UnixAuthentication: 'no' ++ # UserBandwidth: '8' ++ # UserRatio: '1 10' ++ # VerboseLog: 'no' ++ ++pureftpd_auth_puredb: 50 ++pureftpd_auth_mysql: 0 ++pureftpd_auth_postgresql: 0 ++pureftpd_auth_ldap: 0 ++pureftpd_auth_unix: 65 ++pureftpd_auth_pam: 70 ++ ++# Default FTP user/group ++pureftpd_virtual_users_group: nobody ++pureftpd_virtual_users_user: nogroup ++# pureftpd_virtual_users_gid: '65534' ++# pureftpd_virtual_users_uid: '65534' ++ ++pureftpd_virtual_users: ++ - name: maica_scan ++ password: maica_scan ++ homedir: /data/samba/Scans/Maica_scans ++ uid: maica ++ gid: users ++ - name: buero_scan ++ password: buero_scan ++ homedir: /data/samba/Scans/Buero_Scans ++ uid: buero ++ gid: users ++ - name: jibran_scan ++ password: jibran_scan ++ homedir: /data/samba/Scans/Jibran_scan_Scans ++ uid: jibran ++ gid: users ++ # Available properties ++ # - name: vuser1 ++ # password: p4ssW0rd ++ # homedir: /var/ftp/vuser1 ++ # uid: 2000 ++ # gid: 2000 ++ # quota_files: 2000 ++ # quota_size: 500 ++ # bandwidth_ul: 5 ++ # bandwidth_dl: 5 ++ # ratio_ul: 10 ++ # ratio_dl: 1 ++ ++pureftpd_virtual_deleted_users: [] ++ # Available properties ++ # - name: vuser2 ++ ++pureftpd_virtual_users_import: false ++ ++ ++ + # ========== + # vars used by roles/common/tasks/user.yml + # ========== +diff --git a/hosts b/hosts +index 98add24..e3079cd 100644 +--- a/hosts ++++ b/hosts +@@ -53,4 +53,8 @@ file-akb.akb.netz ansible_user=root + file-akb.akb.netz ansible_user=root + 192.168.82.20 ansible_user=root +  ++[ftp_server] ++file-akb.akb.netz ansible_user=root ++192.168.82.20 ansible_user=root ++ + [gateway_server] +diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml +index f9391f6..be73450 100644 +--- a/roles/common/handlers/main.yml ++++ b/roles/common/handlers/main.yml +@@ -59,3 +59,12 @@ + name: cups-browsed + daemon_reload: yes + state: restarted ++ ++- name: reload Pure-FTPd users ++ command: pure-pw mkdb ++ ++- name: restart Pure-FTPd ++ service: ++ name: pure-ftpd ++ state: restarted ++ +diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml +index 466edd1..77fd1c4 100644 +--- a/roles/common/tasks/apt.yml ++++ b/roles/common/tasks/apt.yml +@@ -96,12 +96,17 @@ + tags: + - apt-initial-install +  +-- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch) ++# --- ++# Microcode ++# --- ++ ++- name: (apt.yml) Ensure we have CPU microcode from backports for Intel CPU (debian stretch) + apt: +- name: "{{ microcode_package }}" ++ name: "{{ microcode_intel_package }}" + state: present + default_release: "{{ ansible_distribution_release }}-backports" + when: ++ - apt_backports_enable + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "9" + - ansible_facts['processor']|string is search("Intel") +@@ -109,9 +114,24 @@ + - apt-initial-install + - apt-microcode +  +-- name: (apt.yml) Install CPU microcode (debian buster) ++- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch) ++ apt: ++ name: "{{ microcode_amd_package }}" ++ state: present ++ default_release: "{{ ansible_distribution_release }}-backports" ++ when: ++ - apt_backports_enable ++ - apt_debian_contrib_nonfree_enable ++ - ansible_facts['distribution'] == "Debian" ++ - ansible_facts['distribution_major_version'] == "9" ++ - ansible_facts['processor']|string is search("AMD") ++ tags: ++ - apt-initial-install ++ - apt-microcode ++ ++- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster) + apt: +- name: "{{ microcode_package }}" ++ name: "{{ microcode_intel_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: +@@ -122,9 +142,23 @@ + - apt-initial-install + - apt-microcode +  +-- name: (apt.yml) Install CPU microcode (ubuntu bionic) ++- name: (apt.yml) Install CPU microcode for AMD CPU (debian buster) + apt: +- name: "{{ microcode_package }}" ++ name: "{{ microcode_amd_package }}" ++ state: present ++ default_release: "{{ ansible_distribution_release }}" ++ when: ++ - apt_debian_contrib_nonfree_enable ++ - ansible_facts['distribution'] == "Debian" ++ - ansible_facts['distribution_major_version'] == "10" ++ - ansible_facts['processor']|string is search("AMD") ++ tags: ++ - apt-initial-install ++ - apt-microcode ++ ++- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic) ++ apt: ++ name: "{{ microcode_intel_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: +@@ -135,9 +169,23 @@ + - apt-initial-install + - apt-microcode +  +-- name: (apt.yml) Install CPU microcode (ubuntu xenial) ++- name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic) + apt: +- name: "{{ microcode_package }}" ++ name: "{{ microcode_amd_package }}" ++ state: present ++ default_release: "{{ ansible_distribution_release }}" ++ when: ++ - apt_debian_contrib_nonfree_enable ++ - ansible_facts['distribution'] == "Ubuntu" ++ - ansible_facts['distribution_release'] == "bionic" ++ - ansible_facts['processor']|string is search("AMD") ++ tags: ++ - apt-initial-install ++ - apt-microcode ++ ++- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial) ++ apt: ++ name: "{{ microcode_intel_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: +@@ -148,6 +196,49 @@ + - apt-initial-install + - apt-microcode +  ++- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial) ++ apt: ++ name: "{{ microcode_amd_package }}" ++ state: present ++ default_release: "{{ ansible_distribution_release }}" ++ when: ++ - apt_debian_contrib_nonfree_enable ++ - ansible_facts['distribution'] == "Ubuntu" ++ - ansible_facts['distribution_release'] == "xenial" ++ - ansible_facts['processor']|string is search("AMD") ++ tags: ++ - apt-initial-install ++ - apt-microcode ++ ++# --- ++# Firmware ++# --- ++ ++- name: (apt.yml) Install Firmware packages ++ apt: ++ name: "{{ firmware_non_free_packages }}" ++ state: present ++ default_release: "{{ ansible_distribution_release }}" ++ tags: ++ - apt-initial-install ++ - apt-firmware ++ ++- name: (apt.yml) Install non-free Firmware packages ++ apt: ++ name: "{{ firmware_non_free_packages }}" ++ state: present ++ default_release: "{{ ansible_distribution_release }}" ++ when: ++ - apt_debian_contrib_nonfree_enable ++ tags: ++ - apt-initial-install ++ - apt-firmware ++ ++ ++# --- ++# unwanted packages ++# --- ++ + - name: (apt.yml) Remove unwanted packages + apt: + name: "{{ apt_remove }}" +diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml +index cba68be..b9802b6 100644 +--- a/roles/common/tasks/main.yml ++++ b/roles/common/tasks/main.yml +@@ -55,6 +55,14 @@ + tags: + - cups +  ++# tags supported inside cups-install.yml: ++# ++- import_tasks: pure-ftpd-install.yml ++ when:  ++ - groups['ftp_server']|string is search(inventory_hostname) ++ tags: ++ - pure-ftpd ++ + # tags supported inside nfs.yml: + # + # nfs-server