diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 7b325e6..603929a 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -554,10 +554,18 @@ apt_initial_install_bionic: - ifupdown - socat  -microcode_package:  +microcode_intel_package:  - intel-microcode + +microcode_amd_package:  - amd64-microcode  +firmware_packages: + - firmware-linux + +firmware_non_free_packages: + - firmware-linux-nonfree + apt_install_state: latest  apt_remove: @@ -727,6 +735,167 @@ apt_install_client_samba: samba_server: file-akb.akb.netz   +# ========== +# vars used by roles/common/tasks/pure-ftpd-install.yml +# ========== + +pureftpd_global_config_file: /etc/default/pure-ftpd-common + +pureftpd_config_dir: /etc/pure-ftpd +pureftpd_config_conf_dir: "{{ pureftpd_config_dir }}/conf" +pureftpd_config_auth_dir: "{{ pureftpd_config_dir }}/auth" +pureftpd_config_db_dir: "{{ pureftpd_config_dir }}/db" + +pureftpd_config_fortune_file: "{{ pureftpd_config_dir }}/pureftpd-fortune.txt" + +pureftpd_tls_certificate_pem: /etc/ssl/private/pure-ftpd.pem + +pureftpd_packages: + - pure-ftpd-common + - pure-ftpd + +# pure-ftpd-common.j2 +pureftpd_global_config_mode: standalone +pureftpd_global_config_virtualchroot: false +pureftpd_global_config_uploadscript: ''  +pureftpd_global_config_uploaduid: '' +pureftpd_global_config_uploadgid: '' + +pureftpd_config: + AltLog: 'clf:/var/log/pure-ftpd/transfer.log' + AnonymousCantUpload: 'yes' + Bind: ',21' + CustomerProof: 'yes' + DisplayDotFiles: 'yes' + DontResolve: 'yes' + FSCharset: 'UTF-8' + ForcePassiveIP: '' + MaxDiskUsage: '80' + MinUID: '1000' + NoAnonymous: 'yes' + PAMAuthentication: 'no' + PassivePortRange: '50000 50400' + ProhibitDotFilesRead: 'no' + ProhibitDotFilesWrite: 'yes' + PureDB: '/etc/pure-ftpd/pureftpd.pdb' + SyslogFacility: 'ftp' + TLS: '1' + TLSCipherSuite: 'HIGH' + UnixAuthentication: 'no' + #  + # Available properties + # + # Available properties + # AllowAnonymousFXP: 'no' + # AllowUserFXP: 'no' + # AltLog: 'clf:/var/log/pure-ftpd/transfer.log' + # AnonymousBandwidth: '8' + # AnonymousCanCreateDirs: 'no' + # AnonymousCantUpload: 'yes' + # AnonymousOnly: 'no' + # AnonymousRatio: '1 10' + # AntiWarez: 'yes' + # AutoRename: 'no' + # Bind: '127.0.0.1,21' + # BrokenClientsCompatibility: 'no' + # CallUploadScript: 'yes' + # ChrootEveryone: 'yes' + # ClientCharset: 'UTF-8' + # CreateHomeDir: 'yes' + # CustomerProof: 'yes' + # Daemonize: 'yes' + # DisplayDotFiles: 'yes' + # DontResolve: 'yes' + # ExtAuth: /var/run/ftpd.sock + # ForcePassiveIP: '192.168.0.1' + # FortunesFile: '/etc/pure-ftpd/cookie' + # FSCharset: 'utf8' + # IPV4Only: 'yes' + # IPV6Only: 'yes' + # KeepAllFiles: 'yes' + # LDAPConfigFile: /etc/pureftpd-ldap.conf + # LimitRecursion: '10000 8' + # LogPID: 'yes' + # MaxClientsNumber: '10' + # MaxClientsPerIP: "{{ ansible_processor_cores }}" + # MaxDiskUsage: '80' + # MaxIdleTime: '15' + # MaxLoad: '4' + # MinUID: '1000' + # MySQLConfigFile: /etc/pure-ftpd/mysql.conf + # NoAnonymous: 'yes' + # NoChmod: 'yes' + # NoRename: 'yes' + # NoTruncate: 'yes' + # PAMAuthentication: 'no' + # PassivePortRange: '30000 50000' + # PerUserLimits: '3 20' + # PGSQLConfigFile: /etc/pureftpd-pgsql.conf + # PIDFile: '/var/run/pure-ftpd.pid' + # ProhibitDotFilesRead: 'yes' + # ProhibitDotFilesWrite: 'yes' + # PureDB: /etc/pure-ftpd/pureftpd.pdb + # Quota: '1000 10' + # SyslogFacility: 'ftp' + # TLS: '0' + # TLSCipherSuite: 'ALL:!aNULL:!SSLv3' + # TrustedIP: '10.1.1.1' + # Umask: '113 002' + # UnixAuthentication: 'no' + # UserBandwidth: '8' + # UserRatio: '1 10' + # VerboseLog: 'no' + +pureftpd_auth_puredb: 50 +pureftpd_auth_mysql: 0 +pureftpd_auth_postgresql: 0 +pureftpd_auth_ldap: 0 +pureftpd_auth_unix: 65 +pureftpd_auth_pam: 70 + +# Default FTP user/group +pureftpd_virtual_users_group: nobody +pureftpd_virtual_users_user: nogroup +# pureftpd_virtual_users_gid: '65534' +# pureftpd_virtual_users_uid: '65534' + +pureftpd_virtual_users: + - name: maica_scan + password: maica_scan + homedir: /data/samba/Scans/Maica_scans + uid: maica + gid: users + - name: buero_scan + password: buero_scan + homedir: /data/samba/Scans/Buero_Scans + uid: buero + gid: users + - name: jibran_scan + password: jibran_scan + homedir: /data/samba/Scans/Jibran_scan_Scans + uid: jibran + gid: users + # Available properties + # - name: vuser1 + # password: p4ssW0rd + # homedir: /var/ftp/vuser1 + # uid: 2000 + # gid: 2000 + # quota_files: 2000 + # quota_size: 500 + # bandwidth_ul: 5 + # bandwidth_dl: 5 + # ratio_ul: 10 + # ratio_dl: 1 + +pureftpd_virtual_deleted_users: [] + # Available properties + # - name: vuser2 + +pureftpd_virtual_users_import: false + + + # ========== # vars used by roles/common/tasks/user.yml # ========== diff --git a/hosts b/hosts index 98add24..e3079cd 100644 --- a/hosts +++ b/hosts @@ -53,4 +53,8 @@ file-akb.akb.netz ansible_user=root file-akb.akb.netz ansible_user=root 192.168.82.20 ansible_user=root  +[ftp_server] +file-akb.akb.netz ansible_user=root +192.168.82.20 ansible_user=root + [gateway_server] diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index f9391f6..be73450 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -59,3 +59,12 @@ name: cups-browsed daemon_reload: yes state: restarted + +- name: reload Pure-FTPd users + command: pure-pw mkdb + +- name: restart Pure-FTPd + service: + name: pure-ftpd + state: restarted + diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 466edd1..77fd1c4 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -96,12 +96,17 @@ tags: - apt-initial-install  -- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch) +# --- +# Microcode +# --- + +- name: (apt.yml) Ensure we have CPU microcode from backports for Intel CPU (debian stretch) apt: - name: "{{ microcode_package }}" + name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}-backports" when: + - apt_backports_enable - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version'] == "9" - ansible_facts['processor']|string is search("Intel") @@ -109,9 +114,24 @@ - apt-initial-install - apt-microcode  -- name: (apt.yml) Install CPU microcode (debian buster) +- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch) + apt: + name: "{{ microcode_amd_package }}" + state: present + default_release: "{{ ansible_distribution_release }}-backports" + when: + - apt_backports_enable + - apt_debian_contrib_nonfree_enable + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "9" + - ansible_facts['processor']|string is search("AMD") + tags: + - apt-initial-install + - apt-microcode + +- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster) apt: - name: "{{ microcode_package }}" + name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}" when: @@ -122,9 +142,23 @@ - apt-initial-install - apt-microcode  -- name: (apt.yml) Install CPU microcode (ubuntu bionic) +- name: (apt.yml) Install CPU microcode for AMD CPU (debian buster) apt: - name: "{{ microcode_package }}" + name: "{{ microcode_amd_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - apt_debian_contrib_nonfree_enable + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "10" + - ansible_facts['processor']|string is search("AMD") + tags: + - apt-initial-install + - apt-microcode + +- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic) + apt: + name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}" when: @@ -135,9 +169,23 @@ - apt-initial-install - apt-microcode  -- name: (apt.yml) Install CPU microcode (ubuntu xenial) +- name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic) apt: - name: "{{ microcode_package }}" + name: "{{ microcode_amd_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - apt_debian_contrib_nonfree_enable + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_release'] == "bionic" + - ansible_facts['processor']|string is search("AMD") + tags: + - apt-initial-install + - apt-microcode + +- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial) + apt: + name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}" when: @@ -148,6 +196,49 @@ - apt-initial-install - apt-microcode  +- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial) + apt: + name: "{{ microcode_amd_package }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - apt_debian_contrib_nonfree_enable + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_release'] == "xenial" + - ansible_facts['processor']|string is search("AMD") + tags: + - apt-initial-install + - apt-microcode + +# --- +# Firmware +# --- + +- name: (apt.yml) Install Firmware packages + apt: + name: "{{ firmware_non_free_packages }}" + state: present + default_release: "{{ ansible_distribution_release }}" + tags: + - apt-initial-install + - apt-firmware + +- name: (apt.yml) Install non-free Firmware packages + apt: + name: "{{ firmware_non_free_packages }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - apt_debian_contrib_nonfree_enable + tags: + - apt-initial-install + - apt-firmware + + +# --- +# unwanted packages +# --- + - name: (apt.yml) Remove unwanted packages apt: name: "{{ apt_remove }}" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index cba68be..b9802b6 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -55,6 +55,14 @@ tags: - cups  +# tags supported inside cups-install.yml: +# +- import_tasks: pure-ftpd-install.yml + when:  + - groups['ftp_server']|string is search(inventory_hostname) + tags: + - pure-ftpd + # tags supported inside nfs.yml: # # nfs-server