ansible/akb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5aaee7646b
akb/tatus
Christoph a594df471f update..
2020-09-27 23:23:21 +02:00

395 lines
15 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 7b325e6..603929a 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -554,10 +554,18 @@ apt_initial_install_bionic:
- ifupdown
- socat

-microcode_package: 
+microcode_intel_package: 
- intel-microcode
+
+microcode_amd_package: 
- amd64-microcode

+firmware_packages:
+ - firmware-linux
+
+firmware_non_free_packages:
+ - firmware-linux-nonfree
+
apt_install_state: latest

apt_remove:
@@ -727,6 +735,167 @@ apt_install_client_samba:
samba_server: file-akb.akb.netz


+# ==========
+# vars used by roles/common/tasks/pure-ftpd-install.yml
+# ==========
+
+pureftpd_global_config_file: /etc/default/pure-ftpd-common
+
+pureftpd_config_dir: /etc/pure-ftpd
+pureftpd_config_conf_dir: "{{ pureftpd_config_dir }}/conf"
+pureftpd_config_auth_dir: "{{ pureftpd_config_dir }}/auth"
+pureftpd_config_db_dir: "{{ pureftpd_config_dir }}/db"
+
+pureftpd_config_fortune_file: "{{ pureftpd_config_dir }}/pureftpd-fortune.txt"
+
+pureftpd_tls_certificate_pem: /etc/ssl/private/pure-ftpd.pem
+
+pureftpd_packages:
+ - pure-ftpd-common
+ - pure-ftpd
+
+# pure-ftpd-common.j2
+pureftpd_global_config_mode: standalone
+pureftpd_global_config_virtualchroot: false
+pureftpd_global_config_uploadscript: '' 
+pureftpd_global_config_uploaduid: ''
+pureftpd_global_config_uploadgid: ''
+
+pureftpd_config:
+ AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
+ AnonymousCantUpload: 'yes'
+ Bind: ',21'
+ CustomerProof: 'yes'
+ DisplayDotFiles: 'yes'
+ DontResolve: 'yes'
+ FSCharset: 'UTF-8'
+ ForcePassiveIP: ''
+ MaxDiskUsage: '80'
+ MinUID: '1000'
+ NoAnonymous: 'yes'
+ PAMAuthentication: 'no'
+ PassivePortRange: '50000 50400'
+ ProhibitDotFilesRead: 'no'
+ ProhibitDotFilesWrite: 'yes'
+ PureDB: '/etc/pure-ftpd/pureftpd.pdb'
+ SyslogFacility: 'ftp'
+ TLS: '1'
+ TLSCipherSuite: 'HIGH'
+ UnixAuthentication: 'no'
+ # 
+ # Available properties
+ #
+ # Available properties
+ # AllowAnonymousFXP: 'no'
+ # AllowUserFXP: 'no'
+ # AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
+ # AnonymousBandwidth: '8'
+ # AnonymousCanCreateDirs: 'no'
+ # AnonymousCantUpload: 'yes'
+ # AnonymousOnly: 'no'
+ # AnonymousRatio: '1 10'
+ # AntiWarez: 'yes'
+ # AutoRename: 'no'
+ # Bind: '127.0.0.1,21'
+ # BrokenClientsCompatibility: 'no'
+ # CallUploadScript: 'yes'
+ # ChrootEveryone: 'yes'
+ # ClientCharset: 'UTF-8'
+ # CreateHomeDir: 'yes'
+ # CustomerProof: 'yes'
+ # Daemonize: 'yes'
+ # DisplayDotFiles: 'yes'
+ # DontResolve: 'yes'
+ # ExtAuth: /var/run/ftpd.sock
+ # ForcePassiveIP: '192.168.0.1'
+ # FortunesFile: '/etc/pure-ftpd/cookie'
+ # FSCharset: 'utf8'
+ # IPV4Only: 'yes'
+ # IPV6Only: 'yes'
+ # KeepAllFiles: 'yes'
+ # LDAPConfigFile: /etc/pureftpd-ldap.conf
+ # LimitRecursion: '10000 8'
+ # LogPID: 'yes'
+ # MaxClientsNumber: '10'
+ # MaxClientsPerIP: "{{ ansible_processor_cores }}"
+ # MaxDiskUsage: '80'
+ # MaxIdleTime: '15'
+ # MaxLoad: '4'
+ # MinUID: '1000'
+ # MySQLConfigFile: /etc/pure-ftpd/mysql.conf
+ # NoAnonymous: 'yes'
+ # NoChmod: 'yes'
+ # NoRename: 'yes'
+ # NoTruncate: 'yes'
+ # PAMAuthentication: 'no'
+ # PassivePortRange: '30000 50000'
+ # PerUserLimits: '3 20'
+ # PGSQLConfigFile: /etc/pureftpd-pgsql.conf
+ # PIDFile: '/var/run/pure-ftpd.pid'
+ # ProhibitDotFilesRead: 'yes'
+ # ProhibitDotFilesWrite: 'yes'
+ # PureDB: /etc/pure-ftpd/pureftpd.pdb
+ # Quota: '1000 10'
+ # SyslogFacility: 'ftp'
+ # TLS: '0'
+ # TLSCipherSuite: 'ALL:!aNULL:!SSLv3'
+ # TrustedIP: '10.1.1.1'
+ # Umask: '113 002'
+ # UnixAuthentication: 'no'
+ # UserBandwidth: '8'
+ # UserRatio: '1 10'
+ # VerboseLog: 'no'
+
+pureftpd_auth_puredb: 50
+pureftpd_auth_mysql: 0
+pureftpd_auth_postgresql: 0
+pureftpd_auth_ldap: 0
+pureftpd_auth_unix: 65
+pureftpd_auth_pam: 70
+
+# Default FTP user/group
+pureftpd_virtual_users_group: nobody
+pureftpd_virtual_users_user: nogroup
+# pureftpd_virtual_users_gid: '65534'
+# pureftpd_virtual_users_uid: '65534'
+
+pureftpd_virtual_users:
+ - name: maica_scan
+ password: maica_scan
+ homedir: /data/samba/Scans/Maica_scans
+ uid: maica
+ gid: users
+ - name: buero_scan
+ password: buero_scan
+ homedir: /data/samba/Scans/Buero_Scans
+ uid: buero
+ gid: users
+ - name: jibran_scan
+ password: jibran_scan
+ homedir: /data/samba/Scans/Jibran_scan_Scans
+ uid: jibran
+ gid: users
+ # Available properties
+ # - name: vuser1
+ # password: p4ssW0rd
+ # homedir: /var/ftp/vuser1
+ # uid: 2000
+ # gid: 2000
+ # quota_files: 2000
+ # quota_size: 500
+ # bandwidth_ul: 5
+ # bandwidth_dl: 5
+ # ratio_ul: 10
+ # ratio_dl: 1
+
+pureftpd_virtual_deleted_users: []
+ # Available properties
+ # - name: vuser2
+
+pureftpd_virtual_users_import: false
+
+
+
# ==========
# vars used by roles/common/tasks/user.yml
# ==========
diff --git a/hosts b/hosts
index 98add24..e3079cd 100644
--- a/hosts
+++ b/hosts
@@ -53,4 +53,8 @@ file-akb.akb.netz ansible_user=root
file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root

+[ftp_server]
+file-akb.akb.netz ansible_user=root
+192.168.82.20 ansible_user=root
+
[gateway_server]
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index f9391f6..be73450 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -59,3 +59,12 @@
name: cups-browsed
daemon_reload: yes
state: restarted
+
+- name: reload Pure-FTPd users
+ command: pure-pw mkdb
+
+- name: restart Pure-FTPd
+ service:
+ name: pure-ftpd
+ state: restarted
+
diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml
index 466edd1..77fd1c4 100644
--- a/roles/common/tasks/apt.yml
+++ b/roles/common/tasks/apt.yml
@@ -96,12 +96,17 @@
tags:
- apt-initial-install

-- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
+# ---
+# Microcode
+# ---
+
+- name: (apt.yml) Ensure we have CPU microcode from backports for Intel CPU (debian stretch)
apt:
- name: "{{ microcode_package }}"
+ name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
+ - apt_backports_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("Intel")
@@ -109,9 +114,24 @@
- apt-initial-install
- apt-microcode

-- name: (apt.yml) Install CPU microcode (debian buster)
+- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch)
+ apt:
+ name: "{{ microcode_amd_package }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}-backports"
+ when:
+ - apt_backports_enable
+ - apt_debian_contrib_nonfree_enable
+ - ansible_facts['distribution'] == "Debian"
+ - ansible_facts['distribution_major_version'] == "9"
+ - ansible_facts['processor']|string is search("AMD")
+ tags:
+ - apt-initial-install
+ - apt-microcode
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
apt:
- name: "{{ microcode_package }}"
+ name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
@@ -122,9 +142,23 @@
- apt-initial-install
- apt-microcode

-- name: (apt.yml) Install CPU microcode (ubuntu bionic)
+- name: (apt.yml) Install CPU microcode for AMD CPU (debian buster)
apt:
- name: "{{ microcode_package }}"
+ name: "{{ microcode_amd_package }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ when:
+ - apt_debian_contrib_nonfree_enable
+ - ansible_facts['distribution'] == "Debian"
+ - ansible_facts['distribution_major_version'] == "10"
+ - ansible_facts['processor']|string is search("AMD")
+ tags:
+ - apt-initial-install
+ - apt-microcode
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic)
+ apt:
+ name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
@@ -135,9 +169,23 @@
- apt-initial-install
- apt-microcode

-- name: (apt.yml) Install CPU microcode (ubuntu xenial)
+- name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic)
apt:
- name: "{{ microcode_package }}"
+ name: "{{ microcode_amd_package }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ when:
+ - apt_debian_contrib_nonfree_enable
+ - ansible_facts['distribution'] == "Ubuntu"
+ - ansible_facts['distribution_release'] == "bionic"
+ - ansible_facts['processor']|string is search("AMD")
+ tags:
+ - apt-initial-install
+ - apt-microcode
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial)
+ apt:
+ name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
@@ -148,6 +196,49 @@
- apt-initial-install
- apt-microcode

+- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial)
+ apt:
+ name: "{{ microcode_amd_package }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ when:
+ - apt_debian_contrib_nonfree_enable
+ - ansible_facts['distribution'] == "Ubuntu"
+ - ansible_facts['distribution_release'] == "xenial"
+ - ansible_facts['processor']|string is search("AMD")
+ tags:
+ - apt-initial-install
+ - apt-microcode
+
+# ---
+# Firmware
+# ---
+
+- name: (apt.yml) Install Firmware packages
+ apt:
+ name: "{{ firmware_non_free_packages }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ tags:
+ - apt-initial-install
+ - apt-firmware
+
+- name: (apt.yml) Install non-free Firmware packages
+ apt:
+ name: "{{ firmware_non_free_packages }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ when:
+ - apt_debian_contrib_nonfree_enable
+ tags:
+ - apt-initial-install
+ - apt-firmware
+
+
+# ---
+# unwanted packages
+# ---
+
- name: (apt.yml) Remove unwanted packages
apt:
name: "{{ apt_remove }}"
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index cba68be..b9802b6 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -55,6 +55,14 @@
tags:
- cups

+# tags supported inside cups-install.yml:
+#
+- import_tasks: pure-ftpd-install.yml
+ when: 
+ - groups['ftp_server']|string is search(inventory_hostname)
+ tags:
+ - pure-ftpd
+
# tags supported inside nfs.yml:
#
# nfs-server
Reference in New Issue View Git Blame Copy Permalink