ansible/akb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a594df471f
akb/tatus
Christoph a594df471f update..
2020-09-27 23:23:21 +02:00

15 KiB
Raw Blame History

diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 7b325e6..603929a 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -554,10 +554,18 @@ apt_initial_install_bionic:
- ifupdown
- socat
 
-microcode_package:
+microcode_intel_package:
- intel-microcode
+
+microcode_amd_package:
- amd64-microcode
 
+firmware_packages:
+ - firmware-linux
+
+firmware_non_free_packages:
+ - firmware-linux-nonfree
+
apt_install_state: latest
 
apt_remove:
@@ -727,6 +735,167 @@ apt_install_client_samba:
samba_server: file-akb.akb.netz
 
 
+# ==========
+# vars used by roles/common/tasks/pure-ftpd-install.yml
+# ==========
+
+pureftpd_global_config_file: /etc/default/pure-ftpd-common
+
+pureftpd_config_dir: /etc/pure-ftpd
+pureftpd_config_conf_dir: "{{ pureftpd_config_dir }}/conf"
+pureftpd_config_auth_dir: "{{ pureftpd_config_dir }}/auth"
+pureftpd_config_db_dir: "{{ pureftpd_config_dir }}/db"
+
+pureftpd_config_fortune_file: "{{ pureftpd_config_dir }}/pureftpd-fortune.txt"
+
+pureftpd_tls_certificate_pem: /etc/ssl/private/pure-ftpd.pem
+
+pureftpd_packages:
+ - pure-ftpd-common
+ - pure-ftpd
+
+# pure-ftpd-common.j2
+pureftpd_global_config_mode: standalone
+pureftpd_global_config_virtualchroot: false
+pureftpd_global_config_uploadscript: ''
+pureftpd_global_config_uploaduid: ''
+pureftpd_global_config_uploadgid: ''
+
+pureftpd_config:
+ AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
+ AnonymousCantUpload: 'yes'
+ Bind: ',21'
+ CustomerProof: 'yes'
+ DisplayDotFiles: 'yes'
+ DontResolve: 'yes'
+ FSCharset: 'UTF-8'
+ ForcePassiveIP: ''
+ MaxDiskUsage: '80'
+ MinUID: '1000'
+ NoAnonymous: 'yes'
+ PAMAuthentication: 'no'
+ PassivePortRange: '50000 50400'
+ ProhibitDotFilesRead: 'no'
+ ProhibitDotFilesWrite: 'yes'
+ PureDB: '/etc/pure-ftpd/pureftpd.pdb'
+ SyslogFacility: 'ftp'
+ TLS: '1'
+ TLSCipherSuite: 'HIGH'
+ UnixAuthentication: 'no'
+ #
+ # Available properties
+ #
+ # Available properties
+ # AllowAnonymousFXP: 'no'
+ # AllowUserFXP: 'no'
+ # AltLog: 'clf:/var/log/pure-ftpd/transfer.log'
+ # AnonymousBandwidth: '8'
+ # AnonymousCanCreateDirs: 'no'
+ # AnonymousCantUpload: 'yes'
+ # AnonymousOnly: 'no'
+ # AnonymousRatio: '1 10'
+ # AntiWarez: 'yes'
+ # AutoRename: 'no'
+ # Bind: '127.0.0.1,21'
+ # BrokenClientsCompatibility: 'no'
+ # CallUploadScript: 'yes'
+ # ChrootEveryone: 'yes'
+ # ClientCharset: 'UTF-8'
+ # CreateHomeDir: 'yes'
+ # CustomerProof: 'yes'
+ # Daemonize: 'yes'
+ # DisplayDotFiles: 'yes'
+ # DontResolve: 'yes'
+ # ExtAuth: /var/run/ftpd.sock
+ # ForcePassiveIP: '192.168.0.1'
+ # FortunesFile: '/etc/pure-ftpd/cookie'
+ # FSCharset: 'utf8'
+ # IPV4Only: 'yes'
+ # IPV6Only: 'yes'
+ # KeepAllFiles: 'yes'
+ # LDAPConfigFile: /etc/pureftpd-ldap.conf
+ # LimitRecursion: '10000 8'
+ # LogPID: 'yes'
+ # MaxClientsNumber: '10'
+ # MaxClientsPerIP: "{{ ansible_processor_cores }}"
+ # MaxDiskUsage: '80'
+ # MaxIdleTime: '15'
+ # MaxLoad: '4'
+ # MinUID: '1000'
+ # MySQLConfigFile: /etc/pure-ftpd/mysql.conf
+ # NoAnonymous: 'yes'
+ # NoChmod: 'yes'
+ # NoRename: 'yes'
+ # NoTruncate: 'yes'
+ # PAMAuthentication: 'no'
+ # PassivePortRange: '30000 50000'
+ # PerUserLimits: '3 20'
+ # PGSQLConfigFile: /etc/pureftpd-pgsql.conf
+ # PIDFile: '/var/run/pure-ftpd.pid'
+ # ProhibitDotFilesRead: 'yes'
+ # ProhibitDotFilesWrite: 'yes'
+ # PureDB: /etc/pure-ftpd/pureftpd.pdb
+ # Quota: '1000 10'
+ # SyslogFacility: 'ftp'
+ # TLS: '0'
+ # TLSCipherSuite: 'ALL:!aNULL:!SSLv3'
+ # TrustedIP: '10.1.1.1'
+ # Umask: '113 002'
+ # UnixAuthentication: 'no'
+ # UserBandwidth: '8'
+ # UserRatio: '1 10'
+ # VerboseLog: 'no'
+
+pureftpd_auth_puredb: 50
+pureftpd_auth_mysql: 0
+pureftpd_auth_postgresql: 0
+pureftpd_auth_ldap: 0
+pureftpd_auth_unix: 65
+pureftpd_auth_pam: 70
+
+# Default FTP user/group
+pureftpd_virtual_users_group: nobody
+pureftpd_virtual_users_user: nogroup
+# pureftpd_virtual_users_gid: '65534'
+# pureftpd_virtual_users_uid: '65534'
+
+pureftpd_virtual_users:
+ - name: maica_scan
+ password: maica_scan
+ homedir: /data/samba/Scans/Maica_scans
+ uid: maica
+ gid: users
+ - name: buero_scan
+ password: buero_scan
+ homedir: /data/samba/Scans/Buero_Scans
+ uid: buero
+ gid: users
+ - name: jibran_scan
+ password: jibran_scan
+ homedir: /data/samba/Scans/Jibran_scan_Scans
+ uid: jibran
+ gid: users
+ # Available properties
+ # - name: vuser1
+ # password: p4ssW0rd
+ # homedir: /var/ftp/vuser1
+ # uid: 2000
+ # gid: 2000
+ # quota_files: 2000
+ # quota_size: 500
+ # bandwidth_ul: 5
+ # bandwidth_dl: 5
+ # ratio_ul: 10
+ # ratio_dl: 1
+
+pureftpd_virtual_deleted_users: []
+ # Available properties
+ # - name: vuser2
+
+pureftpd_virtual_users_import: false
+
+
+
# ==========
# vars used by roles/common/tasks/user.yml
# ==========
diff --git a/hosts b/hosts
index 98add24..e3079cd 100644
--- a/hosts
+++ b/hosts
@@ -53,4 +53,8 @@ file-akb.akb.netz ansible_user=root
file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root
 
+[ftp_server]
+file-akb.akb.netz ansible_user=root
+192.168.82.20 ansible_user=root
+
[gateway_server]
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index f9391f6..be73450 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -59,3 +59,12 @@
name: cups-browsed
daemon_reload: yes
state: restarted
+
+- name: reload Pure-FTPd users
+ command: pure-pw mkdb
+
+- name: restart Pure-FTPd
+ service:
+ name: pure-ftpd
+ state: restarted
+
diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml
index 466edd1..77fd1c4 100644
--- a/roles/common/tasks/apt.yml
+++ b/roles/common/tasks/apt.yml
@@ -96,12 +96,17 @@
tags:
- apt-initial-install
 
-- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
+# ---
+# Microcode
+# ---
+
+- name: (apt.yml) Ensure we have CPU microcode from backports for Intel CPU (debian stretch)
apt:
- name: "{{ microcode_package }}"
+ name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
+ - apt_backports_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("Intel")
@@ -109,9 +114,24 @@
- apt-initial-install
- apt-microcode
 
-- name: (apt.yml) Install CPU microcode (debian buster)
+- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch)
+ apt:
+ name: "{{ microcode_amd_package }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}-backports"
+ when:
+ - apt_backports_enable
+ - apt_debian_contrib_nonfree_enable
+ - ansible_facts['distribution'] == "Debian"
+ - ansible_facts['distribution_major_version'] == "9"
+ - ansible_facts['processor']|string is search("AMD")
+ tags:
+ - apt-initial-install
+ - apt-microcode
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
apt:
- name: "{{ microcode_package }}"
+ name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
@@ -122,9 +142,23 @@
- apt-initial-install
- apt-microcode
 
-- name: (apt.yml) Install CPU microcode (ubuntu bionic)
+- name: (apt.yml) Install CPU microcode for AMD CPU (debian buster)
apt:
- name: "{{ microcode_package }}"
+ name: "{{ microcode_amd_package }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ when:
+ - apt_debian_contrib_nonfree_enable
+ - ansible_facts['distribution'] == "Debian"
+ - ansible_facts['distribution_major_version'] == "10"
+ - ansible_facts['processor']|string is search("AMD")
+ tags:
+ - apt-initial-install
+ - apt-microcode
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic)
+ apt:
+ name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
@@ -135,9 +169,23 @@
- apt-initial-install
- apt-microcode
 
-- name: (apt.yml) Install CPU microcode (ubuntu xenial)
+- name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic)
apt:
- name: "{{ microcode_package }}"
+ name: "{{ microcode_amd_package }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ when:
+ - apt_debian_contrib_nonfree_enable
+ - ansible_facts['distribution'] == "Ubuntu"
+ - ansible_facts['distribution_release'] == "bionic"
+ - ansible_facts['processor']|string is search("AMD")
+ tags:
+ - apt-initial-install
+ - apt-microcode
+
+- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial)
+ apt:
+ name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
@@ -148,6 +196,49 @@
- apt-initial-install
- apt-microcode
 
+- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial)
+ apt:
+ name: "{{ microcode_amd_package }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ when:
+ - apt_debian_contrib_nonfree_enable
+ - ansible_facts['distribution'] == "Ubuntu"
+ - ansible_facts['distribution_release'] == "xenial"
+ - ansible_facts['processor']|string is search("AMD")
+ tags:
+ - apt-initial-install
+ - apt-microcode
+
+# ---
+# Firmware
+# ---
+
+- name: (apt.yml) Install Firmware packages
+ apt:
+ name: "{{ firmware_non_free_packages }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ tags:
+ - apt-initial-install
+ - apt-firmware
+
+- name: (apt.yml) Install non-free Firmware packages
+ apt:
+ name: "{{ firmware_non_free_packages }}"
+ state: present
+ default_release: "{{ ansible_distribution_release }}"
+ when:
+ - apt_debian_contrib_nonfree_enable
+ tags:
+ - apt-initial-install
+ - apt-firmware
+
+
+# ---
+# unwanted packages
+# ---
+
- name: (apt.yml) Remove unwanted packages
apt:
name: "{{ apt_remove }}"
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index cba68be..b9802b6 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -55,6 +55,14 @@
tags:
- cups
 
+# tags supported inside cups-install.yml:
+#
+- import_tasks: pure-ftpd-install.yml
+ when:
+ - groups['ftp_server']|string is search(inventory_hostname)
+ tags:
+ - pure-ftpd
+
# tags supported inside nfs.yml:
#
# nfs-server