get proftpd configs

autoautoinstall
Andrew Wang 1 year ago
parent 10a1a8a5aa
commit c1fb658ba3
  1. 4
      README.md
  2. 65
      libvirt/main.yml
  3. 0
      libvirt/templates/meta-data
  4. 2
      libvirt/templates/user-data
  5. BIN
      roles/ftp/templates/proftpd/blacklist.dat
  6. 0
      roles/ftp/templates/proftpd/conf.d/.gitkeep
  7. 27
      roles/ftp/templates/proftpd/ldap.conf
  8. 97
      roles/ftp/templates/proftpd/modules.conf
  9. 0
      roles/ftp/templates/proftpd/proftpd.conf
  10. 34
      roles/ftp/templates/proftpd/sql.conf
  11. 51
      roles/ftp/templates/proftpd/tls.conf
  12. 38
      roles/ftp/templates/proftpd/virtuals.conf

@ -57,7 +57,7 @@ password: ubuntu
### Install Packages (debian)
Install QEMU and KVM
```
$ apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system
$ apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst
```
Install other packages for the playbook
```
@ -70,6 +70,8 @@ virt-viewer
virt-manager
bridge-utils
```
Also will need python
### Install Packages (archlinux)
**needs update**

@ -29,19 +29,44 @@
- name: fetch ubuntu iso
get_url:
url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
# url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
# dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
url: "http://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
dest: "{{ playbook_dir }}/vm/focal-server-cloudimg-amd64.img"
# Installing VMs from Ready Images
# https://www.x386.xyz/index.php/2021/01/06/kvm-on-ubuntu-server-1/
- name: create ubuntu iso seed
command:
cmd: >
cloud-localds
--network-config {{ playbook_dir }}/templates/network
{{ playbook_dir }}/vm/seed.qcow2
{{ playbook_dir }}/templates/user-data
creates: "{{ playbook_dir }}/vm/seed.qcow2"
# --network-config {{ playbook_dir }}/templates/network
# - name: create ubuntu iso seed
# command:
# cmd: >
# cloud-localds
# {{ playbook_dir }}/vm/seed.iso
# {{ playbook_dir }}/templates/user-data
# {{ playbook_dir }}/templates/meta-data
# creates: "{{ playbook_dir }}/vm/seed.iso"
# - name: create ubuntu iso seed
# command:
# cmd: >
# genisoimage
# -output {{ playbook_dir }}/vm/cidata.iso
# -V cidata -r -J
# {{ playbook_dir }}/templates/user-data
# {{ playbook_dir }}/templates/meta-data
# creates: "{{ playbook_dir }}/vm/seed.iso"
# # ???
# - name: create new image
# command:
# cmd: >
# qemu-img create
# -b {{ playbook_dir }}/focal-server-cloudimg-amd64.img
# -f qcow2
# -F qcow2
# {{ playbook_dir }}/vm/mirror.img
# creates: "{{ playbook_dir }}/vm/mirror.img"
- name: create mirbr0 bridge network
command: "virsh {{ item }}"
@ -75,6 +100,9 @@
# does not exist yet
# --os-variant ubuntu20.04
# --cdrom path={{ playbook_dir }}/vm/ubuntu20_04.iso
# --disk path={{ playbook_dir }}/vm/seed.iso,format=raw,bus=virtio
- name: create vm
command: >
virt-install
@ -83,14 +111,15 @@
--vcpus=1
--boot uefi
--os-type linux
--disk path={{ playbook_dir }}/vm/seed.qcow2,device=cdrom
--disk vol=mirror/mirror_root1.qcow2
--disk vol=mirror/mirror_root2.qcow2
--disk vol=mirror/mirror_disk1.qcow2
--disk vol=mirror/mirror_disk2.qcow2
--disk vol=mirror/mirror_disk3.qcow2
--disk vol=mirror/mirror_disk4.qcow2
--network bridge=mirbr0
--cloud-init user-data={{ playbook_dir }}/templates/user-data, meta-data={{ playbook_dir }}/templates/meta-data
--disk path={{ playbook_dir }}/vm/focal-server-cloudimg-amd64.img
--disk vol=mirror/mirror_root1.qcow2,bus=virtio
--disk vol=mirror/mirror_root2.qcow2,bus=virtio
--disk vol=mirror/mirror_disk1.qcow2,bus=virtio
--disk vol=mirror/mirror_disk2.qcow2,bus=virtio
--disk vol=mirror/mirror_disk3.qcow2,bus=virtio
--disk vol=mirror/mirror_disk4.qcow2,bus=virtio
--network bridge=mirbr0,model=virtio
--graphics vnc,port=5911,listen=127.0.0.1
--noautoconsole
when: vm_exists.rc != 0

@ -59,4 +59,4 @@ autoinstall:
fstype: ext4, preserve: false}
# mount points =-=-=-=-=-=
- {id: boot-mount, type: mount, path: /boot/efi, device: vda1-format}
- {id: root-mount, type: mount, path: /, device: vg0-root-format}
- {id: root-mount, type: mount, path: /, device: vg0-root-format}

@ -0,0 +1,27 @@
#
# Proftpd sample configuration for LDAP authentication.
#
# (This is not to be used if you prefer a PAM-based SQL authentication)
#
<IfModule mod_ldap.c>
#
# This is used for ordinary LDAP connections, with or without TLS
#
#LDAPServer ldap://ldap.example.com
#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
#LDAPDoAuth on "dc=users,dc=example,dc=com"
#
# To be set on only for LDAP/TLS on ordinary port, for LDAP+SSL see below
#LDAPUseTLS on
#
#
# This is used for encrypted LDAPS connections
#
#LDAPServer ldaps://ldap.example.com
#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
#LDAPDoAuth on "dc=users,dc=example,dc=com"
#
</IfModule>

@ -0,0 +1,97 @@
#
# This file is used to manage DSO modules and features.
#
# This is the directory where DSO modules reside
ModulePath /usr/lib/proftpd
# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
# Install one of proftpd-mod-mysql, proftpd-mod-pgsql or any other
# SQL backend engine to use this module and the required backend.
# This module must be mandatory loaded before anyone of
# the existent SQL backeds.
#LoadModule mod_sql.c
# Install proftpd-mod-ldap to use this
#LoadModule mod_ldap.c
#
# 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives
# are required to have SQL authorization working. You can also comment out the
# unused module here, in alternative.
#
# Install proftpd-mod-mysql and decomment the previous
# mod_sql.c module to use this.
#LoadModule mod_sql_mysql.c
# Install proftpd-mod-pgsql and decomment the previous
# mod_sql.c module to use this.
#LoadModule mod_sql_postgres.c
# Install proftpd-mod-sqlite and decomment the previous
# mod_sql.c module to use this
#LoadModule mod_sql_sqlite.c
# Install proftpd-mod-odbc and decomment the previous
# mod_sql.c module to use this
#LoadModule mod_sql_odbc.c
# Install one of the previous SQL backends and decomment
# the previous mod_sql.c module to use this
#LoadModule mod_sql_passwd.c
LoadModule mod_radius.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
# Install proftpd-mod-ldap to use this
#LoadModule mod_quotatab_ldap.c
# Install one of the previous SQL backends and decomment
# the previous mod_sql.c module to use this
#LoadModule mod_quotatab_sql.c
LoadModule mod_quotatab_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
# Install one of the previous SQL backends and decomment
# the previous mod_sql.c module to use this
#LoadModule mod_wrap2_sql.c
LoadModule mod_dynmasq.c
LoadModule mod_exec.c
LoadModule mod_shaper.c
LoadModule mod_ratio.c
LoadModule mod_site_misc.c
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
# Install one of the previous SQL backends and decomment
# the previous mod_sql.c module to use this
#LoadModule mod_sftp_sql.c
LoadModule mod_facl.c
LoadModule mod_unique_id.c
LoadModule mod_copy.c
LoadModule mod_deflate.c
LoadModule mod_ifversion.c
LoadModule mod_tls_memcache.c
# Install proftpd-mod-geoip to use the GeoIP feature
#LoadModule mod_geoip.c
# keep this module the last one
LoadModule mod_ifsession.c

@ -0,0 +1,34 @@
#
# Proftpd sample configuration for SQL-based authentication.
#
# (This is not to be used if you prefer a PAM-based SQL authentication)
#
<IfModule mod_sql.c>
#
# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#SQLBackend mysql
#
#SQLEngine on
#SQLAuthenticate on
#
# Use both a crypted or plaintext password
#SQLAuthTypes Crypt Plaintext
#
# Use a backend-crypted or a crypted password
#SQLAuthTypes Backend Crypt
#
# Connection
#SQLConnectInfo proftpd@sql.example.com proftpd_user proftpd_password
#
# Describes both users/groups tables
#
#SQLUserInfo users userid passwd uid gid homedir shell
#SQLGroupInfo groups groupname gid members
#
</IfModule>

@ -0,0 +1,51 @@
#
# Proftpd sample configuration for FTPS connections.
#
# Note that FTPS impose some limitations in NAT traversing.
# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
# for more information.
#
<IfModule mod_tls.c>
#TLSEngine on
#TLSLog /var/log/proftpd/tls.log
#TLSProtocol SSLv23
#
# Server SSL certificate. You can generate a self-signed certificate using
# a command like:
#
# openssl req -x509 -newkey rsa:1024 \
# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
# -nodes -days 365
#
# The proftpd.key file must be readable by root only. The other file can be
# readable by anyone.
#
# chmod 0600 /etc/ssl/private/proftpd.key
# chmod 0640 /etc/ssl/private/proftpd.key
#
#TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
#TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
#
# CA the server trusts
#TLSCACertificateFile /etc/ssl/certs/CA.pem
# or avoid CA cert
#TLSOptions NoCertRequest
#
# Authenticate clients that want to use FTP over TLS?
#
#TLSVerifyClient off
#
# Are clients required to use FTP over TLS when talking to this server?
#
#TLSRequired on
#
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
#TLSRenegotiate required off
</IfModule>

@ -0,0 +1,38 @@
#
# Proftpd sample configuration for Virtual Hosts and Virtual Roots.
#
# Note that FTP protocol requires IP based virtual host, not name based.
#
#
# A generic sample virtual host.
#
#<VirtualHost ftp.server.com>
#ServerAdmin ftpmaster@server.com
#ServerName "Big FTP Archive"
#TransferLog /var/log/proftpd/xfer/ftp.server.com
#MaxLoginAttempts 3
#RequireValidShell no
#DefaultRoot /srv/ftp_root
#AllowOverwrite yes
#</VirtualHost>
#
# The vroot module is not required, but can be useful for shared
# directories.
#
<IfModule mod_vroot.c>
#VRootEngine on
#DefaultRoot ~
#VRootAlias upload /var/ftp/upload
#
#<VirtualHost a.b.c.d>
#VRootEngine on
#VRootServerRoot /etc/ftpd/a.b.c.d/
#VRootOptions allowSymlinks
#DefaultRoot ~
#</VirtualHost>
#
</IfModule>
Loading…
Cancel
Save