diff --git a/README.md b/README.md
index ebf10cf..61e0b8d 100644
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ password: ubuntu
### Install Packages (debian)
Install QEMU and KVM
```
-$ apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system
+$ apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst
```
Install other packages for the playbook
```
@@ -70,6 +70,8 @@ virt-viewer
virt-manager
bridge-utils
```
+Also will need python
+
### Install Packages (archlinux)
**needs update**
diff --git a/libvirt/main.yml b/libvirt/main.yml
index 697033d..f37226f 100644
--- a/libvirt/main.yml
+++ b/libvirt/main.yml
@@ -29,19 +29,44 @@
- name: fetch ubuntu iso
get_url:
- url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
- dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
+ # url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
+ # dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
+ url: "http://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
+ dest: "{{ playbook_dir }}/vm/focal-server-cloudimg-amd64.img"
# Installing VMs from Ready Images
# https://www.x386.xyz/index.php/2021/01/06/kvm-on-ubuntu-server-1/
- - name: create ubuntu iso seed
- command:
- cmd: >
- cloud-localds
- --network-config {{ playbook_dir }}/templates/network
- {{ playbook_dir }}/vm/seed.qcow2
- {{ playbook_dir }}/templates/user-data
- creates: "{{ playbook_dir }}/vm/seed.qcow2"
+ # --network-config {{ playbook_dir }}/templates/network
+ # - name: create ubuntu iso seed
+ # command:
+ # cmd: >
+ # cloud-localds
+ # {{ playbook_dir }}/vm/seed.iso
+ # {{ playbook_dir }}/templates/user-data
+ # {{ playbook_dir }}/templates/meta-data
+ # creates: "{{ playbook_dir }}/vm/seed.iso"
+ # - name: create ubuntu iso seed
+ # command:
+ # cmd: >
+ # genisoimage
+ # -output {{ playbook_dir }}/vm/cidata.iso
+ # -V cidata -r -J
+ # {{ playbook_dir }}/templates/user-data
+ # {{ playbook_dir }}/templates/meta-data
+ # creates: "{{ playbook_dir }}/vm/seed.iso"
+
+# # ???
+# - name: create new image
+# command:
+# cmd: >
+# qemu-img create
+# -b {{ playbook_dir }}/focal-server-cloudimg-amd64.img
+# -f qcow2
+# -F qcow2
+# {{ playbook_dir }}/vm/mirror.img
+# creates: "{{ playbook_dir }}/vm/mirror.img"
+
+
- name: create mirbr0 bridge network
command: "virsh {{ item }}"
@@ -75,6 +100,9 @@
# does not exist yet
# --os-variant ubuntu20.04
+
+ # --cdrom path={{ playbook_dir }}/vm/ubuntu20_04.iso
+ # --disk path={{ playbook_dir }}/vm/seed.iso,format=raw,bus=virtio
- name: create vm
command: >
virt-install
@@ -83,14 +111,15 @@
--vcpus=1
--boot uefi
--os-type linux
- --disk path={{ playbook_dir }}/vm/seed.qcow2,device=cdrom
- --disk vol=mirror/mirror_root1.qcow2
- --disk vol=mirror/mirror_root2.qcow2
- --disk vol=mirror/mirror_disk1.qcow2
- --disk vol=mirror/mirror_disk2.qcow2
- --disk vol=mirror/mirror_disk3.qcow2
- --disk vol=mirror/mirror_disk4.qcow2
- --network bridge=mirbr0
+ --cloud-init user-data={{ playbook_dir }}/templates/user-data, meta-data={{ playbook_dir }}/templates/meta-data
+ --disk path={{ playbook_dir }}/vm/focal-server-cloudimg-amd64.img
+ --disk vol=mirror/mirror_root1.qcow2,bus=virtio
+ --disk vol=mirror/mirror_root2.qcow2,bus=virtio
+ --disk vol=mirror/mirror_disk1.qcow2,bus=virtio
+ --disk vol=mirror/mirror_disk2.qcow2,bus=virtio
+ --disk vol=mirror/mirror_disk3.qcow2,bus=virtio
+ --disk vol=mirror/mirror_disk4.qcow2,bus=virtio
+ --network bridge=mirbr0,model=virtio
--graphics vnc,port=5911,listen=127.0.0.1
--noautoconsole
when: vm_exists.rc != 0
diff --git a/libvirt/templates/meta-data b/libvirt/templates/meta-data
new file mode 100644
index 0000000..e69de29
diff --git a/libvirt/templates/user-data b/libvirt/templates/user-data
index abf40ca..b288fdf 100644
--- a/libvirt/templates/user-data
+++ b/libvirt/templates/user-data
@@ -59,4 +59,4 @@ autoinstall:
fstype: ext4, preserve: false}
# mount points =-=-=-=-=-=
- {id: boot-mount, type: mount, path: /boot/efi, device: vda1-format}
- - {id: root-mount, type: mount, path: /, device: vg0-root-format}
+ - {id: root-mount, type: mount, path: /, device: vg0-root-format}
\ No newline at end of file
diff --git a/roles/ftp/templates/proftpd/blacklist.dat b/roles/ftp/templates/proftpd/blacklist.dat
new file mode 100644
index 0000000..44005c4
Binary files /dev/null and b/roles/ftp/templates/proftpd/blacklist.dat differ
diff --git a/roles/ftp/templates/proftpd/conf.d/.gitkeep b/roles/ftp/templates/proftpd/conf.d/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/roles/ftp/templates/proftpd/ldap.conf b/roles/ftp/templates/proftpd/ldap.conf
new file mode 100644
index 0000000..d0d89c6
--- /dev/null
+++ b/roles/ftp/templates/proftpd/ldap.conf
@@ -0,0 +1,27 @@
+#
+# Proftpd sample configuration for LDAP authentication.
+#
+# (This is not to be used if you prefer a PAM-based SQL authentication)
+#
+
+
+#
+# This is used for ordinary LDAP connections, with or without TLS
+#
+#LDAPServer ldap://ldap.example.com
+#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
+#LDAPDoAuth on "dc=users,dc=example,dc=com"
+#
+# To be set on only for LDAP/TLS on ordinary port, for LDAP+SSL see below
+#LDAPUseTLS on
+#
+
+#
+# This is used for encrypted LDAPS connections
+#
+#LDAPServer ldaps://ldap.example.com
+#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
+#LDAPDoAuth on "dc=users,dc=example,dc=com"
+#
+
+
diff --git a/roles/ftp/templates/proftpd/modules.conf b/roles/ftp/templates/proftpd/modules.conf
new file mode 100644
index 0000000..23037d2
--- /dev/null
+++ b/roles/ftp/templates/proftpd/modules.conf
@@ -0,0 +1,97 @@
+#
+# This file is used to manage DSO modules and features.
+#
+
+# This is the directory where DSO modules reside
+
+ModulePath /usr/lib/proftpd
+
+# Allow only user root to load and unload modules, but allow everyone
+# to see which modules have been loaded
+
+ModuleControlsACLs insmod,rmmod allow user root
+ModuleControlsACLs lsmod allow user *
+
+LoadModule mod_ctrls_admin.c
+LoadModule mod_tls.c
+
+# Install one of proftpd-mod-mysql, proftpd-mod-pgsql or any other
+# SQL backend engine to use this module and the required backend.
+# This module must be mandatory loaded before anyone of
+# the existent SQL backeds.
+#LoadModule mod_sql.c
+
+# Install proftpd-mod-ldap to use this
+#LoadModule mod_ldap.c
+
+#
+# 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives
+# are required to have SQL authorization working. You can also comment out the
+# unused module here, in alternative.
+#
+
+# Install proftpd-mod-mysql and decomment the previous
+# mod_sql.c module to use this.
+#LoadModule mod_sql_mysql.c
+
+# Install proftpd-mod-pgsql and decomment the previous
+# mod_sql.c module to use this.
+#LoadModule mod_sql_postgres.c
+
+# Install proftpd-mod-sqlite and decomment the previous
+# mod_sql.c module to use this
+#LoadModule mod_sql_sqlite.c
+
+# Install proftpd-mod-odbc and decomment the previous
+# mod_sql.c module to use this
+#LoadModule mod_sql_odbc.c
+
+# Install one of the previous SQL backends and decomment
+# the previous mod_sql.c module to use this
+#LoadModule mod_sql_passwd.c
+
+LoadModule mod_radius.c
+LoadModule mod_quotatab.c
+LoadModule mod_quotatab_file.c
+
+# Install proftpd-mod-ldap to use this
+#LoadModule mod_quotatab_ldap.c
+
+# Install one of the previous SQL backends and decomment
+# the previous mod_sql.c module to use this
+#LoadModule mod_quotatab_sql.c
+LoadModule mod_quotatab_radius.c
+LoadModule mod_wrap.c
+LoadModule mod_rewrite.c
+LoadModule mod_load.c
+LoadModule mod_ban.c
+LoadModule mod_wrap2.c
+LoadModule mod_wrap2_file.c
+# Install one of the previous SQL backends and decomment
+# the previous mod_sql.c module to use this
+#LoadModule mod_wrap2_sql.c
+LoadModule mod_dynmasq.c
+LoadModule mod_exec.c
+LoadModule mod_shaper.c
+LoadModule mod_ratio.c
+LoadModule mod_site_misc.c
+
+LoadModule mod_sftp.c
+LoadModule mod_sftp_pam.c
+# Install one of the previous SQL backends and decomment
+# the previous mod_sql.c module to use this
+#LoadModule mod_sftp_sql.c
+
+LoadModule mod_facl.c
+LoadModule mod_unique_id.c
+LoadModule mod_copy.c
+LoadModule mod_deflate.c
+LoadModule mod_ifversion.c
+LoadModule mod_tls_memcache.c
+
+# Install proftpd-mod-geoip to use the GeoIP feature
+#LoadModule mod_geoip.c
+
+# keep this module the last one
+LoadModule mod_ifsession.c
+
diff --git a/roles/ftp/templates/proftpd.conf b/roles/ftp/templates/proftpd/proftpd.conf
similarity index 100%
rename from roles/ftp/templates/proftpd.conf
rename to roles/ftp/templates/proftpd/proftpd.conf
diff --git a/roles/ftp/templates/proftpd/sql.conf b/roles/ftp/templates/proftpd/sql.conf
new file mode 100644
index 0000000..889399c
--- /dev/null
+++ b/roles/ftp/templates/proftpd/sql.conf
@@ -0,0 +1,34 @@
+#
+# Proftpd sample configuration for SQL-based authentication.
+#
+# (This is not to be used if you prefer a PAM-based SQL authentication)
+#
+
+
+#
+# Choose a SQL backend among MySQL or PostgreSQL.
+# Both modules are loaded in default configuration, so you have to specify the backend
+# or comment out the unused module in /etc/proftpd/modules.conf.
+# Use 'mysql' or 'postgres' as possible values.
+#
+#SQLBackend mysql
+#
+#SQLEngine on
+#SQLAuthenticate on
+#
+# Use both a crypted or plaintext password
+#SQLAuthTypes Crypt Plaintext
+#
+# Use a backend-crypted or a crypted password
+#SQLAuthTypes Backend Crypt
+#
+# Connection
+#SQLConnectInfo proftpd@sql.example.com proftpd_user proftpd_password
+#
+# Describes both users/groups tables
+#
+#SQLUserInfo users userid passwd uid gid homedir shell
+#SQLGroupInfo groups groupname gid members
+#
+
+
diff --git a/roles/ftp/templates/proftpd/tls.conf b/roles/ftp/templates/proftpd/tls.conf
new file mode 100644
index 0000000..3880879
--- /dev/null
+++ b/roles/ftp/templates/proftpd/tls.conf
@@ -0,0 +1,51 @@
+#
+# Proftpd sample configuration for FTPS connections.
+#
+# Note that FTPS impose some limitations in NAT traversing.
+# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
+# for more information.
+#
+
+
+#TLSEngine on
+#TLSLog /var/log/proftpd/tls.log
+#TLSProtocol SSLv23
+#
+# Server SSL certificate. You can generate a self-signed certificate using
+# a command like:
+#
+# openssl req -x509 -newkey rsa:1024 \
+# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
+# -nodes -days 365
+#
+# The proftpd.key file must be readable by root only. The other file can be
+# readable by anyone.
+#
+# chmod 0600 /etc/ssl/private/proftpd.key
+# chmod 0640 /etc/ssl/private/proftpd.key
+#
+#TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
+#TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
+#
+# CA the server trusts
+#TLSCACertificateFile /etc/ssl/certs/CA.pem
+# or avoid CA cert
+#TLSOptions NoCertRequest
+#
+# Authenticate clients that want to use FTP over TLS?
+#
+#TLSVerifyClient off
+#
+# Are clients required to use FTP over TLS when talking to this server?
+#
+#TLSRequired on
+#
+# Allow SSL/TLS renegotiations when the client requests them, but
+# do not force the renegotations. Some clients do not support
+# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+# clients will close the data connection, or there will be a timeout
+# on an idle data connection.
+#
+#TLSRenegotiate required off
+
+
diff --git a/roles/ftp/templates/proftpd/virtuals.conf b/roles/ftp/templates/proftpd/virtuals.conf
new file mode 100644
index 0000000..b395f8a
--- /dev/null
+++ b/roles/ftp/templates/proftpd/virtuals.conf
@@ -0,0 +1,38 @@
+#
+# Proftpd sample configuration for Virtual Hosts and Virtual Roots.
+#
+# Note that FTP protocol requires IP based virtual host, not name based.
+#
+
+#
+# A generic sample virtual host.
+#
+#
+#ServerAdmin ftpmaster@server.com
+#ServerName "Big FTP Archive"
+#TransferLog /var/log/proftpd/xfer/ftp.server.com
+#MaxLoginAttempts 3
+#RequireValidShell no
+#DefaultRoot /srv/ftp_root
+#AllowOverwrite yes
+#
+
+#
+# The vroot module is not required, but can be useful for shared
+# directories.
+#
+
+#VRootEngine on
+
+#DefaultRoot ~
+#VRootAlias upload /var/ftp/upload
+#
+#
+#VRootEngine on
+#VRootServerRoot /etc/ftpd/a.b.c.d/
+#VRootOptions allowSymlinks
+#DefaultRoot ~
+#
+#
+
+