get proftpd configs

2021-09-27 22:24:05 -04:00 · 2021-09-27 22:24:05 -04:00 · c1fb658ba3
parent 10a1a8a5aa
commit c1fb658ba3
12 changed files with 298 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -57,7 +57,7 @@ password: ubuntu
 ### Install Packages (debian)
 Install QEMU and KVM
 ```
-$ apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system
+$ apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst
 ```
 Install other packages for the playbook
 ```
@ -70,6 +70,8 @@ virt-viewer
 virt-manager
 bridge-utils 
 ```
+Also will need python
+

 ### Install Packages (archlinux)
 **needs update**
--- a/libvirt/main.yml
+++ b/libvirt/main.yml
@ -29,19 +29,44 @@
      
    - name: fetch ubuntu iso
      get_url:
-        url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
-        dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
+        # url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
+        # dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
+        url: "http://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
+        dest: "{{ playbook_dir }}/vm/focal-server-cloudimg-amd64.img"

    # Installing VMs from Ready Images
    # https://www.x386.xyz/index.php/2021/01/06/kvm-on-ubuntu-server-1/ 
-    - name: create ubuntu iso seed
-      command:
-        cmd: >
-          cloud-localds 
-          --network-config {{ playbook_dir }}/templates/network
-          {{ playbook_dir }}/vm/seed.qcow2
-          {{ playbook_dir }}/templates/user-data 
-        creates: "{{ playbook_dir }}/vm/seed.qcow2"
+    # --network-config {{ playbook_dir }}/templates/network
+    # - name: create ubuntu iso seed
+    #   command:
+    #     cmd: >
+    #       cloud-localds 
+    #       {{ playbook_dir }}/vm/seed.iso
+    #       {{ playbook_dir }}/templates/user-data 
+    #       {{ playbook_dir }}/templates/meta-data
+    #     creates: "{{ playbook_dir }}/vm/seed.iso"
+    # - name: create ubuntu iso seed
+    #   command:
+    #     cmd: >
+    #       genisoimage
+    #       -output {{ playbook_dir }}/vm/cidata.iso 
+    #       -V cidata -r -J
+    #       {{ playbook_dir }}/templates/user-data
+    #       {{ playbook_dir }}/templates/meta-data
+    #     creates: "{{ playbook_dir }}/vm/seed.iso"
+
+# # ???
+#     - name: create new image
+#       command:
+#         cmd: >
+#           qemu-img create
+#           -b {{ playbook_dir }}/focal-server-cloudimg-amd64.img
+#           -f qcow2
+#           -F qcow2
+#           {{ playbook_dir }}/vm/mirror.img
+#         creates: "{{ playbook_dir }}/vm/mirror.img"
+
+

    - name: create mirbr0 bridge network
      command: "virsh {{ item }}"
@ -75,6 +100,9 @@

    # does not exist yet
    # --os-variant ubuntu20.04
+
+    # --cdrom path={{ playbook_dir }}/vm/ubuntu20_04.iso
+    # --disk path={{ playbook_dir }}/vm/seed.iso,format=raw,bus=virtio
    - name: create vm
      command: >
        virt-install
@ -83,14 +111,15 @@
        --vcpus=1
        --boot uefi
        --os-type linux
-        --disk path={{ playbook_dir }}/vm/seed.qcow2,device=cdrom
-        --disk vol=mirror/mirror_root1.qcow2
-        --disk vol=mirror/mirror_root2.qcow2
-        --disk vol=mirror/mirror_disk1.qcow2
-        --disk vol=mirror/mirror_disk2.qcow2
-        --disk vol=mirror/mirror_disk3.qcow2
-        --disk vol=mirror/mirror_disk4.qcow2
-        --network bridge=mirbr0
+        --cloud-init user-data={{ playbook_dir }}/templates/user-data, meta-data={{ playbook_dir }}/templates/meta-data
+        --disk path={{ playbook_dir }}/vm/focal-server-cloudimg-amd64.img
+        --disk vol=mirror/mirror_root1.qcow2,bus=virtio
+        --disk vol=mirror/mirror_root2.qcow2,bus=virtio
+        --disk vol=mirror/mirror_disk1.qcow2,bus=virtio
+        --disk vol=mirror/mirror_disk2.qcow2,bus=virtio
+        --disk vol=mirror/mirror_disk3.qcow2,bus=virtio
+        --disk vol=mirror/mirror_disk4.qcow2,bus=virtio
+        --network bridge=mirbr0,model=virtio
        --graphics vnc,port=5911,listen=127.0.0.1
        --noautoconsole
      when: vm_exists.rc != 0
--- a/libvirt/templates/meta-data
+++ b/libvirt/templates/meta-data
--- a/roles/ftp/templates/proftpd/blacklist.dat
+++ b/roles/ftp/templates/proftpd/blacklist.dat
--- a/roles/ftp/templates/proftpd/conf.d/.gitkeep
+++ b/roles/ftp/templates/proftpd/conf.d/.gitkeep
--- a/roles/ftp/templates/proftpd/ldap.conf
+++ b/roles/ftp/templates/proftpd/ldap.conf
@ -0,0 +1,27 @@
+#
+# Proftpd sample configuration for LDAP authentication.
+#
+# (This is not to be used if you prefer a PAM-based SQL authentication)
+#
+
+<IfModule mod_ldap.c>
+#
+# This is used for ordinary LDAP connections, with or without TLS
+#
+#LDAPServer ldap://ldap.example.com
+#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
+#LDAPDoAuth on "dc=users,dc=example,dc=com"
+#
+# To be set on only for LDAP/TLS on ordinary port, for LDAP+SSL see below
+#LDAPUseTLS on
+#
+
+#
+# This is used for encrypted LDAPS connections
+#
+#LDAPServer ldaps://ldap.example.com
+#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
+#LDAPDoAuth on "dc=users,dc=example,dc=com"
+#
+</IfModule>
+
--- a/roles/ftp/templates/proftpd/modules.conf
+++ b/roles/ftp/templates/proftpd/modules.conf
@ -0,0 +1,97 @@
+#
+# This file is used to manage DSO modules and features.
+#
+
+# This is the directory where DSO modules reside
+
+ModulePath /usr/lib/proftpd
+
+# Allow only user root to load and unload modules, but allow everyone
+# to see which modules have been loaded
+
+ModuleControlsACLs insmod,rmmod allow user root
+ModuleControlsACLs lsmod allow user *
+
+LoadModule mod_ctrls_admin.c
+LoadModule mod_tls.c
+
+# Install one of proftpd-mod-mysql, proftpd-mod-pgsql or any other
+# SQL backend engine to use this module and the required backend.
+# This module must be mandatory loaded before anyone of
+# the existent SQL backeds.
+#LoadModule mod_sql.c
+
+# Install proftpd-mod-ldap to use this
+#LoadModule mod_ldap.c
+
+#
+# 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives 
+# are required to have SQL authorization working. You can also comment out the
+# unused module here, in alternative.
+#
+
+# Install proftpd-mod-mysql and decomment the previous
+# mod_sql.c module to use this.
+#LoadModule mod_sql_mysql.c
+
+# Install proftpd-mod-pgsql and decomment the previous 
+# mod_sql.c module to use this.
+#LoadModule mod_sql_postgres.c
+
+# Install proftpd-mod-sqlite and decomment the previous
+# mod_sql.c module to use this
+#LoadModule mod_sql_sqlite.c
+
+# Install proftpd-mod-odbc and decomment the previous
+# mod_sql.c module to use this
+#LoadModule mod_sql_odbc.c
+
+# Install one of the previous SQL backends and decomment 
+# the previous mod_sql.c module to use this
+#LoadModule mod_sql_passwd.c
+
+LoadModule mod_radius.c
+LoadModule mod_quotatab.c
+LoadModule mod_quotatab_file.c
+
+# Install proftpd-mod-ldap to use this
+#LoadModule mod_quotatab_ldap.c
+
+# Install one of the previous SQL backends and decomment 
+# the previous mod_sql.c module to use this
+#LoadModule mod_quotatab_sql.c
+LoadModule mod_quotatab_radius.c
+LoadModule mod_wrap.c
+LoadModule mod_rewrite.c
+LoadModule mod_load.c
+LoadModule mod_ban.c
+LoadModule mod_wrap2.c
+LoadModule mod_wrap2_file.c
+# Install one of the previous SQL backends and decomment 
+# the previous mod_sql.c module to use this
+#LoadModule mod_wrap2_sql.c
+LoadModule mod_dynmasq.c
+LoadModule mod_exec.c
+LoadModule mod_shaper.c
+LoadModule mod_ratio.c
+LoadModule mod_site_misc.c
+
+LoadModule mod_sftp.c
+LoadModule mod_sftp_pam.c
+# Install one of the previous SQL backends and decomment 
+# the previous mod_sql.c module to use this
+#LoadModule mod_sftp_sql.c
+
+LoadModule mod_facl.c
+LoadModule mod_unique_id.c
+LoadModule mod_copy.c
+LoadModule mod_deflate.c
+LoadModule mod_ifversion.c
+LoadModule mod_tls_memcache.c
+
+# Install proftpd-mod-geoip to use the GeoIP feature
+#LoadModule mod_geoip.c
+
+# keep this module the last one
+LoadModule mod_ifsession.c
+
--- a/roles/ftp/templates/proftpd/proftpd.conf
+++ b/roles/ftp/templates/proftpd/proftpd.conf
--- a/roles/ftp/templates/proftpd/sql.conf
+++ b/roles/ftp/templates/proftpd/sql.conf
@ -0,0 +1,34 @@
+#
+# Proftpd sample configuration for SQL-based authentication.
+#
+# (This is not to be used if you prefer a PAM-based SQL authentication)
+#
+
+<IfModule mod_sql.c>
+#
+# Choose a SQL backend among MySQL or PostgreSQL.
+# Both modules are loaded in default configuration, so you have to specify the backend 
+# or comment out the unused module in /etc/proftpd/modules.conf.
+# Use 'mysql' or 'postgres' as possible values.
+#
+#SQLBackend	mysql
+#
+#SQLEngine on
+#SQLAuthenticate on
+#
+# Use both a crypted or plaintext password 
+#SQLAuthTypes Crypt Plaintext
+#
+# Use a backend-crypted or a crypted password
+#SQLAuthTypes Backend Crypt 
+#
+# Connection 
+#SQLConnectInfo proftpd@sql.example.com proftpd_user proftpd_password
+#
+# Describes both users/groups tables
+#
+#SQLUserInfo users userid passwd uid gid homedir shell
+#SQLGroupInfo groups groupname gid members
+#
+</IfModule>
+
--- a/roles/ftp/templates/proftpd/tls.conf
+++ b/roles/ftp/templates/proftpd/tls.conf
@ -0,0 +1,51 @@
+#
+# Proftpd sample configuration for FTPS connections.
+#
+# Note that FTPS impose some limitations in NAT traversing.
+# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
+# for more information.
+#
+
+<IfModule mod_tls.c>
+#TLSEngine                               on
+#TLSLog                                  /var/log/proftpd/tls.log
+#TLSProtocol                             SSLv23
+#
+# Server SSL certificate. You can generate a self-signed certificate using 
+# a command like:
+#
+# openssl req -x509 -newkey rsa:1024 \
+#          -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
+#          -nodes -days 365
+#
+# The proftpd.key file must be readable by root only. The other file can be
+# readable by anyone.
+#
+# chmod 0600 /etc/ssl/private/proftpd.key 
+# chmod 0640 /etc/ssl/private/proftpd.key
+# 
+#TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
+#TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
+#
+# CA the server trusts
+#TLSCACertificateFile 			 /etc/ssl/certs/CA.pem
+# or avoid CA cert
+#TLSOptions                              NoCertRequest
+#
+# Authenticate clients that want to use FTP over TLS?
+#
+#TLSVerifyClient                         off
+#
+# Are clients required to use FTP over TLS when talking to this server?
+#
+#TLSRequired                             on
+#
+# Allow SSL/TLS renegotiations when the client requests them, but
+# do not force the renegotations.  Some clients do not support
+# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+# clients will close the data connection, or there will be a timeout
+# on an idle data connection.
+#
+#TLSRenegotiate                          required off
+</IfModule>
+
--- a/roles/ftp/templates/proftpd/virtuals.conf
+++ b/roles/ftp/templates/proftpd/virtuals.conf
@ -0,0 +1,38 @@
+#
+# Proftpd sample configuration for Virtual Hosts and Virtual Roots.
+#
+# Note that FTP protocol requires IP based virtual host, not name based.
+#
+
+# 
+# A generic sample virtual host.
+#
+#<VirtualHost ftp.server.com>
+#ServerAdmin             ftpmaster@server.com
+#ServerName              "Big FTP Archive"
+#TransferLog             /var/log/proftpd/xfer/ftp.server.com
+#MaxLoginAttempts        3
+#RequireValidShell       no
+#DefaultRoot             /srv/ftp_root
+#AllowOverwrite          yes
+#</VirtualHost>
+
+#
+# The vroot module is not required, but can be useful for shared
+# directories.
+#
+<IfModule mod_vroot.c>
+#VRootEngine on
+
+#DefaultRoot ~
+#VRootAlias upload /var/ftp/upload
+#
+#<VirtualHost a.b.c.d>
+#VRootEngine on
+#VRootServerRoot /etc/ftpd/a.b.c.d/
+#VRootOptions allowSymlinks
+#DefaultRoot ~
+#</VirtualHost>
+#
+</IfModule>
+