get proftpd configs
This commit is contained in:
parent
10a1a8a5aa
commit
c1fb658ba3
|
@ -57,7 +57,7 @@ password: ubuntu
|
|||
### Install Packages (debian)
|
||||
Install QEMU and KVM
|
||||
```
|
||||
$ apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system
|
||||
$ apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst
|
||||
```
|
||||
Install other packages for the playbook
|
||||
```
|
||||
|
@ -70,6 +70,8 @@ virt-viewer
|
|||
virt-manager
|
||||
bridge-utils
|
||||
```
|
||||
Also will need python
|
||||
|
||||
|
||||
### Install Packages (archlinux)
|
||||
**needs update**
|
||||
|
|
|
@ -29,19 +29,44 @@
|
|||
|
||||
- name: fetch ubuntu iso
|
||||
get_url:
|
||||
url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
|
||||
dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
|
||||
# url: "https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso"
|
||||
# dest: "{{ playbook_dir }}/vm/ubuntu20_04.iso"
|
||||
url: "http://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
|
||||
dest: "{{ playbook_dir }}/vm/focal-server-cloudimg-amd64.img"
|
||||
|
||||
# Installing VMs from Ready Images
|
||||
# https://www.x386.xyz/index.php/2021/01/06/kvm-on-ubuntu-server-1/
|
||||
- name: create ubuntu iso seed
|
||||
command:
|
||||
cmd: >
|
||||
cloud-localds
|
||||
--network-config {{ playbook_dir }}/templates/network
|
||||
{{ playbook_dir }}/vm/seed.qcow2
|
||||
{{ playbook_dir }}/templates/user-data
|
||||
creates: "{{ playbook_dir }}/vm/seed.qcow2"
|
||||
# --network-config {{ playbook_dir }}/templates/network
|
||||
# - name: create ubuntu iso seed
|
||||
# command:
|
||||
# cmd: >
|
||||
# cloud-localds
|
||||
# {{ playbook_dir }}/vm/seed.iso
|
||||
# {{ playbook_dir }}/templates/user-data
|
||||
# {{ playbook_dir }}/templates/meta-data
|
||||
# creates: "{{ playbook_dir }}/vm/seed.iso"
|
||||
# - name: create ubuntu iso seed
|
||||
# command:
|
||||
# cmd: >
|
||||
# genisoimage
|
||||
# -output {{ playbook_dir }}/vm/cidata.iso
|
||||
# -V cidata -r -J
|
||||
# {{ playbook_dir }}/templates/user-data
|
||||
# {{ playbook_dir }}/templates/meta-data
|
||||
# creates: "{{ playbook_dir }}/vm/seed.iso"
|
||||
|
||||
# # ???
|
||||
# - name: create new image
|
||||
# command:
|
||||
# cmd: >
|
||||
# qemu-img create
|
||||
# -b {{ playbook_dir }}/focal-server-cloudimg-amd64.img
|
||||
# -f qcow2
|
||||
# -F qcow2
|
||||
# {{ playbook_dir }}/vm/mirror.img
|
||||
# creates: "{{ playbook_dir }}/vm/mirror.img"
|
||||
|
||||
|
||||
|
||||
- name: create mirbr0 bridge network
|
||||
command: "virsh {{ item }}"
|
||||
|
@ -75,6 +100,9 @@
|
|||
|
||||
# does not exist yet
|
||||
# --os-variant ubuntu20.04
|
||||
|
||||
# --cdrom path={{ playbook_dir }}/vm/ubuntu20_04.iso
|
||||
# --disk path={{ playbook_dir }}/vm/seed.iso,format=raw,bus=virtio
|
||||
- name: create vm
|
||||
command: >
|
||||
virt-install
|
||||
|
@ -83,14 +111,15 @@
|
|||
--vcpus=1
|
||||
--boot uefi
|
||||
--os-type linux
|
||||
--disk path={{ playbook_dir }}/vm/seed.qcow2,device=cdrom
|
||||
--disk vol=mirror/mirror_root1.qcow2
|
||||
--disk vol=mirror/mirror_root2.qcow2
|
||||
--disk vol=mirror/mirror_disk1.qcow2
|
||||
--disk vol=mirror/mirror_disk2.qcow2
|
||||
--disk vol=mirror/mirror_disk3.qcow2
|
||||
--disk vol=mirror/mirror_disk4.qcow2
|
||||
--network bridge=mirbr0
|
||||
--cloud-init user-data={{ playbook_dir }}/templates/user-data, meta-data={{ playbook_dir }}/templates/meta-data
|
||||
--disk path={{ playbook_dir }}/vm/focal-server-cloudimg-amd64.img
|
||||
--disk vol=mirror/mirror_root1.qcow2,bus=virtio
|
||||
--disk vol=mirror/mirror_root2.qcow2,bus=virtio
|
||||
--disk vol=mirror/mirror_disk1.qcow2,bus=virtio
|
||||
--disk vol=mirror/mirror_disk2.qcow2,bus=virtio
|
||||
--disk vol=mirror/mirror_disk3.qcow2,bus=virtio
|
||||
--disk vol=mirror/mirror_disk4.qcow2,bus=virtio
|
||||
--network bridge=mirbr0,model=virtio
|
||||
--graphics vnc,port=5911,listen=127.0.0.1
|
||||
--noautoconsole
|
||||
when: vm_exists.rc != 0
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,27 @@
|
|||
#
|
||||
# Proftpd sample configuration for LDAP authentication.
|
||||
#
|
||||
# (This is not to be used if you prefer a PAM-based SQL authentication)
|
||||
#
|
||||
|
||||
<IfModule mod_ldap.c>
|
||||
#
|
||||
# This is used for ordinary LDAP connections, with or without TLS
|
||||
#
|
||||
#LDAPServer ldap://ldap.example.com
|
||||
#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
|
||||
#LDAPDoAuth on "dc=users,dc=example,dc=com"
|
||||
#
|
||||
# To be set on only for LDAP/TLS on ordinary port, for LDAP+SSL see below
|
||||
#LDAPUseTLS on
|
||||
#
|
||||
|
||||
#
|
||||
# This is used for encrypted LDAPS connections
|
||||
#
|
||||
#LDAPServer ldaps://ldap.example.com
|
||||
#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
|
||||
#LDAPDoAuth on "dc=users,dc=example,dc=com"
|
||||
#
|
||||
</IfModule>
|
||||
|
|
@ -0,0 +1,97 @@
|
|||
#
|
||||
# This file is used to manage DSO modules and features.
|
||||
#
|
||||
|
||||
# This is the directory where DSO modules reside
|
||||
|
||||
ModulePath /usr/lib/proftpd
|
||||
|
||||
# Allow only user root to load and unload modules, but allow everyone
|
||||
# to see which modules have been loaded
|
||||
|
||||
ModuleControlsACLs insmod,rmmod allow user root
|
||||
ModuleControlsACLs lsmod allow user *
|
||||
|
||||
LoadModule mod_ctrls_admin.c
|
||||
LoadModule mod_tls.c
|
||||
|
||||
# Install one of proftpd-mod-mysql, proftpd-mod-pgsql or any other
|
||||
# SQL backend engine to use this module and the required backend.
|
||||
# This module must be mandatory loaded before anyone of
|
||||
# the existent SQL backeds.
|
||||
#LoadModule mod_sql.c
|
||||
|
||||
# Install proftpd-mod-ldap to use this
|
||||
#LoadModule mod_ldap.c
|
||||
|
||||
#
|
||||
# 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives
|
||||
# are required to have SQL authorization working. You can also comment out the
|
||||
# unused module here, in alternative.
|
||||
#
|
||||
|
||||
# Install proftpd-mod-mysql and decomment the previous
|
||||
# mod_sql.c module to use this.
|
||||
#LoadModule mod_sql_mysql.c
|
||||
|
||||
# Install proftpd-mod-pgsql and decomment the previous
|
||||
# mod_sql.c module to use this.
|
||||
#LoadModule mod_sql_postgres.c
|
||||
|
||||
# Install proftpd-mod-sqlite and decomment the previous
|
||||
# mod_sql.c module to use this
|
||||
#LoadModule mod_sql_sqlite.c
|
||||
|
||||
# Install proftpd-mod-odbc and decomment the previous
|
||||
# mod_sql.c module to use this
|
||||
#LoadModule mod_sql_odbc.c
|
||||
|
||||
# Install one of the previous SQL backends and decomment
|
||||
# the previous mod_sql.c module to use this
|
||||
#LoadModule mod_sql_passwd.c
|
||||
|
||||
LoadModule mod_radius.c
|
||||
LoadModule mod_quotatab.c
|
||||
LoadModule mod_quotatab_file.c
|
||||
|
||||
# Install proftpd-mod-ldap to use this
|
||||
#LoadModule mod_quotatab_ldap.c
|
||||
|
||||
# Install one of the previous SQL backends and decomment
|
||||
# the previous mod_sql.c module to use this
|
||||
#LoadModule mod_quotatab_sql.c
|
||||
LoadModule mod_quotatab_radius.c
|
||||
LoadModule mod_wrap.c
|
||||
LoadModule mod_rewrite.c
|
||||
LoadModule mod_load.c
|
||||
LoadModule mod_ban.c
|
||||
LoadModule mod_wrap2.c
|
||||
LoadModule mod_wrap2_file.c
|
||||
# Install one of the previous SQL backends and decomment
|
||||
# the previous mod_sql.c module to use this
|
||||
#LoadModule mod_wrap2_sql.c
|
||||
LoadModule mod_dynmasq.c
|
||||
LoadModule mod_exec.c
|
||||
LoadModule mod_shaper.c
|
||||
LoadModule mod_ratio.c
|
||||
LoadModule mod_site_misc.c
|
||||
|
||||
LoadModule mod_sftp.c
|
||||
LoadModule mod_sftp_pam.c
|
||||
# Install one of the previous SQL backends and decomment
|
||||
# the previous mod_sql.c module to use this
|
||||
#LoadModule mod_sftp_sql.c
|
||||
|
||||
LoadModule mod_facl.c
|
||||
LoadModule mod_unique_id.c
|
||||
LoadModule mod_copy.c
|
||||
LoadModule mod_deflate.c
|
||||
LoadModule mod_ifversion.c
|
||||
LoadModule mod_tls_memcache.c
|
||||
|
||||
# Install proftpd-mod-geoip to use the GeoIP feature
|
||||
#LoadModule mod_geoip.c
|
||||
|
||||
# keep this module the last one
|
||||
LoadModule mod_ifsession.c
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
#
|
||||
# Proftpd sample configuration for SQL-based authentication.
|
||||
#
|
||||
# (This is not to be used if you prefer a PAM-based SQL authentication)
|
||||
#
|
||||
|
||||
<IfModule mod_sql.c>
|
||||
#
|
||||
# Choose a SQL backend among MySQL or PostgreSQL.
|
||||
# Both modules are loaded in default configuration, so you have to specify the backend
|
||||
# or comment out the unused module in /etc/proftpd/modules.conf.
|
||||
# Use 'mysql' or 'postgres' as possible values.
|
||||
#
|
||||
#SQLBackend mysql
|
||||
#
|
||||
#SQLEngine on
|
||||
#SQLAuthenticate on
|
||||
#
|
||||
# Use both a crypted or plaintext password
|
||||
#SQLAuthTypes Crypt Plaintext
|
||||
#
|
||||
# Use a backend-crypted or a crypted password
|
||||
#SQLAuthTypes Backend Crypt
|
||||
#
|
||||
# Connection
|
||||
#SQLConnectInfo proftpd@sql.example.com proftpd_user proftpd_password
|
||||
#
|
||||
# Describes both users/groups tables
|
||||
#
|
||||
#SQLUserInfo users userid passwd uid gid homedir shell
|
||||
#SQLGroupInfo groups groupname gid members
|
||||
#
|
||||
</IfModule>
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
#
|
||||
# Proftpd sample configuration for FTPS connections.
|
||||
#
|
||||
# Note that FTPS impose some limitations in NAT traversing.
|
||||
# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
|
||||
# for more information.
|
||||
#
|
||||
|
||||
<IfModule mod_tls.c>
|
||||
#TLSEngine on
|
||||
#TLSLog /var/log/proftpd/tls.log
|
||||
#TLSProtocol SSLv23
|
||||
#
|
||||
# Server SSL certificate. You can generate a self-signed certificate using
|
||||
# a command like:
|
||||
#
|
||||
# openssl req -x509 -newkey rsa:1024 \
|
||||
# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
|
||||
# -nodes -days 365
|
||||
#
|
||||
# The proftpd.key file must be readable by root only. The other file can be
|
||||
# readable by anyone.
|
||||
#
|
||||
# chmod 0600 /etc/ssl/private/proftpd.key
|
||||
# chmod 0640 /etc/ssl/private/proftpd.key
|
||||
#
|
||||
#TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
|
||||
#TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
|
||||
#
|
||||
# CA the server trusts
|
||||
#TLSCACertificateFile /etc/ssl/certs/CA.pem
|
||||
# or avoid CA cert
|
||||
#TLSOptions NoCertRequest
|
||||
#
|
||||
# Authenticate clients that want to use FTP over TLS?
|
||||
#
|
||||
#TLSVerifyClient off
|
||||
#
|
||||
# Are clients required to use FTP over TLS when talking to this server?
|
||||
#
|
||||
#TLSRequired on
|
||||
#
|
||||
# Allow SSL/TLS renegotiations when the client requests them, but
|
||||
# do not force the renegotations. Some clients do not support
|
||||
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
|
||||
# clients will close the data connection, or there will be a timeout
|
||||
# on an idle data connection.
|
||||
#
|
||||
#TLSRenegotiate required off
|
||||
</IfModule>
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
#
|
||||
# Proftpd sample configuration for Virtual Hosts and Virtual Roots.
|
||||
#
|
||||
# Note that FTP protocol requires IP based virtual host, not name based.
|
||||
#
|
||||
|
||||
#
|
||||
# A generic sample virtual host.
|
||||
#
|
||||
#<VirtualHost ftp.server.com>
|
||||
#ServerAdmin ftpmaster@server.com
|
||||
#ServerName "Big FTP Archive"
|
||||
#TransferLog /var/log/proftpd/xfer/ftp.server.com
|
||||
#MaxLoginAttempts 3
|
||||
#RequireValidShell no
|
||||
#DefaultRoot /srv/ftp_root
|
||||
#AllowOverwrite yes
|
||||
#</VirtualHost>
|
||||
|
||||
#
|
||||
# The vroot module is not required, but can be useful for shared
|
||||
# directories.
|
||||
#
|
||||
<IfModule mod_vroot.c>
|
||||
#VRootEngine on
|
||||
|
||||
#DefaultRoot ~
|
||||
#VRootAlias upload /var/ftp/upload
|
||||
#
|
||||
#<VirtualHost a.b.c.d>
|
||||
#VRootEngine on
|
||||
#VRootServerRoot /etc/ftpd/a.b.c.d/
|
||||
#VRootOptions allowSymlinks
|
||||
#DefaultRoot ~
|
||||
#</VirtualHost>
|
||||
#
|
||||
</IfModule>
|
||||
|
Loading…
Reference in New Issue