Add php-fpm, pureftpd and next role

geekoops/config.toml

@@ -25,4 +25,5 @@ disablePathToLower = true
   geekdocRepo = "https://github.com/GeekOops/doc"
   geekdocSearch = true
   geekdocSearchShowParent = true
-  geekdocImageLazyLoading = true
+  geekdocAnchor = true
+  geekdocAnchorCopy = true

geekoops/content/posts/20210326-next/index.md

@@ -0,0 +1,35 @@
+---
+title: "Ansible NEXT server"
+author: "phoenix"
+date: 2021-03-26T09:54:20+01:00
+---
+The [geekoops-next](https://github.com/GeekOops/geekoops-next) ansible role makes it easy to setup your own PXE boot server. It configures `dnsmasq` to run a DHCP and TFTP server, from which your PXE clients can boot from. You can turn the DNS functionality of `dnsmasq` off, so that it is possible to run this PXE server next to another DNS server on the same host.
+
+This role also extracts a minimum `syslinux` installation into your tftp directory. So, after deploying this role, your clients should be able to boot from this PXE server, but it appears empty.
+
+![Boot sequence demo](/img/boot-sequence.gif)
+
+Currently this role only supports legacy boot.
+
+## Example
+
+The following playbook installs this PXE boot server on `jellyfish`. However we want to use another dhcp server for handing out the leases, so that we configure `dnsmasq` to act as proxy. This is useful if you want to run your PXE server alongside another DHCP server, like for example in a network configuration where your Fritzbox takes care of the DHCP. Our example is in a `libvirt` environment, so we let the default `libvirt` DHCP server (192.168.122.1) handle dhcp:
+
+    - hosts: jellyfish
+      roles:
+         - role: geekoops-next
+           vars:
+             config_firewall: true
+             firewall_zone: "public"
+             dhcp_range: "192.168.122.1,proxy,255.255.255.0"
+             prompt: "My awesome network boot server"
+
+### Testing
+
+If `jellyfish` runs as virtual machine in your default `libvirt` domain, you can now create a new virtual machine that boots from the network.
+
+![Virt-manager demo](/img/configure-client.gif)
+
+In `virt-manager`, create a new Virtual machine, with "Manual Boot". Use any Linux system, even "Generic OS" just works fine. We don't need a disk for booting, so that one can be deselected. Now, if you boot the machine, you will see the boot menu from the PXE server
+
+![Boot screen](/img/BootScreen.png)

geekoops/content/posts/20210326-php-fpm/index.md

@@ -1,5 +1,5 @@
 ---
-title: "Php-fpm"
+title: "Ansible php-fpm"
 author: "phoenix"
 date: 2021-03-26T09:42:03+01:00
 ---

geekoops/content/posts/20210326-pureftpd.md

@@ -0,0 +1,49 @@
+---
+title: "Ansible PureFTPd"
+author: "phoenix"
+date: 2021-03-26T09:49:33+01:00
+---
+The [geekoops-pureftpd role](https://github.com/GeekOops/geekoops-pureftpd) is a configurable ansible role for setting up a `PureFTPd` ftp server. I choose `PureFTPd` because it appears to be more secure than `ProFTPd`. In comparison to `vsftp`, one server program can run both IPv4 and IPv6.
+
+This role works on openSUSE Leap.
+
+## Role Variables
+
+`PureFTPd` is a highly configurable ansible role. See the following list of possible variables, but you probably don't need much of them.
+
+| Value | Description | Default |
+|-------|-------------|---------|
+| `config_firewall` | Apply firewall rules | `false` |
+| `firewall_zone` | Firewall zone where ftp will be allowed | public |
+| `MaxClientsNumber` | Maximum number of anonymous clients | 10 |
+| `MaxClientsPerIP` | Maximum clients per IP address | 3 |
+| `AnonymousOnly` | Forbid user login | yes |
+| `NoAnonymous` | Disallow anonymous | no |
+| `PAMAuthentication` | Allow PAM authentication | no |
+| `MaxIdleTime` | Maximum idle time in minutes before disconnecting | 5 |
+| `MaxLoad` | Disallow anonymous download if system load is above this value | 4 |
+| `PassivePortMin` | Passive port range - lower bound | 30000 |
+| `PassivePortMax` | Passive port range - upper bound | 30100 |
+| `ForcePassiveIP` | Use this IP for passive mode, useful if `PureFTPd` is behind a NAT | `""` (disabled) |
+| `Bind` | Bind address and port (e.g. `127.0.0.1,21`) | `""` (disabled) | 
+| `Bandwidth` | Max bandwidth for all users in KB/s | `""` (disabled) | 
+| `TrustedIP` | Allow login only from this IP | `""` (disabled) | 
+| `MaxUserSessions` | Maximum number of open session per user | 3 |
+| `MaxAnonSessions` | Maximum number of open anonymous sessions | 20 |
+| `IPV4Only` | Bind to IPv4 only. By default we bind to IPv4 and IPv6 | no |
+| `IPV6Only` | Bind to IPv6 only. By default we bind to IPv4 and IPv6 | no |
+
+# Example
+
+With this example playbook we setup a `PureFTPd` server that allows only anonymous access. Because we have only some resources, we allow up to 100 session in parallel.
+
+        - hosts: jellyfish
+          user: root
+          roles:
+             - role: geekoops-pureftp
+               vars:
+                 config_firewall: true
+                 AnonymousOnly: yes
+                 PassivePortMin: 30000
+                 PassivePortMax: 31000
+                 MaxAnonSessions: 100