bookworm/lmn-desktop.yml

## This playbook deploys a KDE desktop machine for LinuxMuster.
---
- name: apply configuration to the machines
  hosts: all
  remote_user: ansible
  become: yes
  pre_tasks:
    - pause:
        prompt: "Enter global-admin active directory password, leave empty to skip domain join"
        minutes: 5
        echo: false
      register: adpw
      no_log: true
      when: "ansible_cmdline.adpw is not defined"
    - name: Preseed apparmor
      debconf:
        name: apparmor
        question: apparmor/homedirs
        value: >-
          /srv/samba/schools/default-school/teachers/
          /srv/samba/schools/default-school/students/*/
        vtype: string
    - name: Preseed unattended-upgrades
      debconf:
        name: unattended-upgrades
        question: unattended-upgrades/enable_auto_updates
        value: True
        vtype: boolean
  
  vars_files:
    - vars-qgsoftware.yml

  vars:
    domain: "{{ ansible_domain }}"
    kerberize_uris: qgm.lan
    realm: QGM.LAN
    serverhostname: server
    smb_server: server
    apt_conf: Acquire::http::Proxy "http://netboot.qgm.lan:3142/";
    ntp_serv: server.qgm.lan
    proxy: http://firewall.qgm.lan:3128
    no_proxy: firewall.qgm.lan, server.qgm.lan, qgm.lan

    ## PAM mount nextcloud, remove or leave empty to skip:
    web_dav: https://wolke.qg-moessingen.de/remote.php/dav/files/%(USER)

    ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
    mirror_msfonts: http://netboot.qgm.lan/mscorefonts/
    
    # Linbo Passwort
    rsyncsecret: Muster!
    ## Use grub-mkpasswd-pbkdf2: to calculate the password hash, this hash is for "geheim":
    grub_pwd: 'grub.pbkdf2.sha512.10000.775CB8C7FDA6892B684049EC0257245BA886719264ED9CDB3A7543B3562CC71BA70DB31F3550586D1F41642B13AEF61857FE009AF891D0854A8383251C55119D.30056755AF00EA171069E591D3CA18A592C8C5DEC7E0DEE957AC23A51F58CC5E05231AC49674EC19F2BACAD7D510DF58A157840596F0247054C7FD42C5D43BE7'
    nfs4: false
    extra_pkgs:
      - vim
      - mc
      - tmux
      - console-setup
      - krb5-user
      - unattended-upgrades
      - debconf-utils
      - ctorrent
    extra_pkgs_bpo: [] # [ linux-image-amd64 ]

  roles:
    - lmn_network
    - up2date_debian
    - lmn_sssd
    - lmn_mount
    - lmn_kde
    - lmn_qgm
    - lmn_qgsddm
    - lmn_printer
    #- kerberize


  tasks:
    - name: Fix unattended-upgrades
      ansible.builtin.copy:
        dest: /etc/apt/apt.conf.d/20auto-upgrades
        content: |
          APT::Periodic::Update-Package-Lists "1";
          APT::Periodic::Unattended-Upgrade "0";

    - name: Fix mount point permissions and owner
      file:
        path: "{{ item }}"
        mode: '0755'
        owner: root
        group: root
      loop:
        - /srv/samba
        - /srv/samba/schools
        - /srv/samba/schools/default-school

    - name: Disable Grub submenus
      lineinfile:
        dest: /etc/default/grub
        line: 'GRUB_DISABLE_SUBMENU=true'
        insertafter: '^GRUB_TIMEOUT=.*'
      notify: Run update-grub


    - name: Check for the buggy kernel
      stat:
        path: /boot/vmlinuz-6.1.0-17-amd64
      register: bug

    - name: Check for the fixed kernel
      stat:
        path: /boot/vmlinuz-6.1.0-18-amd64
      register: fix

    - name: Work around kernel with CIFS regression
      block:
        - name: Make sure kernel package -16 is available
          ansible.builtin.apt:
            name: linux-image-6.1.0-16-amd64
            state: present
        - name: Set 6.1.0-16 as default kernel in grub
          lineinfile:
            dest: /etc/default/grub
            regexp: '^(GRUB_DEFAULT=).*'
            line: '\g<1>"Debian GNU/Linux, with Linux 6.1.0-16-amd64"'
            backrefs: yes
          notify: Run update-grub
      when: bug.stat.exists and not fix.stat.exists

    - name: Set latest kernel in grub if bug is fixed
      lineinfile:
        dest: /etc/default/grub
        regexp: '^(GRUB_DEFAULT=).*'
        line: '\g<1>0'
        backrefs: yes
      when: fix.stat.exists or not bug.stat.exists
      notify: Run update-grub

    - name: Remove "unattended-upgrades" package
      ansible.builtin.apt:
        name: unattended-upgrades
        state: absent
        purge: True

    - name: Fix stuttering sound on HDMI 
      lineinfile:
        dest: /etc/default/grub
        regexp: '^(GRUB_CMDLINE_LINUX=).*'
        line: '\g<1>"intel_iommu=on,igfx_off"'
        backrefs: yes
      when: "'lt-' in inventory_hostname"
      notify: Run update-grub
Client install roles added 2023-09-05 15:49:28 +02:00			`## This playbook deploys a KDE desktop machine for LinuxMuster.`
			`---`
			`- name: apply configuration to the machines`
			`hosts: all`
			`remote_user: ansible`
			`become: yes`
			`pre_tasks:`
			`- pause:`
			`prompt: "Enter global-admin active directory password, leave empty to skip domain join"`
Test mit geänderten Variablen 2023-09-05 17:02:39 +02:00			`minutes: 5`
			`echo: false`
Client install roles added 2023-09-05 15:49:28 +02:00			`register: adpw`
			`no_log: true`
			`when: "ansible_cmdline.adpw is not defined"`
Änderungen Autoupdate für Desktop 2023-11-14 10:07:36 +01:00			`- name: Preseed apparmor`
Client install roles added 2023-09-05 15:49:28 +02:00			`debconf:`
			`name: apparmor`
			`question: apparmor/homedirs`
			`value: >-`
			`/srv/samba/schools/default-school/teachers/`
			`/srv/samba/schools/default-school/students/*/`
			`vtype: string`
Änderungen Autoupdate für Desktop 2023-11-14 10:07:36 +01:00			`- name: Preseed unattended-upgrades`
			`debconf:`
			`name: unattended-upgrades`
			`question: unattended-upgrades/enable_auto_updates`
			`value: True`
			`vtype: boolean`
SW Download als role, kernel Bug 2024-02-03 16:42:19 +01:00
			`vars_files:`
			`- vars-qgsoftware.yml`
Client install roles added 2023-09-05 15:49:28 +02:00
			`vars:`
Test mit geänderten Variablen 2023-09-05 17:02:39 +02:00			`domain: "{{ ansible_domain }}"`
Client install roles added 2023-09-05 15:49:28 +02:00			`kerberize_uris: qgm.lan`
Drucker 2023-09-06 16:45:33 +02:00			`realm: QGM.LAN`
			`serverhostname: server`
			`smb_server: server`
Test mit geänderten Variablen 2023-09-05 17:02:39 +02:00			`apt_conf: Acquire::http::Proxy "http://netboot.qgm.lan:3142/";`
			`ntp_serv: server.qgm.lan`
			`proxy: http://firewall.qgm.lan:3128`
			`no_proxy: firewall.qgm.lan, server.qgm.lan, qgm.lan`

			`## PAM mount nextcloud, remove or leave empty to skip:`
			`web_dav: https://wolke.qg-moessingen.de/remote.php/dav/files/%(USER)`

			`## Local mirror for mscorefonts. Remove or leave empty to use no mirror:`
			`mirror_msfonts: http://netboot.qgm.lan/mscorefonts/`
SDDM Theme, KDE Lock, BlueJ, Greenfoot 2023-09-06 14:43:55 +02:00
Test mit geänderten Variablen 2023-09-05 17:02:39 +02:00			`# Linbo Passwort`
Client install roles added 2023-09-05 15:49:28 +02:00			`rsyncsecret: Muster!`
Test mit geänderten Variablen 2023-09-05 17:02:39 +02:00			`## Use grub-mkpasswd-pbkdf2: to calculate the password hash, this hash is for "geheim":`
			`grub_pwd: 'grub.pbkdf2.sha512.10000.775CB8C7FDA6892B684049EC0257245BA886719264ED9CDB3A7543B3562CC71BA70DB31F3550586D1F41642B13AEF61857FE009AF891D0854A8383251C55119D.30056755AF00EA171069E591D3CA18A592C8C5DEC7E0DEE957AC23A51F58CC5E05231AC49674EC19F2BACAD7D510DF58A157840596F0247054C7FD42C5D43BE7'`
Client install roles added 2023-09-05 15:49:28 +02:00			`nfs4: false`
			`extra_pkgs:`
			`- vim`
			`- mc`
			`- tmux`
			`- console-setup`
			`- krb5-user`
			`- unattended-upgrades`
			`- debconf-utils`
			`- ctorrent`
			`extra_pkgs_bpo: [] # [ linux-image-amd64 ]`

			`roles:`
			`- lmn_network`
			`- up2date_debian`
			`- lmn_sssd`
			`- lmn_mount`
KDE full config 2023-09-05 17:24:54 +02:00			`- lmn_kde`
Rolle vergessen... 2023-09-06 14:52:20 +02:00			`- lmn_qgm`
Installationsplaybooks angepasst 2023-09-20 16:31:21 +02:00			`- lmn_qgsddm`
Drucker 2023-09-06 16:45:33 +02:00			`- lmn_printer`
Client install roles added 2023-09-05 15:49:28 +02:00			`#- kerberize`
Änderungen Autoupdate für Desktop 2023-11-14 10:07:36 +01:00

			`tasks:`
			`- name: Fix unattended-upgrades`
			`ansible.builtin.copy:`
			`dest: /etc/apt/apt.conf.d/20auto-upgrades`
			`content: \|`
			`APT::Periodic::Update-Package-Lists "1";`
SW Download als role, kernel Bug 2024-02-03 16:42:19 +01:00			`APT::Periodic::Unattended-Upgrade "0";`
Änderungen Autoupdate für Desktop 2023-11-14 10:07:36 +01:00
			`- name: Fix mount point permissions and owner`
			`file:`
			`path: "{{ item }}"`
			`mode: '0755'`
			`owner: root`
			`group: root`
			`loop:`
			`- /srv/samba`
			`- /srv/samba/schools`
			`- /srv/samba/schools/default-school`
SW Download als role, kernel Bug 2024-02-03 16:42:19 +01:00
			`- name: Disable Grub submenus`
			`lineinfile:`
			`dest: /etc/default/grub`
			`line: 'GRUB_DISABLE_SUBMENU=true'`
			`insertafter: '^GRUB_TIMEOUT=.*'`
			`notify: Run update-grub`


			`- name: Check for the buggy kernel`
			`stat:`
			`path: /boot/vmlinuz-6.1.0-17-amd64`
			`register: bug`

			`- name: Check for the fixed kernel`
			`stat:`
			`path: /boot/vmlinuz-6.1.0-18-amd64`
			`register: fix`

			`- name: Work around kernel with CIFS regression`
			`block:`
			`- name: Make sure kernel package -16 is available`
			`ansible.builtin.apt:`
			`name: linux-image-6.1.0-16-amd64`
			`state: present`
			`- name: Set 6.1.0-16 as default kernel in grub`
			`lineinfile:`
			`dest: /etc/default/grub`
			`regexp: '^(GRUB_DEFAULT=).*'`
			`line: '\g<1>"Debian GNU/Linux, with Linux 6.1.0-16-amd64"'`
			`backrefs: yes`
			`notify: Run update-grub`
			`when: bug.stat.exists and not fix.stat.exists`

			`- name: Set latest kernel in grub if bug is fixed`
			`lineinfile:`
			`dest: /etc/default/grub`
			`regexp: '^(GRUB_DEFAULT=).*'`
			`line: '\g<1>0'`
			`backrefs: yes`
			`when: fix.stat.exists or not bug.stat.exists`
			`notify: Run update-grub`

			`- name: Remove "unattended-upgrades" package`
			`ansible.builtin.apt:`
			`name: unattended-upgrades`
			`state: absent`
			`purge: True`

			`- name: Fix stuttering sound on HDMI`
			`lineinfile:`
			`dest: /etc/default/grub`
			`regexp: '^(GRUB_CMDLINE_LINUX=).*'`
			`line: '\g<1>"intel_iommu=on,igfx_off"'`
			`backrefs: yes`
			`when: "'lt-' in inventory_hostname"`
			`notify: Run update-grub`