playbooks/bookworm
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added Playbook for Schuelerlaptops for testing

Browse source
This commit is contained in:
Frank Schiebel 2023-09-13 16:14:09 +02:00
parent de3ba99106
commit 6ee40cdec0
9 changed files with 301 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

12
create_inventory.yml
View file

@ -1,3 +1,9 @@
---
# Dieses Playbook holt die devices.csv vom Schulserver
# und baut daraus ein ansible inventory
# Damit das geht, muss der ansible Benutzer des netboot-Servers
# die devices.csv per scp vom Server holen können
# - Frank Schiebel, 09/2023
- hosts: localhost
gather_facts: false
become: false
@ -6,10 +12,9 @@
ini_hosts: |
{% for group in csv_hosts %}
[{{ group.0 }}]
{% for host in group.1|map(attribute='1') %}
{{ host }}
{% for line in group.1 %}
{{ line[1] }} mac={{ line[3] }} ip={{ line[4] }} type={{ line[8] }} pxe={{ line[10] }}
{% endfor %}
{% endfor %}
tasks:
- shell: scp linuxadmin@server:/etc/linuxmuster/sophomorix/default-school/devices.csv .
@ -18,4 +23,3 @@
- copy:
dest: devices.ini
content: "{{ ini_hosts }}"

69
lmn-qglaptop.yml Normal file
View file

@ -0,0 +1,69 @@
## This playbook deploys a KDE desktop machine for LinuxMuster.
---
- name: apply configuration to the machines
hosts: all
remote_user: ansible
become: yes
pre_tasks:
- pause:
prompt: "Enter global-admin active directory password, leave empty to skip domain join"
minutes: 5
echo: false
register: adpw
no_log: true
when: "ansible_cmdline.adpw is not defined"
- name: preseed apparmor
debconf:
name: apparmor
question: apparmor/homedirs
value: >-
/srv/samba/schools/default-school/teachers/
/srv/samba/schools/default-school/students/*/
vtype: string
vars:
domain: "{{ ansible_domain }}"
kerberize_uris: qgm.lan
realm: QGM.LAN
serverhostname: server
smb_server: server
apt_conf: Acquire::http::Proxy "http://netboot.qgm.lan:3142/";
ntp_serv: server.qgm.lan
proxy: http://firewall.qgm.lan:3128
no_proxy: firewall.qgm.lan, server.qgm.lan, qgm.lan
## PAM mount nextcloud, remove or leave empty to skip:
web_dav: https://wolke.qg-moessingen.de/remote.php/dav/files/%(USER)
## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
mirror_msfonts: http://netboot.qgm.lan/mscorefonts/
## Local Mirror for Greenfoot and BlueJ. Leave empty to skip installation of bluej and greenfoot
mirror_javadev: http://netboot.qgm.lan/javadev/
# Linbo Passwort
rsyncsecret: Muster!
## Use grub-mkpasswd-pbkdf2: to calculate the password hash, this hash is for "geheim":
grub_pwd: 'grub.pbkdf2.sha512.10000.775CB8C7FDA6892B684049EC0257245BA886719264ED9CDB3A7543B3562CC71BA70DB31F3550586D1F41642B13AEF61857FE009AF891D0854A8383251C55119D.30056755AF00EA171069E591D3CA18A592C8C5DEC7E0DEE957AC23A51F58CC5E05231AC49674EC19F2BACAD7D510DF58A157840596F0247054C7FD42C5D43BE7'
nfs4: false
extra_pkgs:
- vim
- mc
- tmux
- console-setup
- krb5-user
- unattended-upgrades
- debconf-utils
- ctorrent
extra_pkgs_bpo: [] # [ linux-image-amd64 ]
roles:
#- lmn_network
- up2date_debian
#- lmn_sssd
#- lmn_mount
- lmn_kde
- lmn_qgm
#- lmn_printer
#- kerberize

14
qgm_create_bgimages.sh Executable file
View file

@ -0,0 +1,14 @@
#!/bin/bash
if [ "x$1" == x ]; then
echo "Das erste Argument muss das neue Hintergrundbild sein"
exit 1
fi
if [ ! -f $1 ]; then
echo "Die Datei \"$1\" existiert nicht."
exit 1
fi
convert $1 -colorspace Gray ./roles/lmn_qgm/files/qgm_background.jpg
convert $1 -quality 77 ./roles/lmn_qgm/files/qgm_background_wallpaper.jpg

3
roles/lmn_qgm/files/52-arduino.rules Normal file
View file

@ -0,0 +1,3 @@
SUBSYSTEMS=="usb",KERNEL=="ttyACM*",ATTRS{idVendor}=="16c0",ATTRS{idProduct}=="0483",GROUP="dialout",MODE="0666"
SUBSYSTEMS=="usb",KERNEL=="ttyACM*",ATTRS{idVendor}=="2341",ATTRS{idProduct}=="0043",GROUP="dialout",MODE="0666"
SUBSYSTEMS=="usb",KERNEL=="ttyUSB*",ATTRS{idVendor}=="1a86",ATTRS{idProduct}=="7523",GROUP="dialout",MODE="0666"

70
roles/lmn_qgm/files/firefox_policies.json Normal file
View file

@ -0,0 +1,70 @@
{
"policies": {
"Proxy": {
"Mode": "system"
},
"OverrideFirstRunPage": "https://www.qg-moessingen.de",
"Homepage": {
"URL": "https://www.debian.org",
"Locked": false,
"StartPage": "previous-session"
},
"DisplayBookmarksToolbar": true,
"ManagedBookmarks": [
{
"toplevel_name": "QG Mössingen"
},
{
"url": "https://server.qgm.lan",
"name": "Passwort ändern"
},
{
"url": "https://wolke.qg-moessingen.de",
"name": "QG-Wolke"
},
{
"url": "https://moodle.qg-moessingen.de",
"name": "QG-Moodle"
},
{
"name": "Debian",
"children": [
{
"url": "https://www.debian.org",
"name": "Debian Homepage"
},
{
"url": "https://wiki.debian.org",
"name": "Debian Wiki"
},
{
"name": "Debian LAN/Live",
"children": [
{
"url": "https://salsa.debian.org/andi/debian-lan-ansible",
"name": "Debian LAN Ansible"
},
{
"url": "https://wiki.debian.org/DebianLive",
"name": "Debian Live"
}
]
}
]
}
],
"SearchEngines": {
"Add": [
{
"Name": "Startpage",
"URLTemplate": "https://www.startpage.com/sp/search?query={searchTerms}",
"Method": "GET",
"IconURL": "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico",
"Alias": "sp",
"Description": "Startpage Search Engine"
}
],
"Default": "Startpage"
}
}
}

2
roles/lmn_qgm/files/qgm-login.sh
View file

@ -1,2 +1,2 @@
[[ "${UID}" -lt 10000 ]] && return
kwriteconfig5 --file "$HOME/.config/plasma-org.kde.plasma.desktop-appletsrc" --group 'Containments' --group '1' --group 'Wallpaper' --group 'org.kde.image' --group 'General' --key 'Image' "/usr/local/share/qgm/qgm_background.jpg" || return
kwriteconfig5 --file "$HOME/.config/plasma-org.kde.plasma.desktop-appletsrc" --group 'Containments' --group '1' --group 'Wallpaper' --group 'org.kde.image' --group 'General' --key 'Image' "/usr/local/share/qgm/qgm_background_wallpaper.jpg" || return

BIN
roles/lmn_qgm/files/qgm_background.jpg
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 418 KiB

After

Width:  |  Height:  |  Size: 761 KiB

Before After
Before After

BIN
roles/lmn_qgm/files/qgm_background_wallpaper.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 498 KiB

152
roles/lmn_qgm/tasks/main.yml
View file

@ -1,4 +1,7 @@
---
#########
# Management: Ansible User benötigt auf den Clients kein
# Passwort für sudo
- name: Enable passwordless sudo access for user ansible
lineinfile:
path: /etc/sudoers
@ -7,6 +10,8 @@
line: 'ansible ALL=(ALL) NOPASSWD: ALL'
validate: '/usr/sbin/visudo -cf %s'
#########
# Paketvorkonfigurationen
- name: Preseed ttf-mscorefonts-installer
ansible.builtin.debconf:
name: ttf-mscorefonts-installer
@ -32,7 +37,8 @@
value: "false"
vtype: boolean
#########
# Softwareauswahl
- name: Install desktop EDU packages and some more
apt:
name:
@ -51,21 +57,39 @@
- libdvd-pkg
- handbrake
- slic3r-prusa
- filius
autoremove: true
state: latest
environment:
http_proxy: ''
http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
#########
# libdvdcss muss gebaut werden
# Optimierungspotential: Einmal bauen und über netboot
# die Pakete verteilen geht wahrscheinlich schneller
- name: Build libdvdcss
ansible.builtin.shell:
cmd: dpkg-reconfigure -f noninteractive libdvd-pkg
#########
# Den cups-browsed will ich gar nicht haben, nicht
# nur disablen.
- name: Remove cups-browsed
ansible.builtin.apt:
name: cups-browsed
state: absent
#########
# Anpassungen für Login Screen und Hintergrund
# Wir möchten am Login-Screen das Hintergrund-Bild
# qgm_background.jpg - in Schwarz/Weiss haben
# Bei der Anmeldung soll das Bild
# qgm_background_desktop.jpg - in Farbe
# gesetzt werden.
# Das passiert im Skript qgm-login.sh, das weiter unten
# auf die Rechner kopiert wird
- name: Make qgm share directory
file:
path: /usr/local/share/qgm
@ -74,13 +98,16 @@
owner: root
group: root
- name: Copy qgm background
copy:
src: files/qgm_background.jpg
dest: /usr/local/share/qgm/qgm_background.jpg
- name: Copy qgm background pictures
ansible.builtin.copy:
src: "{{ item }}"
dest: /usr/local/share/qgm/
mode: '0644'
owner: root
group: root
loop:
- qgm_background.jpg
- qgm_background_wallpaper.jpg
- name: Entpacke qgm-breeze-sddm.tgz nach /usr/share/sddm/themes
unarchive:
@ -95,6 +122,28 @@
group: root
state: link
#########
# Das Skript, das beim Userlogin ausgeführt wird
# Setzt derzeit nur den Hintergrund zurück - nicht bei der
# allerersten Anmeldung eines Nutzers, weil es da die KDE Config noch
# nicht gibt.
- name: Copy qgm-login.sh for misc login Tasks
copy:
src: files/qgm-login.sh
dest: /etc/profile.d/qgm-login.sh
mode: '0644'
owner: root
group: root
#########
# Anpassungen an KDE
# - Doppelklick zum öffnen von Dateien
# - Style aug breeze fetstackern
# - Kein Benutzerwechsel
# - Kein Lockscreen
# - Keine neue Session
- name: Set mandatory KDE settings
ansible.builtin.copy:
dest: /etc/xdg/kdeglobals
@ -108,6 +157,8 @@
action/lock_screen=false
action/start_new_session=false
#########
# Screen Locking abschalten, Mittelstufenschüler...
- name: Disable screen locking
ansible.builtin.copy:
dest: /etc/xdg/kscreenlockerrc
@ -119,14 +170,33 @@
[Greeter][Wallpaper][org.kde.image][General]
Image=file:///usr/local/share/qgm/qgm_background.jpg
- name: Copy qgm-login.sh for misc login Tasks
copy:
src: files/qgm-login.sh
dest: /etc/profile.d/qgm-login.sh
mode: '0644'
owner: root
group: root
########
# Logout beschleunigen
- name: Wartezeit nach KDE nach Logout/Shutdown verkürzen
ansible.builtin.replace:
path: /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/logout/Logout.qml
regexp: '^(\s+)property real timeout:.*$'
replace: '\1property real timeout: 4'
#########
# plasma-discover ist der grafische Paketmamanger
# der stürzt nur ab und die Bejutzer können eh
# nichts selbst installieren
- name: Remove plasma-discover
ansible.builtin.apt:
name: plasma-discover
state: absent
#########
# Greenfoot und BlueJ.
# Müssen einmalig auf den netboot Server
# in den http Cache geschoben werden.
# Siehe Script im Repo.
#
# Außerdem ist hier Optimierungspotential:
# - Installation direkt von der URL
# - Installation nur, wenn die neueste Version noch
# nicht installiert ist
- name: Download greenfoot/bluej
ansible.builtin.get_url:
@ -138,7 +208,6 @@
- greenfoot.deb
when: mirror_javadev is defined and mirror_javadev | length > 0
- name: Install greenfoot/bluej
ansible.builtin.apt:
deb: "/tmp/{{ item }}"
@ -147,7 +216,6 @@
- greenfoot.deb
when: mirror_javadev is defined and mirror_javadev | length > 0
- name: Remove greenfoot/bluej debs
ansible.builtin.file:
path: "/tmp/{{ item }}"
@ -157,6 +225,58 @@
- greenfoot.deb
when: mirror_javadev is defined and mirror_javadev | length > 0
#########
# Anpassungen für Arduino
# - modemmanager dinstallieren, soll die Probleme mit wechselnden
# Device Namen lössen (ungetestet)
# - Udev-Rule, so dass die Devices mit 0666 angelegt werden, wie
# Warnung des Debian Pakets "arduino" wegen der dialout Gruppe
# bleiben leider.
- name: Remove modemmanager to fix arduino problems
ansible.builtin.apt:
name: modemmanager
state: absent
- name: Copy arduino udev rule
copy:
src: files/52-arduino.rules
dest: /etc/udev/rules.d/52-arduino.rules
mode: '0644'
owner: root
group: root
- name: relaod udev rules
ansible.builtin.command: udevadm control --reload-rules
- name: trigger udev update
ansible.builtin.command: udevadm trigger
#########
# Firefox ESR Anpassungen
# Lesezeichen und Startseite müssen in der
# Datei firefox_policies.json für die eigene Schule
# angepasst werden.
- name: Create firefox policies directory
ansible.builtin.file:
path: /etc/firefox-esr/policies
state: directory
mode: '0755'
- name: Create a symbolic link firefox to firefox-esr
ansible.builtin.file:
src: /etc/firefox-esr
dest: /etc/firefox
state: link
- name: Copy firefox policy
ansible.builtin.copy:
src: firefox_policies.json
dest: /etc/firefox-esr/policies/policies.json
- name: Remove file (delete file)
ansible.builtin.file:
path: /etc/firefox-esr/policies/firefox_policies.json
state: absent