playbooks/bookworm
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

First commit, livebox without installer entry

Browse source
This commit is contained in:
Ansible Benutzer 2023-09-04 15:30:10 +02:00
commit 790f0327ca
64 changed files with 931 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

89
netboot-box.yml Normal file
View file

@ -0,0 +1,89 @@
## This playbook deploys the LiveBox.
##
## The LiveBox provides Debian Live and Installer images on top
## of an already existing network with minimal modifications to
## existing infrastructure. It does not provide DHCP; the idea
## is to chainload the LiveBox' menu (iPXE or Grub) from PXE
## infrastructure already in place.
##
## To chainload the LiveBox in iPXE use:
## > item livebox Chainload Menu from LiveBox
## > …
## > :livebox chain tftp://livebox.lan/d-i/n-a/menu.ipxe
##
## To chainload the LiveBox in Grub use:
## > menuentry 'Chainload Menu from LiveBox' {
## > configfile (tftp,livebox.lan)/d-i/n-a/grub/grub.cfg
## > }
##
---
- name: apply configuration to the livebox
hosts: all
remote_user: ansible
become: true
vars:
extra_pkgs:
- lighttpd
- nfs-kernel-server
extra_pkgs_bpo:
- atftpd
- di-netboot-assistant
- apt-cacher-ng
live_desktop:
- gnome
- kde
- standard
live_url: 'https://cdimage.debian.org/cdimage/release/current-live/amd64/iso-hybrid/'
# The edulive role generates customized Debian-Live images.
# Make sure you have sufficient disk space available (~30GiB?).
build_images:
- gnome-edu
di_dist: "{{ ansible_distribution_release }}"
di_version: "{{ ansible_distribution_major_version }}"
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
boot_params:
- boot=live
- netboot=nfs
- components
- locales=de_DE.UTF-8
- keyboard-layouts=de
- quiet
- splash
# - noroot
ansible_python_interpreter: "/usr/bin/python3"
pre_tasks:
- name: preseed atftpd
debconf:
name: atftpd
question: atftpd/basedir
value: /var/lib/tftpboot
vtype: string
- name: find available iso images
uri:
url: "{{ live_url }}"
return_content: true
register: idx
- name: find and set ISO image version
set_fact:
version: "{{ idx.content | regex_findall('debian-live-(\\d+\\.\\d+\\.\\d+)-amd64-', '\\1') | first }}"
- name: define ISO image map
set_fact:
live_iso: "{{ live_iso | default({}) | combine({ item: 'debian-live-' + version + '-amd64-' + item + '.iso' }) }}"
loop: "{{ live_desktop }}"
roles:
- up2date_debian
- netbootinstaller
- aptcacher
- debianlive
- edulive

3
roles/aptcacher/handlers/main.yml Normal file
View file

@ -0,0 +1,3 @@
- name: start apt-cacher-ng
service: name=apt-cacher-ng state=started enabled=yes
listen: "start apt-cacher-ng"

37
roles/aptcacher/tasks/main.yml Normal file
View file

@ -0,0 +1,37 @@
- name: install apt-cacher-ng package
apt:
name:
- apt-cacher-ng
- auto-apt-proxy
state: latest # noqa package-latest
- name: check if preseeded installer is available
stat: path={{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg
register: preseedcfg
- name: enable apt-cacher-ng for install-clients
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^d-i mirror/http/proxy string$'
replace: 'd-i mirror/http/proxy string http://{{ ansible_hostname }}:3142/'
when: preseedcfg.stat.exists
- name: test if firewalld is available
stat: path=/usr/sbin/firewalld
register: firewalld
- name: allow apt-cacher-ng service in firewalld
firewalld:
zone: internal
port: 3142/tcp
permanent: true
immediate: true
state: enabled
when: not run_in_installer|default(false)|bool and firewalld.stat.exists
- name: allow apt-cacher-ng service in firewalld, offline
command: "firewall-offline-cmd --zone=internal --add-port=3142/tcp"
when: run_in_installer|default(false)|bool and firewalld.stat.exists
- name: flush handler to make apt-cacher available
meta: flush_handlers

10
roles/debianlive/handlers/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: rebuild di-netboot assistant menu
command:
cmd: di-netboot-assistant rebuild-menu
listen: rebuild di-netboot menu
- name: export nfs
command:
cmd: exportfs -ra
listen: export nfs

128
roles/debianlive/tasks/main.yml Normal file
View file

@ -0,0 +1,128 @@
---
- name: download debian-live images
get_url:
url: "{{ live_url }}{{ item.value }}"
dest: "/var/cache/di-netboot-assistant/{{ item.value }}"
checksum: "sha256:{{ live_url }}/SHA256SUMS"
register: new_iso
loop:
"{{ live_iso | dict2items }}"
- name: umount old iso images
mount:
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
state: unmounted
loop:
"{{ live_iso | dict2items }}"
when: new_iso.changed
- name: prepare live image directory
file:
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
state: directory
mode: 0755
loop:
"{{ live_iso | dict2items }}"
- name: make sure loop module is loaded
modprobe:
name: loop
state: present
- name: loop mount iso images
mount:
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
src: "/var/cache/di-netboot-assistant/{{ item.value }}"
fstype: iso9660
opts: loop,ro,nofail
state: mounted
loop:
"{{ live_iso | dict2items }}"
notify: rebuild di-netboot menu
- name: prepare http downloads
file:
src: "/var/lib/tftpboot/d-i/"
dest: "/var/www/html/d-i"
state: link
- name: export live image squashfs
lineinfile:
path: /etc/exports
line: "/var/lib/tftpboot/d-i/n-live/ *(ro,crossmnt,no_subtree_check)"
notify: export nfs
- name: configure ipxe boot menu address and headline
replace:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
regexp: "{{ item.reg }}"
replace: "{{ item.rep }}"
loop:
- reg: '^set 210:string .+$'
rep: 'set 210:string http://{{ ansible_default_ipv4.address }}/'
- reg: '^#(item --gap -- -- Customized Boot Entries.*)$'
rep: '\1'
notify: rebuild di-netboot menu
- name: configure grub boot menu addresses
lineinfile:
path: /etc/di-netboot-assistant/grub.cfg.HEAD
line: "{{ item.line }}"
regexp: "{{ item.reg }}"
loop:
- line: "set root=(http,{{ ansible_default_ipv4.address }})"
reg: "^set root="
- line: "set pxe_default_server={{ ansible_default_ipv4.address }}"
reg: "^set pxe_default_server="
notify: rebuild di-netboot menu
- name: prepare debian live nfs boot entry title
lineinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
insertafter: '-- Customized Boot Entries --'
line: "item {{ item.key }} Debian GNU/Linux {{ item.key }} NFS"
loop:
"{{ live_iso | dict2items }}"
notify: rebuild di-netboot menu
- name: find kernel version
shell:
cmd: >-
basename /var/lib/tftpboot/d-i/n-live/{{ item.key }}/live/vmlinuz*
| sed "s/vmlinuz-//"
register: images
changed_when: false
loop:
"{{ live_iso | dict2items }}"
- name: prepare debian live boot loader ipxe
blockinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}"
block: |
:{{ item.item.key }}
echo Booting Debian GNU/Linux {{ item.item.key }} NFS
kernel ${210:string}d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \
initrd=initrd.img-{{ item.stdout }} {{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/
initrd ${210:string}d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }}
boot
loop:
"{{ images.results }}"
notify: rebuild di-netboot menu
- name: prepare debian live boot loader grub
blockinfile:
path: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: "^menuentry 'Boot from local disk..'"
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}"
block: |
menuentry 'Debian GNU/Linux Live {{ item.item.key }} NFS' {
linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \
{{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/
initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }}
}
loop:
"{{ images.results }}"
notify: rebuild di-netboot menu

1
roles/edulive/defaults/main.yml Normal file
View file

@ -0,0 +1 @@
build_dir: /opt/live-build/

2
roles/edulive/files/gnome-edu/README Normal file
View file

@ -0,0 +1,2 @@
This config space is based on:
https://salsa.debian.org/live-team/live-images/-/tree/debian/images/gnome-desktop

5
roles/edulive/files/gnome-edu/auto/build Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
set -e
lb build noauto "${@}" 2>&1 | tee build.log

10
roles/edulive/files/gnome-edu/auto/clean Executable file
View file

@ -0,0 +1,10 @@
#!/bin/sh
set -e
lb clean noauto "${@}"
rm -f config/binary config/bootstrap config/chroot config/common config/source
rm -f config/control
rm -f build.log

18
roles/edulive/files/gnome-edu/auto/config Executable file
View file

@ -0,0 +1,18 @@
#!/bin/sh
set -e
lb config noauto \
--clean \
--cache false \
--net-tarball false \
--ignore-system-defaults \
--distribution bullseye \
--binary-images netboot \
--mode debian \
--backports true \
--linux-packages linux-image \
--archive-areas "main contrib non-free" \
--mirror-bootstrap http://localhost:3142/deb.debian.org/debian/ \
--mirror-chroot-security http://localhost:3142/security.debian.org/debian-security/ \
"${@}"

8
roles/edulive/files/gnome-edu/config/hooks/0001-plymouth-theme.hook.chroot Executable file
View file

@ -0,0 +1,8 @@
#!/bin/sh
set -e
if [ -e /usr/sbin/plymouth-set-default-theme ] && [ -e /usr/share/plymouth/themes/lines ]
then
plymouth-set-default-theme lines
fi

1
roles/edulive/files/gnome-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/live/0010-disable-kexec-tools.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot

15
roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot Executable file
View file

@ -0,0 +1,15 @@
#!/bin/sh
set -e
echo 'pref("browser.startup.homepage", "https://www.startpage.com");' >> /etc/firefox-esr/firefox-esr.js
echo 'pref("network.proxy.type", 4);' >> /etc/firefox-esr/firefox-esr.js
dconf update
#sed -i "s/^/#/" /etc/xdg/user-dirs.defaults
sed -i "s/^#WaylandEnable=false$/WaylandEnable=false/" /etc/gdm3/daemon.conf
## workaround https://bugzilla.gnome.org/show_bug.cgi?id=730587
#dpkg-divert --divert /usr/bin/gnome-keyring-daemon.bak --rename /usr/bin/gnome-keyring-daemon

5
roles/edulive/files/gnome-edu/config/hooks/live/0600-wireshark.hook.chroot Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
set -e
## allow everybody to run wireshark:
chmod 0755 /usr/bin/dumpcap

1
roles/edulive/files/gnome-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0020-create-mtab-symlink.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0030-enable-cryptsetup.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0040-create-locales-files.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0040-create-locales-files.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0100-remove-adjtime-configuration.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0110-remove-backup-files.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0120-remove-dbus-machine-id.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0140-remove-log-files.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0140-remove-log-files.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0150-remove-mdadm-configuration.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0170-remove-python-py.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0170-remove-python-py.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0180-remove-systemd-machine-id.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0190-remove-temporary-files.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0400-update-apt-file-cache.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0410-update-apt-xapian-index.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0420-update-glx-alternative.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0430-update-mlocate-database.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0440-update-nvidia-alternative.hook.chroot

1
roles/edulive/files/gnome-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0500-reproducible-glibc.hook.chroot

8
roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/db/gdm.d/00-login-screen Normal file
View file

@ -0,0 +1,8 @@
[org/gnome/login-screen]
disable-user-list=true
logo='/usr/share/desktop-base/debian-logos/logo-text-64.png'
[org/gnome/settings-daemon/plugins/power]
power-button-action='interactive'
sleep-inactive-ac-timeout=600
sleep-inactive-ac-type='interactive'

34
roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/db/local.d/defaults Normal file
View file

@ -0,0 +1,34 @@
[org/gnome/shell]
enabled-extensions=['apps-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'places-menu@gnome-shell-extensions.gcampax.github.com', 'drive-menu@gnome-shell-extensions.gcampax.github.com', 'dash-to-dock@micxgx.gmail.com']
[org/gnome/desktop/input-sources]
sources=[('xkb', 'de'), ('xkb', 'us')]
[org/gnome/desktop/wm/preferences]
button-layout='appmenu:minimize,maximize,close'
[org/gnome/desktop/peripherals/touchpad]
natural-scroll=false
edge-scrolling-enabled=true
tap-to-click=true
[org/gnome/nautilus/preferences]
default-folder-viewer='list-view'
[org/gnome/nautilus/list-view]
use-tree-view=true
[org/gnome/settings-daemon/plugins/power]
power-button-action='interactive'
sleep-inactive-battery-timeout=600
sleep-inactive-battery-type='hibernate'
sleep-inactive-ac-timeout=6000
sleep-inactive-ac-type='nothing'
[org/gnome/desktop/screensaver]
lock-enabled=false
[org/gnome/desktop/interface]
clock-show-date=true
clock-show-seconds=true
clock-show-weekday=true

3
roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/profile/gdm Normal file
View file

@ -0,0 +1,3 @@
user-db:user
system-db:gdm
file-db:/usr/share/gdm/greeter.dconf-defaults

2
roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/profile/user Normal file
View file

@ -0,0 +1,2 @@
user-db:user
system-db:local

151
roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml Normal file
View file

@ -0,0 +1,151 @@
<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
virsh edit netboot
or other application using the libvirt API.
-->
<domain type='kvm'>
<name>netboot</name>
<uuid>60ea84db-de6c-493c-8e3f-8e9a99ee19c2</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://debian.org/debian/11"/>
</libosinfo:libosinfo>
</metadata>
<memory unit='KiB'>2097152</memory>
<currentMemory unit='KiB'>2097152</currentMemory>
<vcpu placement='static'>2</vcpu>
<os>
<type arch='x86_64' machine='pc-q35-3.1'>hvm</type>
<loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/netboot_VARS.fd</nvram>
<boot dev='network'/>
</os>
<features>
<acpi/>
<apic/>
<vmport state='off'/>
</features>
<cpu mode='host-model' check='partial'>
<model fallback='allow'/>
</cpu>
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</controller>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
</controller>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x10'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x11'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
</controller>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0x12'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
</controller>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0x13'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
</controller>
<controller type='pci' index='5' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='5' port='0x14'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
</controller>
<controller type='pci' index='6' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='6' port='0x15'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
</controller>
<interface type='direct'>
<mac address='52:54:00:VMMAC'/>
<source dev='INTERFACE' mode='bridge'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>
<interface type='network'>
<mac address='52:54:00:46:a6:25'/>
<source network='default'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
</interface>
<interface type='network'>
<mac address='52:54:00:5c:fc:08'/>
<source network='intern'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='unix'>
<target type='virtio' name='org.qemu.guest_agent.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
<address type='virtio-serial' controller='0' bus='0' port='2'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
<image compression='off'/>
</graphics>
<sound model='ich9'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
</sound>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</video>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
</memballoon>
<rng model='virtio'>
<backend model='random'>/dev/urandom</backend>
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
</rng>
</devices>
</domain>

1
roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/networks/autostart/default.xml Symbolic link
View file

@ -0,0 +1 @@
../default.xml

1
roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/networks/autostart/intern.xml Symbolic link
View file

@ -0,0 +1 @@
../intern.xml

14
roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/networks/intern.xml Normal file
View file

@ -0,0 +1,14 @@
<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
virsh net-edit intern
or other application using the libvirt API.
-->
<network>
<name>intern</name>
<uuid>399d67ae-263b-4aeb-995d-fe0a44f00132</uuid>
<bridge name='virbr1' stp='on' delay='0'/>
<mac address='52:54:00:93:e1:ee'/>
<domain name='intern'/>
</network>

3
roles/edulive/files/gnome-edu/config/includes.chroot/etc/sysctl.d/sysctl.conf Normal file
View file

@ -0,0 +1,3 @@
# Uncomment the following to stop low-level messages on console
kernel.printk = 3 4 1 3

11
roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
# Fix deployed VM config
set -eu
NIC="$(ip link | grep "^2: " | cut -d ' ' -f2 | sed "s/://")"
MAC="$(ip link | grep -A1 "^2: " | grep -oE "[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2} " \
| sed "s/ //g")"
sed -i -e "s/VMMAC/$MAC/g" -e "s/INTERFACE/$NIC/g" /etc/libvirt/qemu/netboot.xml

13
roles/edulive/files/gnome-edu/config/package-lists/desktop.list.chroot Normal file
View file

@ -0,0 +1,13 @@
task-gnome-desktop
gnome-shell-extension-dashtodock
gnome-shell-extension-dash-to-panel
plymouth
plymouth-x11
gstreamer1.0-vaapi
i965-va-driver
## this confuses apt-cacher-ng:
#auto-apt-proxy

2
roles/edulive/files/gnome-edu/config/package-lists/live-systems.list.chroot Normal file
View file

@ -0,0 +1,2 @@
live-manual
live-tools

3
roles/edulive/files/gnome-edu/config/package-lists/live.list.chroot Normal file
View file

@ -0,0 +1,3 @@
live-boot
live-config
live-config-systemd

2
roles/edulive/files/gnome-edu/config/package-lists/localization.list.chroot Normal file
View file

@ -0,0 +1,2 @@
task-english
task-german

100
roles/edulive/files/gnome-edu/config/package-lists/school.list.chroot Normal file
View file

@ -0,0 +1,100 @@
#
# This file is linked to all desktop configurations.
# Put desktop specific packages in the desktop specific file.
#
#webext-ublock-origin-firefox
#webext-ublock-origin-chromium
webext-ublock-origin
webext-privacy-badger
vim
emacs
vlc
gimp
inkscape
bluefish
openboard
xournal
freecad
librecad
kicad
git
mc
tmux
wireshark
nmap
netcat-openbsd
net-tools
thonny
spyder
ghex
codeblocks
gprolog
qtcreator
obs-studio
mu-editor
dia
vym
shellcheck
xterm
tree
console-setup
virt-manager
sway
task-german-desktop
ssh-askpass-gnome
keepassxc
#nextcloud-desktop
#nautilus-nextcloud
#thunderbird
#thunderbird-l10n-de
#texlive
#texlive-latex-extra
#texlive-lang-german
#texlive-science
pdf-presenter-console
libreoffice/bullseye-backports
libreoffice-core/bullseye-backports
libreoffice-common/bullseye-backports
libreoffice-writer/bullseye-backports
libreoffice-calc/bullseye-backports
libreoffice-impress/bullseye-backports
libreoffice-base/bullseye-backports
libreoffice-base-drivers/bullseye-backports
libreoffice-math/bullseye-backports
libreoffice-report-builder-bin/bullseye-backports
libreoffice-style-colibre/bullseye-backports
libreoffice-gnome/bullseye-backports
libreoffice-gtk3/bullseye-backports
libreoffice-style-elementary/bullseye-backports
libreoffice-help-common/bullseye-backports
libreoffice-help-de/bullseye-backports
libreoffice-java-common/bullseye-backports
libreoffice-l10n-de/bullseye-backports
libreoffice-nlpsolver/bullseye-backports
libreoffice-report-builder/bullseye-backports
libreoffice-script-provider-bsh/bullseye-backports
libreoffice-script-provider-js/bullseye-backports
libreoffice-script-provider-python/bullseye-backports
libreoffice-sdbc-firebird/bullseye-backports
libreoffice-sdbc-hsqldb/bullseye-backports
libreoffice-sdbc-mysql/bullseye-backports
libreoffice-sdbc-postgresql/bullseye-backports
libreoffice-wiki-publisher/bullseye-backports
python3-uno/bullseye-backports
libuno-sal3/bullseye-backports
fonts-opensymbol/bullseye-backports
ure/bullseye-backports

4
roles/edulive/files/gnome-edu/config/package-lists/standard.list.chroot Normal file
View file

@ -0,0 +1,4 @@
! Packages Priority standard
task-laptop
task-ssh-server

1
roles/edulive/files/gnome-edu/config/preseed/wireshark.cfg.chroot Normal file
View file

@ -0,0 +1 @@
wireshark-common wireshark-common/install-setuid boolean true

6
roles/edulive/files/livebuilder.service Normal file
View file

@ -0,0 +1,6 @@
[Unit]
Description=Run livebuilder script
[Service]
Type=simple
ExecStart=/usr/local/sbin/livebuilder.sh

11
roles/edulive/files/livebuilder.timer Normal file
View file

@ -0,0 +1,11 @@
[Unit]
Description=Run livebuilder script weekly
[Timer]
OnCalendar=weekly
Persistent=true
AccuracySec=3h
RandomizedDelaySec=3h
[Install]
WantedBy=timers.target

12
roles/edulive/handlers/main.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: run the image build script
command:
cmd: livebuilder.sh
listen: run build script
- name: enable timer for livebuilder
systemd:
name: livebuilder.timer
state: started
enabled: true
listen: enable livebuilder.timer

75
roles/edulive/tasks/main.yml Normal file
View file

@ -0,0 +1,75 @@
---
- name: install packages
apt:
name:
- live-build
state: latest # noqa package-latest
- name: prepare live-build directory
file:
path: "{{ build_dir }}"
state: directory
mode: 0755
- name: copy build script
template:
src: livebuilder.sh
dest: /usr/local/sbin/
mode: 0755
- name: provide service and timer for livebuilder
copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: 0644
with_items:
- livebuilder.service
- livebuilder.timer
notify: "enable livebuilder.timer"
- name: copy live-build configuration
copy:
src: "{{ item }}"
dest: "{{ build_dir }}"
local_follow: false
mode: preserve
loop: "{{ build_images }}"
- name: prepare debian live nfs boot entry title
lineinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
insertafter: '-- Customized Boot Entries --'
line: "item {{ item }} Debian GNU/Linux {{ item }} NFS"
loop:
"{{ build_images }}"
notify: rebuild di-netboot menu
- name: prepare debian live boot loader ipxe
blockinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
block: |
:{{ item }}
echo Booting Debian GNU/Linux EDU LIVE NFS
kernel ${210:string}d-i/n-live/{{ item }}/live/vmlinuz \
initrd=initrd.img {{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
initrd ${210:string}d-i/n-live/{{ item }}/live/initrd.img
boot
loop: "{{ build_images }}"
notify: rebuild di-netboot menu
- name: prepare debian live boot loader grub
blockinfile:
path: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: "^menuentry 'Boot from local disk..'"
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
block: |
menuentry 'Debian GNU/Linux Live {{ item }} NFS' {
linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/vmlinuz \
{{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/initrd.img
}
loop: "{{ build_images }}"
notify: rebuild di-netboot menu

32
roles/edulive/templates/livebuilder.sh Normal file
View file

@ -0,0 +1,32 @@
#!/usr/bin/bash
#
# build live images and copy kernel, initramfs and squashfs
#
set -eu
BUILDD="{{ build_dir }}"
run_build(){
local DEST="/var/lib/tftpboot/d-i/n-live/$1/live/"
cd "$BUILDD/$1"
[[ -d "$DEST" ]] || mkdir -vp "$DEST"
lb clean && lb config && lb build
for FILE in vmlinuz initrd.img filesystem.squashfs ; do
ln -vf "$BUILDD/$1/binary/live/$FILE" "$DEST"
done
}
## main:
if ! auto-apt-proxy | grep -q 'http://127.0.0.1:3142' ; then
echo "Cannot find the local apt proxy needed to build live images."
exit 1
fi
for IMG in {{ build_images|join(' ') }} ; do
echo "=========== Building image $IMG ==========="
run_build $IMG
done

1
roles/netbootinstaller/defaults/main.yml Normal file
View file

@ -0,0 +1 @@
tftp_root: "/var/lib/tftpboot"

15
roles/netbootinstaller/handlers/main.yml Normal file
View file

@ -0,0 +1,15 @@
- name: bind mount images
mount:
path: "{{ tftp_root }}/d-i/n-pkg/"
src: /usr/lib/debian-installer/
fstype: none
state: mounted
opts: bind
listen: bind mount images
- name: rebuild di-netboot-assistant menu
command: "{{ item }}"
with_items:
- di-netboot-assistant rebuild-menu
- di-netboot-assistant rebuild-grub
listen: rebuild di-netboot-assistant menu

30
roles/netbootinstaller/tasks/main.yml Normal file
View file

@ -0,0 +1,30 @@
- name: make preseed directory available
file:
path: "{{ tftp_root }}/d-i/{{ di_dist }}"
state: directory
mode: 0755
- name: install di-netboot-assistant and installer package
apt:
name:
- di-netboot-assistant
- "{{ di_pkg }}"
state: latest # noqa package-latest
notify:
- bind mount images
- rebuild di-netboot-assistant menu
- name: provide preseed file
copy:
src: /usr/share/doc/di-netboot-assistant/examples/preseed.cfg
dest: "{{ tftp_root }}/d-i/{{ di_dist }}"
mode: 0644
force: false
remote_src: true
- name: make the hostname resolvable from the LAN
replace:
path: /etc/hosts
regexp: '^(127\.0\.1\.1.*)$'
replace: '#\1\n{{ ipaddr_lan | ipaddr("address") }} {{ ansible_hostname }}.{{ ansible_domain }} {{ ansible_hostname }}'
when: ipaddr_lan is defined

2
roles/up2date_debian/defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
extra_pkgs: ""
extra_pkgs_bpo: ""

39
roles/up2date_debian/tasks/main.yml Normal file
View file

@ -0,0 +1,39 @@
# Update lists and upgrade packages.
- name: update apt package lists
apt:
update_cache: true
cache_valid_time: 86400
- name: upgrade packages
apt:
upgrade: dist
autoremove: true
autoclean: true
- name: install etckeeper
apt:
name: etckeeper
state: latest # noqa package-latest
- name: install extra packages from stable
apt:
name: "{{ extra_pkgs }}"
state: latest # noqa package-latest
when: extra_pkgs|length
- name: add {{ ansible_distribution_release }}-backports
apt_repository:
repo: >
deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports
main contrib non-free-firmware non-free
state: present
update_cache: true
when: extra_pkgs_bpo|length
- name: install extra packages from backports
apt:
name: "{{ extra_pkgs_bpo }}"
state: latest # noqa package-latest
default_release: "{{ ansible_distribution_release }}-backports"
when: extra_pkgs_bpo|length