diff --git a/config.vars b/config.vars
new file mode 100644
index 0000000..ef10055
--- /dev/null
+++ b/config.vars
@@ -0,0 +1,2 @@
+ansible_ssh_pubkey: "dummy-placeholder"
+lmn_client_branch: "main"
diff --git a/netboot-box.yml b/livebox.yml
similarity index 82%
rename from netboot-box.yml
rename to livebox.yml
index 12f04eb..ac561aa 100644
--- a/netboot-box.yml
+++ b/livebox.yml
@@ -16,6 +16,8 @@
## > configfile (tftp,livebox.lan)/d-i/n-a/grub/grub.cfg
## > }
##
+## To build an initial customized image run 'livebuilder.sh'.
+## A systemd-timer will do this every week automatically.
---
- name: apply configuration to the livebox
hosts: all
@@ -23,15 +25,16 @@
become: true
vars:
+# ansible_connection: local
extra_pkgs:
- lighttpd
- nfs-kernel-server
- extra_pkgs_bpo:
- atftpd
- di-netboot-assistant
- apt-cacher-ng
+ extra_pkgs_bpo: []
- live_desktop:
+ live_desktop: # [] # use an empty list to skip iso images
- gnome
- kde
- standard
@@ -42,18 +45,23 @@
# Make sure you have sufficient disk space available (~30GiB?).
build_images:
- gnome-edu
+ - standard-edu
di_dist: "{{ ansible_distribution_release }}"
di_version: "{{ ansible_distribution_major_version }}"
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
boot_params:
- boot=live
- - netboot=nfs
- components
- locales=de_DE.UTF-8
- keyboard-layouts=de
+ - live-config.timezone=Europe/Berlin
+ - swap=true
- quiet
- splash
+ - user-default-groups=audio,cdrom,dip,video,plugdev,netdev,dialout
+ - modprobe.blacklist=nvme
+# - libata.force=disable
# - noroot
ansible_python_interpreter: "/usr/bin/python3"
@@ -87,3 +95,4 @@
- aptcacher
- debianlive
- edulive
+ - lmn_netbootinstaller
diff --git a/roles/debianlive/tasks/main.yml b/roles/debianlive/tasks/main.yml
index 1def349..6f4d308 100644
--- a/roles/debianlive/tasks/main.yml
+++ b/roles/debianlive/tasks/main.yml
@@ -6,23 +6,29 @@
checksum: "sha256:{{ live_url }}/SHA256SUMS"
register: new_iso
loop:
- "{{ live_iso | dict2items }}"
+ "{{ live_iso | default({}) | dict2items }}"
- name: umount old iso images
mount:
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
state: unmounted
loop:
- "{{ live_iso | dict2items }}"
+ "{{ live_iso | default({}) | dict2items }}"
when: new_iso.changed
-- name: prepare live image directory
+- name: prepare live image base directory
+ file:
+ path: "/var/lib/tftpboot/d-i/n-live/"
+ state: directory
+ mode: 0755
+
+- name: prepare live image directories
file:
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
state: directory
mode: 0755
loop:
- "{{ live_iso | dict2items }}"
+ "{{ live_iso | default({}) | dict2items }}"
- name: make sure loop module is loaded
modprobe:
@@ -37,7 +43,7 @@
opts: loop,ro,nofail
state: mounted
loop:
- "{{ live_iso | dict2items }}"
+ "{{ live_iso | default({}) | dict2items }}"
notify: rebuild di-netboot menu
- name: prepare http downloads
@@ -82,47 +88,37 @@
insertafter: '-- Customized Boot Entries --'
line: "item {{ item.key }} Debian GNU/Linux {{ item.key }} NFS"
loop:
- "{{ live_iso | dict2items }}"
+ "{{ live_iso | default({}) | dict2items }}"
notify: rebuild di-netboot menu
-- name: find kernel version
- shell:
- cmd: >-
- basename /var/lib/tftpboot/d-i/n-live/{{ item.key }}/live/vmlinuz*
- | sed "s/vmlinuz-//"
- register: images
- changed_when: false
- loop:
- "{{ live_iso | dict2items }}"
-
- name: prepare debian live boot loader ipxe
blockinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
- marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}"
+ marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.key }}"
block: |
- :{{ item.item.key }}
- echo Booting Debian GNU/Linux {{ item.item.key }} NFS
- kernel ${210:string}d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \
- initrd=initrd.img-{{ item.stdout }} {{ boot_params|join(' ') }} \
- nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/
- initrd ${210:string}d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }}
+ :{{ item.key }}
+ echo Booting Debian GNU/Linux {{ item.key }} NFS
+ kernel ${210:string}d-i/n-live/{{ item.key }}/live/vmlinuz \
+ initrd=initrd.img netboot=nfs {{ boot_params|join(' ') }} \
+ nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.key }}/
+ initrd ${210:string}d-i/n-live/{{ item.key }}/live/initrd.img
boot
loop:
- "{{ images.results }}"
+ "{{ live_iso | default({}) | dict2items }}"
notify: rebuild di-netboot menu
- name: prepare debian live boot loader grub
blockinfile:
path: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: "^menuentry 'Boot from local disk..'"
- marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}"
+ marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.key }}"
block: |
- menuentry 'Debian GNU/Linux Live {{ item.item.key }} NFS' {
- linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \
- {{ boot_params|join(' ') }} \
- nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/
- initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }}
+ menuentry 'Debian GNU/Linux Live {{ item.key }} NFS' {
+ linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.key }}/live/vmlinuz \
+ netboot=nfs {{ boot_params|join(' ') }} \
+ nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.key }}/
+ initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.key }}/live/initrd.img
}
loop:
- "{{ images.results }}"
+ "{{ live_iso | default({}) | dict2items }}"
notify: rebuild di-netboot menu
diff --git a/roles/edulive/files/gnome-edu/README b/roles/edulive/files/gnome-edu/README
index 83e60e3..d11ee54 100644
--- a/roles/edulive/files/gnome-edu/README
+++ b/roles/edulive/files/gnome-edu/README
@@ -1,2 +1,3 @@
This config space is based on:
- https://salsa.debian.org/live-team/live-images/-/tree/debian/images/gnome-desktop
\ No newline at end of file
+ https://salsa.debian.org/live-team/live-images/-/tree/debian/images/gnome-desktop
+
diff --git a/roles/edulive/files/gnome-edu/auto/config b/roles/edulive/files/gnome-edu/auto/config
index 96e38d3..79fb8e6 100755
--- a/roles/edulive/files/gnome-edu/auto/config
+++ b/roles/edulive/files/gnome-edu/auto/config
@@ -7,12 +7,10 @@ lb config noauto \
--cache false \
--net-tarball false \
--ignore-system-defaults \
- --distribution bullseye \
+ --distribution bookworm \
--binary-images netboot \
--mode debian \
--backports true \
--linux-packages linux-image \
- --archive-areas "main contrib non-free" \
- --mirror-bootstrap http://localhost:3142/deb.debian.org/debian/ \
- --mirror-chroot-security http://localhost:3142/security.debian.org/debian-security/ \
+ --archive-areas "main non-free-firmware contrib non-free" \
"${@}"
diff --git a/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot
index a051368..54ec7b4 100755
--- a/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot
+++ b/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot
@@ -2,14 +2,20 @@
set -e
-echo 'pref("browser.startup.homepage", "https://www.startpage.com");' >> /etc/firefox-esr/firefox-esr.js
-echo 'pref("network.proxy.type", 4);' >> /etc/firefox-esr/firefox-esr.js
-
dconf update
#sed -i "s/^/#/" /etc/xdg/user-dirs.defaults
sed -i "s/^#WaylandEnable=false$/WaylandEnable=false/" /etc/gdm3/daemon.conf
+## shared directory:
+mkdir /media/tmpshare
+echo "livebox:/srv/tmpshare /media/tmpshare nfs rw,auto,nofail,nolock 0 0" >> /etc/fstab
+
+## remote journal:
+echo "URL=http://livebox" >> /etc/systemd/journal-upload.conf
+ln -s /lib/systemd/system/systemd-journal-upload.service \
+ /etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service
+
## workaround https://bugzilla.gnome.org/show_bug.cgi?id=730587
#dpkg-divert --divert /usr/bin/gnome-keyring-daemon.bak --rename /usr/bin/gnome-keyring-daemon
diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox
new file mode 120000
index 0000000..e7b065e
--- /dev/null
+++ b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox
@@ -0,0 +1 @@
+firefox-esr
\ No newline at end of file
diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox-esr/policies/policies.json b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox-esr/policies/policies.json
new file mode 100644
index 0000000..548027d
--- /dev/null
+++ b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox-esr/policies/policies.json
@@ -0,0 +1,74 @@
+{
+ "policies": {
+ "Proxy": {
+ "Mode": "system"
+ },
+ "OverrideFirstRunPage": "https://www.debian.org",
+ "Homepage": {
+ "URL": "https://www.debian.org",
+ "Locked": false,
+ "StartPage": "previous-session"
+ },
+ "DisplayBookmarksToolbar": true,
+ "ManagedBookmarks": [
+ {
+ "toplevel_name": "Debian"
+ },
+ {
+ "url": "https://www.debian.org",
+ "name": "Debian Homepage"
+ },
+ {
+ "url": "https://wiki.debian.org",
+ "name": "Debian Wiki"
+ },
+ {
+ "name": "Debian Development",
+ "children": [
+ {
+ "url": "https://bugs.debian.org",
+ "name": "Debian Bug Tracker"
+ },
+ {
+ "url": "https://packages.debian.org",
+ "name": "Debian Packages"
+ },
+ {
+ "url": "https://salsa.debian.org",
+ "name": "Debian Salsa"
+ },
+ {
+ "url": "https://tracker.debian.org",
+ "name": "Package Tracker"
+ }
+ ]
+ },
+ {
+ "name": "Debian LAN/Live",
+ "children": [
+ {
+ "url": "https://salsa.debian.org/andi/debian-lan-ansible",
+ "name": "Debian LAN Ansible"
+ },
+ {
+ "url": "https://wiki.debian.org/DebianLive",
+ "name": "Debian Live"
+ }
+ ]
+ }
+ ],
+ "SearchEngines": {
+ "Add": [
+ {
+ "Name": "Startpage",
+ "URLTemplate": "https://www.startpage.com/sp/search?query={searchTerms}",
+ "Method": "GET",
+ "IconURL": "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico",
+ "Alias": "sp",
+ "Description": "Startpage Search Engine"
+ }
+ ],
+ "Default": "Startpage"
+ }
+ }
+}
diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml
index 6a993f9..0c04eb5 100644
--- a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml
+++ b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml
@@ -85,19 +85,16 @@ or other application using the libvirt API.
-
-
-
diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC b/roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC
index 784d836..2a26c57 100755
--- a/roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC
+++ b/roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC
@@ -3,9 +3,5 @@
set -eu
-NIC="$(ip link | grep "^2: " | cut -d ' ' -f2 | sed "s/://")"
-MAC="$(ip link | grep -A1 "^2: " | grep -oE "[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2} " \
- | sed "s/ //g")"
-
-sed -i -e "s/VMMAC/$MAC/g" -e "s/INTERFACE/$NIC/g" /etc/libvirt/qemu/netboot.xml
-
+NIC="$(ip route | grep -m1 default | sed -E "s/.+dev (\w+).*/\1/")"
+sed -i -e "s/INTERFACE/$NIC/g" /etc/libvirt/qemu/netboot.xml
diff --git a/roles/edulive/files/gnome-edu/config/package-lists/school-cli.list.chroot b/roles/edulive/files/gnome-edu/config/package-lists/school-cli.list.chroot
new file mode 100644
index 0000000..103fc53
--- /dev/null
+++ b/roles/edulive/files/gnome-edu/config/package-lists/school-cli.list.chroot
@@ -0,0 +1,24 @@
+##
+## packages for CLI programs
+##
+console-setup
+emacs-nox
+git
+htop
+mc
+minicom
+ncdu
+netcat-openbsd
+net-tools
+nfs-common
+nmap
+screen
+shellcheck
+sl
+systemd-journal-remote
+tcpdump
+tmux
+tree
+vim
+xterm
+
diff --git a/roles/edulive/files/gnome-edu/config/package-lists/school-gui.list.chroot b/roles/edulive/files/gnome-edu/config/package-lists/school-gui.list.chroot
new file mode 100644
index 0000000..5654e1d
--- /dev/null
+++ b/roles/edulive/files/gnome-edu/config/package-lists/school-gui.list.chroot
@@ -0,0 +1,43 @@
+##
+## packages for GUI programs
+##
+
+bluefish
+codeblocks
+dia
+emacs
+freecad
+ghex
+gimp
+inkscape
+keepassxc
+kicad
+librecad
+mu-editor
+#nautilus-nextcloud
+#nextcloud-desktop
+obs-studio
+openboard
+pdf-presenter-console
+qtcreator
+#scrcpy
+spyder
+ssh-askpass-gnome
+sway
+task-german-desktop
+terminator
+#texlive
+#texlive-lang-german
+#texlive-latex-extra
+#texlive-science
+thonny
+#thunderbird
+#thunderbird-l10n-de
+virt-manager
+vlc
+vym
+webext-privacy-badger
+webext-ublock-origin-chromium
+webext-ublock-origin-firefox
+wireshark
+xournal
diff --git a/roles/edulive/files/gnome-edu/config/package-lists/school.list.chroot b/roles/edulive/files/gnome-edu/config/package-lists/school.list.chroot
deleted file mode 100644
index 2c90ba9..0000000
--- a/roles/edulive/files/gnome-edu/config/package-lists/school.list.chroot
+++ /dev/null
@@ -1,100 +0,0 @@
-#
-# This file is linked to all desktop configurations.
-# Put desktop specific packages in the desktop specific file.
-#
-#webext-ublock-origin-firefox
-#webext-ublock-origin-chromium
-webext-ublock-origin
-webext-privacy-badger
-
-vim
-emacs
-vlc
-gimp
-inkscape
-bluefish
-
-openboard
-xournal
-
-freecad
-librecad
-kicad
-
-git
-mc
-tmux
-wireshark
-nmap
-netcat-openbsd
-net-tools
-thonny
-spyder
-ghex
-
-codeblocks
-gprolog
-qtcreator
-obs-studio
-
-mu-editor
-dia
-vym
-shellcheck
-xterm
-
-tree
-console-setup
-virt-manager
-sway
-
-task-german-desktop
-
-ssh-askpass-gnome
-keepassxc
-
-#nextcloud-desktop
-#nautilus-nextcloud
-#thunderbird
-#thunderbird-l10n-de
-
-#texlive
-#texlive-latex-extra
-#texlive-lang-german
-#texlive-science
-
-pdf-presenter-console
-
-libreoffice/bullseye-backports
-libreoffice-core/bullseye-backports
-libreoffice-common/bullseye-backports
-libreoffice-writer/bullseye-backports
-libreoffice-calc/bullseye-backports
-libreoffice-impress/bullseye-backports
-libreoffice-base/bullseye-backports
-libreoffice-base-drivers/bullseye-backports
-libreoffice-math/bullseye-backports
-libreoffice-report-builder-bin/bullseye-backports
-libreoffice-style-colibre/bullseye-backports
-libreoffice-gnome/bullseye-backports
-libreoffice-gtk3/bullseye-backports
-libreoffice-style-elementary/bullseye-backports
-libreoffice-help-common/bullseye-backports
-libreoffice-help-de/bullseye-backports
-libreoffice-java-common/bullseye-backports
-libreoffice-l10n-de/bullseye-backports
-libreoffice-nlpsolver/bullseye-backports
-libreoffice-report-builder/bullseye-backports
-libreoffice-script-provider-bsh/bullseye-backports
-libreoffice-script-provider-js/bullseye-backports
-libreoffice-script-provider-python/bullseye-backports
-libreoffice-sdbc-firebird/bullseye-backports
-libreoffice-sdbc-hsqldb/bullseye-backports
-libreoffice-sdbc-mysql/bullseye-backports
-libreoffice-sdbc-postgresql/bullseye-backports
-libreoffice-wiki-publisher/bullseye-backports
-
-python3-uno/bullseye-backports
-libuno-sal3/bullseye-backports
-fonts-opensymbol/bullseye-backports
-ure/bullseye-backports
diff --git a/roles/edulive/files/standard-edu/README b/roles/edulive/files/standard-edu/README
new file mode 100644
index 0000000..76aaf5b
--- /dev/null
+++ b/roles/edulive/files/standard-edu/README
@@ -0,0 +1,3 @@
+This config space is based on:
+ https://salsa.debian.org/live-team/live-images/-/tree/debian/images/standard
+
diff --git a/roles/edulive/files/standard-edu/auto/build b/roles/edulive/files/standard-edu/auto/build
new file mode 100755
index 0000000..f8d8346
--- /dev/null
+++ b/roles/edulive/files/standard-edu/auto/build
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+lb build noauto "${@}" 2>&1 | tee build.log
diff --git a/roles/edulive/files/standard-edu/auto/clean b/roles/edulive/files/standard-edu/auto/clean
new file mode 100755
index 0000000..4b8ccaa
--- /dev/null
+++ b/roles/edulive/files/standard-edu/auto/clean
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+lb clean noauto "${@}"
+
+rm -f config/binary config/bootstrap config/chroot config/common config/source
+rm -f config/control
+
+rm -f build.log
diff --git a/roles/edulive/files/standard-edu/auto/config b/roles/edulive/files/standard-edu/auto/config
new file mode 100755
index 0000000..79fb8e6
--- /dev/null
+++ b/roles/edulive/files/standard-edu/auto/config
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+lb config noauto \
+ --clean \
+ --cache false \
+ --net-tarball false \
+ --ignore-system-defaults \
+ --distribution bookworm \
+ --binary-images netboot \
+ --mode debian \
+ --backports true \
+ --linux-packages linux-image \
+ --archive-areas "main non-free-firmware contrib non-free" \
+"${@}"
diff --git a/roles/edulive/files/standard-edu/config/hooks/0001-plymouth-theme.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/0001-plymouth-theme.hook.chroot
new file mode 100755
index 0000000..16095e0
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/0001-plymouth-theme.hook.chroot
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+if [ -e /usr/sbin/plymouth-set-default-theme ] && [ -e /usr/share/plymouth/themes/lines ]
+then
+ plymouth-set-default-theme lines
+fi
diff --git a/roles/edulive/files/standard-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot
new file mode 100755
index 0000000..403d1d4
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+# Disable kexec-tools
+
+if [ -e /sbin/kexec ]
+then
+ echo "kexec-tools kexec-tools/load_kexec boolean false" > /root/preseed
+
+ debconf-set-selections /root/preseed
+
+ rm -f /root/preseed
+
+ dpkg-reconfigure kexec-tools
+fi
diff --git a/roles/edulive/files/standard-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot
new file mode 100755
index 0000000..37750b3
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+# Disable tmpfs on /tmp
+
+if [ -e /etc/default/rcS ]
+then
+ sed -i -e 's|^ *RAMTMP=.*|RAMTMP=no|' /etc/default/rcS
+fi
diff --git a/roles/edulive/files/standard-edu/config/hooks/live/0500-tmpshare.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/live/0500-tmpshare.hook.chroot
new file mode 100755
index 0000000..cd9d2fb
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/live/0500-tmpshare.hook.chroot
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+## shared directory:
+mkdir /media/tmpshare
+echo "livebox:/srv/tmpshare /media/tmpshare nfs rw,auto,nofail,nolock 0 0" >> /etc/fstab
+
+## remote journal:
+echo "URL=http://livebox" >> /etc/systemd/journal-upload.conf
+ln -s /lib/systemd/system/systemd-journal-upload.service \
+ /etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service
+
+## workaround https://bugzilla.gnome.org/show_bug.cgi?id=730587
+#dpkg-divert --divert /usr/bin/gnome-keyring-daemon.bak --rename /usr/bin/gnome-keyring-daemon
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot
new file mode 120000
index 0000000..58123fc
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0020-create-mtab-symlink.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot
new file mode 120000
index 0000000..c5ab625
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0030-enable-cryptsetup.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0040-create-locales-files.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0040-create-locales-files.hook.chroot
new file mode 120000
index 0000000..036e7e0
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0040-create-locales-files.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0040-create-locales-files.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot
new file mode 120000
index 0000000..b0ccdb6
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0100-remove-adjtime-configuration.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot
new file mode 120000
index 0000000..8b68c5c
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0110-remove-backup-files.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot
new file mode 120000
index 0000000..4d55b27
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0120-remove-dbus-machine-id.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot
new file mode 120000
index 0000000..54f6a9b
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0140-remove-log-files.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0140-remove-log-files.hook.chroot
new file mode 120000
index 0000000..2b99cec
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0140-remove-log-files.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0140-remove-log-files.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot
new file mode 120000
index 0000000..0c3cd2f
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0150-remove-mdadm-configuration.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot
new file mode 120000
index 0000000..e57b8d2
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0170-remove-python-py.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0170-remove-python-py.hook.chroot
new file mode 120000
index 0000000..858a942
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0170-remove-python-py.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0170-remove-python-py.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot
new file mode 120000
index 0000000..6cecf66
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0180-remove-systemd-machine-id.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot
new file mode 120000
index 0000000..ada76d9
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0190-remove-temporary-files.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot
new file mode 120000
index 0000000..9fc0723
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot
new file mode 120000
index 0000000..f893dcc
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot
new file mode 120000
index 0000000..a6ee33d
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot
new file mode 120000
index 0000000..380fdcf
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0400-update-apt-file-cache.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot
new file mode 120000
index 0000000..dd7150e
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0410-update-apt-xapian-index.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot
new file mode 120000
index 0000000..4da25f8
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0420-update-glx-alternative.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot
new file mode 120000
index 0000000..13b49d7
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0430-update-mlocate-database.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot
new file mode 120000
index 0000000..0a65196
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0440-update-nvidia-alternative.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot
new file mode 120000
index 0000000..9d4f095
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot
@@ -0,0 +1 @@
+/usr/share/live/build/hooks/normal/0500-reproducible-glibc.hook.chroot
\ No newline at end of file
diff --git a/roles/edulive/files/standard-edu/config/includes.chroot/etc/sysctl.d/sysctl.conf b/roles/edulive/files/standard-edu/config/includes.chroot/etc/sysctl.d/sysctl.conf
new file mode 100644
index 0000000..c038e6d
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/includes.chroot/etc/sysctl.d/sysctl.conf
@@ -0,0 +1,3 @@
+# Uncomment the following to stop low-level messages on console
+kernel.printk = 3 4 1 3
+
diff --git a/roles/edulive/files/standard-edu/config/includes.chroot/lib/live/config/0002-apt-proxy b/roles/edulive/files/standard-edu/config/includes.chroot/lib/live/config/0002-apt-proxy
new file mode 100755
index 0000000..078c3bb
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/includes.chroot/lib/live/config/0002-apt-proxy
@@ -0,0 +1,2 @@
+#!/bin/sh
+echo 'Acquire::http::Proxy "http://livebox:3142";' >> /etc/apt/apt.conf.d/10proxy
diff --git a/roles/edulive/files/standard-edu/config/package-lists/live-systems.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/live-systems.list.chroot
new file mode 100644
index 0000000..d73ed96
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/package-lists/live-systems.list.chroot
@@ -0,0 +1,2 @@
+live-manual
+live-tools
diff --git a/roles/edulive/files/standard-edu/config/package-lists/live.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/live.list.chroot
new file mode 100644
index 0000000..1e6ef96
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/package-lists/live.list.chroot
@@ -0,0 +1,3 @@
+live-boot
+live-config
+live-config-systemd
diff --git a/roles/edulive/files/standard-edu/config/package-lists/localization.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/localization.list.chroot
new file mode 100644
index 0000000..f952ab0
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/package-lists/localization.list.chroot
@@ -0,0 +1,2 @@
+task-english
+task-german
diff --git a/roles/edulive/files/standard-edu/config/package-lists/school-cli.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/school-cli.list.chroot
new file mode 100644
index 0000000..103fc53
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/package-lists/school-cli.list.chroot
@@ -0,0 +1,24 @@
+##
+## packages for CLI programs
+##
+console-setup
+emacs-nox
+git
+htop
+mc
+minicom
+ncdu
+netcat-openbsd
+net-tools
+nfs-common
+nmap
+screen
+shellcheck
+sl
+systemd-journal-remote
+tcpdump
+tmux
+tree
+vim
+xterm
+
diff --git a/roles/edulive/files/standard-edu/config/package-lists/standard.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/standard.list.chroot
new file mode 100644
index 0000000..26d37f3
--- /dev/null
+++ b/roles/edulive/files/standard-edu/config/package-lists/standard.list.chroot
@@ -0,0 +1,3 @@
+! Packages Priority standard
+
+task-ssh-server
diff --git a/roles/edulive/handlers/main.yml b/roles/edulive/handlers/main.yml
index 30aee83..d036d27 100644
--- a/roles/edulive/handlers/main.yml
+++ b/roles/edulive/handlers/main.yml
@@ -1,12 +1,20 @@
---
- name: run the image build script
- command:
+ ansible.builtin.command:
cmd: livebuilder.sh
listen: run build script
- name: enable timer for livebuilder
- systemd:
+ ansible.builtin.systemd:
name: livebuilder.timer
state: started
enabled: true
listen: enable livebuilder.timer
+
+- name: restart systemd-journal-remote
+ ansible.builtin.systemd:
+ name: systemd-journal-remote.socket
+ daemon_reload: true
+ state: restarted
+ enabled: true
+ listen: restart systemd-journal-remote
diff --git a/roles/edulive/tasks/main.yml b/roles/edulive/tasks/main.yml
index 4ffb7c8..0947a5c 100644
--- a/roles/edulive/tasks/main.yml
+++ b/roles/edulive/tasks/main.yml
@@ -1,24 +1,61 @@
---
- name: install packages
- apt:
+ ansible.builtin.apt:
name:
- live-build
+ - systemd-journal-remote
state: latest # noqa package-latest
- name: prepare live-build directory
- file:
+ ansible.builtin.file:
+ path: /etc/systemd/system/systemd-journal-remote.service.d/
+ state: directory
+ mode: 0755
+
+- name: configure remote journal
+ ansible.builtin.blockinfile:
+ path: /etc/systemd/system/systemd-journal-remote.service.d/override.conf
+ create: true
+ block: |
+ [Service]
+ ExecStart=
+ ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote
+ notify: restart systemd-journal-remote
+
+- name: prepare live-build directory
+ ansible.builtin.file:
path: "{{ build_dir }}"
state: directory
mode: 0755
- name: copy build script
- template:
+ ansible.builtin.template:
src: livebuilder.sh
dest: /usr/local/sbin/
mode: 0755
+- name: prepare shared directory
+ ansible.builtin.file:
+ path: "/srv/tmpshare"
+ state: directory
+ mode: "1777"
+
+- name: mount tmpfs on shared directory
+ ansible.builtin.mount:
+ path: "/srv/tmpshare/"
+ src: "tmpfs"
+ fstype: tmpfs
+ opts: rw,nofail
+ state: mounted
+
+- name: export shared directory
+ ansible.builtin.lineinfile:
+ path: /etc/exports
+ line: "/srv/tmpshare/ *(rw,fsid=0,crossmnt,no_subtree_check)"
+ notify: export nfs
+
- name: provide service and timer for livebuilder
- copy:
+ ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: 0644
@@ -28,47 +65,70 @@
notify: "enable livebuilder.timer"
- name: copy live-build configuration
- copy:
+ ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ build_dir }}"
+ force: false
local_follow: false
mode: preserve
loop: "{{ build_images }}"
- name: prepare debian live nfs boot entry title
- lineinfile:
+ ansible.builtin.blockinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
insertafter: '-- Customized Boot Entries --'
- line: "item {{ item }} Debian GNU/Linux {{ item }} NFS"
+ marker: "# {mark} ANSIBLE MANAGED BLOCK menu entries {{ item }}"
+ block: |
+ item {{ item }}-NFS Debian GNU/Linux {{ item }} NFS
+ item {{ item }}-RAM Debian GNU/Linux {{ item }} RAM
loop:
"{{ build_images }}"
notify: rebuild di-netboot menu
- name: prepare debian live boot loader ipxe
- blockinfile:
+ ansible.builtin.blockinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
block: |
- :{{ item }}
- echo Booting Debian GNU/Linux EDU LIVE NFS
+ :{{ item }}-NFS
+ echo Booting Debian GNU/Linux {{ item }} NFS
kernel ${210:string}d-i/n-live/{{ item }}/live/vmlinuz \
- initrd=initrd.img {{ boot_params|join(' ') }} \
- nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
+ initrd=initrd.img netboot=nfs {{ boot_params|join(' ') }} hostname=${netX/mac} \
+ nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
+ initrd ${210:string}d-i/n-live/{{ item }}/live/initrd.img
+ boot
+
+ :{{ item }}-RAM
+ echo Booting Debian GNU/Linux {{ item }} RAM
+ kernel ${210:string}d-i/n-live/{{ item }}/live/vmlinuz \
+ initrd=initrd.img {{ boot_params|join(' ') }} hostname=${netX/mac} \
+ fetch=http://{{ ansible_default_ipv4.address }}/d-i/n-live/{{ item }}/live/filesystem.squashfs
initrd ${210:string}d-i/n-live/{{ item }}/live/initrd.img
boot
loop: "{{ build_images }}"
notify: rebuild di-netboot menu
- name: prepare debian live boot loader grub
- blockinfile:
+ ansible.builtin.blockinfile:
path: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: "^menuentry 'Boot from local disk..'"
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
block: |
menuentry 'Debian GNU/Linux Live {{ item }} NFS' {
+ regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 \
+ "\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac
linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/vmlinuz \
- {{ boot_params|join(' ') }} \
- nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
+ netboot=nfs {{ boot_params|join(' ') }} hostname=${oct4}${oct5}${oct6} \
+ nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
+ initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/initrd.img
+ }
+
+ menuentry 'Debian GNU/Linux Live {{ item }} RAM' {
+ regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 \
+ "\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac
+ linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/vmlinuz \
+ {{ boot_params|join(' ') }} hostname=${oct4}${oct5}${oct6} \
+ fetch=http://{{ ansible_default_ipv4.address }}/d-i/n-live/{{ item }}/live/filesystem.squashfs
initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/initrd.img
}
loop: "{{ build_images }}"
diff --git a/roles/edulive/templates/livebuilder.sh b/roles/edulive/templates/livebuilder.sh
index 92f7aab..5bbfc85 100644
--- a/roles/edulive/templates/livebuilder.sh
+++ b/roles/edulive/templates/livebuilder.sh
@@ -19,6 +19,13 @@ run_build(){
done
}
+clean_share(){
+ local TMPSHARE="/srv/tmpshare/"
+ find "$TMPSHARE/" -mindepth 1 -delete
+ echo "All content in this directory will be removed periodically!" \
+ >> "$TMPSHARE/README"
+}
+
## main:
if ! auto-apt-proxy | grep -q 'http://127.0.0.1:3142' ; then
@@ -30,3 +37,4 @@ for IMG in {{ build_images|join(' ') }} ; do
echo "=========== Building image $IMG ==========="
run_build $IMG
done
+clean_share
diff --git a/roles/lmn_netbootinstaller/defaults/main.yml b/roles/lmn_netbootinstaller/defaults/main.yml
new file mode 100644
index 0000000..1eb1d73
--- /dev/null
+++ b/roles/lmn_netbootinstaller/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+service_description: "A service to server the netboot-client-playbook and roles to the lan"
diff --git a/roles/lmn_netbootinstaller/handlers/main.yml b/roles/lmn_netbootinstaller/handlers/main.yml
new file mode 100644
index 0000000..9fc2fb7
--- /dev/null
+++ b/roles/lmn_netbootinstaller/handlers/main.yml
@@ -0,0 +1,13 @@
+- name: rebuild di-netboot menu
+ command: "{{ item }}"
+ with_items:
+ - di-netboot-assistant rebuild-menu
+ - di-netboot-assistant rebuild-grub
+ listen: rebuild di-netboot menu
+
+
+- name: restart git service
+ service:
+ name: lmn-netboot-git
+ state: restarted
+ listen: restart git service
diff --git a/roles/lmn_netbootinstaller/tasks/main.yml b/roles/lmn_netbootinstaller/tasks/main.yml
new file mode 100644
index 0000000..c33f4c9
--- /dev/null
+++ b/roles/lmn_netbootinstaller/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: prepare installer boot loader grub
+ blockinfile:
+ path: /etc/di-netboot-assistant/grub.cfg.HEAD
+ insertbefore: "^menuentry 'Boot from local disk..'"
+ marker: "# {mark} ANSIBLE MANAGED BLOCK netboot-installer"
+ block: |
+ menuentry 'Installer Debian bookworm (amd64) + preseed + lmn-desktop.yml' --unrestricted {
+ linux (http,{{ ansible_default_ipv4.address }})/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/linux auto=true priority=critical \
+ url=tftp://{{ ansible_default_ipv4.address }}/d-i/bookworm/preseed.cfg_lmn-desktop \
+ playbook=lmn-desktop.yml adpw='{{ gapw }}' ---
+ initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/initrd.gz
+ }
+ notify: rebuild di-netboot menu
+
+- name: set git-daemon-export-ok for management repo
+ copy:
+ content: ""
+ dest: "{{ playbook_dir }}/.git/git-daemon-export-ok"
+ force: false
+ group: ansible
+ owner: ansible
+ mode: 0644
+
+- name: Create gitd systemd service file
+ template:
+ src: templates/lmn-netboot-git.service.j2
+ dest: /lib/systemd/system/lmn-netboot-git.service
+
+- name: Start gitd service for installation playbook
+ systemd:
+ name: lmn-netboot-git
+ state: started
+
+- name: provide preseed.cfg_lmn-desktop file
+ template:
+ src: templates/preseed.cfg_lmn-desktop.j2
+ dest: /var/lib/tftpboot/d-i/bookworm/preseed.cfg_lmn-desktop
+ notify: restart git service
diff --git a/roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2 b/roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2
new file mode 100644
index 0000000..f7e2812
--- /dev/null
+++ b/roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2
@@ -0,0 +1,20 @@
+[Unit]
+Description={{ service_description }}
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/git daemon --reuseaddr --base-path={{ playbook_dir }} {{ playbook_dir }}
+Restart=on-failure
+
+Restart=always
+RestartSec=500ms
+
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=git-daemon
+
+User=ansible
+Group=ansible
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2 b/roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2
new file mode 100644
index 0000000..4bddfb5
--- /dev/null
+++ b/roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2
@@ -0,0 +1,149 @@
+#### Preconfiguration file
+##
+## The following preseeding might be used to install a basic system
+## completely automatically.
+##
+## A user 'ansible' is set up and ssh login with public key
+## authentication is configured. The idea is to allow further
+## customization of the system after installation using ansible.
+##
+## Modify at least the public ssh key in 'authorized_keys' (see
+## below).
+##
+## For more examples and comments consult:
+## https://www.debian.org/releases/stable/example-preseed.txt
+##
+
+## To change default values:
+#d-i foo/bar seen false
+#d-i foo/bar string value
+
+## Useful boot parameters:
+## DEBCONF_DEBUG=5
+## locale?=de_DE
+
+## To set the hostname manually during installation, use priority=high
+## as boot parameter and uncomment this line:
+#d-i debconf/priority string critical
+
+## Preseeding only locale sets language, country and locale:
+d-i debian-installer/locale string de_DE
+d-i keyboard-configuration/xkb-keymap select de
+
+## Use hostname assigned by DHCP:
+d-i netcfg/get_hostname string unassigned-hostname
+d-i netcfg/get_domain string unassigned-domain
+
+## Skip root account:
+d-i passwd/root-login boolean false
+
+### Apt setup
+d-i apt-setup/non-free-firmware boolean true
+d-i apt-setup/non-free boolean true
+d-i apt-setup/contrib boolean true
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string deb.debian.org
+d-i mirror/http/directory string /debian
+#d-i mirror/http/proxy string http://10.167.0.253:3142/
+#d-i mirror/http/proxy string http://192.168.1.17:3142/
+#d-i mirror/http/proxy string http://aptcache.steinbeisschule-reutlingen.de:3142/
+d-i mirror/http/proxy string http://10.16.1.2:3142/
+
+# NTP server to use.
+d-i clock-setup/ntp-server string server.qgm.lan
+
+### Backports:
+#apt-setup-udeb apt-setup/services-select multiselect security, updates, backports
+apt-setup-udeb apt-setup/services-select multiselect security, updates
+
+### Ansible User
+d-i passwd/user-fullname string Ansible User
+d-i passwd/username string ansible
+d-i passwd/user-password password insecure
+d-i passwd/user-password-again password insecure
+#d-i passwd/user-password-crypted password [crypt(3) hash]
+
+### Do not ask about support for non-efi systems:
+d-i partman-efi/non_efi_system boolean true
+
+### Leave this empty to use the only available hard drive:
+d-i partman-auto/disk string
+#d-i partman-auto/disk string /dev/sdd
+#d-i partman-auto/disk string /dev/vda
+
+### Regular partitions:
+d-i partman-auto/method string regular
+d-i partman-auto/choose_recipe select atomic
+## This makes partman automatically partition without confirmation:
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+# ### Enable to set up LVM:
+# d-i partman-auto/method string lvm
+# ## Use only 50% of the available physical volume size and then
+# ## adjust the logical volume sizes later with ansible, if needed:
+# d-i partman-auto-lvm/guided_size PERCENT 50%
+# # If one of the disks that are going to be automatically partitioned
+# # contains an old LVM configuration, the user will normally receive a
+# # warning. This can be preseeded away...
+# d-i partman-lvm/device_remove_lvm boolean true
+# # The same applies to pre-existing software RAID array:
+# d-i partman-md/device_remove_md boolean true
+# # And the same goes for the confirmation to write the lvm partitions.
+# d-i partman-lvm/confirm boolean true
+# d-i partman-lvm/confirm_nooverwrite boolean true
+# # You can choose one of the three predefined partitioning recipes:
+# # - atomic: all files in one partition
+# # - home: separate /home partition
+# # - multi: separate /home, /var, and /tmp partitions
+# d-i partman-auto/choose_recipe select multi
+
+### Package selection
+#tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server
+tasksel tasksel/first multiselect standard, ssh-server, kde-desktop
+
+### Individual additional packages to install
+#d-i pkgsel/include string firmware-linux ansible git
+d-i pkgsel/include string ansible git firmware-linux
+#d-i pkgsel/include string firmware-linux ansible/buster-backports git
+#d-i pkgsel/include string firmware-linux
+
+### GRUB on default disk:
+d-i grub-installer/bootdev string default
+
+### This command is run just before the install finishes:
+d-i preseed/late_command string \
+ mkdir -p /target/home/ansible/.ssh && \
+ echo "{{ ansible_ssh_pubkey }}" >> /target/home/ansible/.ssh/authorized_keys ; \
+ in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
+ in-target chmod -R og= /home/ansible/.ssh/ ; \
+ [ -z "$playbook" ] || mkdir -v /target/dev/shm ; \
+ [ -z "$playbook" ] || in-target mount -v -t tmpfs tmpfs /dev/shm ; \
+ in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
+ -i localhost, --url=git://{{ ansible_default_ipv4.address }}/.git -C {{ lmn_client_branch }} $playbook
+# -i localhost, --url=http://10.16.1.2/debian-lan-ansible.git $playbook
+# -i localhost, --url=git://10.167.0.253/.git -C fvs $playbook
+# -i localhost, --url=git://installbox/.git $playbook
+#
+#
+## Replace key with: sed -i "s#echo \".\+\"#echo \"$(cat ~/.ssh/id_rsa.pub)\"#" preseed.cfg
+#
+## When installing in combination with ansible-pull,
+## export your ansible playbook like:
+##
+## git daemon --verbose --export-all \
+## --base-path=/dir/of/playbook -- /dir/of/playbook
+##
+## Conditions may be applied in the playbook like:
+## when: run_in_installer|default(false)|bool
+## when: not run_in_installer|default(false)|bool
+
+### Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
+
+## Do not modify boot order (netboot first):
+grub-efi-amd64 grub2/update_nvram boolean false
+##grub-efi-amd64 grub2/force_efi_extra_removable boolean true
diff --git a/roles/up2date_debian/tasks/main.yml b/roles/up2date_debian/tasks/main.yml
index 013d8d2..d28bc9e 100644
--- a/roles/up2date_debian/tasks/main.yml
+++ b/roles/up2date_debian/tasks/main.yml
@@ -24,9 +24,7 @@
- name: add {{ ansible_distribution_release }}-backports
apt_repository:
- repo: >
- deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports
- main contrib non-free-firmware non-free
+ repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main
state: present
update_cache: true
when: extra_pkgs_bpo|length