From 7bf673e2c66f494cfa5585a967febd01e44ac7aa Mon Sep 17 00:00:00 2001 From: Frank Schiebel Date: Tue, 5 Sep 2023 15:11:41 +0200 Subject: [PATCH] First working version for Netbootbox-Install --- config.vars | 2 + netboot-box.yml => livebox.yml | 15 +- roles/debianlive/tasks/main.yml | 58 ++++--- roles/edulive/files/gnome-edu/README | 3 +- roles/edulive/files/gnome-edu/auto/config | 6 +- .../hooks/live/0500-desktop.hook.chroot | 12 +- .../config/includes.chroot/etc/firefox | 1 + .../etc/firefox-esr/policies/policies.json | 74 +++++++++ .../etc/libvirt/qemu/netboot.xml | 3 - .../lib/live/config/0001-VM-MAC | 8 +- .../package-lists/school-cli.list.chroot | 24 +++ .../package-lists/school-gui.list.chroot | 43 +++++ .../config/package-lists/school.list.chroot | 100 ------------ roles/edulive/files/standard-edu/README | 3 + roles/edulive/files/standard-edu/auto/build | 5 + roles/edulive/files/standard-edu/auto/clean | 10 ++ roles/edulive/files/standard-edu/auto/config | 16 ++ .../hooks/0001-plymouth-theme.hook.chroot | 8 + .../live/0010-disable-kexec-tools.hook.chroot | 16 ++ .../0050-disable-sysvinit-tmpfs.hook.chroot | 10 ++ .../hooks/live/0500-tmpshare.hook.chroot | 15 ++ .../0020-create-mtab-symlink.hook.chroot | 1 + .../normal/0030-enable-cryptsetup.hook.chroot | 1 + .../0040-create-locales-files.hook.chroot | 1 + ...0-remove-adjtime-configuration.hook.chroot | 1 + .../0110-remove-backup-files.hook.chroot | 1 + .../0120-remove-dbus-machine-id.hook.chroot | 1 + .../0130-remove-gnome-icon-cache.hook.chroot | 1 + .../normal/0140-remove-log-files.hook.chroot | 1 + ...150-remove-mdadm-configuration.hook.chroot | 1 + ...emove-openssh-server-host-keys.hook.chroot | 1 + .../normal/0170-remove-python-py.hook.chroot | 1 + ...0180-remove-systemd-machine-id.hook.chroot | 1 + .../0190-remove-temporary-files.hook.chroot | 1 + .../0195-remove-ssl-cert-snakeoil.hook.chroot | 1 + ...emove-udev-persistent-cd-rules.hook.chroot | 1 + ...move-udev-persistent-net-rules.hook.chroot | 1 + .../0400-update-apt-file-cache.hook.chroot | 1 + .../0410-update-apt-xapian-index.hook.chroot | 1 + .../0420-update-glx-alternative.hook.chroot | 1 + .../0430-update-mlocate-database.hook.chroot | 1 + ...0440-update-nvidia-alternative.hook.chroot | 1 + .../0500-reproducible-glibc.hook.chroot | 1 + .../includes.chroot/etc/sysctl.d/sysctl.conf | 3 + .../lib/live/config/0002-apt-proxy | 2 + .../package-lists/live-systems.list.chroot | 2 + .../config/package-lists/live.list.chroot | 3 + .../package-lists/localization.list.chroot | 2 + .../package-lists/school-cli.list.chroot | 24 +++ .../config/package-lists/standard.list.chroot | 3 + roles/edulive/handlers/main.yml | 12 +- roles/edulive/tasks/main.yml | 90 +++++++++-- roles/edulive/templates/livebuilder.sh | 8 + roles/lmn_netbootinstaller/defaults/main.yml | 2 + roles/lmn_netbootinstaller/handlers/main.yml | 13 ++ roles/lmn_netbootinstaller/tasks/main.yml | 39 +++++ .../templates/lmn-netboot-git.service.j2 | 20 +++ .../templates/preseed.cfg_lmn-desktop.j2 | 149 ++++++++++++++++++ roles/up2date_debian/tasks/main.yml | 4 +- 59 files changed, 659 insertions(+), 171 deletions(-) create mode 100644 config.vars rename netboot-box.yml => livebox.yml (82%) create mode 120000 roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox create mode 100644 roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox-esr/policies/policies.json create mode 100644 roles/edulive/files/gnome-edu/config/package-lists/school-cli.list.chroot create mode 100644 roles/edulive/files/gnome-edu/config/package-lists/school-gui.list.chroot delete mode 100644 roles/edulive/files/gnome-edu/config/package-lists/school.list.chroot create mode 100644 roles/edulive/files/standard-edu/README create mode 100755 roles/edulive/files/standard-edu/auto/build create mode 100755 roles/edulive/files/standard-edu/auto/clean create mode 100755 roles/edulive/files/standard-edu/auto/config create mode 100755 roles/edulive/files/standard-edu/config/hooks/0001-plymouth-theme.hook.chroot create mode 100755 roles/edulive/files/standard-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot create mode 100755 roles/edulive/files/standard-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot create mode 100755 roles/edulive/files/standard-edu/config/hooks/live/0500-tmpshare.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0040-create-locales-files.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0140-remove-log-files.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0170-remove-python-py.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot create mode 120000 roles/edulive/files/standard-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot create mode 100644 roles/edulive/files/standard-edu/config/includes.chroot/etc/sysctl.d/sysctl.conf create mode 100755 roles/edulive/files/standard-edu/config/includes.chroot/lib/live/config/0002-apt-proxy create mode 100644 roles/edulive/files/standard-edu/config/package-lists/live-systems.list.chroot create mode 100644 roles/edulive/files/standard-edu/config/package-lists/live.list.chroot create mode 100644 roles/edulive/files/standard-edu/config/package-lists/localization.list.chroot create mode 100644 roles/edulive/files/standard-edu/config/package-lists/school-cli.list.chroot create mode 100644 roles/edulive/files/standard-edu/config/package-lists/standard.list.chroot create mode 100644 roles/lmn_netbootinstaller/defaults/main.yml create mode 100644 roles/lmn_netbootinstaller/handlers/main.yml create mode 100644 roles/lmn_netbootinstaller/tasks/main.yml create mode 100644 roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2 create mode 100644 roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2 diff --git a/config.vars b/config.vars new file mode 100644 index 0000000..ef10055 --- /dev/null +++ b/config.vars @@ -0,0 +1,2 @@ +ansible_ssh_pubkey: "dummy-placeholder" +lmn_client_branch: "main" diff --git a/netboot-box.yml b/livebox.yml similarity index 82% rename from netboot-box.yml rename to livebox.yml index 12f04eb..ac561aa 100644 --- a/netboot-box.yml +++ b/livebox.yml @@ -16,6 +16,8 @@ ## > configfile (tftp,livebox.lan)/d-i/n-a/grub/grub.cfg ## > } ## +## To build an initial customized image run 'livebuilder.sh'. +## A systemd-timer will do this every week automatically. --- - name: apply configuration to the livebox hosts: all @@ -23,15 +25,16 @@ become: true vars: +# ansible_connection: local extra_pkgs: - lighttpd - nfs-kernel-server - extra_pkgs_bpo: - atftpd - di-netboot-assistant - apt-cacher-ng + extra_pkgs_bpo: [] - live_desktop: + live_desktop: # [] # use an empty list to skip iso images - gnome - kde - standard @@ -42,18 +45,23 @@ # Make sure you have sufficient disk space available (~30GiB?). build_images: - gnome-edu + - standard-edu di_dist: "{{ ansible_distribution_release }}" di_version: "{{ ansible_distribution_major_version }}" di_pkg: "debian-installer-{{ di_version }}-netboot-amd64" boot_params: - boot=live - - netboot=nfs - components - locales=de_DE.UTF-8 - keyboard-layouts=de + - live-config.timezone=Europe/Berlin + - swap=true - quiet - splash + - user-default-groups=audio,cdrom,dip,video,plugdev,netdev,dialout + - modprobe.blacklist=nvme +# - libata.force=disable # - noroot ansible_python_interpreter: "/usr/bin/python3" @@ -87,3 +95,4 @@ - aptcacher - debianlive - edulive + - lmn_netbootinstaller diff --git a/roles/debianlive/tasks/main.yml b/roles/debianlive/tasks/main.yml index 1def349..6f4d308 100644 --- a/roles/debianlive/tasks/main.yml +++ b/roles/debianlive/tasks/main.yml @@ -6,23 +6,29 @@ checksum: "sha256:{{ live_url }}/SHA256SUMS" register: new_iso loop: - "{{ live_iso | dict2items }}" + "{{ live_iso | default({}) | dict2items }}" - name: umount old iso images mount: path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}" state: unmounted loop: - "{{ live_iso | dict2items }}" + "{{ live_iso | default({}) | dict2items }}" when: new_iso.changed -- name: prepare live image directory +- name: prepare live image base directory + file: + path: "/var/lib/tftpboot/d-i/n-live/" + state: directory + mode: 0755 + +- name: prepare live image directories file: path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}" state: directory mode: 0755 loop: - "{{ live_iso | dict2items }}" + "{{ live_iso | default({}) | dict2items }}" - name: make sure loop module is loaded modprobe: @@ -37,7 +43,7 @@ opts: loop,ro,nofail state: mounted loop: - "{{ live_iso | dict2items }}" + "{{ live_iso | default({}) | dict2items }}" notify: rebuild di-netboot menu - name: prepare http downloads @@ -82,47 +88,37 @@ insertafter: '-- Customized Boot Entries --' line: "item {{ item.key }} Debian GNU/Linux {{ item.key }} NFS" loop: - "{{ live_iso | dict2items }}" + "{{ live_iso | default({}) | dict2items }}" notify: rebuild di-netboot menu -- name: find kernel version - shell: - cmd: >- - basename /var/lib/tftpboot/d-i/n-live/{{ item.key }}/live/vmlinuz* - | sed "s/vmlinuz-//" - register: images - changed_when: false - loop: - "{{ live_iso | dict2items }}" - - name: prepare debian live boot loader ipxe blockinfile: path: /etc/di-netboot-assistant/ipxemenu.HEAD - marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}" + marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.key }}" block: | - :{{ item.item.key }} - echo Booting Debian GNU/Linux {{ item.item.key }} NFS - kernel ${210:string}d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \ - initrd=initrd.img-{{ item.stdout }} {{ boot_params|join(' ') }} \ - nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/ - initrd ${210:string}d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }} + :{{ item.key }} + echo Booting Debian GNU/Linux {{ item.key }} NFS + kernel ${210:string}d-i/n-live/{{ item.key }}/live/vmlinuz \ + initrd=initrd.img netboot=nfs {{ boot_params|join(' ') }} \ + nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.key }}/ + initrd ${210:string}d-i/n-live/{{ item.key }}/live/initrd.img boot loop: - "{{ images.results }}" + "{{ live_iso | default({}) | dict2items }}" notify: rebuild di-netboot menu - name: prepare debian live boot loader grub blockinfile: path: /etc/di-netboot-assistant/grub.cfg.HEAD insertbefore: "^menuentry 'Boot from local disk..'" - marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}" + marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.key }}" block: | - menuentry 'Debian GNU/Linux Live {{ item.item.key }} NFS' { - linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \ - {{ boot_params|join(' ') }} \ - nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/ - initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }} + menuentry 'Debian GNU/Linux Live {{ item.key }} NFS' { + linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.key }}/live/vmlinuz \ + netboot=nfs {{ boot_params|join(' ') }} \ + nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.key }}/ + initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.key }}/live/initrd.img } loop: - "{{ images.results }}" + "{{ live_iso | default({}) | dict2items }}" notify: rebuild di-netboot menu diff --git a/roles/edulive/files/gnome-edu/README b/roles/edulive/files/gnome-edu/README index 83e60e3..d11ee54 100644 --- a/roles/edulive/files/gnome-edu/README +++ b/roles/edulive/files/gnome-edu/README @@ -1,2 +1,3 @@ This config space is based on: - https://salsa.debian.org/live-team/live-images/-/tree/debian/images/gnome-desktop \ No newline at end of file + https://salsa.debian.org/live-team/live-images/-/tree/debian/images/gnome-desktop + diff --git a/roles/edulive/files/gnome-edu/auto/config b/roles/edulive/files/gnome-edu/auto/config index 96e38d3..79fb8e6 100755 --- a/roles/edulive/files/gnome-edu/auto/config +++ b/roles/edulive/files/gnome-edu/auto/config @@ -7,12 +7,10 @@ lb config noauto \ --cache false \ --net-tarball false \ --ignore-system-defaults \ - --distribution bullseye \ + --distribution bookworm \ --binary-images netboot \ --mode debian \ --backports true \ --linux-packages linux-image \ - --archive-areas "main contrib non-free" \ - --mirror-bootstrap http://localhost:3142/deb.debian.org/debian/ \ - --mirror-chroot-security http://localhost:3142/security.debian.org/debian-security/ \ + --archive-areas "main non-free-firmware contrib non-free" \ "${@}" diff --git a/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot index a051368..54ec7b4 100755 --- a/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot +++ b/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot @@ -2,14 +2,20 @@ set -e -echo 'pref("browser.startup.homepage", "https://www.startpage.com");' >> /etc/firefox-esr/firefox-esr.js -echo 'pref("network.proxy.type", 4);' >> /etc/firefox-esr/firefox-esr.js - dconf update #sed -i "s/^/#/" /etc/xdg/user-dirs.defaults sed -i "s/^#WaylandEnable=false$/WaylandEnable=false/" /etc/gdm3/daemon.conf +## shared directory: +mkdir /media/tmpshare +echo "livebox:/srv/tmpshare /media/tmpshare nfs rw,auto,nofail,nolock 0 0" >> /etc/fstab + +## remote journal: +echo "URL=http://livebox" >> /etc/systemd/journal-upload.conf +ln -s /lib/systemd/system/systemd-journal-upload.service \ + /etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service + ## workaround https://bugzilla.gnome.org/show_bug.cgi?id=730587 #dpkg-divert --divert /usr/bin/gnome-keyring-daemon.bak --rename /usr/bin/gnome-keyring-daemon diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox new file mode 120000 index 0000000..e7b065e --- /dev/null +++ b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox @@ -0,0 +1 @@ +firefox-esr \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox-esr/policies/policies.json b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox-esr/policies/policies.json new file mode 100644 index 0000000..548027d --- /dev/null +++ b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox-esr/policies/policies.json @@ -0,0 +1,74 @@ +{ + "policies": { + "Proxy": { + "Mode": "system" + }, + "OverrideFirstRunPage": "https://www.debian.org", + "Homepage": { + "URL": "https://www.debian.org", + "Locked": false, + "StartPage": "previous-session" + }, + "DisplayBookmarksToolbar": true, + "ManagedBookmarks": [ + { + "toplevel_name": "Debian" + }, + { + "url": "https://www.debian.org", + "name": "Debian Homepage" + }, + { + "url": "https://wiki.debian.org", + "name": "Debian Wiki" + }, + { + "name": "Debian Development", + "children": [ + { + "url": "https://bugs.debian.org", + "name": "Debian Bug Tracker" + }, + { + "url": "https://packages.debian.org", + "name": "Debian Packages" + }, + { + "url": "https://salsa.debian.org", + "name": "Debian Salsa" + }, + { + "url": "https://tracker.debian.org", + "name": "Package Tracker" + } + ] + }, + { + "name": "Debian LAN/Live", + "children": [ + { + "url": "https://salsa.debian.org/andi/debian-lan-ansible", + "name": "Debian LAN Ansible" + }, + { + "url": "https://wiki.debian.org/DebianLive", + "name": "Debian Live" + } + ] + } + ], + "SearchEngines": { + "Add": [ + { + "Name": "Startpage", + "URLTemplate": "https://www.startpage.com/sp/search?query={searchTerms}", + "Method": "GET", + "IconURL": "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico", + "Alias": "sp", + "Description": "Startpage Search Engine" + } + ], + "Default": "Startpage" + } + } +} diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml index 6a993f9..0c04eb5 100644 --- a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml +++ b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml @@ -85,19 +85,16 @@ or other application using the libvirt API.
-
-
-
diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC b/roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC index 784d836..2a26c57 100755 --- a/roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC +++ b/roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC @@ -3,9 +3,5 @@ set -eu -NIC="$(ip link | grep "^2: " | cut -d ' ' -f2 | sed "s/://")" -MAC="$(ip link | grep -A1 "^2: " | grep -oE "[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2} " \ - | sed "s/ //g")" - -sed -i -e "s/VMMAC/$MAC/g" -e "s/INTERFACE/$NIC/g" /etc/libvirt/qemu/netboot.xml - +NIC="$(ip route | grep -m1 default | sed -E "s/.+dev (\w+).*/\1/")" +sed -i -e "s/INTERFACE/$NIC/g" /etc/libvirt/qemu/netboot.xml diff --git a/roles/edulive/files/gnome-edu/config/package-lists/school-cli.list.chroot b/roles/edulive/files/gnome-edu/config/package-lists/school-cli.list.chroot new file mode 100644 index 0000000..103fc53 --- /dev/null +++ b/roles/edulive/files/gnome-edu/config/package-lists/school-cli.list.chroot @@ -0,0 +1,24 @@ +## +## packages for CLI programs +## +console-setup +emacs-nox +git +htop +mc +minicom +ncdu +netcat-openbsd +net-tools +nfs-common +nmap +screen +shellcheck +sl +systemd-journal-remote +tcpdump +tmux +tree +vim +xterm + diff --git a/roles/edulive/files/gnome-edu/config/package-lists/school-gui.list.chroot b/roles/edulive/files/gnome-edu/config/package-lists/school-gui.list.chroot new file mode 100644 index 0000000..5654e1d --- /dev/null +++ b/roles/edulive/files/gnome-edu/config/package-lists/school-gui.list.chroot @@ -0,0 +1,43 @@ +## +## packages for GUI programs +## + +bluefish +codeblocks +dia +emacs +freecad +ghex +gimp +inkscape +keepassxc +kicad +librecad +mu-editor +#nautilus-nextcloud +#nextcloud-desktop +obs-studio +openboard +pdf-presenter-console +qtcreator +#scrcpy +spyder +ssh-askpass-gnome +sway +task-german-desktop +terminator +#texlive +#texlive-lang-german +#texlive-latex-extra +#texlive-science +thonny +#thunderbird +#thunderbird-l10n-de +virt-manager +vlc +vym +webext-privacy-badger +webext-ublock-origin-chromium +webext-ublock-origin-firefox +wireshark +xournal diff --git a/roles/edulive/files/gnome-edu/config/package-lists/school.list.chroot b/roles/edulive/files/gnome-edu/config/package-lists/school.list.chroot deleted file mode 100644 index 2c90ba9..0000000 --- a/roles/edulive/files/gnome-edu/config/package-lists/school.list.chroot +++ /dev/null @@ -1,100 +0,0 @@ -# -# This file is linked to all desktop configurations. -# Put desktop specific packages in the desktop specific file. -# -#webext-ublock-origin-firefox -#webext-ublock-origin-chromium -webext-ublock-origin -webext-privacy-badger - -vim -emacs -vlc -gimp -inkscape -bluefish - -openboard -xournal - -freecad -librecad -kicad - -git -mc -tmux -wireshark -nmap -netcat-openbsd -net-tools -thonny -spyder -ghex - -codeblocks -gprolog -qtcreator -obs-studio - -mu-editor -dia -vym -shellcheck -xterm - -tree -console-setup -virt-manager -sway - -task-german-desktop - -ssh-askpass-gnome -keepassxc - -#nextcloud-desktop -#nautilus-nextcloud -#thunderbird -#thunderbird-l10n-de - -#texlive -#texlive-latex-extra -#texlive-lang-german -#texlive-science - -pdf-presenter-console - -libreoffice/bullseye-backports -libreoffice-core/bullseye-backports -libreoffice-common/bullseye-backports -libreoffice-writer/bullseye-backports -libreoffice-calc/bullseye-backports -libreoffice-impress/bullseye-backports -libreoffice-base/bullseye-backports -libreoffice-base-drivers/bullseye-backports -libreoffice-math/bullseye-backports -libreoffice-report-builder-bin/bullseye-backports -libreoffice-style-colibre/bullseye-backports -libreoffice-gnome/bullseye-backports -libreoffice-gtk3/bullseye-backports -libreoffice-style-elementary/bullseye-backports -libreoffice-help-common/bullseye-backports -libreoffice-help-de/bullseye-backports -libreoffice-java-common/bullseye-backports -libreoffice-l10n-de/bullseye-backports -libreoffice-nlpsolver/bullseye-backports -libreoffice-report-builder/bullseye-backports -libreoffice-script-provider-bsh/bullseye-backports -libreoffice-script-provider-js/bullseye-backports -libreoffice-script-provider-python/bullseye-backports -libreoffice-sdbc-firebird/bullseye-backports -libreoffice-sdbc-hsqldb/bullseye-backports -libreoffice-sdbc-mysql/bullseye-backports -libreoffice-sdbc-postgresql/bullseye-backports -libreoffice-wiki-publisher/bullseye-backports - -python3-uno/bullseye-backports -libuno-sal3/bullseye-backports -fonts-opensymbol/bullseye-backports -ure/bullseye-backports diff --git a/roles/edulive/files/standard-edu/README b/roles/edulive/files/standard-edu/README new file mode 100644 index 0000000..76aaf5b --- /dev/null +++ b/roles/edulive/files/standard-edu/README @@ -0,0 +1,3 @@ +This config space is based on: + https://salsa.debian.org/live-team/live-images/-/tree/debian/images/standard + diff --git a/roles/edulive/files/standard-edu/auto/build b/roles/edulive/files/standard-edu/auto/build new file mode 100755 index 0000000..f8d8346 --- /dev/null +++ b/roles/edulive/files/standard-edu/auto/build @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +lb build noauto "${@}" 2>&1 | tee build.log diff --git a/roles/edulive/files/standard-edu/auto/clean b/roles/edulive/files/standard-edu/auto/clean new file mode 100755 index 0000000..4b8ccaa --- /dev/null +++ b/roles/edulive/files/standard-edu/auto/clean @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +lb clean noauto "${@}" + +rm -f config/binary config/bootstrap config/chroot config/common config/source +rm -f config/control + +rm -f build.log diff --git a/roles/edulive/files/standard-edu/auto/config b/roles/edulive/files/standard-edu/auto/config new file mode 100755 index 0000000..79fb8e6 --- /dev/null +++ b/roles/edulive/files/standard-edu/auto/config @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +lb config noauto \ + --clean \ + --cache false \ + --net-tarball false \ + --ignore-system-defaults \ + --distribution bookworm \ + --binary-images netboot \ + --mode debian \ + --backports true \ + --linux-packages linux-image \ + --archive-areas "main non-free-firmware contrib non-free" \ +"${@}" diff --git a/roles/edulive/files/standard-edu/config/hooks/0001-plymouth-theme.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/0001-plymouth-theme.hook.chroot new file mode 100755 index 0000000..16095e0 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/0001-plymouth-theme.hook.chroot @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +if [ -e /usr/sbin/plymouth-set-default-theme ] && [ -e /usr/share/plymouth/themes/lines ] +then + plymouth-set-default-theme lines +fi diff --git a/roles/edulive/files/standard-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot new file mode 100755 index 0000000..403d1d4 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +# Disable kexec-tools + +if [ -e /sbin/kexec ] +then + echo "kexec-tools kexec-tools/load_kexec boolean false" > /root/preseed + + debconf-set-selections /root/preseed + + rm -f /root/preseed + + dpkg-reconfigure kexec-tools +fi diff --git a/roles/edulive/files/standard-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot new file mode 100755 index 0000000..37750b3 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +# Disable tmpfs on /tmp + +if [ -e /etc/default/rcS ] +then + sed -i -e 's|^ *RAMTMP=.*|RAMTMP=no|' /etc/default/rcS +fi diff --git a/roles/edulive/files/standard-edu/config/hooks/live/0500-tmpshare.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/live/0500-tmpshare.hook.chroot new file mode 100755 index 0000000..cd9d2fb --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/live/0500-tmpshare.hook.chroot @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +## shared directory: +mkdir /media/tmpshare +echo "livebox:/srv/tmpshare /media/tmpshare nfs rw,auto,nofail,nolock 0 0" >> /etc/fstab + +## remote journal: +echo "URL=http://livebox" >> /etc/systemd/journal-upload.conf +ln -s /lib/systemd/system/systemd-journal-upload.service \ + /etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service + +## workaround https://bugzilla.gnome.org/show_bug.cgi?id=730587 +#dpkg-divert --divert /usr/bin/gnome-keyring-daemon.bak --rename /usr/bin/gnome-keyring-daemon diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot new file mode 120000 index 0000000..58123fc --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0020-create-mtab-symlink.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot new file mode 120000 index 0000000..c5ab625 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0030-enable-cryptsetup.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0040-create-locales-files.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0040-create-locales-files.hook.chroot new file mode 120000 index 0000000..036e7e0 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0040-create-locales-files.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0040-create-locales-files.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot new file mode 120000 index 0000000..b0ccdb6 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0100-remove-adjtime-configuration.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot new file mode 120000 index 0000000..8b68c5c --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0110-remove-backup-files.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot new file mode 120000 index 0000000..4d55b27 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0120-remove-dbus-machine-id.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot new file mode 120000 index 0000000..54f6a9b --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0140-remove-log-files.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0140-remove-log-files.hook.chroot new file mode 120000 index 0000000..2b99cec --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0140-remove-log-files.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0140-remove-log-files.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot new file mode 120000 index 0000000..0c3cd2f --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0150-remove-mdadm-configuration.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot new file mode 120000 index 0000000..e57b8d2 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0170-remove-python-py.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0170-remove-python-py.hook.chroot new file mode 120000 index 0000000..858a942 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0170-remove-python-py.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0170-remove-python-py.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot new file mode 120000 index 0000000..6cecf66 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0180-remove-systemd-machine-id.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot new file mode 120000 index 0000000..ada76d9 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0190-remove-temporary-files.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot new file mode 120000 index 0000000..9fc0723 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot new file mode 120000 index 0000000..f893dcc --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot new file mode 120000 index 0000000..a6ee33d --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot new file mode 120000 index 0000000..380fdcf --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0400-update-apt-file-cache.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot new file mode 120000 index 0000000..dd7150e --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0410-update-apt-xapian-index.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot new file mode 120000 index 0000000..4da25f8 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0420-update-glx-alternative.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot new file mode 120000 index 0000000..13b49d7 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0430-update-mlocate-database.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot new file mode 120000 index 0000000..0a65196 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0440-update-nvidia-alternative.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot b/roles/edulive/files/standard-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot new file mode 120000 index 0000000..9d4f095 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot @@ -0,0 +1 @@ +/usr/share/live/build/hooks/normal/0500-reproducible-glibc.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/standard-edu/config/includes.chroot/etc/sysctl.d/sysctl.conf b/roles/edulive/files/standard-edu/config/includes.chroot/etc/sysctl.d/sysctl.conf new file mode 100644 index 0000000..c038e6d --- /dev/null +++ b/roles/edulive/files/standard-edu/config/includes.chroot/etc/sysctl.d/sysctl.conf @@ -0,0 +1,3 @@ +# Uncomment the following to stop low-level messages on console +kernel.printk = 3 4 1 3 + diff --git a/roles/edulive/files/standard-edu/config/includes.chroot/lib/live/config/0002-apt-proxy b/roles/edulive/files/standard-edu/config/includes.chroot/lib/live/config/0002-apt-proxy new file mode 100755 index 0000000..078c3bb --- /dev/null +++ b/roles/edulive/files/standard-edu/config/includes.chroot/lib/live/config/0002-apt-proxy @@ -0,0 +1,2 @@ +#!/bin/sh +echo 'Acquire::http::Proxy "http://livebox:3142";' >> /etc/apt/apt.conf.d/10proxy diff --git a/roles/edulive/files/standard-edu/config/package-lists/live-systems.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/live-systems.list.chroot new file mode 100644 index 0000000..d73ed96 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/package-lists/live-systems.list.chroot @@ -0,0 +1,2 @@ +live-manual +live-tools diff --git a/roles/edulive/files/standard-edu/config/package-lists/live.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/live.list.chroot new file mode 100644 index 0000000..1e6ef96 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/package-lists/live.list.chroot @@ -0,0 +1,3 @@ +live-boot +live-config +live-config-systemd diff --git a/roles/edulive/files/standard-edu/config/package-lists/localization.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/localization.list.chroot new file mode 100644 index 0000000..f952ab0 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/package-lists/localization.list.chroot @@ -0,0 +1,2 @@ +task-english +task-german diff --git a/roles/edulive/files/standard-edu/config/package-lists/school-cli.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/school-cli.list.chroot new file mode 100644 index 0000000..103fc53 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/package-lists/school-cli.list.chroot @@ -0,0 +1,24 @@ +## +## packages for CLI programs +## +console-setup +emacs-nox +git +htop +mc +minicom +ncdu +netcat-openbsd +net-tools +nfs-common +nmap +screen +shellcheck +sl +systemd-journal-remote +tcpdump +tmux +tree +vim +xterm + diff --git a/roles/edulive/files/standard-edu/config/package-lists/standard.list.chroot b/roles/edulive/files/standard-edu/config/package-lists/standard.list.chroot new file mode 100644 index 0000000..26d37f3 --- /dev/null +++ b/roles/edulive/files/standard-edu/config/package-lists/standard.list.chroot @@ -0,0 +1,3 @@ +! Packages Priority standard + +task-ssh-server diff --git a/roles/edulive/handlers/main.yml b/roles/edulive/handlers/main.yml index 30aee83..d036d27 100644 --- a/roles/edulive/handlers/main.yml +++ b/roles/edulive/handlers/main.yml @@ -1,12 +1,20 @@ --- - name: run the image build script - command: + ansible.builtin.command: cmd: livebuilder.sh listen: run build script - name: enable timer for livebuilder - systemd: + ansible.builtin.systemd: name: livebuilder.timer state: started enabled: true listen: enable livebuilder.timer + +- name: restart systemd-journal-remote + ansible.builtin.systemd: + name: systemd-journal-remote.socket + daemon_reload: true + state: restarted + enabled: true + listen: restart systemd-journal-remote diff --git a/roles/edulive/tasks/main.yml b/roles/edulive/tasks/main.yml index 4ffb7c8..0947a5c 100644 --- a/roles/edulive/tasks/main.yml +++ b/roles/edulive/tasks/main.yml @@ -1,24 +1,61 @@ --- - name: install packages - apt: + ansible.builtin.apt: name: - live-build + - systemd-journal-remote state: latest # noqa package-latest - name: prepare live-build directory - file: + ansible.builtin.file: + path: /etc/systemd/system/systemd-journal-remote.service.d/ + state: directory + mode: 0755 + +- name: configure remote journal + ansible.builtin.blockinfile: + path: /etc/systemd/system/systemd-journal-remote.service.d/override.conf + create: true + block: | + [Service] + ExecStart= + ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote + notify: restart systemd-journal-remote + +- name: prepare live-build directory + ansible.builtin.file: path: "{{ build_dir }}" state: directory mode: 0755 - name: copy build script - template: + ansible.builtin.template: src: livebuilder.sh dest: /usr/local/sbin/ mode: 0755 +- name: prepare shared directory + ansible.builtin.file: + path: "/srv/tmpshare" + state: directory + mode: "1777" + +- name: mount tmpfs on shared directory + ansible.builtin.mount: + path: "/srv/tmpshare/" + src: "tmpfs" + fstype: tmpfs + opts: rw,nofail + state: mounted + +- name: export shared directory + ansible.builtin.lineinfile: + path: /etc/exports + line: "/srv/tmpshare/ *(rw,fsid=0,crossmnt,no_subtree_check)" + notify: export nfs + - name: provide service and timer for livebuilder - copy: + ansible.builtin.copy: src: "{{ item }}" dest: "/etc/systemd/system/{{ item }}" mode: 0644 @@ -28,47 +65,70 @@ notify: "enable livebuilder.timer" - name: copy live-build configuration - copy: + ansible.builtin.copy: src: "{{ item }}" dest: "{{ build_dir }}" + force: false local_follow: false mode: preserve loop: "{{ build_images }}" - name: prepare debian live nfs boot entry title - lineinfile: + ansible.builtin.blockinfile: path: /etc/di-netboot-assistant/ipxemenu.HEAD insertafter: '-- Customized Boot Entries --' - line: "item {{ item }} Debian GNU/Linux {{ item }} NFS" + marker: "# {mark} ANSIBLE MANAGED BLOCK menu entries {{ item }}" + block: | + item {{ item }}-NFS Debian GNU/Linux {{ item }} NFS + item {{ item }}-RAM Debian GNU/Linux {{ item }} RAM loop: "{{ build_images }}" notify: rebuild di-netboot menu - name: prepare debian live boot loader ipxe - blockinfile: + ansible.builtin.blockinfile: path: /etc/di-netboot-assistant/ipxemenu.HEAD marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}" block: | - :{{ item }} - echo Booting Debian GNU/Linux EDU LIVE NFS + :{{ item }}-NFS + echo Booting Debian GNU/Linux {{ item }} NFS kernel ${210:string}d-i/n-live/{{ item }}/live/vmlinuz \ - initrd=initrd.img {{ boot_params|join(' ') }} \ - nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/ + initrd=initrd.img netboot=nfs {{ boot_params|join(' ') }} hostname=${netX/mac} \ + nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/ + initrd ${210:string}d-i/n-live/{{ item }}/live/initrd.img + boot + + :{{ item }}-RAM + echo Booting Debian GNU/Linux {{ item }} RAM + kernel ${210:string}d-i/n-live/{{ item }}/live/vmlinuz \ + initrd=initrd.img {{ boot_params|join(' ') }} hostname=${netX/mac} \ + fetch=http://{{ ansible_default_ipv4.address }}/d-i/n-live/{{ item }}/live/filesystem.squashfs initrd ${210:string}d-i/n-live/{{ item }}/live/initrd.img boot loop: "{{ build_images }}" notify: rebuild di-netboot menu - name: prepare debian live boot loader grub - blockinfile: + ansible.builtin.blockinfile: path: /etc/di-netboot-assistant/grub.cfg.HEAD insertbefore: "^menuentry 'Boot from local disk..'" marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}" block: | menuentry 'Debian GNU/Linux Live {{ item }} NFS' { + regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 \ + "\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/vmlinuz \ - {{ boot_params|join(' ') }} \ - nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/ + netboot=nfs {{ boot_params|join(' ') }} hostname=${oct4}${oct5}${oct6} \ + nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/ + initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/initrd.img + } + + menuentry 'Debian GNU/Linux Live {{ item }} RAM' { + regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 \ + "\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac + linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/vmlinuz \ + {{ boot_params|join(' ') }} hostname=${oct4}${oct5}${oct6} \ + fetch=http://{{ ansible_default_ipv4.address }}/d-i/n-live/{{ item }}/live/filesystem.squashfs initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/initrd.img } loop: "{{ build_images }}" diff --git a/roles/edulive/templates/livebuilder.sh b/roles/edulive/templates/livebuilder.sh index 92f7aab..5bbfc85 100644 --- a/roles/edulive/templates/livebuilder.sh +++ b/roles/edulive/templates/livebuilder.sh @@ -19,6 +19,13 @@ run_build(){ done } +clean_share(){ + local TMPSHARE="/srv/tmpshare/" + find "$TMPSHARE/" -mindepth 1 -delete + echo "All content in this directory will be removed periodically!" \ + >> "$TMPSHARE/README" +} + ## main: if ! auto-apt-proxy | grep -q 'http://127.0.0.1:3142' ; then @@ -30,3 +37,4 @@ for IMG in {{ build_images|join(' ') }} ; do echo "=========== Building image $IMG ===========" run_build $IMG done +clean_share diff --git a/roles/lmn_netbootinstaller/defaults/main.yml b/roles/lmn_netbootinstaller/defaults/main.yml new file mode 100644 index 0000000..1eb1d73 --- /dev/null +++ b/roles/lmn_netbootinstaller/defaults/main.yml @@ -0,0 +1,2 @@ +--- +service_description: "A service to server the netboot-client-playbook and roles to the lan" diff --git a/roles/lmn_netbootinstaller/handlers/main.yml b/roles/lmn_netbootinstaller/handlers/main.yml new file mode 100644 index 0000000..9fc2fb7 --- /dev/null +++ b/roles/lmn_netbootinstaller/handlers/main.yml @@ -0,0 +1,13 @@ +- name: rebuild di-netboot menu + command: "{{ item }}" + with_items: + - di-netboot-assistant rebuild-menu + - di-netboot-assistant rebuild-grub + listen: rebuild di-netboot menu + + +- name: restart git service + service: + name: lmn-netboot-git + state: restarted + listen: restart git service diff --git a/roles/lmn_netbootinstaller/tasks/main.yml b/roles/lmn_netbootinstaller/tasks/main.yml new file mode 100644 index 0000000..c33f4c9 --- /dev/null +++ b/roles/lmn_netbootinstaller/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: prepare installer boot loader grub + blockinfile: + path: /etc/di-netboot-assistant/grub.cfg.HEAD + insertbefore: "^menuentry 'Boot from local disk..'" + marker: "# {mark} ANSIBLE MANAGED BLOCK netboot-installer" + block: | + menuentry 'Installer Debian bookworm (amd64) + preseed + lmn-desktop.yml' --unrestricted { + linux (http,{{ ansible_default_ipv4.address }})/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/linux auto=true priority=critical \ + url=tftp://{{ ansible_default_ipv4.address }}/d-i/bookworm/preseed.cfg_lmn-desktop \ + playbook=lmn-desktop.yml adpw='{{ gapw }}' --- + initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/initrd.gz + } + notify: rebuild di-netboot menu + +- name: set git-daemon-export-ok for management repo + copy: + content: "" + dest: "{{ playbook_dir }}/.git/git-daemon-export-ok" + force: false + group: ansible + owner: ansible + mode: 0644 + +- name: Create gitd systemd service file + template: + src: templates/lmn-netboot-git.service.j2 + dest: /lib/systemd/system/lmn-netboot-git.service + +- name: Start gitd service for installation playbook + systemd: + name: lmn-netboot-git + state: started + +- name: provide preseed.cfg_lmn-desktop file + template: + src: templates/preseed.cfg_lmn-desktop.j2 + dest: /var/lib/tftpboot/d-i/bookworm/preseed.cfg_lmn-desktop + notify: restart git service diff --git a/roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2 b/roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2 new file mode 100644 index 0000000..f7e2812 --- /dev/null +++ b/roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2 @@ -0,0 +1,20 @@ +[Unit] +Description={{ service_description }} +After=network.target + +[Service] +ExecStart=/usr/bin/git daemon --reuseaddr --base-path={{ playbook_dir }} {{ playbook_dir }} +Restart=on-failure + +Restart=always +RestartSec=500ms + +StandardOutput=syslog +StandardError=syslog +SyslogIdentifier=git-daemon + +User=ansible +Group=ansible + +[Install] +WantedBy=multi-user.target diff --git a/roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2 b/roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2 new file mode 100644 index 0000000..4bddfb5 --- /dev/null +++ b/roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2 @@ -0,0 +1,149 @@ +#### Preconfiguration file +## +## The following preseeding might be used to install a basic system +## completely automatically. +## +## A user 'ansible' is set up and ssh login with public key +## authentication is configured. The idea is to allow further +## customization of the system after installation using ansible. +## +## Modify at least the public ssh key in 'authorized_keys' (see +## below). +## +## For more examples and comments consult: +## https://www.debian.org/releases/stable/example-preseed.txt +## + +## To change default values: +#d-i foo/bar seen false +#d-i foo/bar string value + +## Useful boot parameters: +## DEBCONF_DEBUG=5 +## locale?=de_DE + +## To set the hostname manually during installation, use priority=high +## as boot parameter and uncomment this line: +#d-i debconf/priority string critical + +## Preseeding only locale sets language, country and locale: +d-i debian-installer/locale string de_DE +d-i keyboard-configuration/xkb-keymap select de + +## Use hostname assigned by DHCP: +d-i netcfg/get_hostname string unassigned-hostname +d-i netcfg/get_domain string unassigned-domain + +## Skip root account: +d-i passwd/root-login boolean false + +### Apt setup +d-i apt-setup/non-free-firmware boolean true +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true + +d-i mirror/country string manual +d-i mirror/http/hostname string deb.debian.org +d-i mirror/http/directory string /debian +#d-i mirror/http/proxy string http://10.167.0.253:3142/ +#d-i mirror/http/proxy string http://192.168.1.17:3142/ +#d-i mirror/http/proxy string http://aptcache.steinbeisschule-reutlingen.de:3142/ +d-i mirror/http/proxy string http://10.16.1.2:3142/ + +# NTP server to use. +d-i clock-setup/ntp-server string server.qgm.lan + +### Backports: +#apt-setup-udeb apt-setup/services-select multiselect security, updates, backports +apt-setup-udeb apt-setup/services-select multiselect security, updates + +### Ansible User +d-i passwd/user-fullname string Ansible User +d-i passwd/username string ansible +d-i passwd/user-password password insecure +d-i passwd/user-password-again password insecure +#d-i passwd/user-password-crypted password [crypt(3) hash] + +### Do not ask about support for non-efi systems: +d-i partman-efi/non_efi_system boolean true + +### Leave this empty to use the only available hard drive: +d-i partman-auto/disk string +#d-i partman-auto/disk string /dev/sdd +#d-i partman-auto/disk string /dev/vda + +### Regular partitions: +d-i partman-auto/method string regular +d-i partman-auto/choose_recipe select atomic +## This makes partman automatically partition without confirmation: +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +# ### Enable to set up LVM: +# d-i partman-auto/method string lvm +# ## Use only 50% of the available physical volume size and then +# ## adjust the logical volume sizes later with ansible, if needed: +# d-i partman-auto-lvm/guided_size PERCENT 50% +# # If one of the disks that are going to be automatically partitioned +# # contains an old LVM configuration, the user will normally receive a +# # warning. This can be preseeded away... +# d-i partman-lvm/device_remove_lvm boolean true +# # The same applies to pre-existing software RAID array: +# d-i partman-md/device_remove_md boolean true +# # And the same goes for the confirmation to write the lvm partitions. +# d-i partman-lvm/confirm boolean true +# d-i partman-lvm/confirm_nooverwrite boolean true +# # You can choose one of the three predefined partitioning recipes: +# # - atomic: all files in one partition +# # - home: separate /home partition +# # - multi: separate /home, /var, and /tmp partitions +# d-i partman-auto/choose_recipe select multi + +### Package selection +#tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server +tasksel tasksel/first multiselect standard, ssh-server, kde-desktop + +### Individual additional packages to install +#d-i pkgsel/include string firmware-linux ansible git +d-i pkgsel/include string ansible git firmware-linux +#d-i pkgsel/include string firmware-linux ansible/buster-backports git +#d-i pkgsel/include string firmware-linux + +### GRUB on default disk: +d-i grub-installer/bootdev string default + +### This command is run just before the install finishes: +d-i preseed/late_command string \ + mkdir -p /target/home/ansible/.ssh && \ + echo "{{ ansible_ssh_pubkey }}" >> /target/home/ansible/.ssh/authorized_keys ; \ + in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \ + in-target chmod -R og= /home/ansible/.ssh/ ; \ + [ -z "$playbook" ] || mkdir -v /target/dev/shm ; \ + [ -z "$playbook" ] || in-target mount -v -t tmpfs tmpfs /dev/shm ; \ + in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \ + -i localhost, --url=git://{{ ansible_default_ipv4.address }}/.git -C {{ lmn_client_branch }} $playbook +# -i localhost, --url=http://10.16.1.2/debian-lan-ansible.git $playbook +# -i localhost, --url=git://10.167.0.253/.git -C fvs $playbook +# -i localhost, --url=git://installbox/.git $playbook +# +# +## Replace key with: sed -i "s#echo \".\+\"#echo \"$(cat ~/.ssh/id_rsa.pub)\"#" preseed.cfg +# +## When installing in combination with ansible-pull, +## export your ansible playbook like: +## +## git daemon --verbose --export-all \ +## --base-path=/dir/of/playbook -- /dir/of/playbook +## +## Conditions may be applied in the playbook like: +## when: run_in_installer|default(false)|bool +## when: not run_in_installer|default(false)|bool + +### Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +## Do not modify boot order (netboot first): +grub-efi-amd64 grub2/update_nvram boolean false +##grub-efi-amd64 grub2/force_efi_extra_removable boolean true diff --git a/roles/up2date_debian/tasks/main.yml b/roles/up2date_debian/tasks/main.yml index 013d8d2..d28bc9e 100644 --- a/roles/up2date_debian/tasks/main.yml +++ b/roles/up2date_debian/tasks/main.yml @@ -24,9 +24,7 @@ - name: add {{ ansible_distribution_release }}-backports apt_repository: - repo: > - deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports - main contrib non-free-firmware non-free + repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main state: present update_cache: true when: extra_pkgs_bpo|length