playbooks/bookworm
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

First working version for Netbootbox-Install

Browse source
This commit is contained in:
Frank Schiebel 2023-09-05 15:11:41 +02:00
parent 790f0327ca
commit 7bf673e2c6
59 changed files with 659 additions and 171 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config.vars Normal file
View file

@ -0,0 +1,2 @@
ansible_ssh_pubkey: "dummy-placeholder"
lmn_client_branch: "main"

15
netboot-box.yml → livebox.yml
View file

@ -16,6 +16,8 @@
## > configfile (tftp,livebox.lan)/d-i/n-a/grub/grub.cfg
## > }
##
## To build an initial customized image run 'livebuilder.sh'.
## A systemd-timer will do this every week automatically.
---
- name: apply configuration to the livebox
hosts: all
@ -23,15 +25,16 @@
become: true
vars:
# ansible_connection: local
extra_pkgs:
- lighttpd
- nfs-kernel-server
extra_pkgs_bpo:
- atftpd
- di-netboot-assistant
- apt-cacher-ng
extra_pkgs_bpo: []
live_desktop:
live_desktop: # [] # use an empty list to skip iso images
- gnome
- kde
- standard
@ -42,18 +45,23 @@
# Make sure you have sufficient disk space available (~30GiB?).
build_images:
- gnome-edu
- standard-edu
di_dist: "{{ ansible_distribution_release }}"
di_version: "{{ ansible_distribution_major_version }}"
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
boot_params:
- boot=live
- netboot=nfs
- components
- locales=de_DE.UTF-8
- keyboard-layouts=de
- live-config.timezone=Europe/Berlin
- swap=true
- quiet
- splash
- user-default-groups=audio,cdrom,dip,video,plugdev,netdev,dialout
- modprobe.blacklist=nvme
# - libata.force=disable
# - noroot
ansible_python_interpreter: "/usr/bin/python3"
@ -87,3 +95,4 @@
- aptcacher
- debianlive
- edulive
- lmn_netbootinstaller

58
roles/debianlive/tasks/main.yml
View file

@ -6,23 +6,29 @@
checksum: "sha256:{{ live_url }}/SHA256SUMS"
register: new_iso
loop:
"{{ live_iso | dict2items }}"
"{{ live_iso | default({}) | dict2items }}"
- name: umount old iso images
mount:
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
state: unmounted
loop:
"{{ live_iso | dict2items }}"
"{{ live_iso | default({}) | dict2items }}"
when: new_iso.changed
- name: prepare live image directory
- name: prepare live image base directory
file:
path: "/var/lib/tftpboot/d-i/n-live/"
state: directory
mode: 0755
- name: prepare live image directories
file:
path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}"
state: directory
mode: 0755
loop:
"{{ live_iso | dict2items }}"
"{{ live_iso | default({}) | dict2items }}"
- name: make sure loop module is loaded
modprobe:
@ -37,7 +43,7 @@
opts: loop,ro,nofail
state: mounted
loop:
"{{ live_iso | dict2items }}"
"{{ live_iso | default({}) | dict2items }}"
notify: rebuild di-netboot menu
- name: prepare http downloads
@ -82,47 +88,37 @@
insertafter: '-- Customized Boot Entries --'
line: "item {{ item.key }} Debian GNU/Linux {{ item.key }} NFS"
loop:
"{{ live_iso | dict2items }}"
"{{ live_iso | default({}) | dict2items }}"
notify: rebuild di-netboot menu
- name: find kernel version
shell:
cmd: >-
basename /var/lib/tftpboot/d-i/n-live/{{ item.key }}/live/vmlinuz*
| sed "s/vmlinuz-//"
register: images
changed_when: false
loop:
"{{ live_iso | dict2items }}"
- name: prepare debian live boot loader ipxe
blockinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.key }}"
block: |
:{{ item.item.key }}
echo Booting Debian GNU/Linux {{ item.item.key }} NFS
kernel ${210:string}d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \
initrd=initrd.img-{{ item.stdout }} {{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/
initrd ${210:string}d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }}
:{{ item.key }}
echo Booting Debian GNU/Linux {{ item.key }} NFS
kernel ${210:string}d-i/n-live/{{ item.key }}/live/vmlinuz \
initrd=initrd.img netboot=nfs {{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.key }}/
initrd ${210:string}d-i/n-live/{{ item.key }}/live/initrd.img
boot
loop:
"{{ images.results }}"
"{{ live_iso | default({}) | dict2items }}"
notify: rebuild di-netboot menu
- name: prepare debian live boot loader grub
blockinfile:
path: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: "^menuentry 'Boot from local disk..'"
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.key }}"
block: |
menuentry 'Debian GNU/Linux Live {{ item.item.key }} NFS' {
linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \
{{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/
initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }}
menuentry 'Debian GNU/Linux Live {{ item.key }} NFS' {
linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.key }}/live/vmlinuz \
netboot=nfs {{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.key }}/
initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.key }}/live/initrd.img
}
loop:
"{{ images.results }}"
"{{ live_iso | default({}) | dict2items }}"
notify: rebuild di-netboot menu

1
roles/edulive/files/gnome-edu/README
View file

@ -1,2 +1,3 @@
This config space is based on:
https://salsa.debian.org/live-team/live-images/-/tree/debian/images/gnome-desktop

6
roles/edulive/files/gnome-edu/auto/config
View file

@ -7,12 +7,10 @@ lb config noauto \
--cache false \
--net-tarball false \
--ignore-system-defaults \
--distribution bullseye \
--distribution bookworm \
--binary-images netboot \
--mode debian \
--backports true \
--linux-packages linux-image \
--archive-areas "main contrib non-free" \
--mirror-bootstrap http://localhost:3142/deb.debian.org/debian/ \
--mirror-chroot-security http://localhost:3142/security.debian.org/debian-security/ \
--archive-areas "main non-free-firmware contrib non-free" \
"${@}"

12
roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot
View file

@ -2,14 +2,20 @@
set -e
echo 'pref("browser.startup.homepage", "https://www.startpage.com");' >> /etc/firefox-esr/firefox-esr.js
echo 'pref("network.proxy.type", 4);' >> /etc/firefox-esr/firefox-esr.js
dconf update
#sed -i "s/^/#/" /etc/xdg/user-dirs.defaults
sed -i "s/^#WaylandEnable=false$/WaylandEnable=false/" /etc/gdm3/daemon.conf
## shared directory:
mkdir /media/tmpshare
echo "livebox:/srv/tmpshare /media/tmpshare nfs rw,auto,nofail,nolock 0 0" >> /etc/fstab
## remote journal:
echo "URL=http://livebox" >> /etc/systemd/journal-upload.conf
ln -s /lib/systemd/system/systemd-journal-upload.service \
/etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service
## workaround https://bugzilla.gnome.org/show_bug.cgi?id=730587
#dpkg-divert --divert /usr/bin/gnome-keyring-daemon.bak --rename /usr/bin/gnome-keyring-daemon

1
roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox Symbolic link
View file

@ -0,0 +1 @@
firefox-esr

74
roles/edulive/files/gnome-edu/config/includes.chroot/etc/firefox-esr/policies/policies.json Normal file
View file

@ -0,0 +1,74 @@
{
"policies": {
"Proxy": {
"Mode": "system"
},
"OverrideFirstRunPage": "https://www.debian.org",
"Homepage": {
"URL": "https://www.debian.org",
"Locked": false,
"StartPage": "previous-session"
},
"DisplayBookmarksToolbar": true,
"ManagedBookmarks": [
{
"toplevel_name": "Debian"
},
{
"url": "https://www.debian.org",
"name": "Debian Homepage"
},
{
"url": "https://wiki.debian.org",
"name": "Debian Wiki"
},
{
"name": "Debian Development",
"children": [
{
"url": "https://bugs.debian.org",
"name": "Debian Bug Tracker"
},
{
"url": "https://packages.debian.org",
"name": "Debian Packages"
},
{
"url": "https://salsa.debian.org",
"name": "Debian Salsa"
},
{
"url": "https://tracker.debian.org",
"name": "Package Tracker"
}
]
},
{
"name": "Debian LAN/Live",
"children": [
{
"url": "https://salsa.debian.org/andi/debian-lan-ansible",
"name": "Debian LAN Ansible"
},
{
"url": "https://wiki.debian.org/DebianLive",
"name": "Debian Live"
}
]
}
],
"SearchEngines": {
"Add": [
{
"Name": "Startpage",
"URLTemplate": "https://www.startpage.com/sp/search?query={searchTerms}",
"Method": "GET",
"IconURL": "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico",
"Alias": "sp",
"Description": "Startpage Search Engine"
}
],
"Default": "Startpage"
}
}
}

3
roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml
View file

@ -85,19 +85,16 @@ or other application using the libvirt API.
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
</controller>
<interface type='direct'>
<mac address='52:54:00:VMMAC'/>
<source dev='INTERFACE' mode='bridge'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>
<interface type='network'>
<mac address='52:54:00:46:a6:25'/>
<source network='default'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
</interface>
<interface type='network'>
<mac address='52:54:00:5c:fc:08'/>
<source network='intern'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>

8
roles/edulive/files/gnome-edu/config/includes.chroot/lib/live/config/0001-VM-MAC
View file

@ -3,9 +3,5 @@
set -eu
NIC="$(ip link | grep "^2: " | cut -d ' ' -f2 | sed "s/://")"
MAC="$(ip link | grep -A1 "^2: " | grep -oE "[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2} " \
| sed "s/ //g")"
sed -i -e "s/VMMAC/$MAC/g" -e "s/INTERFACE/$NIC/g" /etc/libvirt/qemu/netboot.xml
NIC="$(ip route | grep -m1 default | sed -E "s/.+dev (\w+).*/\1/")"
sed -i -e "s/INTERFACE/$NIC/g" /etc/libvirt/qemu/netboot.xml

24
roles/edulive/files/gnome-edu/config/package-lists/school-cli.list.chroot Normal file
View file

@ -0,0 +1,24 @@
##
## packages for CLI programs
##
console-setup
emacs-nox
git
htop
mc
minicom
ncdu
netcat-openbsd
net-tools
nfs-common
nmap
screen
shellcheck
sl
systemd-journal-remote
tcpdump
tmux
tree
vim
xterm

43
roles/edulive/files/gnome-edu/config/package-lists/school-gui.list.chroot Normal file
View file

@ -0,0 +1,43 @@
##
## packages for GUI programs
##
bluefish
codeblocks
dia
emacs
freecad
ghex
gimp
inkscape
keepassxc
kicad
librecad
mu-editor
#nautilus-nextcloud
#nextcloud-desktop
obs-studio
openboard
pdf-presenter-console
qtcreator
#scrcpy
spyder
ssh-askpass-gnome
sway
task-german-desktop
terminator
#texlive
#texlive-lang-german
#texlive-latex-extra
#texlive-science
thonny
#thunderbird
#thunderbird-l10n-de
virt-manager
vlc
vym
webext-privacy-badger
webext-ublock-origin-chromium
webext-ublock-origin-firefox
wireshark
xournal

100
roles/edulive/files/gnome-edu/config/package-lists/school.list.chroot
View file

@ -1,100 +0,0 @@
#
# This file is linked to all desktop configurations.
# Put desktop specific packages in the desktop specific file.
#
#webext-ublock-origin-firefox
#webext-ublock-origin-chromium
webext-ublock-origin
webext-privacy-badger
vim
emacs
vlc
gimp
inkscape
bluefish
openboard
xournal
freecad
librecad
kicad
git
mc
tmux
wireshark
nmap
netcat-openbsd
net-tools
thonny
spyder
ghex
codeblocks
gprolog
qtcreator
obs-studio
mu-editor
dia
vym
shellcheck
xterm
tree
console-setup
virt-manager
sway
task-german-desktop
ssh-askpass-gnome
keepassxc
#nextcloud-desktop
#nautilus-nextcloud
#thunderbird
#thunderbird-l10n-de
#texlive
#texlive-latex-extra
#texlive-lang-german
#texlive-science
pdf-presenter-console
libreoffice/bullseye-backports
libreoffice-core/bullseye-backports
libreoffice-common/bullseye-backports
libreoffice-writer/bullseye-backports
libreoffice-calc/bullseye-backports
libreoffice-impress/bullseye-backports
libreoffice-base/bullseye-backports
libreoffice-base-drivers/bullseye-backports
libreoffice-math/bullseye-backports
libreoffice-report-builder-bin/bullseye-backports
libreoffice-style-colibre/bullseye-backports
libreoffice-gnome/bullseye-backports
libreoffice-gtk3/bullseye-backports
libreoffice-style-elementary/bullseye-backports
libreoffice-help-common/bullseye-backports
libreoffice-help-de/bullseye-backports
libreoffice-java-common/bullseye-backports
libreoffice-l10n-de/bullseye-backports
libreoffice-nlpsolver/bullseye-backports
libreoffice-report-builder/bullseye-backports
libreoffice-script-provider-bsh/bullseye-backports
libreoffice-script-provider-js/bullseye-backports
libreoffice-script-provider-python/bullseye-backports
libreoffice-sdbc-firebird/bullseye-backports
libreoffice-sdbc-hsqldb/bullseye-backports
libreoffice-sdbc-mysql/bullseye-backports
libreoffice-sdbc-postgresql/bullseye-backports
libreoffice-wiki-publisher/bullseye-backports
python3-uno/bullseye-backports
libuno-sal3/bullseye-backports
fonts-opensymbol/bullseye-backports
ure/bullseye-backports

3
roles/edulive/files/standard-edu/README Normal file
View file

@ -0,0 +1,3 @@
This config space is based on:
https://salsa.debian.org/live-team/live-images/-/tree/debian/images/standard

5
roles/edulive/files/standard-edu/auto/build Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
set -e
lb build noauto "${@}" 2>&1 | tee build.log

10
roles/edulive/files/standard-edu/auto/clean Executable file
View file

@ -0,0 +1,10 @@
#!/bin/sh
set -e
lb clean noauto "${@}"
rm -f config/binary config/bootstrap config/chroot config/common config/source
rm -f config/control
rm -f build.log

16
roles/edulive/files/standard-edu/auto/config Executable file
View file

@ -0,0 +1,16 @@
#!/bin/sh
set -e
lb config noauto \
--clean \
--cache false \
--net-tarball false \
--ignore-system-defaults \
--distribution bookworm \
--binary-images netboot \
--mode debian \
--backports true \
--linux-packages linux-image \
--archive-areas "main non-free-firmware contrib non-free" \
"${@}"

8
roles/edulive/files/standard-edu/config/hooks/0001-plymouth-theme.hook.chroot Executable file
View file

@ -0,0 +1,8 @@
#!/bin/sh
set -e
if [ -e /usr/sbin/plymouth-set-default-theme ] && [ -e /usr/share/plymouth/themes/lines ]
then
plymouth-set-default-theme lines
fi

16
roles/edulive/files/standard-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot Executable file
View file

@ -0,0 +1,16 @@
#!/bin/sh
set -e
# Disable kexec-tools
if [ -e /sbin/kexec ]
then
echo "kexec-tools kexec-tools/load_kexec boolean false" > /root/preseed
debconf-set-selections /root/preseed
rm -f /root/preseed
dpkg-reconfigure kexec-tools
fi

10
roles/edulive/files/standard-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot Executable file
View file

@ -0,0 +1,10 @@
#!/bin/sh
set -e
# Disable tmpfs on /tmp
if [ -e /etc/default/rcS ]
then
sed -i -e 's|^ *RAMTMP=.*|RAMTMP=no|' /etc/default/rcS
fi

15
roles/edulive/files/standard-edu/config/hooks/live/0500-tmpshare.hook.chroot Executable file
View file

@ -0,0 +1,15 @@
#!/bin/sh
set -e
## shared directory:
mkdir /media/tmpshare
echo "livebox:/srv/tmpshare /media/tmpshare nfs rw,auto,nofail,nolock 0 0" >> /etc/fstab
## remote journal:
echo "URL=http://livebox" >> /etc/systemd/journal-upload.conf
ln -s /lib/systemd/system/systemd-journal-upload.service \
/etc/systemd/system/multi-user.target.wants/systemd-journal-upload.service
## workaround https://bugzilla.gnome.org/show_bug.cgi?id=730587
#dpkg-divert --divert /usr/bin/gnome-keyring-daemon.bak --rename /usr/bin/gnome-keyring-daemon

1
roles/edulive/files/standard-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0020-create-mtab-symlink.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0030-enable-cryptsetup.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0040-create-locales-files.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0040-create-locales-files.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0100-remove-adjtime-configuration.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0110-remove-backup-files.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0120-remove-dbus-machine-id.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0140-remove-log-files.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0140-remove-log-files.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0150-remove-mdadm-configuration.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0170-remove-python-py.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0170-remove-python-py.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0180-remove-systemd-machine-id.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0190-remove-temporary-files.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0400-update-apt-file-cache.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0410-update-apt-xapian-index.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0420-update-glx-alternative.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0430-update-mlocate-database.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0440-update-nvidia-alternative.hook.chroot

1
roles/edulive/files/standard-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot Symbolic link
View file

@ -0,0 +1 @@
/usr/share/live/build/hooks/normal/0500-reproducible-glibc.hook.chroot

3
roles/edulive/files/standard-edu/config/includes.chroot/etc/sysctl.d/sysctl.conf Normal file
View file

@ -0,0 +1,3 @@
# Uncomment the following to stop low-level messages on console
kernel.printk = 3 4 1 3

2
roles/edulive/files/standard-edu/config/includes.chroot/lib/live/config/0002-apt-proxy Executable file
View file

@ -0,0 +1,2 @@
#!/bin/sh
echo 'Acquire::http::Proxy "http://livebox:3142";' >> /etc/apt/apt.conf.d/10proxy

2
roles/edulive/files/standard-edu/config/package-lists/live-systems.list.chroot Normal file
View file

@ -0,0 +1,2 @@
live-manual
live-tools

3
roles/edulive/files/standard-edu/config/package-lists/live.list.chroot Normal file
View file

@ -0,0 +1,3 @@
live-boot
live-config
live-config-systemd

2
roles/edulive/files/standard-edu/config/package-lists/localization.list.chroot Normal file
View file

@ -0,0 +1,2 @@
task-english
task-german

24
roles/edulive/files/standard-edu/config/package-lists/school-cli.list.chroot Normal file
View file

@ -0,0 +1,24 @@
##
## packages for CLI programs
##
console-setup
emacs-nox
git
htop
mc
minicom
ncdu
netcat-openbsd
net-tools
nfs-common
nmap
screen
shellcheck
sl
systemd-journal-remote
tcpdump
tmux
tree
vim
xterm

3
roles/edulive/files/standard-edu/config/package-lists/standard.list.chroot Normal file
View file

@ -0,0 +1,3 @@
! Packages Priority standard
task-ssh-server

12
roles/edulive/handlers/main.yml
View file

@ -1,12 +1,20 @@
---
- name: run the image build script
command:
ansible.builtin.command:
cmd: livebuilder.sh
listen: run build script
- name: enable timer for livebuilder
systemd:
ansible.builtin.systemd:
name: livebuilder.timer
state: started
enabled: true
listen: enable livebuilder.timer
- name: restart systemd-journal-remote
ansible.builtin.systemd:
name: systemd-journal-remote.socket
daemon_reload: true
state: restarted
enabled: true
listen: restart systemd-journal-remote

90
roles/edulive/tasks/main.yml
View file

@ -1,24 +1,61 @@
---
- name: install packages
apt:
ansible.builtin.apt:
name:
- live-build
- systemd-journal-remote
state: latest # noqa package-latest
- name: prepare live-build directory
file:
ansible.builtin.file:
path: /etc/systemd/system/systemd-journal-remote.service.d/
state: directory
mode: 0755
- name: configure remote journal
ansible.builtin.blockinfile:
path: /etc/systemd/system/systemd-journal-remote.service.d/override.conf
create: true
block: |
[Service]
ExecStart=
ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote
notify: restart systemd-journal-remote
- name: prepare live-build directory
ansible.builtin.file:
path: "{{ build_dir }}"
state: directory
mode: 0755
- name: copy build script
template:
ansible.builtin.template:
src: livebuilder.sh
dest: /usr/local/sbin/
mode: 0755
- name: prepare shared directory
ansible.builtin.file:
path: "/srv/tmpshare"
state: directory
mode: "1777"
- name: mount tmpfs on shared directory
ansible.builtin.mount:
path: "/srv/tmpshare/"
src: "tmpfs"
fstype: tmpfs
opts: rw,nofail
state: mounted
- name: export shared directory
ansible.builtin.lineinfile:
path: /etc/exports
line: "/srv/tmpshare/ *(rw,fsid=0,crossmnt,no_subtree_check)"
notify: export nfs
- name: provide service and timer for livebuilder
copy:
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: 0644
@ -28,47 +65,70 @@
notify: "enable livebuilder.timer"
- name: copy live-build configuration
copy:
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ build_dir }}"
force: false
local_follow: false
mode: preserve
loop: "{{ build_images }}"
- name: prepare debian live nfs boot entry title
lineinfile:
ansible.builtin.blockinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
insertafter: '-- Customized Boot Entries --'
line: "item {{ item }} Debian GNU/Linux {{ item }} NFS"
marker: "# {mark} ANSIBLE MANAGED BLOCK menu entries {{ item }}"
block: |
item {{ item }}-NFS Debian GNU/Linux {{ item }} NFS
item {{ item }}-RAM Debian GNU/Linux {{ item }} RAM
loop:
"{{ build_images }}"
notify: rebuild di-netboot menu
- name: prepare debian live boot loader ipxe
blockinfile:
ansible.builtin.blockinfile:
path: /etc/di-netboot-assistant/ipxemenu.HEAD
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
block: |
:{{ item }}
echo Booting Debian GNU/Linux EDU LIVE NFS
:{{ item }}-NFS
echo Booting Debian GNU/Linux {{ item }} NFS
kernel ${210:string}d-i/n-live/{{ item }}/live/vmlinuz \
initrd=initrd.img {{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
initrd=initrd.img netboot=nfs {{ boot_params|join(' ') }} hostname=${netX/mac} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
initrd ${210:string}d-i/n-live/{{ item }}/live/initrd.img
boot
:{{ item }}-RAM
echo Booting Debian GNU/Linux {{ item }} RAM
kernel ${210:string}d-i/n-live/{{ item }}/live/vmlinuz \
initrd=initrd.img {{ boot_params|join(' ') }} hostname=${netX/mac} \
fetch=http://{{ ansible_default_ipv4.address }}/d-i/n-live/{{ item }}/live/filesystem.squashfs
initrd ${210:string}d-i/n-live/{{ item }}/live/initrd.img
boot
loop: "{{ build_images }}"
notify: rebuild di-netboot menu
- name: prepare debian live boot loader grub
blockinfile:
ansible.builtin.blockinfile:
path: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: "^menuentry 'Boot from local disk..'"
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
block: |
menuentry 'Debian GNU/Linux Live {{ item }} NFS' {
regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 \
"\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac
linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/vmlinuz \
{{ boot_params|join(' ') }} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
netboot=nfs {{ boot_params|join(' ') }} hostname=${oct4}${oct5}${oct6} \
nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item }}/
initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/initrd.img
}
menuentry 'Debian GNU/Linux Live {{ item }} RAM' {
regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 \
"\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac
linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/vmlinuz \
{{ boot_params|join(' ') }} hostname=${oct4}${oct5}${oct6} \
fetch=http://{{ ansible_default_ipv4.address }}/d-i/n-live/{{ item }}/live/filesystem.squashfs
initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item }}/live/initrd.img
}
loop: "{{ build_images }}"

8
roles/edulive/templates/livebuilder.sh
View file

@ -19,6 +19,13 @@ run_build(){
done
}
clean_share(){
local TMPSHARE="/srv/tmpshare/"
find "$TMPSHARE/" -mindepth 1 -delete
echo "All content in this directory will be removed periodically!" \
>> "$TMPSHARE/README"
}
## main:
if ! auto-apt-proxy | grep -q 'http://127.0.0.1:3142' ; then
@ -30,3 +37,4 @@ for IMG in {{ build_images|join(' ') }} ; do
echo "=========== Building image $IMG ==========="
run_build $IMG
done
clean_share

2
roles/lmn_netbootinstaller/defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
service_description: "A service to server the netboot-client-playbook and roles to the lan"

13
roles/lmn_netbootinstaller/handlers/main.yml Normal file
View file

@ -0,0 +1,13 @@
- name: rebuild di-netboot menu
command: "{{ item }}"
with_items:
- di-netboot-assistant rebuild-menu
- di-netboot-assistant rebuild-grub
listen: rebuild di-netboot menu
- name: restart git service
service:
name: lmn-netboot-git
state: restarted
listen: restart git service

39
roles/lmn_netbootinstaller/tasks/main.yml Normal file
View file

@ -0,0 +1,39 @@
---
- name: prepare installer boot loader grub
blockinfile:
path: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: "^menuentry 'Boot from local disk..'"
marker: "# {mark} ANSIBLE MANAGED BLOCK netboot-installer"
block: |
menuentry 'Installer Debian bookworm (amd64) + preseed + lmn-desktop.yml' --unrestricted {
linux (http,{{ ansible_default_ipv4.address }})/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/linux auto=true priority=critical \
url=tftp://{{ ansible_default_ipv4.address }}/d-i/bookworm/preseed.cfg_lmn-desktop \
playbook=lmn-desktop.yml adpw='{{ gapw }}' ---
initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/initrd.gz
}
notify: rebuild di-netboot menu
- name: set git-daemon-export-ok for management repo
copy:
content: ""
dest: "{{ playbook_dir }}/.git/git-daemon-export-ok"
force: false
group: ansible
owner: ansible
mode: 0644
- name: Create gitd systemd service file
template:
src: templates/lmn-netboot-git.service.j2
dest: /lib/systemd/system/lmn-netboot-git.service
- name: Start gitd service for installation playbook
systemd:
name: lmn-netboot-git
state: started
- name: provide preseed.cfg_lmn-desktop file
template:
src: templates/preseed.cfg_lmn-desktop.j2
dest: /var/lib/tftpboot/d-i/bookworm/preseed.cfg_lmn-desktop
notify: restart git service

20
roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2 Normal file
View file

@ -0,0 +1,20 @@
[Unit]
Description={{ service_description }}
After=network.target
[Service]
ExecStart=/usr/bin/git daemon --reuseaddr --base-path={{ playbook_dir }} {{ playbook_dir }}
Restart=on-failure
Restart=always
RestartSec=500ms
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=git-daemon
User=ansible
Group=ansible
[Install]
WantedBy=multi-user.target

149
roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2 Normal file
View file

@ -0,0 +1,149 @@
#### Preconfiguration file
##
## The following preseeding might be used to install a basic system
## completely automatically.
##
## A user 'ansible' is set up and ssh login with public key
## authentication is configured. The idea is to allow further
## customization of the system after installation using ansible.
##
## Modify at least the public ssh key in 'authorized_keys' (see
## below).
##
## For more examples and comments consult:
## https://www.debian.org/releases/stable/example-preseed.txt
##
## To change default values:
#d-i foo/bar seen false
#d-i foo/bar string value
## Useful boot parameters:
## DEBCONF_DEBUG=5
## locale?=de_DE
## To set the hostname manually during installation, use priority=high
## as boot parameter and uncomment this line:
#d-i debconf/priority string critical
## Preseeding only locale sets language, country and locale:
d-i debian-installer/locale string de_DE
d-i keyboard-configuration/xkb-keymap select de
## Use hostname assigned by DHCP:
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
## Skip root account:
d-i passwd/root-login boolean false
### Apt setup
d-i apt-setup/non-free-firmware boolean true
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
d-i mirror/country string manual
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
#d-i mirror/http/proxy string http://10.167.0.253:3142/
#d-i mirror/http/proxy string http://192.168.1.17:3142/
#d-i mirror/http/proxy string http://aptcache.steinbeisschule-reutlingen.de:3142/
d-i mirror/http/proxy string http://10.16.1.2:3142/
# NTP server to use.
d-i clock-setup/ntp-server string server.qgm.lan
### Backports:
#apt-setup-udeb apt-setup/services-select multiselect security, updates, backports
apt-setup-udeb apt-setup/services-select multiselect security, updates
### Ansible User
d-i passwd/user-fullname string Ansible User
d-i passwd/username string ansible
d-i passwd/user-password password insecure
d-i passwd/user-password-again password insecure
#d-i passwd/user-password-crypted password [crypt(3) hash]
### Do not ask about support for non-efi systems:
d-i partman-efi/non_efi_system boolean true
### Leave this empty to use the only available hard drive:
d-i partman-auto/disk string
#d-i partman-auto/disk string /dev/sdd
#d-i partman-auto/disk string /dev/vda
### Regular partitions:
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select atomic
## This makes partman automatically partition without confirmation:
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
# ### Enable to set up LVM:
# d-i partman-auto/method string lvm
# ## Use only 50% of the available physical volume size and then
# ## adjust the logical volume sizes later with ansible, if needed:
# d-i partman-auto-lvm/guided_size PERCENT 50%
# # If one of the disks that are going to be automatically partitioned
# # contains an old LVM configuration, the user will normally receive a
# # warning. This can be preseeded away...
# d-i partman-lvm/device_remove_lvm boolean true
# # The same applies to pre-existing software RAID array:
# d-i partman-md/device_remove_md boolean true
# # And the same goes for the confirmation to write the lvm partitions.
# d-i partman-lvm/confirm boolean true
# d-i partman-lvm/confirm_nooverwrite boolean true
# # You can choose one of the three predefined partitioning recipes:
# # - atomic: all files in one partition
# # - home: separate /home partition
# # - multi: separate /home, /var, and /tmp partitions
# d-i partman-auto/choose_recipe select multi
### Package selection
#tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server
tasksel tasksel/first multiselect standard, ssh-server, kde-desktop
### Individual additional packages to install
#d-i pkgsel/include string firmware-linux ansible git
d-i pkgsel/include string ansible git firmware-linux
#d-i pkgsel/include string firmware-linux ansible/buster-backports git
#d-i pkgsel/include string firmware-linux
### GRUB on default disk:
d-i grub-installer/bootdev string default
### This command is run just before the install finishes:
d-i preseed/late_command string \
mkdir -p /target/home/ansible/.ssh && \
echo "{{ ansible_ssh_pubkey }}" >> /target/home/ansible/.ssh/authorized_keys ; \
in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
in-target chmod -R og= /home/ansible/.ssh/ ; \
[ -z "$playbook" ] || mkdir -v /target/dev/shm ; \
[ -z "$playbook" ] || in-target mount -v -t tmpfs tmpfs /dev/shm ; \
in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
-i localhost, --url=git://{{ ansible_default_ipv4.address }}/.git -C {{ lmn_client_branch }} $playbook
# -i localhost, --url=http://10.16.1.2/debian-lan-ansible.git $playbook
# -i localhost, --url=git://10.167.0.253/.git -C fvs $playbook
# -i localhost, --url=git://installbox/.git $playbook
#
#
## Replace key with: sed -i "s#echo \".\+\"#echo \"$(cat ~/.ssh/id_rsa.pub)\"#" preseed.cfg
#
## When installing in combination with ansible-pull,
## export your ansible playbook like:
##
## git daemon --verbose --export-all \
## --base-path=/dir/of/playbook -- /dir/of/playbook
##
## Conditions may be applied in the playbook like:
## when: run_in_installer|default(false)|bool
## when: not run_in_installer|default(false)|bool
### Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
## Do not modify boot order (netboot first):
grub-efi-amd64 grub2/update_nvram boolean false
##grub-efi-amd64 grub2/force_efi_extra_removable boolean true

4
roles/up2date_debian/tasks/main.yml
View file

@ -24,9 +24,7 @@
- name: add {{ ansible_distribution_release }}-backports
apt_repository:
repo: >
deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports
main contrib non-free-firmware non-free
repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main
state: present
update_cache: true
when: extra_pkgs_bpo|length