From 98bdbf9daaed3014060c50955d57e00850fd6653 Mon Sep 17 00:00:00 2001 From: Frank Schiebel Date: Sat, 3 Feb 2024 16:42:19 +0100 Subject: [PATCH] SW Download als role, kernel Bug --- lmn-desktop.yml | 70 ++++- qgm-desktop.yml | 85 ++++- qgm-updatecache.yml | 13 + roles/activate_last_kernel/handlers/main.yml | 2 + roles/activate_last_kernel/tasks/main.yml | 15 + roles/lmn_kde/tasks/main.yml | 14 +- roles/lmn_qgm/tasks/base.yml | 260 ++++++++++++++++ roles/lmn_qgm/tasks/main.yml | 293 +----------------- roles/lmn_qgm/tasks/soundfix.yml | 11 + .../files/qg.appimage.FreeCAD.desktop | 19 ++ roles/lmn_qgsoftware/tasks/install.yml | 66 ++++ roles/lmn_qgsoftware/tasks/main.yml | 4 + roles/lmn_sssd/tasks/main.yml | 5 +- .../files/qg.appimage.FreeCAD.desktop | 19 ++ roles/qgm_updatecache/tasks/download.yml | 49 +++ roles/qgm_updatecache/tasks/main.yml | 4 + roles/qgm_vpdisplay/tasks/main.yml | 70 ----- roles/qgm_vpdisplay/vars/main.yml | 7 - scripts/get_greenfoot_bluej.sh | 14 - scripts/qgm-power.sh | 16 + vars-qgsoftware.yml | 20 ++ 21 files changed, 649 insertions(+), 407 deletions(-) create mode 100644 qgm-updatecache.yml create mode 100644 roles/activate_last_kernel/handlers/main.yml create mode 100644 roles/activate_last_kernel/tasks/main.yml create mode 100644 roles/lmn_qgm/tasks/base.yml create mode 100644 roles/lmn_qgm/tasks/soundfix.yml create mode 100644 roles/lmn_qgsoftware/files/qg.appimage.FreeCAD.desktop create mode 100644 roles/lmn_qgsoftware/tasks/install.yml create mode 100644 roles/lmn_qgsoftware/tasks/main.yml create mode 100644 roles/qgm_updatecache/files/qg.appimage.FreeCAD.desktop create mode 100644 roles/qgm_updatecache/tasks/download.yml create mode 100644 roles/qgm_updatecache/tasks/main.yml delete mode 100644 roles/qgm_vpdisplay/tasks/main.yml delete mode 100644 roles/qgm_vpdisplay/vars/main.yml delete mode 100755 scripts/get_greenfoot_bluej.sh create mode 100755 scripts/qgm-power.sh create mode 100644 vars-qgsoftware.yml diff --git a/lmn-desktop.yml b/lmn-desktop.yml index 7a57e1b..61e3f27 100644 --- a/lmn-desktop.yml +++ b/lmn-desktop.yml @@ -26,6 +26,9 @@ question: unattended-upgrades/enable_auto_updates value: True vtype: boolean + + vars_files: + - vars-qgsoftware.yml vars: domain: "{{ ansible_domain }}" @@ -44,13 +47,6 @@ ## Local mirror for mscorefonts. Remove or leave empty to use no mirror: mirror_msfonts: http://netboot.qgm.lan/mscorefonts/ - ## Local Mirror for Greenfoot and BlueJ. Leave empty to skip installation of bluej and greenfoot - mirror_javadev: http://netboot.qgm.lan/javadev/ - ## Bluej/Greenfoot Versionen - bluej_target_version: "5.2.0" - greenfoot_target_version: "3.7.1" - - # Linbo Passwort rsyncsecret: Muster! ## Use grub-mkpasswd-pbkdf2: to calculate the password hash, this hash is for "geheim": @@ -85,7 +81,7 @@ dest: /etc/apt/apt.conf.d/20auto-upgrades content: | APT::Periodic::Update-Package-Lists "1"; - APT::Periodic::Unattended-Upgrade "1"; + APT::Periodic::Unattended-Upgrade "0"; - name: Fix mount point permissions and owner file: @@ -97,3 +93,61 @@ - /srv/samba - /srv/samba/schools - /srv/samba/schools/default-school + + - name: Disable Grub submenus + lineinfile: + dest: /etc/default/grub + line: 'GRUB_DISABLE_SUBMENU=true' + insertafter: '^GRUB_TIMEOUT=.*' + notify: Run update-grub + + + - name: Check for the buggy kernel + stat: + path: /boot/vmlinuz-6.1.0-17-amd64 + register: bug + + - name: Check for the fixed kernel + stat: + path: /boot/vmlinuz-6.1.0-18-amd64 + register: fix + + - name: Work around kernel with CIFS regression + block: + - name: Make sure kernel package -16 is available + ansible.builtin.apt: + name: linux-image-6.1.0-16-amd64 + state: present + - name: Set 6.1.0-16 as default kernel in grub + lineinfile: + dest: /etc/default/grub + regexp: '^(GRUB_DEFAULT=).*' + line: '\g<1>"Debian GNU/Linux, with Linux 6.1.0-16-amd64"' + backrefs: yes + notify: Run update-grub + when: bug.stat.exists and not fix.stat.exists + + - name: Set latest kernel in grub if bug is fixed + lineinfile: + dest: /etc/default/grub + regexp: '^(GRUB_DEFAULT=).*' + line: '\g<1>0' + backrefs: yes + when: fix.stat.exists or not bug.stat.exists + notify: Run update-grub + + - name: Remove "unattended-upgrades" package + ansible.builtin.apt: + name: unattended-upgrades + state: absent + purge: True + + - name: Fix stuttering sound on HDMI + lineinfile: + dest: /etc/default/grub + regexp: '^(GRUB_CMDLINE_LINUX=).*' + line: '\g<1>"intel_iommu=on,igfx_off"' + backrefs: yes + when: "'lt-' in inventory_hostname" + notify: Run update-grub + diff --git a/qgm-desktop.yml b/qgm-desktop.yml index 9868c92..ccda702 100644 --- a/qgm-desktop.yml +++ b/qgm-desktop.yml @@ -4,8 +4,12 @@ hosts: all remote_user: ansible become: yes + + vars_files: + - vars-qgsoftware.yml vars: + joinpw: '' domain: "{{ ansible_domain }}" kerberize_uris: qgm.lan realm: QGM.LAN @@ -21,11 +25,6 @@ ## Local mirror for mscorefonts. Remove or leave empty to use no mirror: mirror_msfonts: http://netboot.qgm.lan/mscorefonts/ - ## Local Mirror for Greenfoot and BlueJ - mirror_javadev: http://netboot.qgm.lan/javadev/ - ## Bluej/Greenfoot Versionen - bluej_target_version: "5.2.0" - greenfoot_target_version: "3.7.1" # Linbo Passwort rsyncsecret: Muster! @@ -44,14 +43,15 @@ extra_pkgs_bpo: [] # [ linux-image-amd64 ] roles: - #- lmn_network - - up2date_debian - #- lmn_sssd - #- lmn_mount - #- lmn_kde + - lmn_network + #- up2date_debian + - lmn_sssd + - lmn_mount + - lmn_kde - lmn_qgm ## school specific customization + - lmn_qgsoftware - lmn_qgsddm - #- lmn_printer + - lmn_printer #- kerberize tasks: @@ -60,7 +60,7 @@ dest: /etc/apt/apt.conf.d/20auto-upgrades content: | APT::Periodic::Update-Package-Lists "1"; - APT::Periodic::Unattended-Upgrade "1"; + APT::Periodic::Unattended-Upgrade "0"; - name: Prepare mount point for homes ansible.builtin.file: @@ -68,7 +68,6 @@ state: directory mode: '0755' - - name: Fix mount point permissions and owner file: path: "{{ item }}" @@ -79,3 +78,63 @@ - /srv/samba - /srv/samba/schools - /srv/samba/schools/default-school + + - name: Disable Grub submenus + lineinfile: + dest: /etc/default/grub + line: 'GRUB_DISABLE_SUBMENU=true' + insertafter: '^GRUB_TIMEOUT=.*' + notify: Run update-grub + + + - name: Check for the buggy kernel + stat: + path: /boot/vmlinuz-6.1.0-17-amd64 + register: bug + + - name: Check for the fixed kernel + stat: + path: /boot/vmlinuz-6.1.0-18-amd64 + register: fix + + - name: Work around kernel with CIFS regression + block: + - name: Make sure kernel package -16 is available + ansible.builtin.apt: + name: linux-image-6.1.0-16-amd64 + state: present + - name: Set 6.1.0-16 as default kernel in grub + lineinfile: + dest: /etc/default/grub + regexp: '^(GRUB_DEFAULT=).*' + line: '\g<1>"Debian GNU/Linux, with Linux 6.1.0-16-amd64"' + backrefs: yes + notify: Run update-grub + when: bug.stat.exists and not fix.stat.exists + + - name: Set latest kernel in grub if bug is fixed + lineinfile: + dest: /etc/default/grub + regexp: '^(GRUB_DEFAULT=).*' + line: '\g<1>0' + backrefs: yes + when: fix.stat.exists or not bug.stat.exists + notify: Run update-grub + + - name: Remove "unattended-upgrades" package + ansible.builtin.apt: + name: unattended-upgrades + state: absent + purge: True + + - name: Fix stuttering sound on HDMI + lineinfile: + dest: /etc/default/grub + regexp: '^(GRUB_CMDLINE_LINUX=).*' + line: '\g<1>"intel_iommu=on,igfx_off"' + backrefs: yes + when: "'lt-' in inventory_hostname" + notify: Run update-grub + + + diff --git a/qgm-updatecache.yml b/qgm-updatecache.yml new file mode 100644 index 0000000..bf36d79 --- /dev/null +++ b/qgm-updatecache.yml @@ -0,0 +1,13 @@ +## This playbook deploys a KDE desktop machine for LinuxMuster. +--- +- name: Update local software cache on netboot Host + hosts: all + remote_user: ansible + become: yes + + vars_files: + - vars-qgsoftware.yml + + roles: + - qgm_updatecache + diff --git a/roles/activate_last_kernel/handlers/main.yml b/roles/activate_last_kernel/handlers/main.yml new file mode 100644 index 0000000..e2b8cdf --- /dev/null +++ b/roles/activate_last_kernel/handlers/main.yml @@ -0,0 +1,2 @@ +- name: Run update-grub + command: update-grub diff --git a/roles/activate_last_kernel/tasks/main.yml b/roles/activate_last_kernel/tasks/main.yml new file mode 100644 index 0000000..26b7650 --- /dev/null +++ b/roles/activate_last_kernel/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: Change Grub default Kernel + lineinfile: + dest: /etc/default/grub + regexp: '^(GRUB_DEFAULT=).*' + line: '\g<1>"1>2"' + backrefs: yes + notify: Run update-grub + +- name: Remove grub protection + ansible.builtin.blockinfile: + path: /etc/grub.d/40_custom + marker: "# {mark} ANSIBLE MANAGED BLOCK" + block: "" + notify: Run update-grub diff --git a/roles/lmn_kde/tasks/main.yml b/roles/lmn_kde/tasks/main.yml index 74bed30..2b88266 100644 --- a/roles/lmn_kde/tasks/main.yml +++ b/roles/lmn_kde/tasks/main.yml @@ -113,13 +113,13 @@ replace: '"quiet splash"' notify: Run update-grub -- name: Protect grub menu entries - blockinfile: - path: /etc/grub.d/40_custom - block: | - set superusers='root' - password_pbkdf2 root {{ grub_pwd }} - notify: Run update-grub +#- name: Protect grub menu entries +# blockinfile: +# path: /etc/grub.d/40_custom +# block: | +# set superusers='root' +# password_pbkdf2 root {{ grub_pwd }} +# notify: Run update-grub - name: Allow booting default entry lineinfile: diff --git a/roles/lmn_qgm/tasks/base.yml b/roles/lmn_qgm/tasks/base.yml new file mode 100644 index 0000000..4a05425 --- /dev/null +++ b/roles/lmn_qgm/tasks/base.yml @@ -0,0 +1,260 @@ +--- +######### +# Management: Ansible User benötigt auf den Clients kein +# Passwort für sudo +- name: Enable passwordless sudo access for user ansible + lineinfile: + path: /etc/sudoers + state: present + regexp: '^ansible ALL=' + line: 'ansible ALL=(ALL) NOPASSWD: ALL' + validate: '/usr/sbin/visudo -cf %s' + +######### +# Paketvorkonfigurationen +- name: Preseed ttf-mscorefonts-installer + ansible.builtin.debconf: + name: ttf-mscorefonts-installer + question: msttcorefonts/dlurl + value: "{{ mirror_msfonts }}" + vtype: string + when: mirror_msfonts is defined and mirror_msfonts | length > 0 + +- name: Preseed libdvd-pkg + ansible.builtin.debconf: + name: libdvd-pkg + question: libdvd-pkg/build + value: "true" + vtype: boolean + ansible.builtin.debconf: + name: libdvd-pkg + question: libdvd-pkg/post-invoke_hook-install + value: "true" + vtype: boolean + ansible.builtin.debconf: + name: libdvd-pkg + question: libdvd-pkg/post-invoke_hook-remove + value: "false" + vtype: boolean + +######### +# Softwareauswahl +- name: Install desktop EDU packages and some more + apt: + name: + - curl + - git + - gitg + - gitk + - lshw + - libnotify-bin ## needed for pwroff script + - neovim + - net-tools + - ethtool + - netcat-openbsd + - nmap + - tmux + - hexyl + - tree + - ttf-mscorefonts-installer + - libdvd-pkg + - handbrake + - firmware-intel-sound + - slic3r-prusa + - cura + - filius + - wine + autoremove: true + state: latest + environment: + http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher + +######### +# libdvdcss muss gebaut werden +# Optimierungspotential: Einmal bauen und über netboot +# die Pakete verteilen geht wahrscheinlich schneller + +- name: Build libdvdcss + ansible.builtin.shell: + cmd: dpkg-reconfigure -f noninteractive libdvd-pkg + +######### +# Den cups-browsed will ich gar nicht haben, nicht +# nur disablen. +- name: Remove cups-browsed + ansible.builtin.apt: + name: cups-browsed + state: absent + + +######### +# Das Skript, das beim Userlogin ausgeführt wird +# Setzt derzeit nur den Hintergrund zurück - nicht bei der +# allerersten Anmeldung eines Nutzers, weil es da die KDE Config noch +# nicht gibt. + +- name: Copy qgm-login.sh for misc login Tasks + copy: + src: files/qgm-login.sh + dest: /etc/profile.d/qgm-login.sh + mode: '0644' + owner: root + group: root + +######### +# Anpassungen an KDE +# - Doppelklick zum öffnen von Dateien +# - Style aug breeze fetstackern +# - Kein Benutzerwechsel +# - Kein Lockscreen +# - Keine neue Session + +- name: Set mandatory KDE settings + ansible.builtin.copy: + dest: /etc/xdg/kdeglobals + content: | + [KDE][$i] + SingleClick=false + widgetStyle=breeze + + [KDE Action Restrictions][$i] + action/switch_user=false + action/lock_screen=false + action/start_new_session=false + +######### +# Screen Locking abschalten, Mittelstufenschüler... +- name: Disable screen locking + ansible.builtin.copy: + dest: /etc/xdg/kscreenlockerrc + content: | + [Daemon][$i] + Autolock=false + LockOnResume=false + + [Greeter][Wallpaper][org.kde.image][General] + Image=file:///usr/local/share/qgm/qgm_background.jpg + +######## +# Logout beschleunigen +- name: Wartezeit nach KDE nach Logout/Shutdown verkürzen + ansible.builtin.replace: + path: /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/logout/Logout.qml + regexp: '^(\s+)property real timeout:.*$' + replace: '\1property real timeout: 4' + +######## +# Wayland abschalten, Standardsession X11 +# SDDM hat (noch) keine Option, die Standardsession vorzugeben +# Bei einem "normalen" System, merkt er sich die letzte Sitzung, die +# der Nutzer wählt für künftige Anmeldungen, das klappt im Netz nicht. +# Die Session Liste baut er alphabetisch zusammen aus den desktop-Dateien +# in den Verzeichnissen /usr/share/wayland-sessions und /usr/share/xsessions/ +# der erste Eintrag ist Standard - und das ist leider eben immer die Sitzung in +# wayland-sessions. Darum: Weg damit ;) + +- name: Disable wayland session systemwide + ansible.builtin.file: + path: /usr/share/wayland-sessions/plasmawayland.desktop + state: absent + + +######### +# plasma-discover ist der grafische Paketmamanger +# der stürzt nur ab und die Bejutzer können eh +# nichts selbst installieren +- name: Remove plasma-discover + ansible.builtin.apt: + name: plasma-discover + state: absent + +######### +# Anpassungen für Arduino +# - modemmanager dinstallieren, soll die Probleme mit wechselnden +# Device Namen lössen (ungetestet) +# - Udev-Rule, so dass die Devices mit 0666 angelegt werden, wie +# Warnung des Debian Pakets "arduino" wegen der dialout Gruppe +# bleiben leider. + +- name: Remove modemmanager to fix arduino problems + ansible.builtin.apt: + name: modemmanager + state: absent + +- name: Copy arduino udev rule + copy: + src: files/52-arduino.rules + dest: /etc/udev/rules.d/52-arduino.rules + mode: '0644' + owner: root + group: root + +- name: reload udev rules + ansible.builtin.command: udevadm control --reload-rules + +- name: trigger udev update + ansible.builtin.command: udevadm trigger + + +######### +# Firefox ESR Anpassungen +# Lesezeichen und Startseite müssen in der +# Datei firefox_policies.json für die eigene Schule +# angepasst werden. +- name: Create firefox policies directory + ansible.builtin.file: + path: /etc/firefox-esr/policies + state: directory + mode: '0755' + +- name: Create a symbolic link firefox to firefox-esr + ansible.builtin.file: + src: /etc/firefox-esr + dest: /etc/firefox + state: link + +- name: Copy firefox policy + ansible.builtin.copy: + src: firefox_policies.json + dest: /etc/firefox-esr/policies/policies.json + +- name: Remove wrongly copied policies file + ansible.builtin.file: + path: /etc/firefox-esr/policies/firefox_policies.json + state: absent + +########## +# Enable WOL +# +- name: Enable WOL + ansible.builtin.command: ethtool -s {{ ansible_default_ipv4.interface }} wol g + +- name: Copy 81-wol.rules to target + copy: + src: 81-wol.rules + dest: /etc/udev/rules.d/81-wol.rules + mode: '0644' + owner: root + group: root + +########## +# Laptop Skripte +# +- name: Copy qgm-soudfix.sh + copy: + src: qgm-soundfix.sh + dest: /usr/local/bin/qgm-soundfix.sh + mode: '0755' + owner: root + group: root + +- name: Copy qgm-soudfix.desktop + copy: + src: qgm-soundfix.desktop + dest: /usr/share/applications/qgm-soundfix.desktop + mode: '0644' + owner: root + group: root + + + diff --git a/roles/lmn_qgm/tasks/main.yml b/roles/lmn_qgm/tasks/main.yml index 9e146ca..cc6bc1a 100644 --- a/roles/lmn_qgm/tasks/main.yml +++ b/roles/lmn_qgm/tasks/main.yml @@ -1,288 +1,9 @@ --- -######### -# Management: Ansible User benötigt auf den Clients kein -# Passwort für sudo -- name: Enable passwordless sudo access for user ansible - lineinfile: - path: /etc/sudoers - state: present - regexp: '^ansible ALL=' - line: 'ansible ALL=(ALL) NOPASSWD: ALL' - validate: '/usr/sbin/visudo -cf %s' +- name: Base configuration for all hosts + import_tasks: + file: base.yml -- name: Gather the package facts - ansible.builtin.package_facts: - manager: auto - -######### -# Paketvorkonfigurationen -- name: Preseed ttf-mscorefonts-installer - ansible.builtin.debconf: - name: ttf-mscorefonts-installer - question: msttcorefonts/dlurl - value: "{{ mirror_msfonts }}" - vtype: string - when: mirror_msfonts is defined and mirror_msfonts | length > 0 - -- name: Preseed libdvd-pkg - ansible.builtin.debconf: - name: libdvd-pkg - question: libdvd-pkg/build - value: "true" - vtype: boolean - ansible.builtin.debconf: - name: libdvd-pkg - question: libdvd-pkg/post-invoke_hook-install - value: "true" - vtype: boolean - ansible.builtin.debconf: - name: libdvd-pkg - question: libdvd-pkg/post-invoke_hook-remove - value: "false" - vtype: boolean - -######### -# Softwareauswahl -- name: Install desktop EDU packages and some more - apt: - name: - - curl - - git - - gitg - - gitk - - libnotify-bin ## needed for pwroff script - - neovim - - net-tools - - ethtool - - netcat-openbsd - - nmap - - tmux - - tree - - ttf-mscorefonts-installer - - libdvd-pkg - - handbrake - - slic3r-prusa - - filius - - wine - autoremove: true - state: latest - environment: - http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher - -######### -# libdvdcss muss gebaut werden -# Optimierungspotential: Einmal bauen und über netboot -# die Pakete verteilen geht wahrscheinlich schneller - -- name: Build libdvdcss - ansible.builtin.shell: - cmd: dpkg-reconfigure -f noninteractive libdvd-pkg - -######### -# Den cups-browsed will ich gar nicht haben, nicht -# nur disablen. -- name: Remove cups-browsed - ansible.builtin.apt: - name: cups-browsed - state: absent - - -######### -# Das Skript, das beim Userlogin ausgeführt wird -# Setzt derzeit nur den Hintergrund zurück - nicht bei der -# allerersten Anmeldung eines Nutzers, weil es da die KDE Config noch -# nicht gibt. - -- name: Copy qgm-login.sh for misc login Tasks - copy: - src: files/qgm-login.sh - dest: /etc/profile.d/qgm-login.sh - mode: '0644' - owner: root - group: root - -######### -# Anpassungen an KDE -# - Doppelklick zum öffnen von Dateien -# - Style aug breeze fetstackern -# - Kein Benutzerwechsel -# - Kein Lockscreen -# - Keine neue Session - -- name: Set mandatory KDE settings - ansible.builtin.copy: - dest: /etc/xdg/kdeglobals - content: | - [KDE][$i] - SingleClick=false - widgetStyle=breeze - - [KDE Action Restrictions][$i] - action/switch_user=false - action/lock_screen=false - action/start_new_session=false - -######### -# Screen Locking abschalten, Mittelstufenschüler... -- name: Disable screen locking - ansible.builtin.copy: - dest: /etc/xdg/kscreenlockerrc - content: | - [Daemon][$i] - Autolock=false - LockOnResume=false - - [Greeter][Wallpaper][org.kde.image][General] - Image=file:///usr/local/share/qgm/qgm_background.jpg - -######## -# Logout beschleunigen -- name: Wartezeit nach KDE nach Logout/Shutdown verkürzen - ansible.builtin.replace: - path: /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/logout/Logout.qml - regexp: '^(\s+)property real timeout:.*$' - replace: '\1property real timeout: 4' - -######## -# Wayland abschalten, Standardsession X11 -# SDDM hat (noch) keine Option, die Standardsession vorzugeben -# Bei einem "normalen" System, merkt er sich die letzte Sitzung, die -# der Nutzer wählt für künftige Anmeldungen, das klappt im Netz nicht. -# Die Session Liste baut er alphabetisch zusammen aus den desktop-Dateien -# in den Verzeichnissen /usr/share/wayland-sessions und /usr/share/xsessions/ -# der erste Eintrag ist Standard - und das ist leider eben immer die Sitzung in -# wayland-sessions. Darum: Weg damit ;) - -- name: Disable wayland session systemwide - ansible.builtin.file: - path: /usr/share/wayland-sessions/plasmawayland.desktop - state: absent - - -######### -# plasma-discover ist der grafische Paketmamanger -# der stürzt nur ab und die Bejutzer können eh -# nichts selbst installieren -- name: Remove plasma-discover - ansible.builtin.apt: - name: plasma-discover - state: absent - -######### -# Greenfoot und BlueJ. -# Müssen einmalig auf den netboot Server -# in den http Cache geschoben werden. -# Siehe Script im Repo. - -- name: Determine installed bluej version - set_fact: - bluej_installed_version: "{{ bluej_target_version if ansible_facts.packages['bluej'][0]['version'] is defined else 0 }}" - -- name: Install bluej if necessary - ansible.builtin.apt: - deb: "{{ mirror_javadev }}/bluej.deb" - when: (mirror_javadev is defined and mirror_javadev | length > 0) and - (bluej_target_version is defined and bluej_target_version | length > 0 ) and - (bluej_installed_version != bluej_target_version ) - -- name: Determine installed greenfoot version - set_fact: - greenfoot_installed_version: "{{ greenfoot_target_version if ansible_facts.packages['greenfoot'][0]['version'] is defined else 0 }}" - -- name: Install greenfoot if necessary - ansible.builtin.apt: - deb: "{{ mirror_javadev }}/greenfoot.deb" - when: (mirror_javadev is defined and mirror_javadev | length > 0) and - (greenfoot_target_version is defined and greenfoot_target_version | length > 0 ) and - (greenfoot_installed_version != greenfoot_target_version ) - -######### -# Anpassungen für Arduino -# - modemmanager dinstallieren, soll die Probleme mit wechselnden -# Device Namen lössen (ungetestet) -# - Udev-Rule, so dass die Devices mit 0666 angelegt werden, wie -# Warnung des Debian Pakets "arduino" wegen der dialout Gruppe -# bleiben leider. - -- name: Remove modemmanager to fix arduino problems - ansible.builtin.apt: - name: modemmanager - state: absent - -- name: Copy arduino udev rule - copy: - src: files/52-arduino.rules - dest: /etc/udev/rules.d/52-arduino.rules - mode: '0644' - owner: root - group: root - -- name: reload udev rules - ansible.builtin.command: udevadm control --reload-rules - -- name: trigger udev update - ansible.builtin.command: udevadm trigger - - -######### -# Firefox ESR Anpassungen -# Lesezeichen und Startseite müssen in der -# Datei firefox_policies.json für die eigene Schule -# angepasst werden. -- name: Create firefox policies directory - ansible.builtin.file: - path: /etc/firefox-esr/policies - state: directory - mode: '0755' - -- name: Create a symbolic link firefox to firefox-esr - ansible.builtin.file: - src: /etc/firefox-esr - dest: /etc/firefox - state: link - -- name: Copy firefox policy - ansible.builtin.copy: - src: firefox_policies.json - dest: /etc/firefox-esr/policies/policies.json - -- name: Remove wrongly copied policies file - ansible.builtin.file: - path: /etc/firefox-esr/policies/firefox_policies.json - state: absent - -########## -# Enable WOL -# -- name: Enable WOL - ansible.builtin.command: ethtool -s {{ ansible_default_ipv4.interface }} wol g - -- name: Copy 81-wol.rules to target - copy: - src: 81-wol.rules - dest: /etc/udev/rules.d/81-wol.rules - mode: '0644' - owner: root - group: root - -########## -# Laptop Skripte -# -- name: Copy qgm-soudfix.sh - copy: - src: qgm-soundfix.sh - dest: /usr/local/bin/qgm-soundfix.sh - mode: '0755' - owner: root - group: root - -- name: Copy qgm-soudfix.desktop - copy: - src: qgm-soundfix.desktop - dest: /usr/share/applications/qgm-soundfix.desktop - mode: '0644' - owner: root - group: root - - - +- name: Fix sound on lt- hosts + import_tasks: + file: soundfix.yml + when: "'lt-' in inventory_hostname" diff --git a/roles/lmn_qgm/tasks/soundfix.yml b/roles/lmn_qgm/tasks/soundfix.yml new file mode 100644 index 0000000..020d8b6 --- /dev/null +++ b/roles/lmn_qgm/tasks/soundfix.yml @@ -0,0 +1,11 @@ +--- +# Probleme mit akgehackten Ton über HDMI an +# den Laptops in den Klassenzimmern +# ACHTUNG: Beddingung hostname muss mit lt- beginnen. +- name: Fix stuttering sound on HDMI + lineinfile: + dest: /etc/default/grub + regexp: '^(GRUB_CMDLINE_LINUX=).*' + line: '\g<1>"intel_iommu=on,igfx_off"' + backrefs: yes + notify: Run update-grub diff --git a/roles/lmn_qgsoftware/files/qg.appimage.FreeCAD.desktop b/roles/lmn_qgsoftware/files/qg.appimage.FreeCAD.desktop new file mode 100644 index 0000000..dfb3dc0 --- /dev/null +++ b/roles/lmn_qgsoftware/files/qg.appimage.FreeCAD.desktop @@ -0,0 +1,19 @@ +[Desktop Entry] +Name=FreeCAD Appimage +Name[de]=FreeCAD Appimage +Name[pl]=FreeCAD Appimage +Name[ru]=FreeCAD Appimage +Comment=Feature based Parametric Modeler Appimage +Comment[de]=Feature-basierter parametrischer Modellierer Appimage +Comment[ru]=Система автоматизированного проектирования Appimage +GenericName=CAD Application Appimage +GenericName[de]=CAD-Anwendung Appimage +GenericName[pl]=Aplikacja CAD Appimage +GenericName[ru]=Система автоматизированного проектирования Appimage +Exec=/opt/appimages/freecad/FreeCAD.AppImage - --single-instance %F +Terminal=false +Type=Application +Icon=org.freecadweb.FreeCAD +Categories=Graphics;Science;Education;Engineering; +StartupNotify=true +MimeType=application/x-extension-fcstd;model/obj;model/iges;image/vnd.dwg;image/vnd.dxf;model/vnd.collada+xml;application/iges;model/iges;model/step;model/step+zip;model/stl;application/vnd.shp;model/vrml; diff --git a/roles/lmn_qgsoftware/tasks/install.yml b/roles/lmn_qgsoftware/tasks/install.yml new file mode 100644 index 0000000..d2e9d3d --- /dev/null +++ b/roles/lmn_qgsoftware/tasks/install.yml @@ -0,0 +1,66 @@ +--- +######### +# Greenfoot und BlueJ. + +- name: Determine installed bluej version + shell: "dpkg -l bluej 2> /dev/null | grep ii | awk '{print $3}'" + register: command_output +- set_fact: + bluej_installed_version: "{{ command_output.stdout }}" + +- name: Determine installed greenfoot version + shell: "dpkg -l greenfoot 2> /dev/null | grep ii | awk '{print $3}'" + register: command_output +- set_fact: + greenfoot_installed_version: "{{ command_output.stdout }}" + +- name: Install bluej if necessary + ansible.builtin.apt: + deb: "{{ mirror_javadev }}/bluej-{{ bluej_target_version}}.deb" + when: (mirror_javadev is defined and mirror_javadev | length > 0) and + (bluej_target_version is defined and bluej_target_version | length > 0 ) and + (bluej_installed_version != bluej_target_version ) + +- name: Install greenfoot if necessary + ansible.builtin.apt: + deb: "{{ mirror_javadev }}/greenfoot-{{ greenfoot_target_version }}.deb" + when: (mirror_javadev is defined and mirror_javadev | length > 0) and + (greenfoot_target_version is defined and greenfoot_target_version | length > 0 ) and + (greenfoot_installed_version != greenfoot_target_version ) + +######## +# FreeCAD AppImage +# +- name: Make sure target dir exists + ansible.builtin.file: + path: /opt/appimages/freecad/ + state: directory + recurse: yes + owner: root + group: root + mode: '0755' + +- name: Download FreeCAD AppImage from Cache + ansible.builtin.get_url: + url: "{{ mirror_appimage }}/FreeCAD.AppImage" + dest: /opt/appimages/freecad/FreeCAD.AppImage + mode: '0755' + +- name: Copy desktop starter file to target + copy: + src: files/qg.appimage.FreeCAD.desktop + dest: /usr/share/applications/qg.appimage.FreeCAD.desktop + mode: '0644' + owner: root + group: root + + +######## +# Digital als tarpack +# +- name: Unpack digital.zip to target + ansible.builtin.unarchive: + src: "{{ tarpack_digital }}" + dest: / + remote_src: yes + when: tarpack_digital is defined and tarpack_digital | length > 0 diff --git a/roles/lmn_qgsoftware/tasks/main.yml b/roles/lmn_qgsoftware/tasks/main.yml new file mode 100644 index 0000000..3763aab --- /dev/null +++ b/roles/lmn_qgsoftware/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Install additional software + import_tasks: + file: install.yml diff --git a/roles/lmn_sssd/tasks/main.yml b/roles/lmn_sssd/tasks/main.yml index 082af5c..2c468ff 100644 --- a/roles/lmn_sssd/tasks/main.yml +++ b/roles/lmn_sssd/tasks/main.yml @@ -18,8 +18,9 @@ - name: join the domain shell: cmd: > - echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') }}" | + echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') + joinpw | default('') }}" | adcli join --stdin-password -U global-admin {{ domain | upper }} when: > ansible_cmdline.adpw | default('') | length > 0 or - adpw.user_input | default('') | length > 0 + adpw.user_input | default('') | length > 0 or + joinpw | default('') | length > 0 diff --git a/roles/qgm_updatecache/files/qg.appimage.FreeCAD.desktop b/roles/qgm_updatecache/files/qg.appimage.FreeCAD.desktop new file mode 100644 index 0000000..dfb3dc0 --- /dev/null +++ b/roles/qgm_updatecache/files/qg.appimage.FreeCAD.desktop @@ -0,0 +1,19 @@ +[Desktop Entry] +Name=FreeCAD Appimage +Name[de]=FreeCAD Appimage +Name[pl]=FreeCAD Appimage +Name[ru]=FreeCAD Appimage +Comment=Feature based Parametric Modeler Appimage +Comment[de]=Feature-basierter parametrischer Modellierer Appimage +Comment[ru]=Система автоматизированного проектирования Appimage +GenericName=CAD Application Appimage +GenericName[de]=CAD-Anwendung Appimage +GenericName[pl]=Aplikacja CAD Appimage +GenericName[ru]=Система автоматизированного проектирования Appimage +Exec=/opt/appimages/freecad/FreeCAD.AppImage - --single-instance %F +Terminal=false +Type=Application +Icon=org.freecadweb.FreeCAD +Categories=Graphics;Science;Education;Engineering; +StartupNotify=true +MimeType=application/x-extension-fcstd;model/obj;model/iges;image/vnd.dwg;image/vnd.dxf;model/vnd.collada+xml;application/iges;model/iges;model/step;model/step+zip;model/stl;application/vnd.shp;model/vrml; diff --git a/roles/qgm_updatecache/tasks/download.yml b/roles/qgm_updatecache/tasks/download.yml new file mode 100644 index 0000000..d09b77a --- /dev/null +++ b/roles/qgm_updatecache/tasks/download.yml @@ -0,0 +1,49 @@ +--- +- name: Create greenfoot/bluej version strings w/o points + set_fact: + bluejVersion: "{{ bluej_target_version | replace('.','') }}" + greenfootVersion: "{{ greenfoot_target_version | replace('.','') }}" + +- name: Get download URIs + set_fact: + bluejURI: "{{ bluej_src_uri | replace ('VERSION', bluejVersion) }}" + greenfootURI: "{{ greenfoot_src_uri | replace ('VERSION', greenfootVersion) }}" + +- name: Create target filenames + set_fact: + bluejTargetFile: /var/www/html/javadev/bluej-{{ bluej_target_version }}.deb + greenfootTargetFile: /var/www/html/javadev/greenfoot-{{ greenfoot_target_version }}.deb + +- name: Check if greenfoot target-file exists + delegate_to: localhost + stat: + path: "{{ greenfootTargetFile }}" + register: gftf + +- name: Check if bluej target-file exists + delegate_to: localhost + stat: + path: "{{ bluejTargetFile }}" + register: bjtf + +- name: Download Greenfoot + delegate_to: localhost + command: wget {{ greenfootURI }} -O {{ greenfootTargetFile }} + when: not gftf.stat.exists + +- name: Download Greenfoot + delegate_to: localhost + command: wget {{ greenfootURI }} -O {{ greenfootTargetFile }} + when: not gftf.stat.exists + +- name: Check if freecad target-file exists + delegate_to: localhost + stat: + path: "{{ freecadTargetFile }}" + register: fctf + +- name: Download FreeCAD AppImage + delegate_to: localhost + command: wget {{ freecadFullURI }} -O {{ freecadTargetFile }} + when: not fctf.stat.exists + diff --git a/roles/qgm_updatecache/tasks/main.yml b/roles/qgm_updatecache/tasks/main.yml new file mode 100644 index 0000000..85998aa --- /dev/null +++ b/roles/qgm_updatecache/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Download additional software + import_tasks: + file: download.yml diff --git a/roles/qgm_vpdisplay/tasks/main.yml b/roles/qgm_vpdisplay/tasks/main.yml deleted file mode 100644 index ce591ac..0000000 --- a/roles/qgm_vpdisplay/tasks/main.yml +++ /dev/null @@ -1,70 +0,0 @@ - vars_files: - - settings.vault - - vars: - packages: - - vim - - firefox-esr - - i3 - - xorg - - git - - unclutter - - tasks: - - name: "Install needed Packages" - apt: - pkg: - "{{ packages }}" - - - name: "change line in systemd config for autologin" - lineinfile: - path: "/etc/systemd/system/getty.target.wants/getty@tty1.service" - regexp: "ExecStart=-/sbin/agetty" - line: "ExecStart=-/sbin/agetty --noclear --autologin vp %I $TERM" - - - name: "Copy .profile for startx" - copy: - src: "files/dot.profile" - dest: "/home/vp/.profile" - owner: vp - group: vp - mode: 0755 - - - name: "Create i3 config dir" - file: - path: "/home/vp/.config/i3" - state: directory - owner: vp - group: vp - mode: '0755' - - - name: "Copy i3 config" - copy: - src: "files/i3.config" - dest: "/home/vp/.config/i3/config" - owner: vp - group: vp - mode: 0644 - - - name: "Get vplan display repo" - git: - repo: "https://gitea.schule.social/QG-VP-Dev/VP-Screens-Management.git" - dest: /home/vp/vp - - - name: "Configuration Template for Vplan" - template: - src: "templates/settings.js.j2" - dest: "/home/vp/vp/settings.js" - owner: vp - group: vp - mode: 0644 - - - name: "Change to teacher version if applicable" - when: "'lehrer' in group_names" - lineinfile: - path: "/home/vp/vp/settings.js" - regexp: "^const plantype" - line: "const plantype = \"lehrer\";" - - - name: "Reboot" - ansible.builtin.reboot: diff --git a/roles/qgm_vpdisplay/vars/main.yml b/roles/qgm_vpdisplay/vars/main.yml deleted file mode 100644 index 7a61307..0000000 --- a/roles/qgm_vpdisplay/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -packages: - - vim - - firefox-esr - - i3 - - xorg - - git - - unclutter diff --git a/scripts/get_greenfoot_bluej.sh b/scripts/get_greenfoot_bluej.sh deleted file mode 100755 index 88e8510..0000000 --- a/scripts/get_greenfoot_bluej.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -srvpath=/var/www/html/javadev -mkdir -p $srvpath -rm -f $srvpath/* -cd $srvpath || exit 1 - -greenfoot=https://www.greenfoot.org/download/files/Greenfoot-linux-371.deb -bluej=https://www.bluej.org/download/files/BlueJ-linux-520.deb - -wget $greenfoot -O $srvpath/greenfoot.deb -wget $bluej -O $srvpath/bluej.deb - - diff --git a/scripts/qgm-power.sh b/scripts/qgm-power.sh new file mode 100755 index 0000000..c7e56e1 --- /dev/null +++ b/scripts/qgm-power.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +. /etc/lmn7-netboot.conf + +filter=$1 + +cd $NBROOT || exit 1 + +if [ "x$2" == "xoff" ]; then + ansible-playbook -i $INVENTORY -l $filter shutdown.yml +fi + +if [ "x$2" == "xon" ]; then + ansible-playbook -i $INVENTORY -l $filter wol.yml +fi + diff --git a/vars-qgsoftware.yml b/vars-qgsoftware.yml new file mode 100644 index 0000000..af7274a --- /dev/null +++ b/vars-qgsoftware.yml @@ -0,0 +1,20 @@ +#### Bluej/Greenfoot +## Bluej/Greenfoot Versionen +## Für Updates anpassen +bluej_target_version: "5.2.1" +greenfoot_target_version: "3.8.2" +## -- +greenfoot_src_uri: https://www.greenfoot.org/download/files/Greenfoot-linux-VERSION.deb +bluej_src_uri: https://www.bluej.org/download/files/BlueJ-linux-VERSION.deb +mirror_javadev: http://netboot.qgm.lan/javadev/ + +#### Base Uri fuer die Appimages +mirror_appimage: http://netboot.qgm.lan/appimage/ + +#### FreeCAD Appimage +freecadFullURI: https://github.com/FreeCAD/FreeCAD-Bundle/releases/download/0.21.2/FreeCAD_0.21.2-2023-12-17-conda-Linux-x86_64-py310.AppImage +freecadTargetFile: /var/www/html/appimage/FreeCAD.AppImage + +#### Digital circuit simulation +tarpack_digital: http://netboot.qgm.lan/tarpacks/digital.tgz +