Client install roles added

2023-09-05 15:49:28 +02:00 · 2023-09-05 15:49:28 +02:00 · 990114e28b
commit 990114e28b
parent 5e8410eac6
47 changed files with 4181 additions and 0 deletions
--- a/roles/lmn_mount/defaults/main.yml
+++ b/roles/lmn_mount/defaults/main.yml
@ -0,0 +1,2 @@
+smb_server: "server"
+smb_share: "default-school/"
--- a/roles/lmn_mount/files/lmn-linkhome.sh
+++ b/roles/lmn_mount/files/lmn-linkhome.sh
@ -0,0 +1,4 @@
+if [[ "${UID}" -gt 60000 ]]; then
+  [[ -L "/lmn/media/${USER}/share" ]] || ln -s .default-school/share "/lmn/media/${USER}/share"
+  [[ -L "/lmn/media/${USER}/home" ]]  || ln -s ".default-school/${HOME##/srv/samba/schools/default-school/}" "/lmn/media/${USER}/home"
+fi
--- a/roles/lmn_mount/files/lmn-mounthome.sh
+++ b/roles/lmn_mount/files/lmn-mounthome.sh
@ -0,0 +1,3 @@
+if [[ "${UID}" -gt 60000 ]]; then
+	sudo /usr/local/bin/mounthome.sh &
+fi
--- a/roles/lmn_mount/tasks/main.yml
+++ b/roles/lmn_mount/tasks/main.yml
@ -0,0 +1,82 @@
+---
+- name: Install needed packages
+  apt:
+    name:
+      - libpam-mount
+      - cifs-utils
+      - nfs-common
+      - hxtools
+      - davfs2
+    state: latest
+
+- name: Configure pam_mount for LMN homes
+  blockinfile:
+    dest: /etc/security/pam_mount.conf.xml
+    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount LMN homes) -->"
+    block: |
+      <!-- mounts for home, share and nextcloud -->
+      <volume
+        fstype="cifs"
+        server="{{ smb_server }}"
+        path="{{ smb_share }}"
+        mountpoint="/srv/samba/schools/default-school"
+        options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl"
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+      </volume>
+    insertafter: "<!-- Volume definitions -->"
+
+
+- name: Prepare persistent user cache base directory
+  ansible.builtin.file:
+    path: /var/cache/user/
+    state: directory
+    mode: '1777'
+
+- name: Create user-environment-generator directory
+  ansible.builtin.file:
+    path: /etc/systemd/user-environment-generators/
+    state: directory
+
+- name: Prepare generator for persistent user cache directory
+  ansible.builtin.copy:
+    dest: /etc/systemd/user-environment-generators/50-xdg-cache-home.sh
+    content: |
+      #!/usr/bin/bash
+      set -eu
+      ## local users do not need the extra cache dir:
+      [[ "$UID" -le 60000 ]] && exit 0
+      cp -r -n /etc/skel/.* "$HOME"
+      DIR="/var/cache/user/${UID}/"
+      [[ -d "$DIR" ]] || mkdir -m 0700 "$DIR"
+      echo XDG_CACHE_HOME="$DIR"
+    mode: "0755"
+
+
+- name: Clean up all user processes after logout
+  ansible.builtin.replace:
+    path: /etc/security/pam_mount.conf.xml
+    regexp: '^(<logout wait="0" hup="no" term="no" kill="no" />)$'
+    replace: '<!-- \1 -->\n<logout wait="1000" hup="yes" term="yes" kill="yes" />'
+
+- name: Kill all user processes on logout
+  ansible.builtin.lineinfile:
+    path: /etc/systemd/logind.conf
+    line: KillUserProcesses=yes
+    insertafter: '#KillUserProcesses=no'
+
+- name: Bind mount lmn/media with nosuid directory
+  ansible.posix.mount:
+    src: /lmn/media
+    path: /lmn/media
+    opts: nosuid,bind
+    state: present
+    fstype: none
+
+#- name: Mount NFSv4 home directory
+#  ansible.posix.mount:
+#    src: server:/default-school
+#    path: /srv/samba/schools/default-school
+#    opts: sec=krb5p,_netdev,x-systemd.automount,x-systemd.idle-timeout=60
+#    state: present
+#    fstype: nfs4
+#  when: nfs4