playbooks/bookworm
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Test mit geänderten Variablen

Browse source
This commit is contained in:
Frank Schiebel 2023-09-05 17:02:39 +02:00
parent ac805d4af9
commit bbf2f78e95
13 changed files with 87 additions and 606 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config.vars
View file

@ -1,2 +0,0 @@
ansible_ssh_pubkey: "dummy-placeholder"
lmn_client_branch: "main"

23
lmn-desktop.yml
View file

@ -7,7 +7,7 @@
pre_tasks: pre_tasks:
- pause: - pause:
prompt: "Enter global-admin active directory password, leave empty to skip domain join" prompt: "Enter global-admin active directory password, leave empty to skip domain join"
minutes: 1 minutes: 5
echo: false echo: false
register: adpw register: adpw
no_log: true no_log: true
@ -22,12 +22,23 @@
vtype: string vtype: string
vars: vars:
#domain: "{{ ansible_domain }}" domain: "{{ ansible_domain }}"
domain: qgm.lan
kerberize_uris: qgm.lan kerberize_uris: qgm.lan
apt_conf: Acquire::http::Proxy "http://netboot.qgm.lan:3142/";
ntp_serv: server.qgm.lan
proxy: http://firewall.qgm.lan:3128
no_proxy: firewall.qgm.lan, server.qgm.lan, qgm.lan
## PAM mount nextcloud, remove or leave empty to skip:
web_dav: https://wolke.qg-moessingen.de/remote.php/dav/files/%(USER)
## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
mirror_msfonts: http://netboot.qgm.lan/mscorefonts/
# Linbo Passwort
rsyncsecret: Muster! rsyncsecret: Muster!
## Use grub-mkpasswd-pbkdf2 to calculate the password hash: ## Use grub-mkpasswd-pbkdf2: to calculate the password hash, this hash is for "geheim":
grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB' grub_pwd: 'grub.pbkdf2.sha512.10000.775CB8C7FDA6892B684049EC0257245BA886719264ED9CDB3A7543B3562CC71BA70DB31F3550586D1F41642B13AEF61857FE009AF891D0854A8383251C55119D.30056755AF00EA171069E591D3CA18A592C8C5DEC7E0DEE957AC23A51F58CC5E05231AC49674EC19F2BACAD7D510DF58A157840596F0247054C7FD42C5D43BE7'
nfs4: false nfs4: false
extra_pkgs: extra_pkgs:
- vim - vim
@ -39,7 +50,6 @@
- debconf-utils - debconf-utils
- ctorrent - ctorrent
extra_pkgs_bpo: [] # [ linux-image-amd64 ] extra_pkgs_bpo: [] # [ linux-image-amd64 ]
ansible_python_interpreter: "/usr/bin/python3"
roles: roles:
- lmn_network - lmn_network
@ -47,5 +57,6 @@
- lmn_sssd - lmn_sssd
- lmn_mount - lmn_mount
#- lmn_kde #- lmn_kde
#- lmn_myschool ## school specific customization
#- lmn_printer #- lmn_printer
#- kerberize #- kerberize

112
roles/lmn_kde/files/fvs-config.js
View file

@ -1,112 +0,0 @@
// configure plasma defaults
function forEachWidgetInContainmentList(containmentList, callback) {
for (var containmentIndex = 0; containmentIndex < containmentList.length; containmentIndex++) {
var containment = containmentList[containmentIndex];
var widgets = containment.widgets();
for (var widgetIndex = 0; widgetIndex < widgets.length; widgetIndex++) {
var widget = widgets[widgetIndex];
callback(widget, containment);
if (widget.type === "org.kde.plasma.systemtray") {
systemtrayId = widget.readConfig("SystrayContainmentId");
if (systemtrayId) {
forEachWidgetInContainmentList([desktopById(systemtrayId)], callback)
}
}
}
}
}
function forEachWidget(callback) {
forEachWidgetInContainmentList(desktops(), callback);
forEachWidgetInContainmentList(panels(), callback);
}
function forEachWidgetByType(type, callback) {
forEachWidget(function(widget, containment) {
if (widget.type == type) {
callback(widget, containment);
}
});
}
function widgetSetProperty(args) {
if (!(args.widgetType && args.configGroup && args.configKey)) {
return;
}
forEachWidgetByType(args.widgetType, function(widget){
widget.currentConfigGroup = [args.configGroup];
/*
//--- Delete when done debugging
const oldValue = widget.readConfig(args.configKey);
print("" + widget.type + " (id: " + widget.id + "):");
print("\t[" + args.configGroup + "] " + args.configKey + ": " +
oldValue + " => " + args.configValue + "\n");
//--- End Debug
*/
widget.writeConfig(args.configKey, args.configValue);
});
}
// configure task bar starters:
widgetSetProperty({
widgetType: "org.kde.plasma.icontasks",
configGroup: "General",
configKey: "launchers",
configValue: [
"applications:systemsettings.desktop",
"preferred://browser",
"applications:thunderbird.desktop",
"applications:libreoffice-startcenter.desktop",
"preferred://filemanager"
//"applications:org.kde.konsole.desktop",
//"applications:org.kde.discover.desktop"
],
});
// kickoff is the default menu:
/* this does not work (anymore?)
widgetSetProperty({
widgetType: "org.kde.plasma.kickoff",
configGroup: "General",
configKey: "favorites",
configValue: ["applications:libreoffice-startcenter.desktop",],
});
*/
widgetSetProperty({
widgetType: "org.kde.plasma.kickoff",
configGroup: "General",
configKey: "systemFavorites",
configValue: ["reboot", "shutdown", "logout"],
});
// prepare a folder view on the desktop:
/* 20230917 disabled for now
var allDesktops = desktops();
for (var desktopIndex = 0; desktopIndex < allDesktops.length; desktopIndex++) {
var d = allDesktops[desktopIndex];
d.addWidget("org.kde.plasma.folder", 50, 50, 456, 600)
print("Folder app generated!\n")
}
widgetSetProperty({
widgetType: "org.kde.plasma.folder",
configGroup: "General",
configKey: "url",
configValue: "/lmn/media/",
});
widgetSetProperty({
widgetType: "org.kde.plasma.folder",
configGroup: "General",
configKey: "labelMode",
configValue: "0",
});
*/
// /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js

222
roles/lmn_kde/files/lmn-reset-dolphin.sh
View file

@ -1,222 +0,0 @@
#!/bin/bash
sed -e "s|HOME|/${HOME##/srv/samba/schools/default-school/}|g" -e "s|USER|${USER}|g" > ~/.local/share/user-places.xbel <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE xbel>
<xbel xmlns:mime="http://www.freedesktop.org/standards/shared-mime-info" xmlns:bookmark="http://www.freedesktop.org/standards/desktop-bookmarks" xmlns:kdepriv="http://www.kde.org/kdepriv">
<info>
<metadata owner="http://www.kde.org">
<kde_places_version>4</kde_places_version>
<GroupState-Places-IsHidden>false</GroupState-Places-IsHidden>
<GroupState-Remote-IsHidden>false</GroupState-Remote-IsHidden>
<GroupState-Devices-IsHidden>false</GroupState-Devices-IsHidden>
<GroupState-RemovableDevices-IsHidden>false</GroupState-RemovableDevices-IsHidden>
<GroupState-Tags-IsHidden>false</GroupState-Tags-IsHidden>
<withRecentlyUsed>true</withRecentlyUsed>
<GroupState-RecentlySaved-IsHidden>false</GroupState-RecentlySaved-IsHidden>
<withBaloo>true</withBaloo>
<GroupState-SearchFor-IsHidden>false</GroupState-SearchFor-IsHidden>
</metadata>
</info>
<bookmark href="file:///srv/samba/schools/default-schoolHOME">
<title>Home</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="user-home"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/0</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="file:///srv/samba/schools/default-schoolHOME/Schreibtisch">
<title>Desktop</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="user-desktop"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/1</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="file:///srv/samba/schools/default-schoolHOME/Dokumente">
<title>Documents</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="folder-documents"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/2</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="file:///srv/samba/schools/default-schoolHOME/Downloads">
<title>Downloads</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="folder-downloads"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/3</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="file:///srv/samba/schools/default-schoolHOME/Musik">
<title>Music</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="folder-music"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/6</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="file:///srv/samba/schools/default-schoolHOME/Bilder">
<title>Pictures</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="folder-pictures"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/7</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="file:///srv/samba/schools/default-schoolHOME/Videos">
<title>Videos</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="folder-videos"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/8</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="file:///srv/samba/schools/default-school/share">
<title>Tausch</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="folder-publicshare"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/9</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="file:///lmn/media/USER/nextcloud">
<title>Nextcloud</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="folder-cloud"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/10</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="remote:/">
<title>Network</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="folder-network"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/4</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="trash:/">
<title>Trash</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="user-trash"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/5</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="recentlyused:/files">
<title>Recent Files</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="document-open-recent"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/9</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<bookmark href="recentlyused:/locations">
<title>Recent Locations</title>
<info>
<metadata owner="http://freedesktop.org">
<bookmark:icon name="folder-open-recent"/>
</metadata>
<metadata owner="http://www.kde.org">
<ID>1682498425/10</ID>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</bookmark>
<separator>
<info>
<metadata owner="http://www.kde.org">
<UDI>/org/kde/fstab///server/default-school/:/srv/samba/schools/default-school</UDI>
<isSystemItem>true</isSystemItem>
<IsHidden>true</IsHidden>
</metadata>
</info>
</separator>
<separator>
<info>
<metadata owner="http://www.kde.org">
<UDI>/org/kde/fstab///server/default-school/:/lmn/media/USER/home</UDI>
<isSystemItem>true</isSystemItem>
<IsHidden>true</IsHidden>
</metadata>
</info>
</separator>
<separator>
<info>
<metadata owner="http://www.kde.org">
<UDI>/org/kde/fstab///server/sysvol/:/srv/samba/USER/sysvol</UDI>
<isSystemItem>true</isSystemItem>
<IsHidden>true</IsHidden>
</metadata>
</info>
</separator>
<separator>
<info>
<metadata owner="http://www.kde.org">
<UDI>/org/kde/fstab///server/default-school/:/lmn/media/USER/share</UDI>
<isSystemItem>true</isSystemItem>
<IsHidden>true</IsHidden>
</metadata>
</info>
</separator>
<separator>
<info>
<metadata owner="http://www.kde.org">
<UDI>/org/freedesktop/UDisks2/block_devices/sda2</UDI>
<isSystemItem>true</isSystemItem>
</metadata>
</info>
</separator>
</xbel>
EOF

74
roles/lmn_kde/files/policies.json
View file

@ -1,74 +0,0 @@
{
"policies": {
"Proxy": {
"Mode": "system"
},
"OverrideFirstRunPage": "https://www.steinbeisschule-reutlingen.de",
"Homepage": {
"URL": "https://www.debian.org",
"Locked": false,
"StartPage": "previous-session"
},
"DisplayBookmarksToolbar": true,
"ManagedBookmarks": [
{
"toplevel_name": "FvS-Reutlingen"
},
{
"url": "https://server.pn.steinbeis.schule",
"name": "Passwort ändern"
},
{
"url": "https://dw.steinbeis.schule",
"name": "FvS-Hilfesystem"
},
{
"url": "https://nextcloud.steinbeisschule-reutlingen.de",
"name": "FvS-Nextcloud"
},
{
"url": "https://moodle.steinbeisschule-reutlingen.de",
"name": "FvS-Moodle"
},
{
"name": "Debian",
"children": [
{
"url": "https://www.debian.org",
"name": "Debian Homepage"
},
{
"url": "https://wiki.debian.org",
"name": "Debian Wiki"
},
{
"name": "Debian LAN/Live",
"children": [
{
"url": "https://salsa.debian.org/andi/debian-lan-ansible",
"name": "Debian LAN Ansible"
},
{
"url": "https://wiki.debian.org/DebianLive",
"name": "Debian Live"
}
]
}
]
}
],
"SearchEngines": {
"Add": [
{
"Name": "Startpage",
"URLTemplate": "https://www.startpage.com/sp/search?query={searchTerms}",
"Method": "GET",
"IconURL": "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico",
"Alias": "sp",
"Description": "Startpage Search Engine"
}
],
"Default": "Startpage"
}
}
}

47
roles/lmn_kde/files/pwroff
View file

@ -1,47 +0,0 @@
#!/bin/bash
#
# logout idle users and shutdown machine
#
set -eu
action="systemctl poweroff"
uptime=$(cat /proc/uptime | cut -f1 -d.)
maxidle=3600
u=($(loginctl list-users --no-legend | sort -hr | head -1))
una=${u[1]:-''}
uid=${u[0]:-''}
talk2dbus() {
local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
sudo -u $una DISPLAY=$display \
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus "$@" 2>/dev/null
}
########
## shutdown if nobody is loged in:
if [[ -z "$una" ]] || [[ $uid -lt 1000 ]] ; then
exec $action
fi
# FIXME: find idle time independent of running screensaver
if ! t=$(talk2dbus qdbus org.kde.screensaver /ScreenSaver GetActiveTime) ; then
echo "No graphical logins found."
else
idle=$(( t / 1000 ))
if [[ $idle -gt $maxidle ]] ; then
talk2dbus notify-send -i system-shutdown -u critical -a 'Important System Information' \
'Please log out, the system will shut down soon!' \
'There has been no activity for too long.'
## shutdown:
#talk2dbus qdbus org.kde.ksmserver /KSMServer logout 1 2 0
## logout:
talk2dbus qdbus org.kde.ksmserver /KSMServer logout 1 0 0
echo "Log-out user $una after being idle for $idle seconds."
else
echo "The user $una has been idle for $idle seconds."
fi
fi
#w -s | grep tty | sed "s/[[:space:]]\+/ /g" | cut -f4 -d ' '

6
roles/lmn_kde/files/pwroff.service
View file

@ -1,6 +0,0 @@
[Unit]
Description=Run pwroff script
[Service]
Type=simple
ExecStart=/usr/local/sbin/pwroff

9
roles/lmn_kde/files/pwroff.timer
View file

@ -1,9 +0,0 @@
[Unit]
Description=Run pwroff script every 10 min after 60 min uptime
[Timer]
OnBootSec=60min
OnUnitActiveSec=10min
[Install]
WantedBy=timers.target

12
roles/lmn_kde/handlers/main.yml
View file

@ -1,14 +1,2 @@
- name: Run update-grub - name: Run update-grub
command: update-grub command: update-grub
- name: Enable tmp.mount
systemd:
daemon_reload: yes
name: tmp.mount
enabled: yes
listen: enable tmp.mount
- name: enable pwroff.timer
systemd:
name: pwroff.timer
enabled: true

133
roles/lmn_kde/tasks/main.yml
View file

@ -1,61 +1,39 @@
--- ---
- name: Preseed ttf-mscorefonts-installer - name: Install desktop and educational packages
ansible.builtin.debconf:
name: ttf-mscorefonts-installer
question: msttcorefonts/dlurl
value: http://netboot.qgm.lan/mscorefonts/
vtype: string
- name: Install desktop EDU packages and some more
apt: apt:
name: name:
- task-kde-desktop
- task-german-kde-desktop
- task-german-desktop
- xdg-desktop-portal-kde
- xdg-desktop-portal-wlr # share screen in browser
- kde-full
- akonadi-backend-sqlite - akonadi-backend-sqlite
- thunderbird-l10n-de - arduino
- webext-privacy-badger - bluefish
- webext-ublock-origin-firefox - codeblocks
- webext-ublock-origin-chromium - dia
- vlc - flameshot
- freecad
- ghex
- gimp - gimp
- inkscape - inkscape
- flameshot - kde-full
- bluefish - keepassxc
- git - librecad
- gitk
- gitg
- nmap
- net-tools
- ghex
- thonny
- spyder
- mu-editor - mu-editor
- dia - qtcreator
- vym - spyder
- tree
- sqlite3 - sqlite3
- sqlitebrowser - sqlitebrowser
- neovim - task-german-desktop
- qtcreator - task-german-kde-desktop
- freecad - task-kde-desktop
- librecad - thonny
- arduino - thunderbird-l10n-de
- keepassxc - vlc
- tmux - vym
- curl - webext-privacy-badger
- pulseview - webext-ublock-origin-chromium
- sigrok - webext-ublock-origin-firefox
- sigrok-cli - xdg-desktop-portal-kde
- codeblocks - xdg-desktop-portal-wlr # share screen in browser
- ttf-mscorefonts-installer
autoremove: true autoremove: true
state: latest state: latest
environment:
http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
- name: Add {{ ansible_distribution_release }}-backports - name: Add {{ ansible_distribution_release }}-backports
apt_repository: apt_repository:
@ -75,14 +53,6 @@
default_release: "{{ ansible_distribution_release }}-backports" default_release: "{{ ansible_distribution_release }}-backports"
- name: Enable splash screen
replace:
dest: "/etc/default/grub"
regexp: '"quiet"$'
replace: '"quiet splash"'
notify: Run update-grub
- name: Create akonadi config dir - name: Create akonadi config dir
ansible.builtin.file: ansible.builtin.file:
path: /etc/xdg/akonadi/ path: /etc/xdg/akonadi/
@ -106,24 +76,6 @@
/srv/samba/schools/default-school/students/*/ /srv/samba/schools/default-school/students/*/
- name: Create firefox policies directory
ansible.builtin.file:
path: /etc/firefox-esr/policies
state: directory
mode: '0755'
- name: Create a symbolic link firefox to firefox-esr
ansible.builtin.file:
src: /etc/firefox-esr
dest: /etc/firefox
state: link
- name: copy policy
ansible.builtin.copy:
src: policies.json
dest: /etc/firefox-esr/policies/
- name: tune SDDM login - name: tune SDDM login
blockinfile: blockinfile:
path: /etc/sddm.conf path: /etc/sddm.conf
@ -153,35 +105,14 @@
AllowHybridSleep=no AllowHybridSleep=no
- name: Copy pwroff script
copy:
src: pwroff
dest: /usr/local/sbin/
mode: 0755
- name: Provide service and timer for pwroff script
copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: 0644
with_items:
- pwroff.service
- pwroff.timer
notify: enable pwroff.timer
- name: copy lmn-reset-dolphin.sh
ansible.builtin.copy:
src: lmn-reset-dolphin.sh
dest: /usr/local/bin/
mode: 0755
- name: Copy fvs-config.js to configure plasma
ansible.builtin.copy:
src: fvs-config.js
dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
mode: 0644
################# general settings ################## ################# general settings ##################
- name: Enable boot splash screen
replace:
dest: "/etc/default/grub"
regexp: '"quiet"$'
replace: '"quiet splash"'
notify: Run update-grub
- name: Protect grub menu entries - name: Protect grub menu entries
blockinfile: blockinfile:
path: /etc/grub.d/40_custom path: /etc/grub.d/40_custom

36
roles/lmn_mount/tasks/main.yml
View file

@ -9,12 +9,26 @@
- davfs2 - davfs2
state: latest state: latest
- name: Configure pam_mount for Webdav Nextcloud
blockinfile:
dest: /etc/security/pam_mount.conf.xml
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount Nextcloud) -->"
block: |
<volume
fstype="davfs"
path="{{ web_dav }}"
mountpoint="/lmn/media/%(USER)/nextcloud"
options="username=%(USER),nosuid,nodev,uid=%(USER),gid=1010,grpid,file_mode=0770,dir_mode=0770,forceuid,forcegid"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
</volume>
insertafter: "<!-- Volume definitions -->"
when: web_dav is defined and web_dav | length > 0
- name: Configure pam_mount for LMN homes - name: Configure pam_mount for LMN homes
blockinfile: blockinfile:
dest: /etc/security/pam_mount.conf.xml dest: /etc/security/pam_mount.conf.xml
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount LMN homes) -->" marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount LMN home) -->"
block: | block: |
<!-- mounts for home, share and nextcloud -->
<volume <volume
fstype="cifs" fstype="cifs"
server="{{ smb_server }}" server="{{ smb_server }}"
@ -64,7 +78,7 @@
line: KillUserProcesses=yes line: KillUserProcesses=yes
insertafter: '#KillUserProcesses=no' insertafter: '#KillUserProcesses=no'
- name: Bind mount lmn/media with nosuid directory - name: Bind mount /lmn/media with nosuid directory
ansible.posix.mount: ansible.posix.mount:
src: /lmn/media src: /lmn/media
path: /lmn/media path: /lmn/media
@ -72,11 +86,11 @@
state: present state: present
fstype: none fstype: none
#- name: Mount NFSv4 home directory - name: Mount NFSv4 home directory
# ansible.posix.mount: ansible.posix.mount:
# src: server:/default-school src: server:/default-school
# path: /srv/samba/schools/default-school path: /srv/samba/schools/default-school
# opts: sec=krb5p,_netdev,x-systemd.automount,x-systemd.idle-timeout=60 opts: sec=krb5p,_netdev,x-systemd.automount,x-systemd.idle-timeout=60
# state: present state: present
# fstype: nfs4 fstype: nfs4
# when: nfs4 when: nfs4

12
roles/lmn_network/tasks/main.yml
View file

@ -1,13 +1,21 @@
--- ---
- name: Deploy http proxy config
copy:
dest: /etc/environment.d/10-lmn-proxy.conf
content: |
http_proxy="{{ proxy }}"
https_proxy="{{ proxy }}"
ftp_proxy="{{ proxy }}"
no_proxy="{{ no_proxy }}"
- name: set aptcache - name: set aptcache
ansible.builtin.copy: ansible.builtin.copy:
dest: /etc/apt/apt.conf dest: /etc/apt/apt.conf
content: > content: >
Acquire::http::Proxy "http://10.16.1.2:3142/"; {{ apt_conf }}
- name: set ntp Server - name: set ntp Server
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/systemd/timesyncd.conf path: /etc/systemd/timesyncd.conf
insertafter: '^#NTP=' insertafter: '^#NTP='
line: NTP=server.qgm.lan line: NTP={{ ntp_serv }}

3
roles/lmn_printer/tasks/main.yml
View file

@ -30,7 +30,8 @@
path="sysvol/" path="sysvol/"
mountpoint="/srv/samba/%(USER)/sysvol" mountpoint="/srv/samba/%(USER)/sysvol"
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not></volume> ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
</volume>
insertafter: "<!-- Volume definitions -->" insertafter: "<!-- Volume definitions -->"
- name: Create /etc/linuxmuster-linuxclient7 Directory - name: Create /etc/linuxmuster-linuxclient7 Directory