## This playbook deploys a KDE desktop machine for LinuxMuster. --- - name: apply configuration to the machines hosts: all remote_user: ansible become: yes vars_files: - vars-qgsoftware.yml vars: playbook_name: "qgm-desktop.yml" joinpw: '' domain: "{{ ansible_domain }}" kerberize_uris: qgm.lan realm: QGM.LAN serverhostname: server smb_server: server apt_conf: Acquire::http::Proxy "http://netboot.qgm.lan:3142/"; ntp_serv: server.qgm.lan proxy: http://firewall.qgm.lan:3128 no_proxy: firewall.qgm.lan, server.qgm.lan, qgm.lan ## PAM mount nextcloud, remove or leave empty to skip: web_dav: https://wolke.qg-moessingen.de/nextcloud/remote.php/dav/files/%(USER) ## Local mirror for mscorefonts. Remove or leave empty to use no mirror: mirror_msfonts: http://netboot.qgm.lan/mscorefonts/ # Linbo Passwort rsyncsecret: Muster! ## Use grub-mkpasswd-pbkdf2: to calculate the password hash, this hash is for "geheim": grub_pwd: 'grub.pbkdf2.sha512.10000.775CB8C7FDA6892B684049EC0257245BA886719264ED9CDB3A7543B3562CC71BA70DB31F3550586D1F41642B13AEF61857FE009AF891D0854A8383251C55119D.30056755AF00EA171069E591D3CA18A592C8C5DEC7E0DEE957AC23A51F58CC5E05231AC49674EC19F2BACAD7D510DF58A157840596F0247054C7FD42C5D43BE7' nfs4: false extra_pkgs: - vim - mc - tmux - console-setup - krb5-user - unattended-upgrades - debconf-utils - ctorrent extra_pkgs_bpo: [] # [ linux-image-amd64 ] roles: - lmn_network #- up2date_debian - lmn_sssd - lmn_mount - lmn_kde - lmn_qgm ## school specific customization - lmn_qgsoftware - lmn_qgsddm - lmn_printer #- kerberize tasks: - name: Remove debian packages for FreeCAD apt: name: - freecad - freecad-common - freecad-python3 - libfreecad-python3-0.20 autoremove: true state: absent - name: Remove debian packages for PrusaSlicer apt: name: - prusa-slicer - slic3r-prusa autoremove: true state: absent - name: Copy Server roots-pubkey to clients authorized_key: user: ansible state: present key: "{{ lookup('file', 'pubkeys/serverroot.pub') }}" - name: Fix unattended-upgrades ansible.builtin.copy: dest: /etc/apt/apt.conf.d/20auto-upgrades content: | APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "0"; - name: Prepare mount point for homes ansible.builtin.file: path: /srv/samba/schools/default-school/ state: directory mode: '0755' - name: Fix mount point permissions and owner file: path: "{{ item }}" mode: '0755' owner: root group: root loop: - /srv/samba - /srv/samba/schools - /srv/samba/schools/default-school - name: Disable Grub submenus lineinfile: dest: /etc/default/grub line: 'GRUB_DISABLE_SUBMENU=true' insertafter: '^GRUB_TIMEOUT=.*' notify: Run update-grub - name: Check for the buggy kernel stat: path: /boot/vmlinuz-6.1.0-17-amd64 register: bug - name: Check for the fixed kernel stat: path: /boot/vmlinuz-6.1.0-18-amd64 register: fix - name: Work around kernel with CIFS regression block: - name: Make sure kernel package -16 is available ansible.builtin.apt: name: linux-image-6.1.0-16-amd64 state: present - name: Set 6.1.0-16 as default kernel in grub lineinfile: dest: /etc/default/grub regexp: '^(GRUB_DEFAULT=).*' line: '\g<1>"Debian GNU/Linux, with Linux 6.1.0-16-amd64"' backrefs: yes notify: Run update-grub when: bug.stat.exists and not fix.stat.exists - name: Set latest kernel in grub if bug is fixed lineinfile: dest: /etc/default/grub regexp: '^(GRUB_DEFAULT=).*' line: '\g<1>0' backrefs: yes when: fix.stat.exists or not bug.stat.exists notify: Run update-grub - name: Remove "unattended-upgrades" package ansible.builtin.apt: name: unattended-upgrades state: absent purge: True - name: Fix stuttering sound on HDMI lineinfile: dest: /etc/default/grub regexp: '^(GRUB_CMDLINE_LINUX=).*' line: '\g<1>"intel_iommu=on,igfx_off"' backrefs: yes when: "'lt-' in inventory_hostname" notify: Run update-grub - name: Aktuelle Zeit zum Client schreiben copy: content: | playbook={{ playbook_name }} timestamp={{ ansible_date_time.date }}-{{ ansible_date_time.time }} unixtime={{ ansible_date_time.epoch }} ansiblehost={{ ansible_hostname }} dest: /etc/ansible_timestamp.txt