2023-10-20 19:14:10 +02:00
|
|
|
## This playbook deploys a client for LinuxMuster.
|
2023-10-12 20:00:19 +02:00
|
|
|
#
|
|
|
|
|
# Use the following in the installer's preseed file:
|
|
|
|
|
#
|
|
|
|
|
# d-i preseed/late_command string \
|
|
|
|
|
# mkdir -p /target/home/ansible/.ssh && \
|
|
|
|
|
# echo "ssh-ed25519 A...YOUR.KEY...Z" >> /target/home/ansible/.ssh/authorized_keys ; \
|
|
|
|
|
# in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
|
|
|
|
|
# in-target chmod -R og= /home/ansible/.ssh/ ; \
|
|
|
|
|
# if [ -n "$playbook" ] ; then \
|
|
|
|
|
# mkdir -v /target/dev/shm ; \
|
|
|
|
|
# in-target mount -v -t tmpfs tmpfs /dev/shm ; \
|
|
|
|
|
# echo "$vaultpw" > /target/dev/shm/vaultpw ; \
|
|
|
|
|
# in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
|
|
|
|
|
# --vault-password-file /dev/shm/vaultpw \
|
|
|
|
|
# -i localhost, --url=git://ansible.example.org/.git -C YOUR_BRANCH $playbook ; \
|
|
|
|
|
# fi
|
|
|
|
|
#
|
2023-01-13 13:43:31 +01:00
|
|
|
---
|
2023-10-20 19:14:10 +02:00
|
|
|
- name: Apply common configuration to the machines
|
|
|
|
|
hosts: all # desktop:laptop
|
2023-01-13 13:43:31 +01:00
|
|
|
remote_user: ansible
|
2025-03-24 07:33:56 +01:00
|
|
|
become: true
|
2025-08-06 08:57:08 +02:00
|
|
|
|
|
|
|
|
vars_files:
|
|
|
|
|
- qgm-vars.yml
|
|
|
|
|
|
2023-01-18 19:32:43 +01:00
|
|
|
pre_tasks:
|
2025-08-06 08:46:39 +02:00
|
|
|
# - name: Ask for global-admin AD password
|
|
|
|
|
# ansible.builtin.pause:
|
|
|
|
|
# prompt: "Enter global-admin AD password. Leave empty to skip domain join"
|
|
|
|
|
# echo: false
|
|
|
|
|
# register: adpw
|
|
|
|
|
# no_log: true
|
|
|
|
|
# when: "ansible_cmdline.adpw is not defined"
|
2023-10-04 13:42:01 +02:00
|
|
|
- name: Preseed apparmor
|
2025-03-24 07:33:56 +01:00
|
|
|
ansible.builtin.debconf:
|
2023-03-17 19:46:22 +01:00
|
|
|
name: apparmor
|
|
|
|
|
question: apparmor/homedirs
|
|
|
|
|
value: >-
|
|
|
|
|
/srv/samba/schools/default-school/teachers/
|
|
|
|
|
/srv/samba/schools/default-school/students/*/
|
2023-10-19 21:30:25 +02:00
|
|
|
/srv/samba/schools/default-school/examusers/
|
2023-03-17 19:46:22 +01:00
|
|
|
vtype: string
|
2024-06-14 08:58:30 +02:00
|
|
|
- name: Preseed unattended-upgrades
|
2025-03-24 07:33:56 +01:00
|
|
|
ansible.builtin.debconf:
|
2024-06-14 08:58:30 +02:00
|
|
|
name: unattended-upgrades
|
|
|
|
|
question: unattended-upgrades/enable_auto_updates
|
|
|
|
|
value: true
|
|
|
|
|
vtype: boolean
|
2023-01-18 19:32:43 +01:00
|
|
|
|
2023-01-13 13:43:31 +01:00
|
|
|
roles:
|
2023-07-12 15:52:09 +02:00
|
|
|
- lmn_network
|
2024-02-02 19:05:34 +01:00
|
|
|
- role: up2date_debian
|
|
|
|
|
tags: upgrade
|
2023-01-22 11:49:57 +01:00
|
|
|
- lmn_sssd
|
|
|
|
|
- lmn_mount
|
|
|
|
|
- lmn_kde
|
2025-03-18 14:37:13 +01:00
|
|
|
- role: lmn_vm
|
|
|
|
|
when: vm_support
|
2025-04-04 15:41:29 +02:00
|
|
|
- role: lmn_printer
|
2025-04-04 15:23:33 +02:00
|
|
|
when: printservers is defined
|
2023-05-03 18:16:56 +02:00
|
|
|
- kerberize
|
2025-03-26 14:44:19 +01:00
|
|
|
- lmn_misc
|
2025-03-31 18:13:50 +02:00
|
|
|
- role: lmn_localproxy
|
|
|
|
|
when: localproxy
|
2024-04-28 17:48:08 +02:00
|
|
|
- role: lmn_localhome
|
2025-03-19 11:08:57 +01:00
|
|
|
when: localhome
|
2025-03-25 09:14:47 +01:00
|
|
|
- role: lmn_localuser
|
|
|
|
|
when: localuser
|
2025-03-18 14:37:13 +01:00
|
|
|
- role: lmn_exam
|
|
|
|
|
when: exam_mode
|
2025-03-20 16:37:04 +01:00
|
|
|
- role: lmn_wlan
|
|
|
|
|
when:
|
|
|
|
|
- ansible_interfaces | select('search', 'wl.+') | first is defined
|
2025-04-02 13:58:15 +02:00
|
|
|
- wlan != 'none'
|
2023-01-13 13:43:31 +01:00
|
|
|
|
|
|
|
|
tasks:
|
2025-03-24 14:09:18 +01:00
|
|
|
- name: Include custom roles
|
|
|
|
|
ansible.builtin.include_role:
|
|
|
|
|
name: "custom/{{ rolename }}"
|
|
|
|
|
loop: "{{ custom_roles }}"
|
|
|
|
|
loop_control:
|
|
|
|
|
loop_var: rolename
|
|
|
|
|
when: custom_roles is defined
|
|
|
|
|
|
2025-03-28 07:27:39 +01:00
|
|
|
- name: Final tasks
|
|
|
|
|
ansible.builtin.include_role:
|
|
|
|
|
name: "{{ role }}"
|
|
|
|
|
loop_control:
|
|
|
|
|
loop_var: role
|
|
|
|
|
loop:
|
|
|
|
|
- lmn_security
|
|
|
|
|
- lmn_finish
|
|
|
|
|
- lmn_tmpfixes
|
2024-11-06 09:54:39 +01:00
|
|
|
|
2025-02-27 18:25:17 +01:00
|
|
|
|
2025-03-20 21:13:20 +01:00
|
|
|
- name: Apply roles that must run serial
|
|
|
|
|
hosts: all
|
|
|
|
|
remote_user: ansible
|
2025-03-24 07:33:56 +01:00
|
|
|
become: true
|
2025-03-20 21:13:20 +01:00
|
|
|
serial: 1
|
|
|
|
|
ignore_unreachable: true
|
|
|
|
|
|
|
|
|
|
roles:
|
|
|
|
|
- role: lmn_vpn
|
|
|
|
|
when: vpn != "none"
|
