Make playbook more general: Split into general and specific roles, use variables.

2023-09-02 15:46:27 +02:00 · 2023-09-02 15:46:27 +02:00 · 431acebfa3
commit 431acebfa3
parent c59fb67ed0
13 changed files with 247 additions and 144 deletions
--- a/roles/lmn_fvs/tasks/main.yml
+++ b/roles/lmn_fvs/tasks/main.yml
@ -0,0 +1,126 @@
+---
+- name: Preseed wireshark to allow users sniffing packets
+  ansible.builtin.debconf:
+    name: wireshark-common
+    question: wireshark-common/install-setuid
+    value: 'true'
+    vtype: boolean
+
+- name: Preseed ttf-mscorefonts-installer
+  ansible.builtin.debconf:
+    name: ttf-mscorefonts-installer
+    question: msttcorefonts/dlurl
+    value: "{{ mirror_msfonts }}"
+    vtype: string
+  when: mirror_msfonts is defined and mirror_msfonts | length > 0
+
+
+- name: Install desktop EDU packages and some more
+  apt:
+    name:
+      - atftp
+      - curl
+      - elpa-color-theme-modern
+      - elpa-magit
+      - emacs
+      - git
+      - gitg
+      - gitk
+      - neovim
+      - net-tools
+      - netcat-openbsd
+      - nmap
+      - pulseview
+      - sigrok
+      - sigrok-cli
+      - tmux
+      - tree
+      - ttf-mscorefonts-installer
+      - wireshark
+    autoremove: true
+    state: latest
+  environment:
+    http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
+
+
+- name: Allow users to dump packets for wireshark without group membership
+  ansible.builtin.file:
+    path: /usr/bin/dumpcap
+    mode: '0755'
+
+
+- name: Create firefox policies directory
+  ansible.builtin.file:
+    path: /etc/firefox-esr/policies
+    state: directory
+    mode: '0755'
+
+- name: Create a symbolic link firefox to firefox-esr
+  ansible.builtin.file:
+    src: /etc/firefox-esr
+    dest: /etc/firefox
+    state: link
+
+- name: Copy firefox policy
+  ansible.builtin.copy:
+    src: policies.json
+    dest: /etc/firefox-esr/policies/
+
+
+- name: Copy pwroff script
+  copy:
+    src: pwroff
+    dest: /usr/local/sbin/
+    mode: 0755
+
+- name: Provide service and timer for pwroff script
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/systemd/system/{{ item }}"
+    mode: 0644
+  with_items:
+    - pwroff.service
+    - pwroff.timer
+
+- name: Enable pwroff.timer
+  systemd:
+    name: pwroff.timer
+    enabled: true
+
+
+- name: Copy dolphin config scripts
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: /usr/local/bin/
+    mode: 0755
+  loop:
+    - lmn-reset-dolphin.sh
+    - lmn-patch-dolphin.sh
+
+
+- name: Copy fvs-config.js to configure plasma
+  ansible.builtin.copy:
+    src: fvs-config.js
+    dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
+    mode: 0644
+
+
+- name: Restrict some user actions
+  blockinfile:
+    path: /etc/xdg/kdeglobals
+    create: true
+    block: |
+      [KDE Action Restrictions][$i]
+      action/start_new_session=false
+      #action/switch_user=false
+      #action/lock_screen=false
+
+#- name: Disable automatic lock screen and user specific modifications
+#  ansible.builtin.copy:
+#    path: /etc/xdg/kscreenlockerrc
+#    create: true
+#    content: |
+#      [Daemon][$i]
+#      Autolock=false
+#      LockOnResume=false
+#