playbooks/trixie
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Collect some general tasks from other roles into role_misc

Browse source 
Control execution of task by variables with defaults.
This commit is contained in:
Raphael Dannecker 2025-03-26 14:44:19 +01:00
parent a8736395c8
commit 5b19a529f2
14 changed files with 659 additions and 612 deletions
Download patch file Download diff file Expand all files Collapse all files

5
roles/lmn_misc/defaults/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
misc_avoid_suspend: true
misc_pwroff: true
misc_pxe_first: false
misc_reporter: false

18
roles/lmn_misc/files/bootorder.sh Normal file
View file

@ -0,0 +1,18 @@
#!/usr/bin/bash
#
# fix boot order: first PXE, then Debian
#
set -eu
cur="$(efibootmgr | grep -Ei 'BootOrder:' | \
sed -E 's/^BootOrder: ([[:xdigit:]]{4}),.+$/\1/')"
pxeip4="$(efibootmgr | grep -Ei "IP.*4" | \
sed -E 's/^Boot([[:xdigit:]]{4}).+$/\1/')"
debian="$(efibootmgr | grep -Ei "debian" | \
sed -E 's/^Boot([[:xdigit:]]{4}).+$/\1/')"
if [[ "$cur" != "$pxeip4" ]] && [[ -n "$pxeip4" ]] && [[ -n "$debian" ]] ; then
efibootmgr -o $pxeip4,$debian
else
echo "Nothing to do."
fi

48
roles/lmn_misc/files/pwroff Executable file
View file

@ -0,0 +1,48 @@
#!/bin/bash
#
# logout idle users and shutdown machine
#
set -eu
action="systemctl poweroff"
uptime=$(cat /proc/uptime | cut -f1 -d.)
maxidle=3600 ## seconds
u=($(loginctl list-users --no-legend | sort -hr | head -1))
una=${u[1]:-''}
uid=${u[0]:-''}
talk2dbus() {
local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
sudo -u $una DISPLAY=$display \
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus "$@"
}
########
## shutdown if nobody is loged in:
if [[ -z "$una" ]] || [[ $uid -lt 1000 ]] ; then
exec $action
fi
# FIXME: find idle time independent of running screensaver
if ! t=$(talk2dbus qdbus org.kde.screensaver /ScreenSaver GetActiveTime) ; then
echo "No graphical logins found."
else
idle=$(( t / 1000 ))
if [[ $idle -gt $maxidle ]] && [[ ! -d "/srv/samba/schools/default-school/teachers/" ]] ; then
talk2dbus notify-send -i system-shutdown -u critical -a 'Important System Information' \
'Please log out, the system will shut down soon!' \
'There has been no activity for too long.'
## shutdown:
#talk2dbus qdbus org.kde.ksmserver /KSMServer logout 1 2 0
## logout:
talk2dbus qdbus org.kde.ksmserver /KSMServer logout 1 0 0 || \
loginctl terminate-user $una
echo "Log-out user $una after being idle for $idle seconds."
else
echo "The user $una has been idle for $idle seconds."
fi
fi
#w -s | grep tty | sed "s/[[:space:]]\+/ /g" | cut -f4 -d ' '

6
roles/lmn_misc/files/pwroff.service Normal file
View file

@ -0,0 +1,6 @@
[Unit]
Description=Run pwroff script
[Service]
Type=simple
ExecStart=/usr/local/sbin/pwroff

9
roles/lmn_misc/files/pwroff.timer Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Run pwroff script every 15 min after 90 min uptime
[Timer]
OnBootSec=90min
OnUnitActiveSec=15min
[Install]
WantedBy=timers.target

33
roles/lmn_misc/files/reporter Executable file
View file

@ -0,0 +1,33 @@
#!/usr/bin/bash
#
# Send stdout of some commands to monitoring server.
# Collect the reports with 'nc -u -k -l 1234' on 'sendto'.
# Use /bin/nc.openbsd, /bin/nc.traditional seems not to work.
#
set -eu
sendto="collector.steinbeis.schule 1234"
n=0
cmds=(
'uname -a'
'tail -1 /var/local/ansible-stamps'
'ip route list default'
'ip link show | \
sed -nE -e "s/^[2-9]: (\S+): .+/\1/p" -e "s/.+ether ([0-9a-f:]+) .+/\1/p" | \
paste - -'
)
# 'w'
# 'uptime'
# 'ls -d --full-time /home/ansible/.ansible/tmp/'
# 'ip addr show'
# 'apt list --upgradeable -o Apt::Cmd::Disable-Script-Warning=true'
r="$HOSTNAME ------- $(date --rfc-3339=seconds) -------
$(for c in "${cmds[@]}" ; do
n=$(( n + 1 ))
echo -n "$n"
eval "$c" | sed 's/^/\t/'
done | sed "s/^/$HOSTNAME /")
## -------------------------------------------------"
echo "$r" | nc -w 1 -u $sendto

6
roles/lmn_misc/files/reporter.service Normal file
View file

@ -0,0 +1,6 @@
[Unit]
Description=Run reporting script
[Service]
Type=simple
ExecStart=/usr/local/sbin/reporter

9
roles/lmn_misc/files/reporter.timer Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Run reporter script every 15 min
[Timer]
OnBootSec=5min
OnUnitActiveSec=15min
[Install]
WantedBy=timers.target

2
roles/lmn_misc/handlers/main.yml Normal file
View file

@ -0,0 +1,2 @@
- name: Run update-grub
ansible.builtin.command: update-grub

167
roles/lmn_misc/tasks/main.yml Normal file
View file

@ -0,0 +1,167 @@
---
- name: Enable wake-on-lan for all ethernet connections
ansible.builtin.copy:
dest: /etc/NetworkManager/conf.d/wake-on-lan.conf
mode: '0644'
content: |
[connection]
ethernet.wake-on-lan=64
- name: Prepare directory for apt-daily override
ansible.builtin.file:
path: /etc/systemd/system/apt-daily.timer.d/
mode: '0755'
state: directory
- name: Run apt update early to avoid outdated package lists
ansible.builtin.copy:
dest: /etc/systemd/system/apt-daily.timer.d/override.conf
mode: '0644'
content: |
[Timer]
RandomizedDelaySec=30m
# Avoid suspend
- name: Create directory to avoid suspend
ansible.builtin.file:
path: /etc/systemd/sleep.conf.d/
state: directory
mode: '0755'
when: misc_avoid_suspend
- name: Avoid suspending
ansible.builtin.blockinfile:
path: /etc/systemd/sleep.conf.d/nosuspend.conf
create: true
mode: '0644'
block: |
[Sleep]
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no
when: misc_avoid_suspend
# Auto Poweroff
- name: Copy pwroff script
ansible.builtin.copy:
src: pwroff
dest: /usr/local/sbin/
mode: '0755'
- name: Provide services and timers for pwroff
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop:
- pwroff.service
- pwroff.timer
when: misc_pwroff
- name: Enable pwroff.timer
ansible.builtin.systemd:
name: pwroff.timer
enabled: true
when: misc_pwroff
# Boot splash
- name: Enable boot splash screen
ansible.builtin.replace:
dest: "/etc/default/grub"
regexp: '"quiet"$'
replace: '"quiet splash"'
notify: Run update-grub
# Grub settings
- name: Protect editing grub menu entries
ansible.builtin.blockinfile:
path: /etc/grub.d/40_custom
block: |
set superusers='root'
export superusers
password_pbkdf2 root {{ grub_pwd }}
notify: Run update-grub
- name: Allow booting grub menu entries
ansible.builtin.lineinfile:
dest: /etc/grub.d/10_linux
line: CLASS="${CLASS} --unrestricted"
insertafter: '^CLASS=.*'
firstmatch: true
notify: Run update-grub
- name: Disable Grub submenus
ansible.builtin.lineinfile:
dest: /etc/default/grub
line: 'GRUB_DISABLE_SUBMENU=true'
insertafter: '^GRUB_TIMEOUT=.*'
notify: Run update-grub
- name: Grub timeout
ansible.builtin.lineinfile:
dest: /etc/default/grub
regexp: '^(GRUB_TIMEOUT=).*'
line: '\g<1>1'
backrefs: true
notify: Run update-grub
# PXE first boot order
- name: Copy some scripts
ansible.builtin.copy:
src: bootorder.sh
dest: /usr/local/sbin/
mode: '0755'
when: misc_pxe_first
- name: PXE first boot order
ansible.builtin.command: /usr/local/sbin/bootorder.sh
register: cmd_result
changed_when: cmd_result.stdout is not search('Nothing to do.')
when: misc_pxe_first
# Disable Caps Lock
- name: Keyboard compose key
ansible.builtin.lineinfile:
dest: /etc/default/keyboard
regexp: '^(XKBOPTIONS=).*'
line: '\1"compose:caps"'
backrefs: true
# Activate unattended upgrades
- name: Update all packages unattended
ansible.builtin.replace:
path: /etc/apt/apt.conf.d/50unattended-upgrades
regexp: '^//(\s+"origin=.+-updates";)$'
replace: ' \1'
# Install reporter
- name: Copy reporter
ansible.builtin.copy:
src: reporter
dest: /usr/local/sbin/
mode: '0755'
- name: Provide services and timers for reporter
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop:
- reporter.service
- reporter.timer
when: misc_reporter
- name: Enable reporter.timer
ansible.builtin.systemd:
name: reporter.timer
enabled: true
when: misc_reporter