playbooks/trixie
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Implement the custom role concept

Browse source 
- Custom Ansible roles can be stored in the `roles/custom` directory
- The list `custom_roles` determines which roles are included
This commit is contained in:
Raphael Dannecker 2025-03-24 14:09:18 +01:00
parent a1149945da
commit 91ab4d3511
24 changed files with 479 additions and 470 deletions
Download patch file Download diff file Expand all files Collapse all files

336
roles/custom/fvs/tasks/main.yml Normal file
View file

@ -0,0 +1,336 @@
---
- name: Preseed wireshark to allow users sniffing packets
ansible.builtin.debconf:
name: wireshark-common
question: wireshark-common/install-setuid
value: 'true'
vtype: boolean
- name: Preseed ttf-mscorefonts-installer
ansible.builtin.debconf:
name: ttf-mscorefonts-installer
question: msttcorefonts/dlurl
value: "{{ mirror_msfonts }}"
vtype: string
when: mirror_msfonts is defined and mirror_msfonts | length > 0
- name: Install desktop EDU packages and some more
ansible.builtin.apt:
name:
- atftp
- audacity
- biber
- calligraplan
- cmake ## for kdevelop
- codelite
- codelite-plugins
- curl
- elpa-color-theme-modern
- elpa-magit
- emacs
- filezilla
- freeplane
- git
- git-cola
- gitg
- gitk
- git-gui
- htop
- jq
- jupyter
- kchmviewer
- kdevelop
- kdevelop-php
- kdevelop-python
- krita
- libasound2-dev
- libdbus-glib-1-2 ## needed for zotero
- libnotify-bin ## needed for pwroff script
- libwayland-dev
- libxcursor-dev
- libxi-dev
- libxinerama-dev
- libxkbcommon-dev
- libxrandr-dev
- links2
- minder
- mosquitto-clients
- neovim
- net-tools
- netcat-openbsd
- nmap
- okular-extra-backends ## needed for CHM files
- pdf-presenter-console
- php-cli
- pipx
- planner
- pulseview
- python3-paho-mqtt
- python3-websockets
- qpdfview
- shellcheck
- sigrok
- sigrok-cli
- texlive-lang-german
- texlive-latex-recommended
- texlive-xetex
- texstudio
- tmux
- tree
- ttf-mscorefonts-installer
- twinkle
- unison-gtk
- w3m
- wireshark
- zulucrypt-gui
autoremove: true
state: latest
environment:
http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
- name: Remove update notifications from plasma-discover
ansible.builtin.apt:
name:
- plasma-discover
autoremove: true
state: absent
when: "'teacherlaptop' not in group_names"
- name: Make sure wireshark works for all users after installation and upgrades
ansible.builtin.copy:
dest: /etc/apt/apt.conf.d/92wireshark4all
mode: '0644'
content: |
## Modify permissions after installation/upgrade to allow all
## users dumping packages on network interfaces for wireshark
DPkg::Post-Invoke {"/usr/bin/chmod o+x /usr/bin/dumpcap || true"; };
- name: Create firefox policies directory
ansible.builtin.file:
path: /etc/firefox-esr/policies
state: directory
mode: '0755'
- name: Create a symbolic link firefox to firefox-esr
ansible.builtin.file:
src: /etc/firefox-esr
dest: /etc/firefox
state: link
- name: Copy firefox policy
ansible.builtin.copy:
src: policies.json
dest: /etc/firefox-esr/policies/
mode: '0644'
- name: Create chromium policies directory
ansible.builtin.file:
path: /etc/chromium/policies/managed
state: directory
mode: '0755'
- name: Set chromium proxy-policy to auto_detect
ansible.builtin.copy:
dest: /etc/chromium/policies/managed/proxy.json
mode: '0644'
content: |
{
"ProxyMode": "auto_detect"
}
- name: Update all packages unattended
ansible.builtin.replace:
path: /etc/apt/apt.conf.d/50unattended-upgrades
regexp: '^//(\s+"origin=.+-updates";)$'
replace: ' \1'
- name: Copy some scripts
ansible.builtin.copy:
src: "{{ item }}"
dest: /usr/local/sbin/
mode: '0755'
loop:
- pwroff
- bootorder.sh
- reporter
- name: Provide services and timers for some scripts
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop:
- pwroff.service
- pwroff.timer
- reporter.service
- reporter.timer
when: "'teacherlaptop' not in group_names"
- name: Enable pwroff.timer
ansible.builtin.systemd:
name: "{{ item }}"
enabled: true
loop:
- pwroff.timer
- reporter.timer
when: "'teacherlaptop' not in group_names"
- name: PXE first boot order
ansible.builtin.command: /usr/local/sbin/bootorder.sh
register: cmd_result
changed_when: cmd_result.stdout is not search('Nothing to do.')
when: "'PCroom' in group_names"
- name: Copy dolphin config scripts
ansible.builtin.copy:
src: "{{ item }}"
dest: /usr/local/bin/
mode: '0755'
loop:
- lmn-reset-dolphin.sh
- lmn-patch-dolphin.sh
- lmn-fixhome-dolphin.sh
- name: Configure KDE dolphin menu
ansible.builtin.copy:
src: lmn-dolphin.sh
dest: /etc/profile.d/
mode: '0644'
- name: Copy fvs-config.js to configure plasma
ansible.builtin.copy:
src: fvs-config.js
dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
mode: '0644'
- name: Configure some KDE aspects
ansible.builtin.blockinfile:
path: /etc/xdg/kdeglobals
create: true
mode: '0644'
block: |
[KDE]
SingleClick=false
[KDE Action Restrictions][$i]
action/start_new_session=false
#action/switch_user=false
#action/lock_screen=false
- name: Shut down when idle for too long
ansible.builtin.copy:
dest: /etc/xdg/powermanagementprofilesrc
mode: '0644'
content: |
[AC][SuspendSession]
idleTime=7200000
suspendType=8
when: "'teacherlaptop' not in group_names"
- name: Start with empty session by default
ansible.builtin.copy:
dest: /etc/xdg/ksmserverrc
mode: '0644'
content: |
[General]
loginMode=emptySession
- name: Fix primary screen for class room PCs with projector
when: "'CloneScreen' in group_names"
block:
- name: Set primary screen for login
ansible.builtin.blockinfile:
path: /usr/share/sddm/scripts/Xsetup
block: |
xrandr --output {{ dual_screen[0] }} --primary
when: dual_screen is defined
- name: Reset primary screen for login
ansible.builtin.blockinfile:
path: /usr/share/sddm/scripts/Xsetup
state: absent
when: dual_screen is not defined
- name: Deploy fix-screen script
ansible.builtin.template:
src: lmn-fix-screen.j2
dest: /usr/local/bin/lmn-fix-screen
mode: '0755'
- name: Deploy fix-screen autostarter
ansible.builtin.copy:
dest: /etc/xdg/autostart/lmn-fix-screen.desktop
mode: '0644'
content: |
[Desktop Entry]
Name=fix-screen
Exec=lmn-fix-screen
Type=Application
NoDisplay=true
# - name: Avoid starting kscreen (confusing autodetection)
# ansible.builtin.copy:
# dest: /etc/xdg/kded5rc
# content: |
# [Module-kscreen]
# autoload=false
#
# - name: Disable automatic lock screen and user specific modifications
# ansible.builtin.copy:
# path: /etc/xdg/kscreenlockerrc
# content: |
# [Daemon][$i]
# Autolock=false
# LockOnResume=false
#
- name: Download libdvdcss from mirror
ansible.builtin.get_url:
url: "{{ mirror_dvdcss }}/libdvdcss.so.2.2.0"
dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2.2.0
mode: '0644'
use_proxy: false
when: mirror_dvdcss is defined and mirror_dvdcss | length > 0
- name: Link library so name
ansible.builtin.file:
src: libdvdcss.so.2.2.0
dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2
state: link
when: mirror_dvdcss is defined and mirror_dvdcss | length > 0
- name: Patch sddm login screen to show hostname
ansible.builtin.blockinfile:
path: /usr/share/sddm/themes/debian-breeze/Main.qml
marker: // {mark} ANSIBLE MANAGED BLOCK
insertbefore: '\s+//Footer'
block: |
Text {
id: hostname
anchors.top: parent.top
anchors.right: parent.right
anchors.topMargin: 10
anchors.rightMargin: 15
color: "#ffffff"
text: sddm.hostName + " | <{{ ansible_date_time['date'] }}>"
font.pointSize: config.fontSize
}
- name: Set git default-branch to main
ansible.builtin.copy:
dest: /etc/gitconfig
mode: '0644'
content: |
[init]
defaultBranch = main
- name: Adjust mmcblk-device gid to allow users to access SD-cards
ansible.builtin.copy:
dest: /etc/udev/rules.d/80-mmcblk.rules
mode: '0644'
content: |
KERNEL=="mmcblk[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
- name: Include sync
ansible.builtin.include_tasks: sync.yml

58
roles/custom/fvs/tasks/sync.yml Normal file
View file

@ -0,0 +1,58 @@
---
- name: Create directory for local .desktop-Files
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- /usr/local/share/applications
- /usr/local/share/desktop-directories
notify: Run update-desktop-database
- name: Copy fvs.directory
ansible.builtin.copy:
src: fvs.directory
dest: /usr/local/share/desktop-directories/
mode: '0644'
notify: Run update-desktop-database
- name: Copy fvs.menu
ansible.builtin.copy:
src: fvs.menu
dest: /etc/xdg/menus/applications-merged/
mode: '0644'
notify: Run update-desktop-database
- name: Copy lmn-sync script
ansible.builtin.copy:
src: lmn-sync
dest: /usr/local/sbin/
mode: '0755'
register: lmn_sync
- name: Run lmn-sync script
ansible.builtin.shell: /usr/local/sbin/lmn-sync
when: lmn_sync.changed # noqa: no-handler
- name: Deploy sudo configurations (lmn-sync for role-teacher)
ansible.builtin.copy:
dest: /etc/sudoers.d/90-lmn-sync
owner: root
group: root
mode: '0700'
content: |
%role-teacher ALL=(root) NOPASSWD: /usr/local/sbin/lmn-sync
- name: Provide lmn-sync service and timer
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop:
- lmn-sync.service
- lmn-sync.timer
- name: Enable lmn-sync.timer
ansible.builtin.systemd:
name: lmn-sync.timer
enabled: true