Split role in desktop and infrastructure parts.

2020-12-11 11:58:23 +01:00 · 2020-12-11 11:58:23 +01:00 · a37164d01a
commit a37164d01a
parent f764745db6
9 changed files with 99 additions and 73 deletions
--- a/roles/fvs-client-mkhome/tasks/main.yml
+++ b/roles/fvs-client-mkhome/tasks/main.yml
@ -1,131 +0,0 @@
---
- name: install needed packages
-  apt:
-    name:
-      - sssd-ldap
-      - libpam-mount
-      - cifs-utils
-    state: latest
-
- name: add URI to ldap.conf
-  lineinfile:
-    dest: /etc/ldap/ldap.conf
-    line: "URI ldaps://{{ ldap_server }}/"
-    insertafter: "#URI.*"
-
- name: add BASE to ldap.conf
-  lineinfile:
-    dest: /etc/ldap/ldap.conf
-    line: "BASE {{ basedn }}"
-    insertafter: "#BASE.*"
-
- name: do not verify cert
-  lineinfile:
-    dest: /etc/ldap/ldap.conf
-    line: "LDAPTLS_REQCERT      never"
-
- name: set homepage
-  lineinfile:
-    dest: /etc/firefox-esr/firefox-esr.js
-    line: pref("browser.startup.homepage", "https://www.startpage.com");
-
-    #- name: enable pam_umask
-    #  lineinfile:
-    #    dest: /etc/pam.d/common-session
-    #    line: "session optional	pam_umask.so usergroups"
-
- name: enable pam_mkhomedir.so
-  lineinfile:
-    dest: /etc/pam.d/common-session
-    line: "session	optional	pam_mkhomedir.so  umask=0027"
-    insertbefore: "session	optional	pam_mount.so"
-
- name: configure pam_mount
-  blockinfile:
-    dest: /etc/security/pam_mount.conf.xml
-    block: |
-      <volume
-        fstype="cifs"
-        server="smb.steinbeisschule-reutlingen.de"
-        path="DOCS/fvs/home/"
-        mountpoint="~/winhome"
-      />
-      <volume
-        fstype="cifs"
-        server="smb.steinbeisschule-reutlingen.de"
-        path="DOCS/fvs/tausch/"
-        mountpoint="~/winshare"
-      />
-      <!--volume
-        fstype="fuse"
-        path="sshfs#%(USER)@homes:"
-        mountpoint="/home/%(USER)"
-        options="StrictHostKeyChecking=no,allow_root"
-      />
-      <volume
-        path="/home/%(USER)"
-        mountpoint="~"
-        options="bind"
-      /-->
-    insertafter: "<!-- Volume definitions -->"
-
- name: provide identities from directory
-  template:
-    src: sssd.conf.j2
-    dest: /etc/sssd/sssd.conf
-    mode: 0600
-  notify: restart sssd
-
-  ## FIXME: preseeding grub nvram does not work
- name: reset boot order
-  command: efibootmgr --delete-bootorder
-  when: run_in_installer|default(false)|bool
-
- name: set capabilities (wireshark)
-  capabilities:
-    path: /usr/bin/dumpcap
-    capability: cap_net_raw,cap_net_admin+eip
-    state: present
-
-
-############## extra data partition ###############
- name: mount data partition
-  mount:
-    src: "UUID={{ hostvars[inventory_hostname]['ansible_devices']['%s'|format(item)]['partitions']['%s1'|format(item)]['uuid'] }}"
-    path: /home/data
-    fstype: ext4
-    state: mounted
-  register: data_mounted
-  when: item + '1' in hostvars[inventory_hostname]['ansible_devices']['%s'|format(item)]['partitions']
-  loop:
-    - sdb
-    - sde
-
- name: set sticky bit on data directory
-  file:
-    path: /home/data
-    state: directory
-    mode: '1777'
-  when: data_mounted.changed
-
-################# from kiosk.yml ##################
- name: grub timeout
-  lineinfile:
-    dest: /etc/default/grub
-    regexp: '^(GRUB_TIMEOUT=).*'
-    line: '\g<1>1'
-    backrefs: yes
-  notify: update grub
-
- name: keyboard compose key
-  lineinfile:
-    dest: /etc/default/keyboard
-    regexp: '^(XKBOPTIONS=).*'
-    line: '\1"compose:caps"'
-    backrefs: yes
-
- name: tmp on tmpfs
-  shell: cp /usr/share/systemd/tmp.mount /etc/systemd/system/
-  args:
-    creates: /etc/systemd/system/tmp.mount
-  notify: enable tmp.mount