diff --git a/lmn-desktop.yml b/lmn-desktop.yml
index 3c30831..d6e3c01 100644
--- a/lmn-desktop.yml
+++ b/lmn-desktop.yml
@@ -1,4 +1,4 @@
-## This playbook deploys a FvS KDE desktop machine for LinuxMuster.
+## This playbook deploys a KDE desktop machine for LinuxMuster.
---
- name: apply configuration to the machines
hosts: all
@@ -24,6 +24,15 @@
vars:
domain: "{{ ansible_domain }}"
kerberize_uris: steinbeis.schule
+ apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/";
+ ntp_serv: server.pn.steinbeis.schule
+
+ ## PAM mount nextcloud, remove or leave empty to skip:
+ web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER)
+
+ ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
+ mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/
+
rsyncsecret: Muster!
## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
@@ -38,7 +47,6 @@
- debconf-utils
- ctorrent
extra_pkgs_bpo: [] # [ linux-image-amd64 ]
- ansible_python_interpreter: "/usr/bin/python3"
roles:
- lmn_network
@@ -46,6 +54,7 @@
- lmn_sssd
- lmn_mount
- lmn_kde
+ - lmn_fvs ## school specific customization
- lmn_vm
- lmn_printer
- kerberize
diff --git a/roles/lmn_kde/files/fvs-config.js b/roles/lmn_fvs/files/fvs-config.js
similarity index 100%
rename from roles/lmn_kde/files/fvs-config.js
rename to roles/lmn_fvs/files/fvs-config.js
diff --git a/roles/lmn_fvs/files/lmn-patch-dolphin.sh b/roles/lmn_fvs/files/lmn-patch-dolphin.sh
new file mode 100755
index 0000000..f5b060e
--- /dev/null
+++ b/roles/lmn_fvs/files/lmn-patch-dolphin.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+#
+# patch 'Tausch' and 'Nextcloud' into dolphin's bookmarks
+#
+set -eu
+
+file="${1:-$HOME/.local/share/user-places.xbel}"
+
+if grep -q "Tausch\|Nextcloud" "$file" ; then
+ echo "Your Dolphin seems to already contain 'Tausch' and/or 'Nextcloud'."
+ exit 0
+fi
+
+id="$(grep ID "$file" | sed -E "s|^.+ID>([[:digit:]]+)/([[:digit:]]+)
++ Tausch
++
++
++
++
++
++ $IDENTITY/${NUM1}
++ true
++
++
++
++
++ Nextcloud
++
++
++
++
++
++ $IDENTITY/${NUM2}
++ true
++
++
++
+
+ Network
+
+
+
+"
+
+echo "$patch" | patch --fuzz=0 --backup "$file"
diff --git a/roles/lmn_kde/files/lmn-reset-dolphin.sh b/roles/lmn_fvs/files/lmn-reset-dolphin.sh
similarity index 100%
rename from roles/lmn_kde/files/lmn-reset-dolphin.sh
rename to roles/lmn_fvs/files/lmn-reset-dolphin.sh
diff --git a/roles/lmn_kde/files/policies.json b/roles/lmn_fvs/files/policies.json
similarity index 100%
rename from roles/lmn_kde/files/policies.json
rename to roles/lmn_fvs/files/policies.json
diff --git a/roles/lmn_kde/files/pwroff b/roles/lmn_fvs/files/pwroff
similarity index 100%
rename from roles/lmn_kde/files/pwroff
rename to roles/lmn_fvs/files/pwroff
diff --git a/roles/lmn_kde/files/pwroff.service b/roles/lmn_fvs/files/pwroff.service
similarity index 100%
rename from roles/lmn_kde/files/pwroff.service
rename to roles/lmn_fvs/files/pwroff.service
diff --git a/roles/lmn_kde/files/pwroff.timer b/roles/lmn_fvs/files/pwroff.timer
similarity index 100%
rename from roles/lmn_kde/files/pwroff.timer
rename to roles/lmn_fvs/files/pwroff.timer
diff --git a/roles/lmn_fvs/tasks/main.yml b/roles/lmn_fvs/tasks/main.yml
new file mode 100644
index 0000000..c9b331a
--- /dev/null
+++ b/roles/lmn_fvs/tasks/main.yml
@@ -0,0 +1,126 @@
+---
+- name: Preseed wireshark to allow users sniffing packets
+ ansible.builtin.debconf:
+ name: wireshark-common
+ question: wireshark-common/install-setuid
+ value: 'true'
+ vtype: boolean
+
+- name: Preseed ttf-mscorefonts-installer
+ ansible.builtin.debconf:
+ name: ttf-mscorefonts-installer
+ question: msttcorefonts/dlurl
+ value: "{{ mirror_msfonts }}"
+ vtype: string
+ when: mirror_msfonts is defined and mirror_msfonts | length > 0
+
+
+- name: Install desktop EDU packages and some more
+ apt:
+ name:
+ - atftp
+ - curl
+ - elpa-color-theme-modern
+ - elpa-magit
+ - emacs
+ - git
+ - gitg
+ - gitk
+ - neovim
+ - net-tools
+ - netcat-openbsd
+ - nmap
+ - pulseview
+ - sigrok
+ - sigrok-cli
+ - tmux
+ - tree
+ - ttf-mscorefonts-installer
+ - wireshark
+ autoremove: true
+ state: latest
+ environment:
+ http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
+
+
+- name: Allow users to dump packets for wireshark without group membership
+ ansible.builtin.file:
+ path: /usr/bin/dumpcap
+ mode: '0755'
+
+
+- name: Create firefox policies directory
+ ansible.builtin.file:
+ path: /etc/firefox-esr/policies
+ state: directory
+ mode: '0755'
+
+- name: Create a symbolic link firefox to firefox-esr
+ ansible.builtin.file:
+ src: /etc/firefox-esr
+ dest: /etc/firefox
+ state: link
+
+- name: Copy firefox policy
+ ansible.builtin.copy:
+ src: policies.json
+ dest: /etc/firefox-esr/policies/
+
+
+- name: Copy pwroff script
+ copy:
+ src: pwroff
+ dest: /usr/local/sbin/
+ mode: 0755
+
+- name: Provide service and timer for pwroff script
+ copy:
+ src: "{{ item }}"
+ dest: "/etc/systemd/system/{{ item }}"
+ mode: 0644
+ with_items:
+ - pwroff.service
+ - pwroff.timer
+
+- name: Enable pwroff.timer
+ systemd:
+ name: pwroff.timer
+ enabled: true
+
+
+- name: Copy dolphin config scripts
+ ansible.builtin.copy:
+ src: "{{ item }}"
+ dest: /usr/local/bin/
+ mode: 0755
+ loop:
+ - lmn-reset-dolphin.sh
+ - lmn-patch-dolphin.sh
+
+
+- name: Copy fvs-config.js to configure plasma
+ ansible.builtin.copy:
+ src: fvs-config.js
+ dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
+ mode: 0644
+
+
+- name: Restrict some user actions
+ blockinfile:
+ path: /etc/xdg/kdeglobals
+ create: true
+ block: |
+ [KDE Action Restrictions][$i]
+ action/start_new_session=false
+ #action/switch_user=false
+ #action/lock_screen=false
+
+#- name: Disable automatic lock screen and user specific modifications
+# ansible.builtin.copy:
+# path: /etc/xdg/kscreenlockerrc
+# create: true
+# content: |
+# [Daemon][$i]
+# Autolock=false
+# LockOnResume=false
+#
diff --git a/roles/lmn_kde/handlers/main.yml b/roles/lmn_kde/handlers/main.yml
index 1a21074..e2b8cdf 100644
--- a/roles/lmn_kde/handlers/main.yml
+++ b/roles/lmn_kde/handlers/main.yml
@@ -1,14 +1,2 @@
- name: Run update-grub
command: update-grub
-
-- name: Enable tmp.mount
- systemd:
- daemon_reload: yes
- name: tmp.mount
- enabled: yes
- listen: enable tmp.mount
-
-- name: enable pwroff.timer
- systemd:
- name: pwroff.timer
- enabled: true
diff --git a/roles/lmn_kde/tasks/main.yml b/roles/lmn_kde/tasks/main.yml
index afd969e..74bed30 100644
--- a/roles/lmn_kde/tasks/main.yml
+++ b/roles/lmn_kde/tasks/main.yml
@@ -1,74 +1,39 @@
---
-- name: Preseed wireshark to allow users sniffing packets
- ansible.builtin.debconf:
- name: wireshark-common
- question: wireshark-common/install-setuid
- value: 'true'
- vtype: boolean
-
-- name: Preseed ttf-mscorefonts-installer
- ansible.builtin.debconf:
- name: ttf-mscorefonts-installer
- question: msttcorefonts/dlurl
- value: http://livebox.pn.steinbeis.schule/mscorefonts/
- vtype: string
-
-- name: Install desktop EDU packages and some more
+- name: Install desktop and educational packages
apt:
name:
- - task-kde-desktop
- - task-german-kde-desktop
- - task-german-desktop
- - xdg-desktop-portal-kde
- - xdg-desktop-portal-wlr # share screen in browser
- - kde-full
- akonadi-backend-sqlite
- - thunderbird-l10n-de
- - webext-privacy-badger
- - webext-ublock-origin-firefox
- - webext-ublock-origin-chromium
- - atftp
- - emacs
- - elpa-magit
- - elpa-color-theme-modern
- - vlc
+ - arduino
+ - bluefish
+ - codeblocks
+ - dia
+ - flameshot
+ - freecad
+ - ghex
- gimp
- inkscape
- - flameshot
- - bluefish
- - git
- - gitk
- - gitg
- - wireshark
- - nmap
- - netcat-openbsd
- - net-tools
- - ghex
- - thonny
- - spyder
+ - kde-full
+ - keepassxc
+ - librecad
- mu-editor
- - dia
- - vym
- - tree
+ - qtcreator
+ - spyder
- sqlite3
- sqlitebrowser
- - neovim
- - qtcreator
- - freecad
- - librecad
- - arduino
- - keepassxc
- - tmux
- - curl
- - pulseview
- - sigrok
- - sigrok-cli
- - codeblocks
- - ttf-mscorefonts-installer
+ - task-german-desktop
+ - task-german-kde-desktop
+ - task-kde-desktop
+ - thonny
+ - thunderbird-l10n-de
+ - vlc
+ - vym
+ - webext-privacy-badger
+ - webext-ublock-origin-chromium
+ - webext-ublock-origin-firefox
+ - xdg-desktop-portal-kde
+ - xdg-desktop-portal-wlr # share screen in browser
autoremove: true
state: latest
- environment:
- http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
- name: Add {{ ansible_distribution_release }}-backports
apt_repository:
@@ -88,14 +53,6 @@
default_release: "{{ ansible_distribution_release }}-backports"
-- name: Enable splash screen
- replace:
- dest: "/etc/default/grub"
- regexp: '"quiet"$'
- replace: '"quiet splash"'
- notify: Run update-grub
-
-
- name: Create akonadi config dir
ansible.builtin.file:
path: /etc/xdg/akonadi/
@@ -111,12 +68,6 @@
Driver=QSQLITE3
-- name: Allow users to dump packets for wireshark without group membership
- ansible.builtin.file:
- path: /usr/bin/dumpcap
- mode: '0755'
-
-
- name: Add home dirs to apparmor
lineinfile:
dest: /etc/apparmor.d/tunables/home.d/ubuntu
@@ -125,24 +76,6 @@
/srv/samba/schools/default-school/students/*/
-- name: Create firefox policies directory
- ansible.builtin.file:
- path: /etc/firefox-esr/policies
- state: directory
- mode: '0755'
-
-- name: Create a symbolic link firefox to firefox-esr
- ansible.builtin.file:
- src: /etc/firefox-esr
- dest: /etc/firefox
- state: link
-
-- name: copy policy
- ansible.builtin.copy:
- src: policies.json
- dest: /etc/firefox-esr/policies/
-
-
- name: tune SDDM login
blockinfile:
path: /etc/sddm.conf
@@ -172,35 +105,14 @@
AllowHybridSleep=no
-- name: Copy pwroff script
- copy:
- src: pwroff
- dest: /usr/local/sbin/
- mode: 0755
-
-- name: Provide service and timer for pwroff script
- copy:
- src: "{{ item }}"
- dest: "/etc/systemd/system/{{ item }}"
- mode: 0644
- with_items:
- - pwroff.service
- - pwroff.timer
- notify: enable pwroff.timer
-
-- name: copy lmn-reset-dolphin.sh
- ansible.builtin.copy:
- src: lmn-reset-dolphin.sh
- dest: /usr/local/bin/
- mode: 0755
-
-- name: Copy fvs-config.js to configure plasma
- ansible.builtin.copy:
- src: fvs-config.js
- dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
- mode: 0644
-
################# general settings ##################
+- name: Enable boot splash screen
+ replace:
+ dest: "/etc/default/grub"
+ regexp: '"quiet"$'
+ replace: '"quiet splash"'
+ notify: Run update-grub
+
- name: Protect grub menu entries
blockinfile:
path: /etc/grub.d/40_custom
diff --git a/roles/lmn_mount/tasks/main.yml b/roles/lmn_mount/tasks/main.yml
index 195e85e..969f188 100644
--- a/roles/lmn_mount/tasks/main.yml
+++ b/roles/lmn_mount/tasks/main.yml
@@ -9,12 +9,26 @@
- davfs2
state: latest
+- name: Configure pam_mount for Webdav Nextcloud
+ blockinfile:
+ dest: /etc/security/pam_mount.conf.xml
+ marker: ""
+ block: |
+ rootansibleDebian-gdmsddmvirti
+
+ insertafter: ""
+ when: web_dav is defined and web_dav | length > 0
+
- name: Configure pam_mount for LMN homes
blockinfile:
dest: /etc/security/pam_mount.conf.xml
marker: ""
block: |
-
rootansibleDebian-gdmsddmvirti
- rootansibleDebian-gdmsddmvirti
-
insertafter: ""
diff --git a/roles/lmn_network/tasks/main.yml b/roles/lmn_network/tasks/main.yml
index 58b5c15..0cbd144 100644
--- a/roles/lmn_network/tasks/main.yml
+++ b/roles/lmn_network/tasks/main.yml
@@ -4,10 +4,10 @@
ansible.builtin.copy:
dest: /etc/apt/apt.conf
content: >
- Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/";
+ {{ apt_conf }}
- name: set ntp Server
ansible.builtin.lineinfile:
path: /etc/systemd/timesyncd.conf
insertafter: '^#NTP='
- line: NTP=server.pn.steinbeis.schule
+ line: NTP={{ ntp_serv }}