diff --git a/installbox.yml b/installbox.yml index 46f4466..02782dd 100644 --- a/installbox.yml +++ b/installbox.yml @@ -14,6 +14,7 @@ tftp_root: "/var/lib/tftpboot" deb_mirror: "ftp.debian.org" di_dist: "stretch" + repo_dir: "/home/ansible/kiosk" pre_tasks: - name: validate if interface is available @@ -28,3 +29,4 @@ - transparent-squid - tftp-netboot-installer - preseed-installer +# - installbox2kiosk # enable this to install kiosk automatically diff --git a/roles/installbox2kiosk/handlers/main.yml b/roles/installbox2kiosk/handlers/main.yml new file mode 100644 index 0000000..e24c8f9 --- /dev/null +++ b/roles/installbox2kiosk/handlers/main.yml @@ -0,0 +1,7 @@ +- name: reload xinetd + systemd: + daemon_reload: yes + name: xinetd + state: reloaded + enabled: yes + listen: reload xinetd diff --git a/roles/installbox2kiosk/tasks/main.yml b/roles/installbox2kiosk/tasks/main.yml new file mode 100644 index 0000000..fb2c515 --- /dev/null +++ b/roles/installbox2kiosk/tasks/main.yml @@ -0,0 +1,80 @@ +- name: generate ssh key + command: "su -l {{ ansible_user }} -c \"ssh-keygen -t rsa -f /home/{{ ansible_user }}/.ssh/id_rsa -P ''\"" + args: + creates: "/home/{{ ansible_user }}/.ssh/id_rsa" + warn: False + +- name: slurp public key + slurp: + src: "/home/{{ ansible_user }}/.ssh/id_rsa.pub" + register: sshpubkey + +# The following seems to be necessary to get rid of a newline: +- set_fact: + sshpubkey: "{{ sshpubkey['content'] | b64decode | replace('\n', '') }}" + +- name: set debian mirror in preseed file + replace: + dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg" + regexp: '^(d-i mirror/http/hostname string deb.debian.org)$' + replace: '#\1\nd-i mirror/http/hostname string {{ deb_mirror }}' + +- name: enable backports in preseed file + replace: + dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg" + regexp: '^#(apt-setup-udeb.*)$' + replace: '\1' + +- name: preseed client - add gnome-desktop, print-server + replace: + dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg" + regexp: '^(tasksel tasksel/first multiselect standard, ssh-server)$' + replace: '#\1\ntasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server' + +- name: preseed client - add firmware-linux, ansible/stretch-backports, git + replace: + dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg" + regexp: '^(d-i pkgsel/include string firmware-linux)$' + replace: '#\1\nd-i pkgsel/include string firmware-linux ansible git' + +- name: insert start of managed block + replace: + dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg" + regexp: '^(### This command is run just before the install finishes:)' + replace: '#\1\n# BEGIN ANSIBLE MANAGED BLOCK preseed/late_command' + +- name: insert end of managed block + replace: + dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg" + regexp: '^(## When installing.*)' + replace: '# END ANSIBLE MANAGED BLOCK preseed/late_command\n#\1' + +- name: insert block + blockinfile: + dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg" + insertafter: "^### This command is run just before the install finishes:" + block: | + d-i preseed/late_command string \ + mkdir -p /target/home/ansible/.ssh && \ + echo "{{ sshpubkey }}" >> /target/home/ansible/.ssh/authorized_keys ; \ + in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \ + in-target chmod -R og= /home/ansible/.ssh/ ; \ + in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" --url=git://{{ hostname }}/.git + marker: "# {mark} ANSIBLE MANAGED BLOCK preseed/late_command" + +- name: provide git repo if not available already + git: + repo: 'https://salsa.debian.org/andi/debian-lan-ansible.git' + dest: "{{ repo_dir }}" + update: no + become_user: "ansible" + +- name: install xinetd + apt: + name: xinetd + +- name: enable git repo + template: + src: git-repo.j2 + dest: "/etc/xinetd.d/git-repo" + notify: "reload xinetd" diff --git a/roles/installbox2kiosk/templates/git-repo.j2 b/roles/installbox2kiosk/templates/git-repo.j2 new file mode 100644 index 0000000..61aaf54 --- /dev/null +++ b/roles/installbox2kiosk/templates/git-repo.j2 @@ -0,0 +1,12 @@ +# Access to git repository. +service git +{ + disable = no + type = UNLISTED + port = 9418 + socket_type = stream + wait = no + user = nobody + server = /usr/bin/git + server_args = daemon --inetd --export-all --base-path={{ repo_dir }} +} diff --git a/roles/preseed-installer/templates/preseed.cfg b/roles/preseed-installer/templates/preseed.cfg deleted file mode 100644 index e544344..0000000 --- a/roles/preseed-installer/templates/preseed.cfg +++ /dev/null @@ -1,37 +0,0 @@ -#### Preconfiguration file -## For more examples and comments: -## https://www.debian.org/releases/stable/example-preseed.txt - -## To change default values: -#d-i foo/bar string value -#d-i foo/bar seen false - -## Use this as boot parameter: -## DEBCONF_DEBUG=5 -## Boot parameter locale?=de_DE - -# Preseeding only locale sets language, country and locale: -d-i debian-installer/locale string de_DE -d-i keyboard-configuration/xkb-keymap select de - -## Skip root account: -d-i passwd/root-login boolean false - -### Apt setup -d-i apt-setup/non-free boolean true -d-i apt-setup/contrib boolean true -d-i mirror/http/mirror string {{ deb_mirror }} - -### Ansible User -d-i passwd/user-fullname string Ansible User -d-i passwd/username string ansible -d-i passwd/user-password password insecure -d-i passwd/user-password-again password insecure -#d-i passwd/user-password-crypted password [crypt(3) hash] - -### Package selection -tasksel tasksel/desktop multiselect standard openssh-server -tasksel tasksel/desktop seen false - -# Individual additional packages to install -d-i pkgsel/include string firmware-linux