From 7b310eba63846722a27d6a4796810189a9310a9f Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Thu, 7 Jun 2018 17:51:18 +0300
Subject: [PATCH] Add 'installbox2kiosk' role.

---
 installbox.yml                                |  2 +
 roles/installbox2kiosk/handlers/main.yml      |  7 ++
 roles/installbox2kiosk/tasks/main.yml         | 80 +++++++++++++++++++
 roles/installbox2kiosk/templates/git-repo.j2  | 12 +++
 roles/preseed-installer/templates/preseed.cfg | 37 ---------
 5 files changed, 101 insertions(+), 37 deletions(-)
 create mode 100644 roles/installbox2kiosk/handlers/main.yml
 create mode 100644 roles/installbox2kiosk/tasks/main.yml
 create mode 100644 roles/installbox2kiosk/templates/git-repo.j2
 delete mode 100644 roles/preseed-installer/templates/preseed.cfg

diff --git a/installbox.yml b/installbox.yml
index 46f4466..02782dd 100644
--- a/installbox.yml
+++ b/installbox.yml
@@ -14,6 +14,7 @@
     tftp_root: "/var/lib/tftpboot"
     deb_mirror: "ftp.debian.org"
     di_dist: "stretch"
+    repo_dir: "/home/ansible/kiosk"
 
   pre_tasks:
     - name: validate if interface is available
@@ -28,3 +29,4 @@
     - transparent-squid
     - tftp-netboot-installer
     - preseed-installer
+#    - installbox2kiosk    #  enable this to install kiosk automatically
diff --git a/roles/installbox2kiosk/handlers/main.yml b/roles/installbox2kiosk/handlers/main.yml
new file mode 100644
index 0000000..e24c8f9
--- /dev/null
+++ b/roles/installbox2kiosk/handlers/main.yml
@@ -0,0 +1,7 @@
+- name: reload xinetd
+  systemd:
+    daemon_reload: yes
+    name: xinetd
+    state: reloaded
+    enabled: yes
+  listen: reload xinetd
diff --git a/roles/installbox2kiosk/tasks/main.yml b/roles/installbox2kiosk/tasks/main.yml
new file mode 100644
index 0000000..fb2c515
--- /dev/null
+++ b/roles/installbox2kiosk/tasks/main.yml
@@ -0,0 +1,80 @@
+- name: generate ssh key
+  command: "su -l {{ ansible_user }} -c \"ssh-keygen -t rsa -f /home/{{ ansible_user }}/.ssh/id_rsa -P ''\""
+  args:
+    creates: "/home/{{ ansible_user }}/.ssh/id_rsa"
+    warn: False
+
+- name: slurp public key
+  slurp:
+    src: "/home/{{ ansible_user }}/.ssh/id_rsa.pub"
+  register: sshpubkey
+
+# The following seems to be necessary to get rid of a newline:
+- set_fact:
+    sshpubkey: "{{ sshpubkey['content'] | b64decode | replace('\n', '') }}"
+
+- name: set debian mirror in preseed file
+  replace:
+    dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
+    regexp: '^(d-i mirror/http/hostname string deb.debian.org)$'
+    replace: '#\1\nd-i mirror/http/hostname string {{ deb_mirror }}'
+
+- name: enable backports in preseed file
+  replace:
+    dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
+    regexp: '^#(apt-setup-udeb.*)$'
+    replace: '\1'
+
+- name: preseed client - add gnome-desktop, print-server
+  replace:
+    dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
+    regexp: '^(tasksel tasksel/first multiselect standard, ssh-server)$'
+    replace: '#\1\ntasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server'
+
+- name: preseed client - add firmware-linux, ansible/stretch-backports, git
+  replace:
+    dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
+    regexp: '^(d-i pkgsel/include string firmware-linux)$'
+    replace: '#\1\nd-i pkgsel/include string firmware-linux ansible git'
+
+- name: insert start of managed block
+  replace:
+    dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
+    regexp: '^(### This command is run just before the install finishes:)'
+    replace: '#\1\n# BEGIN ANSIBLE MANAGED BLOCK preseed/late_command'
+
+- name: insert end of managed block
+  replace:
+    dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
+    regexp: '^(## When installing.*)'
+    replace: '# END ANSIBLE MANAGED BLOCK preseed/late_command\n#\1'
+
+- name: insert block
+  blockinfile:
+    dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
+    insertafter: "^### This command is run just before the install finishes:"
+    block: |
+      d-i preseed/late_command string \
+      mkdir -p /target/home/ansible/.ssh && \
+      echo "{{ sshpubkey }}" >> /target/home/ansible/.ssh/authorized_keys ; \
+      in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
+      in-target chmod -R og= /home/ansible/.ssh/ ; \
+      in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" --url=git://{{ hostname }}/.git
+    marker: "# {mark} ANSIBLE MANAGED BLOCK preseed/late_command"
+
+- name: provide git repo if not available already
+  git:
+    repo: 'https://salsa.debian.org/andi/debian-lan-ansible.git'
+    dest: "{{ repo_dir }}"
+    update: no
+  become_user: "ansible"
+
+- name: install xinetd
+  apt:
+    name: xinetd
+
+- name: enable git repo
+  template:
+    src: git-repo.j2
+    dest: "/etc/xinetd.d/git-repo"
+  notify: "reload xinetd"
diff --git a/roles/installbox2kiosk/templates/git-repo.j2 b/roles/installbox2kiosk/templates/git-repo.j2
new file mode 100644
index 0000000..61aaf54
--- /dev/null
+++ b/roles/installbox2kiosk/templates/git-repo.j2
@@ -0,0 +1,12 @@
+# Access to git repository.
+service git
+{
+        disable = no
+        type            = UNLISTED
+        port            = 9418
+        socket_type     = stream
+        wait            = no
+        user            = nobody
+        server          = /usr/bin/git
+        server_args     = daemon --inetd --export-all --base-path={{ repo_dir }}
+}
diff --git a/roles/preseed-installer/templates/preseed.cfg b/roles/preseed-installer/templates/preseed.cfg
deleted file mode 100644
index e544344..0000000
--- a/roles/preseed-installer/templates/preseed.cfg
+++ /dev/null
@@ -1,37 +0,0 @@
-#### Preconfiguration file
-## For more examples and comments:
-##   https://www.debian.org/releases/stable/example-preseed.txt
-
-## To change default values:
-#d-i foo/bar string value
-#d-i foo/bar seen false
-
-## Use this as boot parameter:
-## DEBCONF_DEBUG=5
-## Boot parameter locale?=de_DE
-
-# Preseeding only locale sets language, country and locale:
-d-i debian-installer/locale string de_DE
-d-i keyboard-configuration/xkb-keymap select de
-
-## Skip root account:
-d-i passwd/root-login boolean false
-
-### Apt setup
-d-i apt-setup/non-free boolean true
-d-i apt-setup/contrib boolean true
-d-i mirror/http/mirror string {{ deb_mirror }}
-
-### Ansible User
-d-i passwd/user-fullname string Ansible User
-d-i passwd/username string ansible
-d-i passwd/user-password password insecure
-d-i passwd/user-password-again password insecure
-#d-i passwd/user-password-crypted password [crypt(3) hash]
-
-### Package selection
-tasksel tasksel/desktop multiselect standard openssh-server
-tasksel tasksel/desktop seen false
-
-# Individual additional packages to install
-d-i pkgsel/include string firmware-linux