Split role in desktop and infrastructure parts.

fvs-client.yml

@@ -36,4 +36,5 @@
     ## Choose either gnome or KDE:
     - gnome
     #- kde
-    - fvs-client-mkhome
+    - fvs-mkhome
+    - fvs-client

fvs-mkhome.yml

@@ -0,0 +1,25 @@
+---
+# This playbook deploys a kiosk-computer
+
+- name: apply configuration to the machines
+  hosts: all
+  remote_user: ansible
+  become: yes
+  vars:
+    extra_pkgs:
+      - vim
+      - git
+      - mc
+      - tmux
+      - nmap
+      - netcat-openbsd
+      - net-tools
+      - tree
+      - console-setup
+      - virt-manager
+    extra_pkgs_bpo: [ linux-image-amd64 ]  # [ libreoffice ]
+
+  roles:
+    - up2date-debian
+    ## Choose either gnome or KDE:
+    - fvs-mkhome

roles/fvs-client-mkhome/handlers/main.yml

@@ -1,18 +0,0 @@
-- name: restart sssd
-  service: name=sssd state=restarted enabled=yes
-  listen: "restart sssd"
-
-- name: reload systemd
-  systemd:
-    daemon_reload: yes
-  listen: "reload systemd"
-
-- name: run update-grub
-  command: update-grub
-  listen: update grub
-
-- name: enable tmp.mount
-  systemd:
-    daemon_reload: yes
-    name: tmp.mount
-    enabled: yes

roles/fvs-client/handlers/main.yml

@@ -0,0 +1,10 @@
+- name: run update-grub
+  command: update-grub
+  listen: update grub
+
+- name: enable tmp.mount
+  systemd:
+    daemon_reload: yes
+    name: tmp.mount
+    enabled: yes
+  listen: enable tmp.mount

roles/fvs-client/tasks/main.yml

@@ -0,0 +1,59 @@
+---
+- name: set homepage
+  lineinfile:
+    dest: /etc/firefox-esr/firefox-esr.js
+    line: pref("browser.startup.homepage", "https://www.startpage.com");
+
+    #- name: enable pam_umask
+    #  lineinfile:
+    #    dest: /etc/pam.d/common-session
+    #    line: "session optional	pam_umask.so usergroups"
+
+- name: set capabilities (wireshark)
+  capabilities:
+    path: /usr/bin/dumpcap
+    capability: cap_net_raw,cap_net_admin+eip
+    state: present
+
+
+############## extra data partition ###############
+- name: mount data partition
+  mount:
+    src: "UUID={{ hostvars[inventory_hostname]['ansible_devices']['%s'|format(item)]['partitions']['%s1'|format(item)]['uuid'] }}"
+    path: /home/data
+    fstype: ext4
+    state: mounted
+  register: data_mounted
+  when: item + '1' in hostvars[inventory_hostname]['ansible_devices']['%s'|format(item)]['partitions']
+  loop:
+    - sdb
+    - sde
+
+- name: set sticky bit on data directory
+  file:
+    path: /home/data
+    state: directory
+    mode: '1777'
+  when: data_mounted.changed
+
+################# from kiosk.yml ##################
+- name: grub timeout
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: '^(GRUB_TIMEOUT=).*'
+    line: '\g<1>1'
+    backrefs: yes
+  notify: update grub
+
+- name: keyboard compose key
+  lineinfile:
+    dest: /etc/default/keyboard
+    regexp: '^(XKBOPTIONS=).*'
+    line: '\1"compose:caps"'
+    backrefs: yes
+
+- name: tmp on tmpfs
+  shell: cp /usr/share/systemd/tmp.mount /etc/systemd/system/
+  args:
+    creates: /etc/systemd/system/tmp.mount
+  notify: enable tmp.mount

roles/fvs-mkhome/handlers/main.yml

@@ -0,0 +1,3 @@
+- name: restart sssd
+  service: name=sssd state=restarted enabled=yes
+  listen: "restart sssd"

roles/fvs-mkhome/tasks/main.yml

@@ -24,11 +24,6 @@
     dest: /etc/ldap/ldap.conf
     line: "LDAPTLS_REQCERT      never"
 
-- name: set homepage
-  lineinfile:
-    dest: /etc/firefox-esr/firefox-esr.js
-    line: pref("browser.startup.homepage", "https://www.startpage.com");
-
     #- name: enable pam_umask
     #  lineinfile:
     #    dest: /etc/pam.d/common-session
@@ -80,52 +75,3 @@
 - name: reset boot order
   command: efibootmgr --delete-bootorder
   when: run_in_installer|default(false)|bool
-
-- name: set capabilities (wireshark)
-  capabilities:
-    path: /usr/bin/dumpcap
-    capability: cap_net_raw,cap_net_admin+eip
-    state: present
-
-
-############## extra data partition ###############
-- name: mount data partition
-  mount:
-    src: "UUID={{ hostvars[inventory_hostname]['ansible_devices']['%s'|format(item)]['partitions']['%s1'|format(item)]['uuid'] }}"
-    path: /home/data
-    fstype: ext4
-    state: mounted
-  register: data_mounted
-  when: item + '1' in hostvars[inventory_hostname]['ansible_devices']['%s'|format(item)]['partitions']
-  loop:
-    - sdb
-    - sde
-
-- name: set sticky bit on data directory
-  file:
-    path: /home/data
-    state: directory
-    mode: '1777'
-  when: data_mounted.changed
-
-################# from kiosk.yml ##################
-- name: grub timeout
-  lineinfile:
-    dest: /etc/default/grub
-    regexp: '^(GRUB_TIMEOUT=).*'
-    line: '\g<1>1'
-    backrefs: yes
-  notify: update grub
-
-- name: keyboard compose key
-  lineinfile:
-    dest: /etc/default/keyboard
-    regexp: '^(XKBOPTIONS=).*'
-    line: '\1"compose:caps"'
-    backrefs: yes
-
-- name: tmp on tmpfs
-  shell: cp /usr/share/systemd/tmp.mount /etc/systemd/system/
-  args:
-    creates: /etc/systemd/system/tmp.mount
-  notify: enable tmp.mount