Combine playbooks and update/adapt inventory accordingly.

2023-10-20 19:14:10 +02:00 · 2023-10-20 19:14:10 +02:00 · a586ac5201
commit a586ac5201
parent 5bc3821bf4
4 changed files with 40 additions and 144 deletions
--- a/inventory/inventory.yml
+++ b/inventory/inventory.yml
@ -80,7 +80,7 @@ K400:
    10.190.97.131:
    10.190.97.141:
    10.190.97.151:
-CK001:
+CK100:
  hosts:
    10.190.90.[152:159]:
 DK21:
@ -105,6 +105,12 @@ CL000:
  hosts:
    10.190.89.59:
    10.190.89.60:
+CL100:
+  hosts:
+    10.190.62.[61:64]:
+W000:
+  hosts:
+    10.190.3.[1:3]:

 PCroom:
  children:
@ -116,8 +122,6 @@ PCroom:
    R319:
    R406:
    R407:
-    C052: # Laptops
-    C055: # Laptops
    C061:
    C062:
  vars:
@ -127,7 +131,7 @@ Kroom:
    K200:
    K300:
    K400:
-    CK001:
+    CK100:
    DK21:
 Lroom:
  children:
@ -135,3 +139,14 @@ Lroom:
    L300:
    L400:
    CL000:
+    CL100:
+desktop:
+  children:
+    PCroom:
+    Kroom:
+    Lroom:
+laptop:
+  children:
+    W000:
+    C052:
+    C055:
--- a/lmn-desktop.yml
+++ b/lmn-desktop.yml
@ -1,4 +1,4 @@
-## This playbook deploys a KDE desktop machine for LinuxMuster.
+## This playbook deploys a client for LinuxMuster.
 #
 # Use the following in the installer's preseed file:
 #
@ -17,8 +17,8 @@
 #       fi
 #
 ---
- name: apply configuration to the machines
-  hosts: all
+- name: Apply common configuration to the machines
+  hosts: all # desktop:laptop
  remote_user: ansible
  become: yes
  pre_tasks:
@ -64,6 +64,7 @@

    rsyncsecret: "{{ vault_rsyncsecret }}"
    keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
+    localuser: "{{ vault_localuser }}"  ##  needed here for the (universal) pam-mount configuration

    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
    grub_pwd: "{{ vault_grub_pwd }}"
@ -144,3 +145,19 @@
        path: /etc/systemd/system.conf
        line: DefaultTimeoutStopSec=5s
        insertafter: '^#DefaultTimeoutStopSec=.*'
+
+#################
+
+- name: Apply additional laptop configuration
+  hosts: laptop
+  remote_user: ansible
+  become: yes
+  vars_files: lmn-vault
+  vars:
+    ssid: "{{ vault_ssid }}"
+    wifipasswd: "{{ vault_wifipasswd }}"
+    localuser: "{{ vault_localuser }}"
+    localuser_pwd: "{{ vault_localuser_pwd }}"
+  roles:
+    - lmn_wlan
+    - lmn_localuser
--- a/lmn-laptop.yml
+++ b/lmn-laptop.yml
@ -1,136 +0,0 @@
-## This playbook deploys a KDE laptop machine for LinuxMuster.
---
- name: apply configuration to the machines
-  hosts: all
-  remote_user: ansible
-  become: yes
-  pre_tasks:
-    - pause:
-        prompt: "Enter global-admin AD password. Leave empty to skip domain join"
-        echo: false
-      register: adpw
-      no_log: true
-      when: "ansible_cmdline.adpw is not defined"
-    - name: Preseed apparmor
-      debconf:
-        name: apparmor
-        question: apparmor/homedirs
-        value: >-
-          /srv/samba/schools/default-school/teachers/
-          /srv/samba/schools/default-school/students/*/
-          /srv/samba/schools/default-school/examusers/
-        vtype: string
-    - name: Preseed unattended-upgrades
-      debconf:
-        name: unattended-upgrades
-        question: unattended-upgrades/enable_auto_updates
-        value: True
-        vtype: boolean
-
-  vars_files: lmn-vault
-  vars:
-    domain: "{{ ansible_domain }}"
-    kerberize_uris: "{{ vault_kerberize_uris }}"  ##  example.org
-    apt_conf: "{{ vault_apt_conf }}"  ## Acquire::http::Proxy "http://aptcache.example.org:3142/";
-    ntp_serv: "{{ vault_ntp_serv }}"  ## ntp.example.org
-    proxy: "{{ vault_proxy }}"        ## http://firewall.example.org:3128
-    no_proxy: "{{ vault_no_proxy }}"  ## firewall.example.org,server.example.org,idam.example.org,dw.example.org
-
-    ## PAM mount nextcloud, remove or leave empty to skip:
-    web_dav: "{{ vault_web_dav }}"    ## https://nc.example.org/remote.php/dav/files/%(USER)
-
-    ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
-    mirror_msfonts: "{{ vault_mirror_msfonts }}" ## http://livebox.example.org/mscorefonts/
-
-    ## Local mirror for libdvdcss. Remove or leave empty to use no mirror:
-    mirror_dvdcss: "{{ vault_mirror_dvdcss }}"   ## http://livebox.example.org/libdvdcss/
-
-    rsyncsecret: "{{ vault_rsyncsecret }}"
-    keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
-
-    ssid: "{{ vault_ssid }}"
-    wifipasswd: "{{ vault_wifipasswd }}"
-    localuser: "{{ vault_localuser }}"
-    localuser_pwd: "{{ vault_localuser_pwd }}"
-
-    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
-    grub_pwd: "{{ vault_grub_pwd }}"
-    nfs4: false
-    extra_pkgs:
-      - vim
-      - mc
-      - tmux
-      - krb5-user
-      - unattended-upgrades
-      - debconf-utils
-    extra_pkgs_bpo: [] # [ linux-image-amd64 ]
-
-  roles:
-    - lmn_network
-    - up2date_debian
-    - lmn_sssd
-    - lmn_mount
-    - lmn_kde
-    - lmn_fvs ## school specific customization
-    - lmn_vm
-    - lmn_printer
-    - kerberize
-    - lmn_wlan
-    - lmn_localuser
-    - lmn_security
-
-  tasks:
-## Temporary fixes and quirks:
-    - name: Fix 8086:4909 external graphics card
-      replace:
-        dest: "/etc/default/grub"
-        regexp: 'GRUB_CMDLINE_LINUX=""$'
-        replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
-      notify: Run update-grub
-      when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
-
-    - name: Fix sound on 312A
-      replace:
-        dest: "/etc/default/grub"
-        regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
-        replace: 'GRUB_CMDLINE_LINUX=""'
-      notify: Run update-grub
-      when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
-
-    - name: Fix sound on 312A and 312D
-      apt:
-        name: firmware-sof-signed
-        state: latest
-      when: >
-        ansible_board_vendor == "LENOVO" and
-        (ansible_board_name == "312D" or ansible_board_name == "312A")
-
-## Clean up stuff from obsolete/faulty tasks:
-    - name: Remove virtiofs service
-      file:
-        path: /etc/systemd/system/virtiofs@.service
-        state: absent
-
-    - name: Fix mount point permissions and owner
-      file:
-        path: "{{ item }}"
-        mode: '0755'
-        owner: root
-        group: root
-      loop:
-        - /srv/samba
-        - /srv/samba/schools
-
-    - name: Fix unattended-upgrades
-      ansible.builtin.copy:
-        dest: /etc/apt/apt.conf.d/20auto-upgrades
-        content: |
-          APT::Periodic::Update-Package-Lists "1";
-          APT::Periodic::Unattended-Upgrade "1";
-
-## bookworm fixes/hacks:
-    - name: Work around sddm hang on shutdown
-      ansible.builtin.lineinfile:
-        path: /etc/systemd/system.conf
-        line: DefaultTimeoutStopSec=5s
-        insertafter: '^#DefaultTimeoutStopSec=.*'
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@ -35,7 +35,7 @@
      </volume>
    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"

- name: Use umount script for proper ordering
+- name: Use umount script for proper cleanup
  blockinfile:
    dest: /etc/security/pam_mount.conf.xml
    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (umount script needed for bind mounts ordering) -->"