From a586ac5201d95d09b6ffc285729b20dc8b41e821 Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Fri, 20 Oct 2023 19:14:10 +0200 Subject: [PATCH] Combine playbooks and update/adapt inventory accordingly. --- inventory/inventory.yml => inventory.yml | 23 +++- lmn-desktop.yml => lmn-client.yml | 23 +++- lmn-laptop.yml | 136 ----------------------- roles/lmn_vm/tasks/main.yml | 2 +- 4 files changed, 40 insertions(+), 144 deletions(-) rename inventory/inventory.yml => inventory.yml (89%) rename lmn-desktop.yml => lmn-client.yml (89%) delete mode 100644 lmn-laptop.yml diff --git a/inventory/inventory.yml b/inventory.yml similarity index 89% rename from inventory/inventory.yml rename to inventory.yml index 9196bd9..cc2aa81 100644 --- a/inventory/inventory.yml +++ b/inventory.yml @@ -80,7 +80,7 @@ K400: 10.190.97.131: 10.190.97.141: 10.190.97.151: -CK001: +CK100: hosts: 10.190.90.[152:159]: DK21: @@ -105,6 +105,12 @@ CL000: hosts: 10.190.89.59: 10.190.89.60: +CL100: + hosts: + 10.190.62.[61:64]: +W000: + hosts: + 10.190.3.[1:3]: PCroom: children: @@ -116,8 +122,6 @@ PCroom: R319: R406: R407: - C052: # Laptops - C055: # Laptops C061: C062: vars: @@ -127,7 +131,7 @@ Kroom: K200: K300: K400: - CK001: + CK100: DK21: Lroom: children: @@ -135,3 +139,14 @@ Lroom: L300: L400: CL000: + CL100: +desktop: + children: + PCroom: + Kroom: + Lroom: +laptop: + children: + W000: + C052: + C055: diff --git a/lmn-desktop.yml b/lmn-client.yml similarity index 89% rename from lmn-desktop.yml rename to lmn-client.yml index c52aeb3..e4ece7c 100644 --- a/lmn-desktop.yml +++ b/lmn-client.yml @@ -1,4 +1,4 @@ -## This playbook deploys a KDE desktop machine for LinuxMuster. +## This playbook deploys a client for LinuxMuster. # # Use the following in the installer's preseed file: # @@ -17,8 +17,8 @@ # fi # --- -- name: apply configuration to the machines - hosts: all +- name: Apply common configuration to the machines + hosts: all # desktop:laptop remote_user: ansible become: yes pre_tasks: @@ -64,6 +64,7 @@ rsyncsecret: "{{ vault_rsyncsecret }}" keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM'] + localuser: "{{ vault_localuser }}" ## needed here for the (universal) pam-mount configuration ## Use grub-mkpasswd-pbkdf2 to calculate the password hash: grub_pwd: "{{ vault_grub_pwd }}" @@ -144,3 +145,19 @@ path: /etc/systemd/system.conf line: DefaultTimeoutStopSec=5s insertafter: '^#DefaultTimeoutStopSec=.*' + +################# + +- name: Apply additional laptop configuration + hosts: laptop + remote_user: ansible + become: yes + vars_files: lmn-vault + vars: + ssid: "{{ vault_ssid }}" + wifipasswd: "{{ vault_wifipasswd }}" + localuser: "{{ vault_localuser }}" + localuser_pwd: "{{ vault_localuser_pwd }}" + roles: + - lmn_wlan + - lmn_localuser diff --git a/lmn-laptop.yml b/lmn-laptop.yml deleted file mode 100644 index 1659ff8..0000000 --- a/lmn-laptop.yml +++ /dev/null @@ -1,136 +0,0 @@ -## This playbook deploys a KDE laptop machine for LinuxMuster. ---- -- name: apply configuration to the machines - hosts: all - remote_user: ansible - become: yes - pre_tasks: - - pause: - prompt: "Enter global-admin AD password. Leave empty to skip domain join" - echo: false - register: adpw - no_log: true - when: "ansible_cmdline.adpw is not defined" - - name: Preseed apparmor - debconf: - name: apparmor - question: apparmor/homedirs - value: >- - /srv/samba/schools/default-school/teachers/ - /srv/samba/schools/default-school/students/*/ - /srv/samba/schools/default-school/examusers/ - vtype: string - - name: Preseed unattended-upgrades - debconf: - name: unattended-upgrades - question: unattended-upgrades/enable_auto_updates - value: True - vtype: boolean - - vars_files: lmn-vault - vars: - domain: "{{ ansible_domain }}" - kerberize_uris: "{{ vault_kerberize_uris }}" ## example.org - apt_conf: "{{ vault_apt_conf }}" ## Acquire::http::Proxy "http://aptcache.example.org:3142/"; - ntp_serv: "{{ vault_ntp_serv }}" ## ntp.example.org - proxy: "{{ vault_proxy }}" ## http://firewall.example.org:3128 - no_proxy: "{{ vault_no_proxy }}" ## firewall.example.org,server.example.org,idam.example.org,dw.example.org - - ## PAM mount nextcloud, remove or leave empty to skip: - web_dav: "{{ vault_web_dav }}" ## https://nc.example.org/remote.php/dav/files/%(USER) - - ## Local mirror for mscorefonts. Remove or leave empty to use no mirror: - mirror_msfonts: "{{ vault_mirror_msfonts }}" ## http://livebox.example.org/mscorefonts/ - - ## Local mirror for libdvdcss. Remove or leave empty to use no mirror: - mirror_dvdcss: "{{ vault_mirror_dvdcss }}" ## http://livebox.example.org/libdvdcss/ - - rsyncsecret: "{{ vault_rsyncsecret }}" - keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM'] - - ssid: "{{ vault_ssid }}" - wifipasswd: "{{ vault_wifipasswd }}" - localuser: "{{ vault_localuser }}" - localuser_pwd: "{{ vault_localuser_pwd }}" - - ## Use grub-mkpasswd-pbkdf2 to calculate the password hash: - grub_pwd: "{{ vault_grub_pwd }}" - nfs4: false - extra_pkgs: - - vim - - mc - - tmux - - krb5-user - - unattended-upgrades - - debconf-utils - extra_pkgs_bpo: [] # [ linux-image-amd64 ] - - roles: - - lmn_network - - up2date_debian - - lmn_sssd - - lmn_mount - - lmn_kde - - lmn_fvs ## school specific customization - - lmn_vm - - lmn_printer - - kerberize - - lmn_wlan - - lmn_localuser - - lmn_security - - tasks: -## Temporary fixes and quirks: - - name: Fix 8086:4909 external graphics card - replace: - dest: "/etc/default/grub" - regexp: 'GRUB_CMDLINE_LINUX=""$' - replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"' - notify: Run update-grub - when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB" - - - name: Fix sound on 312A - replace: - dest: "/etc/default/grub" - regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$' - replace: 'GRUB_CMDLINE_LINUX=""' - notify: Run update-grub - when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A" - - - name: Fix sound on 312A and 312D - apt: - name: firmware-sof-signed - state: latest - when: > - ansible_board_vendor == "LENOVO" and - (ansible_board_name == "312D" or ansible_board_name == "312A") - -## Clean up stuff from obsolete/faulty tasks: - - name: Remove virtiofs service - file: - path: /etc/systemd/system/virtiofs@.service - state: absent - - - name: Fix mount point permissions and owner - file: - path: "{{ item }}" - mode: '0755' - owner: root - group: root - loop: - - /srv/samba - - /srv/samba/schools - - - name: Fix unattended-upgrades - ansible.builtin.copy: - dest: /etc/apt/apt.conf.d/20auto-upgrades - content: | - APT::Periodic::Update-Package-Lists "1"; - APT::Periodic::Unattended-Upgrade "1"; - -## bookworm fixes/hacks: - - name: Work around sddm hang on shutdown - ansible.builtin.lineinfile: - path: /etc/systemd/system.conf - line: DefaultTimeoutStopSec=5s - insertafter: '^#DefaultTimeoutStopSec=.*' diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml index dd25710..f7176f0 100644 --- a/roles/lmn_vm/tasks/main.yml +++ b/roles/lmn_vm/tasks/main.yml @@ -35,7 +35,7 @@ insertafter: "" -- name: Use umount script for proper ordering +- name: Use umount script for proper cleanup blockinfile: dest: /etc/security/pam_mount.conf.xml marker: ""