it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Combine playbooks and update/adapt inventory accordingly.

Browse source
This commit is contained in:
Andreas B. Mundt 2023-10-20 19:14:10 +02:00
parent 5bc3821bf4
commit a586ac5201
4 changed files with 40 additions and 144 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
inventory/inventory.yml → inventory.yml
View file

@ -80,7 +80,7 @@ K400:
10.190.97.131: 10.190.97.131:
10.190.97.141: 10.190.97.141:
10.190.97.151: 10.190.97.151:
CK001: CK100:
hosts: hosts:
10.190.90.[152:159]: 10.190.90.[152:159]:
DK21: DK21:
@ -105,6 +105,12 @@ CL000:
hosts: hosts:
10.190.89.59: 10.190.89.59:
10.190.89.60: 10.190.89.60:
CL100:
hosts:
10.190.62.[61:64]:
W000:
hosts:
10.190.3.[1:3]:
PCroom: PCroom:
children: children:
@ -116,8 +122,6 @@ PCroom:
R319: R319:
R406: R406:
R407: R407:
C052: # Laptops
C055: # Laptops
C061: C061:
C062: C062:
vars: vars:
@ -127,7 +131,7 @@ Kroom:
K200: K200:
K300: K300:
K400: K400:
CK001: CK100:
DK21: DK21:
Lroom: Lroom:
children: children:
@ -135,3 +139,14 @@ Lroom:
L300: L300:
L400: L400:
CL000: CL000:
CL100:
desktop:
children:
PCroom:
Kroom:
Lroom:
laptop:
children:
W000:
C052:
C055:

23
lmn-desktop.yml → lmn-client.yml
View file

@ -1,4 +1,4 @@
## This playbook deploys a KDE desktop machine for LinuxMuster. ## This playbook deploys a client for LinuxMuster.
# #
# Use the following in the installer's preseed file: # Use the following in the installer's preseed file:
# #
@ -17,8 +17,8 @@
# fi # fi
# #
--- ---
- name: apply configuration to the machines - name: Apply common configuration to the machines
hosts: all hosts: all # desktop:laptop
remote_user: ansible remote_user: ansible
become: yes become: yes
pre_tasks: pre_tasks:
@ -64,6 +64,7 @@
rsyncsecret: "{{ vault_rsyncsecret }}" rsyncsecret: "{{ vault_rsyncsecret }}"
keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM'] keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
localuser: "{{ vault_localuser }}" ## needed here for the (universal) pam-mount configuration
## Use grub-mkpasswd-pbkdf2 to calculate the password hash: ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
grub_pwd: "{{ vault_grub_pwd }}" grub_pwd: "{{ vault_grub_pwd }}"
@ -144,3 +145,19 @@
path: /etc/systemd/system.conf path: /etc/systemd/system.conf
line: DefaultTimeoutStopSec=5s line: DefaultTimeoutStopSec=5s
insertafter: '^#DefaultTimeoutStopSec=.*' insertafter: '^#DefaultTimeoutStopSec=.*'
#################
- name: Apply additional laptop configuration
hosts: laptop
remote_user: ansible
become: yes
vars_files: lmn-vault
vars:
ssid: "{{ vault_ssid }}"
wifipasswd: "{{ vault_wifipasswd }}"
localuser: "{{ vault_localuser }}"
localuser_pwd: "{{ vault_localuser_pwd }}"
roles:
- lmn_wlan
- lmn_localuser

136
lmn-laptop.yml
View file

@ -1,136 +0,0 @@
## This playbook deploys a KDE laptop machine for LinuxMuster.
---
- name: apply configuration to the machines
hosts: all
remote_user: ansible
become: yes
pre_tasks:
- pause:
prompt: "Enter global-admin AD password. Leave empty to skip domain join"
echo: false
register: adpw
no_log: true
when: "ansible_cmdline.adpw is not defined"
- name: Preseed apparmor
debconf:
name: apparmor
question: apparmor/homedirs
value: >-
/srv/samba/schools/default-school/teachers/
/srv/samba/schools/default-school/students/*/
/srv/samba/schools/default-school/examusers/
vtype: string
- name: Preseed unattended-upgrades
debconf:
name: unattended-upgrades
question: unattended-upgrades/enable_auto_updates
value: True
vtype: boolean
vars_files: lmn-vault
vars:
domain: "{{ ansible_domain }}"
kerberize_uris: "{{ vault_kerberize_uris }}" ## example.org
apt_conf: "{{ vault_apt_conf }}" ## Acquire::http::Proxy "http://aptcache.example.org:3142/";
ntp_serv: "{{ vault_ntp_serv }}" ## ntp.example.org
proxy: "{{ vault_proxy }}" ## http://firewall.example.org:3128
no_proxy: "{{ vault_no_proxy }}" ## firewall.example.org,server.example.org,idam.example.org,dw.example.org
## PAM mount nextcloud, remove or leave empty to skip:
web_dav: "{{ vault_web_dav }}" ## https://nc.example.org/remote.php/dav/files/%(USER)
## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
mirror_msfonts: "{{ vault_mirror_msfonts }}" ## http://livebox.example.org/mscorefonts/
## Local mirror for libdvdcss. Remove or leave empty to use no mirror:
mirror_dvdcss: "{{ vault_mirror_dvdcss }}" ## http://livebox.example.org/libdvdcss/
rsyncsecret: "{{ vault_rsyncsecret }}"
keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
ssid: "{{ vault_ssid }}"
wifipasswd: "{{ vault_wifipasswd }}"
localuser: "{{ vault_localuser }}"
localuser_pwd: "{{ vault_localuser_pwd }}"
## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
grub_pwd: "{{ vault_grub_pwd }}"
nfs4: false
extra_pkgs:
- vim
- mc
- tmux
- krb5-user
- unattended-upgrades
- debconf-utils
extra_pkgs_bpo: [] # [ linux-image-amd64 ]
roles:
- lmn_network
- up2date_debian
- lmn_sssd
- lmn_mount
- lmn_kde
- lmn_fvs ## school specific customization
- lmn_vm
- lmn_printer
- kerberize
- lmn_wlan
- lmn_localuser
- lmn_security
tasks:
## Temporary fixes and quirks:
- name: Fix 8086:4909 external graphics card
replace:
dest: "/etc/default/grub"
regexp: 'GRUB_CMDLINE_LINUX=""$'
replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
notify: Run update-grub
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
- name: Fix sound on 312A
replace:
dest: "/etc/default/grub"
regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
replace: 'GRUB_CMDLINE_LINUX=""'
notify: Run update-grub
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
- name: Fix sound on 312A and 312D
apt:
name: firmware-sof-signed
state: latest
when: >
ansible_board_vendor == "LENOVO" and
(ansible_board_name == "312D" or ansible_board_name == "312A")
## Clean up stuff from obsolete/faulty tasks:
- name: Remove virtiofs service
file:
path: /etc/systemd/system/virtiofs@.service
state: absent
- name: Fix mount point permissions and owner
file:
path: "{{ item }}"
mode: '0755'
owner: root
group: root
loop:
- /srv/samba
- /srv/samba/schools
- name: Fix unattended-upgrades
ansible.builtin.copy:
dest: /etc/apt/apt.conf.d/20auto-upgrades
content: |
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
## bookworm fixes/hacks:
- name: Work around sddm hang on shutdown
ansible.builtin.lineinfile:
path: /etc/systemd/system.conf
line: DefaultTimeoutStopSec=5s
insertafter: '^#DefaultTimeoutStopSec=.*'

2
roles/lmn_vm/tasks/main.yml
View file

@ -35,7 +35,7 @@
</volume> </volume>
insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->" insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
- name: Use umount script for proper ordering - name: Use umount script for proper cleanup
blockinfile: blockinfile:
dest: /etc/security/pam_mount.conf.xml dest: /etc/security/pam_mount.conf.xml
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (umount script needed for bind mounts ordering) -->" marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (umount script needed for bind mounts ordering) -->"