diff --git a/lmn-client.yml b/lmn-client.yml index 3d5be68..93c63e5 100644 --- a/lmn-client.yml +++ b/lmn-client.yml @@ -82,7 +82,6 @@ when: vm_support - lmn_printer - kerberize - - lmn_security - lmn_misc - role: lmn_localhome when: localhome @@ -94,7 +93,6 @@ when: - ansible_interfaces | select('search', 'wl.+') | first is defined - wlan != none - - role: lmn_extrapkgs tasks: - name: Include custom roles @@ -105,255 +103,18 @@ loop_var: rolename when: custom_roles is defined - ## Temporary fixes and quirks: - - name: Remove disturbing NetworkManager connection - ansible.builtin.file: - path: "/etc/NetworkManager/system-connections/Wired connection 1" - state: absent - when: ansible_interfaces | select('search', '^en[pso].+') | length > 1 - - - name: Fix 8086:4909 external graphics card - ansible.builtin.replace: - dest: "/etc/default/grub" - regexp: 'GRUB_CMDLINE_LINUX=""$' - replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"' - notify: Run update-grub - when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB" - - - name: Fix sound on 312A - ansible.builtin.replace: - dest: "/etc/default/grub" - regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$' - replace: 'GRUB_CMDLINE_LINUX=""' - notify: Run update-grub - when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A" - - - name: Fix sound on 312A and 312D - ansible.builtin.apt: - name: firmware-sof-signed - state: latest - when: > - ansible_board_vendor == "LENOVO" and - (ansible_board_name == "312D" or ansible_board_name == "312A") - - - name: Install customized CodeBlocks packages - when: "'PCroom' in group_names" - block: - - name: Check for old CodeBlocks - ansible.builtin.command: - cmd: dpkg -l codeblocks - register: codeblocks_version - changed_when: false - - - name: Download codeblocks zip archive - ansible.builtin.get_url: - url: "http://livebox.pn.steinbeis.schule/codeblocks/CodeBlocks.zip" - dest: /tmp/CodeBlocks.zip - mode: '0644' - use_proxy: false - register: new_codeblocks - when: codeblocks_version.stdout is not search('svn13544') - - - name: Unpack zip archive and install packages manually - ansible.builtin.shell: - cmd: unzip -d /tmp/cb/ CodeBlocks.zip && dpkg -i cb/*.deb - chdir: /tmp/ - when: new_codeblocks.changed | default(false) - -## Clean up stuff from obsolete/faulty tasks: - - name: Remove sddm login screen patch with deprecated marker (homeondisk) - ansible.builtin.blockinfile: - path: /usr/share/sddm/themes/debian-breeze/Main.qml - marker: // {mark} ANSIBLE MANAGED BLOCK homeondisk - state: absent - - - name: Remove packages we do not need anymore - ansible.builtin.apt: - name: - - cachefilesd - - mosquitto - state: absent - purge: true - - - name: Remove virtiofs service - ansible.builtin.file: - path: /etc/systemd/system/virtiofs@.service - state: absent - - - name: Fix mount point permissions and owner - ansible.builtin.file: - path: "{{ item }}" - mode: '0755' - owner: root - group: root - loop: - - /srv/samba - - /srv/samba/schools - - - name: Remove pam_mount sysvol mount - ansible.builtin.blockinfile: - dest: /etc/security/pam_mount.conf.xml - marker: "" - block: | - rootansibleDebian-gdmsddm{% if localuser %}{{ localuser }}{% endif %} - - state: absent - - - name: Remove pam_mount for VM bind mounts - ansible.builtin.blockinfile: - dest: /etc/security/pam_mount.conf.xml - marker: "" - state: absent - - - name: Check if rmlpr.timer is installed - ansible.builtin.stat: - path: /etc/systemd/system/rmlpr.timer - register: rmlpr - - - name: Disable rmlpr.timer - ansible.builtin.systemd: - name: rmlpr.timer - enabled: false - when: rmlpr.stat.exists - - - name: Check if vmimage-torrent.service is installed - ansible.builtin.stat: - path: /etc/systemd/system/vmimage-torrent.service - register: vmimagetorrent - - - name: Disable vmimage-torrent.service - ansible.builtin.systemd: - name: vmimage-torrent.service - enabled: false - when: vmimagetorrent.stat.exists - - - name: Remove deprecated files and directories - ansible.builtin.file: - path: "{{ item }}" - state: absent - with_items: - - /etc/linuxmuster-linuxclient7 - - /usr/lib/python3/dist-packages/linuxmusterLinuxclient7 - - /usr/share/linuxmuster-linuxclient7 - - /usr/local/bin/onLogin - - /etc/sudoers.d/90-lmn-sudotools - - /etc/systemd/system/rmlpr.service - - /etc/systemd/system/rmlpr.timer - - /usr/local/bin/sync-vm.sh - - /usr/local/bin/run-vm.sh - - /usr/local/bin/rebase-vm.sh - - /usr/local/bin/create-vm.sh - - /usr/local/bin/upload-vm.sh - - /usr/local/bin/vmimage-torrent - - /etc/systemd/system/vmimage-torrent.service - - /usr/local/bin/linbo-torrenthelper.sh - - /usr/local/bin/link-images.sh - - /usr/local/bin/start-virtiofsd.sh - - /etc/sudoers.d/90-lmn-upload-vm - - /etc/sudoers.d/90-lmn-sync-vm - - /etc/sudoers.d/90-lmn-startvirtiofsd - - /etc/sudoers.d/90-lmn-link-images - - /etc/rsync.secret - - /etc/systemd/network/30-virbr1.netdev - - /etc/systemd/network/30-virbr2.netdev - - /etc/systemd/network/40-ethernet.network - - /etc/systemd/network/40-ethernet-usb.network - - /etc/systemd/network/50-virbr1.network - - /etc/systemd/network/50-virbr2.network - - /etc/systemd/network/60-wlan0-dhcp.network - - /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection - - /etc/tmpfiles.d/clean-exam.conf - - /etc/polkit-1/rules.d/lmn-networkmanager.rules - - /etc/polkit-1/rules.d/lmn-packagekit.rules - - - name: Check if vm_usage_information.txt exists - ansible.builtin.stat: - path: /lmn/vm/vm_usage_information.txt - register: vm_usage_information - - - name: Pre-fill vm_usage_information.txt - ansible.builtin.shell: - cmd: | - ls -tr *.qcow2 > vm_usage_information.txt || touchvm_usage_information.txt - chown lmnsynci:lmnsynci vm_usage_information.txt - chdir: /lmn/vm/ - when: not vm_usage_information.stat.exists - - - name: Detect if IPP-Everywhere printers exist - ansible.builtin.shell: - cmd: grep "IPP Everywhere" /etc/cups/printers.conf - register: ipp_everywhere - failed_when: false - changed_when: false - - - name: Delete old IPP-Everywhere printers - ansible.builtin.shell: - cmd: | - for p in $(lpstat -p | cut -d" " -f2); do - lpadmin -x "$p" - done - when: not ipp_everywhere.rc - - - name: Remove old VM-printerlists - ansible.builtin.shell: - cmd: rm -f /lmn/media/*/.printerlist.csv - - - name: Remove Listen on VMBridge - ansible.builtin.lineinfile: - dest: /etc/cups/cupsd.conf - line: 'Listen 192.168.122.1:631' - state: absent - - - name: Remove NetworkManager Ansible-Block for non-laptops - ansible.builtin.blockinfile: - path: /etc/NetworkManager/NetworkManager.conf - state: absent - when: "'laptop' not in group_names" - - - name: Remove pam-exec from common-auth - ansible.builtin.lineinfile: - dest: /etc/pam.d/common-auth - line: "auth optional pam_exec.so /usr/local/sbin/pam-exec.sh" - state: absent - when: exam_mode - - - name: Remove pam-mkhomedir from common-session - ansible.builtin.lineinfile: - dest: /etc/pam.d/common-session - line: "session optional pam_mkhomedir.so umask=0077" - state: absent - when: localhome - -## bookworm fixes/hacks: - - name: Work around sddm hang on shutdown - ansible.builtin.lineinfile: - path: /etc/systemd/system.conf - line: DefaultTimeoutStopSec=5s - insertafter: '^#DefaultTimeoutStopSec=.*' - - - name: Patch spyder to fix 'file-has-changed' issues on CIFS - ansible.posix.patch: - src: spyder.patch - dest: /usr/lib/python3/dist-packages/spyder/plugins/editor/widgets/editor.py ################# - - name: Timestamp successfull run and send up-to-date report - ansible.builtin.shell: - cmd: date --iso-8601=seconds >> /var/local/ansible-stamps && /usr/local/sbin/reporter - changed_when: false - tags: upgrade - - - name: Force ansible-run after install trough emitter by setting timestamp in the past - ansible.builtin.shell: - cmd: echo "2020-01-01T00:00:00+01:00" >> /var/local/ansible-stamps && /usr/local/sbin/reporter - when: run_in_installer|default(false)|bool + - name: Final tasks + ansible.builtin.include_role: + name: "{{ role }}" + loop_control: + loop_var: role + loop: + - lmn_security + - lmn_finish + - lmn_tmpfixes ################# diff --git a/roles/lmn_extrapkgs/defaults/main.yml b/roles/lmn_extrapkgs/defaults/main.yml deleted file mode 100644 index de1ad44..0000000 --- a/roles/lmn_extrapkgs/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -extra_pkgs: [] -extra_pkgs_bpo: [] diff --git a/roles/lmn_finish/defaults/main.yml b/roles/lmn_finish/defaults/main.yml new file mode 100644 index 0000000..4db4d23 --- /dev/null +++ b/roles/lmn_finish/defaults/main.yml @@ -0,0 +1,6 @@ +extra_pkgs: [] +extra_pkgs1: [] +extra_pkgs2: [] +extra_pkgs_bpo: [] +extra_pkgs_bpo1: [] +extra_pkgs_bpo2: [] diff --git a/roles/lmn_extrapkgs/tasks/main.yaml b/roles/lmn_finish/tasks/main.yaml similarity index 52% rename from roles/lmn_extrapkgs/tasks/main.yaml rename to roles/lmn_finish/tasks/main.yaml index d3d7250..5f3a787 100644 --- a/roles/lmn_extrapkgs/tasks/main.yaml +++ b/roles/lmn_finish/tasks/main.yaml @@ -1,14 +1,11 @@ --- -- name: Merge extra_pkgs and extra_pkgs_bpo lists - ansible.builtin.set_fact: - extra_pkgs: "{{ extra_pkgs + lookup('vars', 'extra_pkgs' + item, default=[]) }}" - extra_pkgs_bpo: "{{ extra_pkgs_bpo + lookup('vars', 'extra_pkgs_bpo' + item, default=[]) }}" - loop: "{{ range(1, 11) | map('string') | list }}" - - name: Install extra packages from stable ansible.builtin.apt: - name: "{{ extra_pkgs }}" - when: extra_pkgs|length + name: "{{ item }}" + loop: + - "{{ extra_pkgs }}" + - "{{ extra_pkgs1 }}" + - "{{ extra_pkgs2 }}" - name: Add backports for {{ ansible_distribution_release }} ansible.builtin.apt_repository: @@ -17,11 +14,20 @@ main non-free-firmware state: present update_cache: true - when: extra_pkgs_bpo|length +# when: extra_pkgs_bpo|length - name: Install extra packages from backports ansible.builtin.apt: - name: "{{ extra_pkgs_bpo }}" + name: "{{ item }}" state: latest # noqa package-latest default_release: "{{ ansible_distribution_release }}-backports" - when: extra_pkgs_bpo|length + loop: + - "{{ extra_pkgs_bpo }}" + - "{{ extra_pkgs_bpo1 }}" + - "{{ extra_pkgs_bpo2 }}" + +- name: Timestamp successfull run and send up-to-date report + ansible.builtin.shell: + cmd: date --iso-8601=seconds >> /var/local/ansible-stamps && /usr/local/sbin/reporter + changed_when: false + tags: upgrade