From d203da49c2de673a557a07823d691656395786ec Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Thu, 31 May 2018 18:24:15 +0300
Subject: [PATCH] Add 'kiosk' configuration.

---
 kiosk.yml                     | 29 ++++++++++++
 local.yml                     | 28 ++++++++++++
 roles/gnome/files/defaults    | 32 ++++++++++++++
 roles/gnome/files/user        |  2 +
 roles/gnome/handlers/main.yml |  3 ++
 roles/gnome/tasks/main.yml    | 21 +++++++++
 roles/kiosk/handlers/main.yml | 30 +++++++++++++
 roles/kiosk/tasks/main.yml    | 83 +++++++++++++++++++++++++++++++++++
 roles/kiosk/templates/wifi.j2 | 18 ++++++++
 9 files changed, 246 insertions(+)
 create mode 100644 kiosk.yml
 create mode 100644 local.yml
 create mode 100644 roles/gnome/files/defaults
 create mode 100644 roles/gnome/files/user
 create mode 100644 roles/gnome/handlers/main.yml
 create mode 100644 roles/gnome/tasks/main.yml
 create mode 100644 roles/kiosk/handlers/main.yml
 create mode 100644 roles/kiosk/tasks/main.yml
 create mode 100644 roles/kiosk/templates/wifi.j2

diff --git a/kiosk.yml b/kiosk.yml
new file mode 100644
index 0000000..dd5c6a3
--- /dev/null
+++ b/kiosk.yml
@@ -0,0 +1,29 @@
+---
+# This playbook deploys a kiosk-computer
+
+- name: apply configuration to the machines
+  hosts: kiosk-computers
+  remote_user: ansible
+  become: yes
+  vars:
+    auto_user: debi
+    #wifi_ssid: "YOUR SSID HERE"
+    wifi_ssid: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64613961373330306237356337323836343032646539353137363039613632373739326565613366
+          3339623632663536363339376638316434623035373538330a383634386133656639633932626436
+          36613139616136346564663363376266323131353037376237343434393136633035326636363666
+          3761623833343064370a633765653166393737326235383231313731623366323963393836616264
+          3532
+    #wifi_passwd: "YOUR WIFI-PW HERE"
+    wifi_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64633036633163363237373937313935653466346630363565313233393864306534306631363763
+          3035373034653730656238656133366566613266393536650a376431396164303861616432316338
+          62396133306136653861643336626539666433646234653161616265663631376637333561363730
+          6534633964353363380a313339383166383064656431633062396461376336646263346233303739
+          3435
+  roles:
+    - up2date-debian
+    - gnome
+    - kiosk
diff --git a/local.yml b/local.yml
new file mode 100644
index 0000000..f6851b0
--- /dev/null
+++ b/local.yml
@@ -0,0 +1,28 @@
+---
+# This playbook deploys a kiosk-computer
+
+- name: apply configuration to the machines
+  hosts: localhost
+  remote_user: root
+  vars:
+    auto_user: debi
+    #wifi_ssid: "YOUR SSID HERE"
+    wifi_ssid: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64613961373330306237356337323836343032646539353137363039613632373739326565613366
+          3339623632663536363339376638316434623035373538330a383634386133656639633932626436
+          36613139616136346564663363376266323131353037376237343434393136633035326636363666
+          3761623833343064370a633765653166393737326235383231313731623366323963393836616264
+          3532
+    #wifi_passwd: "YOUR WIFI-PW HERE"
+    wifi_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64633036633163363237373937313935653466346630363565313233393864306534306631363763
+          3035373034653730656238656133366566613266393536650a376431396164303861616432316338
+          62396133306136653861643336626539666433646234653161616265663631376637333561363730
+          6534633964353363380a313339383166383064656431633062396461376336646263346233303739
+          3435
+  roles:
+    - up2date-debian
+    - gnome
+    - kiosk
diff --git a/roles/gnome/files/defaults b/roles/gnome/files/defaults
new file mode 100644
index 0000000..2714a65
--- /dev/null
+++ b/roles/gnome/files/defaults
@@ -0,0 +1,32 @@
+[org/gnome/shell]
+enabled-extensions=['apps-menu@gnome-shell-extensions.gcampax.github.com']
+
+[org/gnome/desktop/background]
+show-desktop-icons=true
+
+[org/gnome/desktop/input-sources]
+sources=[('xkb', 'tr'), ('xkb', 'de'), ('xkb', 'us')]
+
+[org/gnome/desktop/peripherals/touchpad]
+natural-scroll=false
+edge-scrolling-enabled=true
+tap-to-click=true
+
+[org/gnome/nautilus/desktop]
+home-icon-visible=false
+
+[org/gnome/nautilus/preferences]
+default-folder-viewer='list-view'
+
+[org/gnome/nautilus/list-view]
+use-tree-view=true
+
+[org/gnome/settings-daemon/plugins/power]
+power-button-action='hibernate'
+sleep-inactive-battery-timeout=900
+sleep-inactive-battery-type='hibernate'
+sleep-inactive-ac-timeout=7200
+sleep-inactive-ac-type='suspend'
+
+[org/gnome/desktop/screensaver]
+lock-enabled=false
diff --git a/roles/gnome/files/user b/roles/gnome/files/user
new file mode 100644
index 0000000..aca0641
--- /dev/null
+++ b/roles/gnome/files/user
@@ -0,0 +1,2 @@
+user-db:user
+system-db:local
diff --git a/roles/gnome/handlers/main.yml b/roles/gnome/handlers/main.yml
new file mode 100644
index 0000000..5274a2c
--- /dev/null
+++ b/roles/gnome/handlers/main.yml
@@ -0,0 +1,3 @@
+- name: update dconf
+  command: dconf update
+  listen: update dconf
diff --git a/roles/gnome/tasks/main.yml b/roles/gnome/tasks/main.yml
new file mode 100644
index 0000000..3607118
--- /dev/null
+++ b/roles/gnome/tasks/main.yml
@@ -0,0 +1,21 @@
+#- name: gnome hibernate by default
+#  apt: name=gnome-shell-extension-suspend-button state=latest
+
+- name: make sure /etc/dconf/profile/ exists
+  file: path=/etc/dconf/profile/ state=directory recurse=yes
+
+- name: prepare for gnome customized defaults
+  copy:
+    src: user
+    dest: /etc/dconf/profile/user
+  notify: update dconf
+
+
+- name: make sure /etc/dconf/db/local.d/ exists
+  file: path=/etc/dconf/db/local.d/ state=directory recurse=yes
+
+- name: modify gnome defaults
+  copy:
+    src: defaults
+    dest: /etc/dconf/db/local.d/defaults
+  notify: update dconf
diff --git a/roles/kiosk/handlers/main.yml b/roles/kiosk/handlers/main.yml
new file mode 100644
index 0000000..7c9de36
--- /dev/null
+++ b/roles/kiosk/handlers/main.yml
@@ -0,0 +1,30 @@
+- name: run update-grub
+  command: update-grub
+  listen: update grub
+
+- name: reload NetworkManager
+  when: not run_in_installer|default(false)|bool
+  systemd:
+    daemon_reload: yes
+    name: NetworkManager
+    state: reloaded
+    enabled: yes
+  listen: reload NetworkManager
+
+# fails in installer with stretch, workaround below:
+#- name: enable tmp.mount
+#  systemd:
+#    daemon_reload: yes
+#    name: tmp.mount
+#    enabled: yes
+
+- name: make sure local-fs.target.wants exists
+  file: path=/etc/systemd/system/local-fs.target.wants/ state=directory
+  listen: enable tmp.mount
+
+- name: enable tmp.mount
+  file:
+    src: /etc/systemd/system/tmp.mount
+    dest: /etc/systemd/system/local-fs.target.wants/tmp.mount
+    state: link
+  listen: enable tmp.mount
diff --git a/roles/kiosk/tasks/main.yml b/roles/kiosk/tasks/main.yml
new file mode 100644
index 0000000..91d8cd1
--- /dev/null
+++ b/roles/kiosk/tasks/main.yml
@@ -0,0 +1,83 @@
+- name: check if gdm3 is installed
+  stat: path=/etc/gdm3/daemon.conf
+  register: gdm3
+
+- name: enable auto login
+  when: gdm3.stat.exists == true
+  lineinfile:
+    dest: /etc/gdm3/daemon.conf
+    insertafter: '^#\s*AutomaticLoginEnable = true'
+    line: 'AutomaticLoginEnable = true'
+
+- name: auto login user
+  when: gdm3.stat.exists == true
+  lineinfile:
+    dest: /etc/gdm3/daemon.conf
+    insertafter: '^#\s*AutomaticLogin = '
+    line: 'AutomaticLogin = {{ auto_user }}'
+
+- name: graphics quirk
+  when: ansible_product_name == "HP 500"
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=).*'
+    line: '\1"video=SVIDEO-1:d"'
+    backrefs: yes
+  notify: update grub
+
+- name: grub timeout
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: '^(GRUB_TIMEOUT=).*'
+    line: '\g<1>1'
+    backrefs: yes
+  notify: update grub
+
+- name: keyboard compose key
+  lineinfile:
+    dest: /etc/default/keyboard
+    regexp: '^(XKBOPTIONS=).*'
+    line: '\1"compose:caps"'
+    backrefs: yes
+
+- name: hibernate when lid is closed
+  lineinfile:
+    dest: /etc/systemd/logind.conf
+    insertafter: '^#\s*HandleLidSwitch='
+    line: 'HandleLidSwitch=hibernate'
+
+- name: tmp on tmpfs
+  shell: cp /usr/share/systemd/tmp.mount /etc/systemd/system/
+  args:
+    creates: /etc/systemd/system/tmp.mount
+  notify: enable tmp.mount
+
+- name: mount tmpfs on /home/{{ auto_user }}
+  mount:
+    name: /home/{{ auto_user }}
+    src: tmpfs
+    fstype: tmpfs
+    opts: uid=1001,gid=1001,mode=755,size=4G
+    state: mounted
+
+- name: add autologin user
+  user:
+    name: "{{ auto_user }}"
+    comment: "Autologin Debian User,,,"
+    shell: /bin/bash
+    createhome: no
+    password: '*'
+
+- name: check if NetworkManager is installed
+  stat: path=/etc/NetworkManager/system-connections
+  register: NetworkManager
+
+- name: add wifi config
+  when: NetworkManager.stat.exists == true
+  template:
+    src: wifi.j2
+    dest: /etc/NetworkManager/system-connections/{{ wifi_ssid }}
+    owner: root
+    group: root
+    mode: '0600'
+  notify: reload NetworkManager
diff --git a/roles/kiosk/templates/wifi.j2 b/roles/kiosk/templates/wifi.j2
new file mode 100644
index 0000000..e4bc20e
--- /dev/null
+++ b/roles/kiosk/templates/wifi.j2
@@ -0,0 +1,18 @@
+[connection]
+id={{ wifi_ssid }}
+uuid=a9064ab4-e5fc-49d7-bb6d-8a6073c0e757
+type=wifi
+
+[wifi]
+ssid={{ wifi_ssid }}
+security=802-11-wireless-security
+
+[wifi-security]
+key-mgmt=wpa-psk
+psk={{ wifi_passwd }}
+
+[ipv4]
+method=auto
+
+[ipv6]
+method=auto