it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

School's laptops like desktops. Add teachers (laptop) role.

Browse source
This commit is contained in:
Andreas B. Mundt 2023-09-27 08:21:04 +02:00
parent d907261f9b
commit d34bc5f15c
2 changed files with 132 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
lmn-laptop.yml
View file

@ -4,6 +4,22 @@
hosts: all hosts: all
remote_user: ansible remote_user: ansible
become: yes become: yes
pre_tasks:
- pause:
prompt: "Enter global-admin AD password. Leave empty to skip domain join"
echo: false
register: adpw
no_log: true
when: "ansible_cmdline.adpw is not defined"
- name: preseed apparmor
debconf:
name: apparmor
question: apparmor/homedirs
value: >-
/srv/samba/schools/default-school/teachers/
/srv/samba/schools/default-school/students/*/
vtype: string
vars: vars:
domain: "{{ ansible_domain }}" domain: "{{ ansible_domain }}"
kerberize_uris: steinbeis.schule kerberize_uris: steinbeis.schule
@ -44,6 +60,7 @@
- lmn_network - lmn_network
- up2date_debian - up2date_debian
- lmn_sssd - lmn_sssd
- lmn_mount
- lmn_kde - lmn_kde
- lmn_fvs ## school specific customization - lmn_fvs ## school specific customization
- lmn_vm - lmn_vm
@ -62,12 +79,6 @@
append: yes append: yes
when: false when: false
- name: enable pam_mkhomedir.so
lineinfile:
dest: /etc/pam.d/common-session
line: "session optional pam_mkhomedir.so umask=0022"
insertbefore: "# end of pam-auth-update config"
- name: Fix 8086:4909 external graphics card - name: Fix 8086:4909 external graphics card
replace: replace:
dest: "/etc/default/grub" dest: "/etc/default/grub"

115
lmn-teachers.yml Normal file
View file

@ -0,0 +1,115 @@
## This playbook deploys a KDE desktop machine for LinuxMuster.
---
- name: apply configuration to the machines
hosts: all
remote_user: ansible
become: yes
vars:
domain: "{{ ansible_domain }}"
kerberize_uris: steinbeis.schule
apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/";
ntp_serv: server.pn.steinbeis.schule
proxy: http://firewall.pn.steinbeis.schule:3128
no_proxy: firewall.pn.steinbeis.schule,server.pn.steinbeis.schule,idam.steinbeis.schule,dw.steinbeis.schule,.pn.steinbeis.schule,.steinbeis.schule
## PAM mount nextcloud, remove or leave empty to skip:
web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER)
## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/
rsyncsecret: Muster!
keys2deploy:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0 andi@netboot'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM andi@yogi'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7 raphael@uranus'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA raphael@pluto'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy sascha@america'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMR4TP7jE+wS7zcH0iUBmlxCbvy9saYeEjonX/0yYfEJ daniel@NB-20-DW'
## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
nfs4: false
extra_pkgs:
- vim
- mc
- tmux
- krb5-user
- unattended-upgrades
- debconf-utils
extra_pkgs_bpo: [] # [ linux-image-amd64 ]
roles:
- lmn_network
- up2date_debian
- lmn_sssd
- lmn_kde
- lmn_mount
- lmn_fvs ## school specific customization
- lmn_vm
- lmn_printer
- kerberize
- lmn_security
tasks:
- name: Add local user 'virti' in the 'libvirt' group
ansible.builtin.user:
name: virti
password: $y$j9T$DuSvAO63v5LvoJmJ1rB0B0$D4tovIz79AdLHs5I6tYa7rxr3SWknQeUFvGaaKvUpo3
comment: Libvirt VM User,,,
shell: /bin/bash
groups: libvirt
append: yes
when: false
- name: enable pam_mkhomedir.so
lineinfile:
dest: /etc/pam.d/common-session
line: "session optional pam_mkhomedir.so umask=0022"
insertbefore: "# end of pam-auth-update config"
- name: Fix 8086:4909 external graphics card
replace:
dest: "/etc/default/grub"
regexp: 'GRUB_CMDLINE_LINUX=""$'
replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
notify: Run update-grub
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
- name: Fix sound on 312A
replace:
dest: "/etc/default/grub"
regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
replace: 'GRUB_CMDLINE_LINUX=""'
notify: Run update-grub
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
- name: Fix sound on 312A and 312D
apt:
name: firmware-sof-signed
state: latest
when: >
ansible_board_vendor == "LENOVO" and
(ansible_board_name == "312D" or ansible_board_name == "312A")
## bullseye fixes:
- name: add bookworm firmware repository if needed
apt_repository:
repo: deb http://deb.debian.org/debian/ bookworm non-free-firmware
state: present
update_cache: true
when: >
ansible_board_vendor == "LENOVO" and
ansible_board_name == "32CB" and
ansible_distribution_release == "bullseye"
- name: upgrade non-free-firmware packages
apt:
upgrade: true
autoremove: true
autoclean: true
when: >
ansible_board_vendor == "LENOVO" and
ansible_board_name == "32CB" and
ansible_distribution_release == "bullseye"