diff --git a/lmn-laptop.yml b/lmn-laptop.yml new file mode 100644 index 0000000..442ca51 --- /dev/null +++ b/lmn-laptop.yml @@ -0,0 +1,114 @@ +## This playbook deploys a KDE desktop machine for LinuxMuster. +--- +- name: apply configuration to the machines + hosts: all + remote_user: ansible + become: yes + vars: + domain: "{{ ansible_domain }}" + kerberize_uris: steinbeis.schule + apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/"; + ntp_serv: server.pn.steinbeis.schule + proxy: http://firewall.pn.steinbeis.schule:3128 + no_proxy: firewall.pn.steinbeis.schule,server.pn.steinbeis.schule,idam.steinbeis.schule,dw.steinbeis.schule,.pn.steinbeis.schule,.steinbeis.schule + + ## PAM mount nextcloud, remove or leave empty to skip: + web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER) + + ## Local mirror for mscorefonts. Remove or leave empty to use no mirror: + mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/ + + rsyncsecret: Muster! + keys2deploy: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0 andi@netboot' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM andi@yogi' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7 raphael@uranus' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA raphael@pluto' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy sascha@america' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMR4TP7jE+wS7zcH0iUBmlxCbvy9saYeEjonX/0yYfEJ daniel@NB-20-DW' + + ## Use grub-mkpasswd-pbkdf2 to calculate the password hash: + grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB' + nfs4: false + extra_pkgs: + - vim + - mc + - tmux + - krb5-user + - unattended-upgrades + - debconf-utils + extra_pkgs_bpo: [] # [ linux-image-amd64 ] + + roles: + - lmn_network + - up2date_debian + - lmn_sssd + - lmn_kde + - lmn_fvs ## school specific customization + - lmn_vm + - lmn_printer + - kerberize + - lmn_security + + tasks: + - name: Add local user 'virti' in the 'libvirt' group + ansible.builtin.user: + name: virti + password: $y$j9T$DuSvAO63v5LvoJmJ1rB0B0$D4tovIz79AdLHs5I6tYa7rxr3SWknQeUFvGaaKvUpo3 + comment: Libvirt VM User,,, + shell: /bin/bash + groups: libvirt + append: yes + when: false + + - name: enable pam_mkhomedir.so + lineinfile: + dest: /etc/pam.d/common-session + line: "session optional pam_mkhomedir.so umask=0022" + insertbefore: "# end of pam-auth-update config" + + - name: Fix 8086:4909 external graphics card + replace: + dest: "/etc/default/grub" + regexp: 'GRUB_CMDLINE_LINUX=""$' + replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"' + notify: Run update-grub + when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB" + + - name: Fix sound on 312A + replace: + dest: "/etc/default/grub" + regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$' + replace: 'GRUB_CMDLINE_LINUX=""' + notify: Run update-grub + when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A" + + - name: Fix sound on 312A and 312D + apt: + name: firmware-sof-signed + state: latest + when: > + ansible_board_vendor == "LENOVO" and + (ansible_board_name == "312D" or ansible_board_name == "312A") + +## bullseye fixes: + - name: add bookworm firmware repository if needed + apt_repository: + repo: deb http://deb.debian.org/debian/ bookworm non-free-firmware + state: present + update_cache: true + when: > + ansible_board_vendor == "LENOVO" and + ansible_board_name == "32CB" and + ansible_distribution_release == "bullseye" + + - name: upgrade non-free-firmware packages + apt: + upgrade: true + autoremove: true + autoclean: true + when: > + ansible_board_vendor == "LENOVO" and + ansible_board_name == "32CB" and + ansible_distribution_release == "bullseye"