diff --git a/README b/README deleted file mode 100644 index 9760129..0000000 --- a/README +++ /dev/null @@ -1,123 +0,0 @@ - - Run Debian in your Local Area Network - ======================================= - -The goal of the "Debian Local Area Network"-project is to make setting -up Debian in a local area network as easy as possible. This repository -offers ansible playbooks and instructions for the following machines: - - • installbox: orchestration of automatic installs in the LAN - - set up as gateway to some external network (WAN) - - provides TFTP installations on the LAN interface - - automatic installs: preseeding and ansible playbooks - - package cache - - • kerberox: serving a minimalistic kerberized LAN - - automatic TFTP installation of clients - - centralized home directories on kerberized NFS - - simple script to manage users and machines - - • kerberox-client: the client for the kerberized LAN - - • sambox and -client: comparable to the kerberox setup, but - home directories are shared via sshfs or the smb protocol. - - • cloudbox: nextcloud server in the basement - - setup of a home cloud server - - dynamic DNS name - - nextcloud - - backup with borg - - … - - • kiosk: school's computer, hackerspace, … - - auto login user - - reasonable defaults - - temporary home directory on tmpfs, reset at boot - - • edubox: deploy a set of containers for training/teaching - -Contributions like patches, suggestions, pull requests and/or further -profiles are highly appreciated! - ----------------------------- - - Instructions -============== - -Installbox -~~~~~~~~~~ - • standard Debian installation: - - user 'ansible' in sudo group - - WAN interface configured and connected - - LAN interface not configured/managed - - • optional: customize installbox.yml - - • run ansible: - ssh-copy-id ansible@1.2.3.4 - ansible-playbook installbox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4, - - • the installbox can be used to install all other profiles - -Kerberox, Sambox -~~~~~~~~~~~~~~~~ - • standard Debian installation: - - user 'ansible' in sudo group - - WAN interface configured and connected - - LAN interface not configured/managed - - • optional: customize kerberox.yml - - • run ansible: - ssh-copy-id ansible@1.2.3.4 - ansible-playbook kerberox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4, - -Kerberox and installbox provide a local ansible configuration space -which can be used to install clients and/or to check/modify the local -installation. To do the latter, cd into 'debian-lan' and run: - - 'ansible-playbook --ask-become-pass -v -i localhost, -c local kerberox.yml' - -The kerberox-clients are automatically installed using the included TFTP netboot -installer within the LAN. - -Cloudbox -~~~~~~~~ - • Debian installation: - - user 'ansible' in sudo group - - • check/customize cloudbox.yml - - • download latest nextcloud-*.*.*.tar.bz2 archive and place it as nextcloud.tar.bz2 - in your debian-lan-ansible directory - - • run ansible: - ssh-copy-id ansible@1.2.3.4 - ansible-playbook cloudbox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4, - - • use 'nc-admin' with password in '/root/nc-admin.pwd' to log into nextcloud. - -Kiosk -~~~~~ - • Debian installation: - - user 'ansible' in sudo group - - • customize kiosk.yml: - - WiFi parameters - - package selection: extra_pkgs and extra_pkgs_bpo for backports - - desktop environment - - • run ansible: - ssh-copy-id ansible@1.2.3.4 - ansible-playbook kiosk.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4, - -Edubox -~~~~~~ - • Debian installation: - - user 'ansible' in sudo group - - • customize edubox.yml - - • run ansible: - ssh-copy-id ansible@1.2.3.4 - ansible-playbook edubox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4, diff --git a/README.kerberox b/README.kerberox deleted file mode 100644 index fd84d98..0000000 --- a/README.kerberox +++ /dev/null @@ -1,14 +0,0 @@ -## After installation of the clients, prepare and copy all machine -## credentials to the machines in the following way: - -## Log into the Kerberos KDC (kerberox). - -## Find the kadmin password to be used soon: - sudo cat /root/kadmin.pwd - -## Then: - cd /home/ansible/debian-lan/ - ansible-playbook --ask-become-pass kerberox-client.yml \ - --ssh-common-args='-o StrictHostKeyChecking=no' - -## Enter the 'BECOME' password and the kadmin password obtained above. diff --git a/cloudbox.yml b/cloudbox.yml deleted file mode 100644 index b487d1a..0000000 --- a/cloudbox.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# This playbook deploys the cloudbox on a minimal installation. - -- name: apply configuration to the cloudbox - # hosts: cloudboxes ## 'all' is needed to make ansible-pull work - hosts: all - remote_user: ansible - become: true - vars: - if_lan: "enp1s0" - ipaddr: "192.168.2.50/24" - gateway: "192.168.2.1" - dns: "192.168.2.1" - ddns_domain: "something.ddnss.de" - ddns_updkey: "138638.some.key.here.635620" - ## 'nc_download' and 'nc_checksum' are only - ## used for ansible-pull during installation: - nc_download: "https://download.nextcloud.com/server/releases/latest.tar.bz2" - nc_checksum: "sha256:d32a8f6c4722a45cb67de7018163cfafcfa22a871fbac0f623c3875fa4304e5a" - nc_apps: - - calendar - - notes - backup_opts: "--exclude-caches -e '*/updater-*/' -e '*/preview/*' -e '*/files_trashbin/*'" - backup_dirs: - - "/etc" - - "{{ nc_dir }}" - - "{{ data_dir }}" - ansible_python_interpreter: "/usr/bin/python3" - - roles: - - up2date_debian -# - ddnsupdate -# - lowpower - - nextcloud - - nextcloudupgrade - - kerberize -# - backup - -## Hosts in the the 'only_nextcloud'-group are only upgraded: - -- name: upgrade nextcloud only - hosts: only_nextcloud - remote_user: ansible - become: true - vars: - nc_dir: "/var/www/nextcloud" - nc_apps: - - calendar - - notes - ansible_python_interpreter: "/usr/bin/python3" - - roles: - - up2date_debian - - nextcloudupgrade diff --git a/edubox.yml b/edubox.yml deleted file mode 100644 index 76b188c..0000000 --- a/edubox.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -## This playbook deploys a series of minimal systemd-nspawn containers -## for educational use on a host, for example to learn ansible! -## All containers use an apt cache on the host system and forward port -## 22 (ssh), 80 (http) and 443 (https) to ports >= 10000, 10100 and 10200 -## respectively. A user 'ansi' in the 'sudo' group is prepared, -## either with empty password or an initial password to be set below. -## -## Modifications of the initial containers are kept in an overlay -## directory next to the container images in '/var/lib/machines/'. -## This allows to visit and compare the work of students on the host. -## To manage the containers after installation, run the playbook with -## one of the the following tags: -## -## --tags=start start all containers -## --tags=stop stop all containers -## --tags=restart stop, then start all containers -## --tags=reset reset all containers to the initial image -## --tags=purge purge all containers -## --tags=setup purge all containers and setup again -## - -- name: apply configuration to the edubox - hosts: all # eduboxes - remote_user: ansible - become: true - vars: - contname: cont - ## User name for the user in the container: - contuser: ansi - ## Password for the user 'ansible' in the container, - ## leave empty to log in without password: - contpwd: "" - ## Adjust the number of containers here: - containers: "{{ range(0, 49 + 1) | list }}" - ## Additional packages to be installed in the container: - cont_packages_extra: - - bind9-dnsutils - - file - - locales - - xz-utils - - lsof - - wget - - bind9-host - - libc-l10n - - traceroute - - bzip2 - - netcat-traditional - - telnet - - pre_tasks: - - name: install apt-cacher-ng - apt: - name: - - apt-cacher-ng - - auto-apt-proxy - state: latest # noqa package-latest - - - name: enable and start systemd-networkd on the host - systemd: - name: systemd-networkd - state: started - enabled: true - - roles: - - up2date_debian - - educontainer - - networkdresolved diff --git a/fvs-desktop.yml b/fvs-desktop.yml deleted file mode 100644 index a97a744..0000000 --- a/fvs-desktop.yml +++ /dev/null @@ -1,58 +0,0 @@ -## This playbook deploys a FvS desktop machine. ---- -- name: apply configuration to the machines - hosts: all - remote_user: ansible - become: yes - vars: - extra_pkgs: - - webext-privacy-badger - - webext-ublock-origin - - vim - - emacs - - elpa-magit - - elpa-color-theme-modern - - vlc - - gimp - - inkscape - - bluefish - - git - - gitk - - gitg - - mc - - tmux - - wireshark - - nmap - - netcat-openbsd - - net-tools - - ghex - - thonny - - spyder - - mu-editor - - dia - - vym - - tree - - console-setup - - virt-manager - - libreoffice-l10n-de - extra_pkgs_bpo: [ libreoffice ] # [ linux-image-amd64 ] # [ libreoffice ] - ansible_python_interpreter: "/usr/bin/python3" - - roles: - - up2date_debian - - fvs-sssd - - fvs-mount - - fvs-client - ## Choose either gnome or KDE: - - gnome - #- kde - - tasks: - - name: Add local user 'virti' in the 'libvirt' group - ansible.builtin.user: - name: virti - password: $y$j9T$DuSvAO63v5LvoJmJ1rB0B0$D4tovIz79AdLHs5I6tYa7rxr3SWknQeUFvGaaKvUpo3 - comment: Libvirt VM User,,, - shell: /bin/bash - groups: libvirt - append: yes diff --git a/fvs-home-server.yml b/fvs-home-server.yml deleted file mode 100644 index 1369dd3..0000000 --- a/fvs-home-server.yml +++ /dev/null @@ -1,21 +0,0 @@ -## This playbook deploys a FvS home server machine. ---- -- name: apply configuration to the home server - hosts: all - remote_user: ansible - become: yes - vars: - extra_pkgs: - - vim - extra_pkgs_bpo: [ ] # [ libreoffice ] - - roles: - - up2date_debian - - fvs-sssd - - tasks: - - name: enable pam_mkhomedir.so - lineinfile: - dest: /etc/pam.d/common-session - line: "session optional pam_mkhomedir.so umask=0027" - insertbefore: "session optional pam_mount.so" diff --git a/fvs-homex-server.yml b/fvs-homex-server.yml deleted file mode 100644 index 28d4ada..0000000 --- a/fvs-homex-server.yml +++ /dev/null @@ -1,17 +0,0 @@ -## This playbook deploys a FvS homex server machine. ---- -- name: apply configuration to the homex server - hosts: all - remote_user: ansible - become: yes - vars: - extra_pkgs: - - vim - - systemd-journal-remote - - python3-ldap - extra_pkgs_bpo: [ ] - - roles: - - up2date_debian - - fvs-sssd - - exam_homes diff --git a/fvs-vm-server.yml b/fvs-vm-server.yml deleted file mode 100644 index f8fe613..0000000 --- a/fvs-vm-server.yml +++ /dev/null @@ -1,34 +0,0 @@ -## This playbook deploys a FvS VM server machine. ---- -- name: apply configuration to the VM server - hosts: all - remote_user: ansible - become: yes - vars: - extra_pkgs: - - vim - - libvirt-daemon-system - extra_pkgs_bpo: [ ] # [ libreoffice ] - - roles: - - up2date_debian - - fvs-sssd - - tasks: - - name: enable pam_mkhomedir.so - lineinfile: - dest: /etc/pam.d/common-session - line: "session optional pam_mkhomedir.so umask=0027" - insertbefore: "session optional pam_mount.so" - - - name: allow all users to use VMs - lineinfile: - dest: /etc/libvirt/libvirtd.conf - line: 'auth_unix_rw = "none"' - insertafter: '#auth_unix_rw = "polkit"' - - - name: shared directory for ISO installer images - file: - path: /home/ISOsVM - state: directory - mode: '1777' diff --git a/fvs-www-server.yml b/fvs-www-server.yml deleted file mode 100644 index edf75e1..0000000 --- a/fvs-www-server.yml +++ /dev/null @@ -1,29 +0,0 @@ -## This playbook deploys a FvS web server machine. ---- -- name: apply configuration to the web server - hosts: all - remote_user: ansible - become: yes - vars: - extra_pkgs: - - vim - - apache2 - - python3-flask - - extra_pkgs_bpo: [ ] # [ libreoffice ] - - roles: - - up2date_debian - - fvs-sssd - - tasks: - - name: enable pam_mkhomedir.so - lineinfile: - dest: /etc/pam.d/common-session - line: "session optional pam_mkhomedir.so umask=0026" - insertbefore: "session optional pam_mount.so" - - - name: enable apache mod userdir - apache2_module: - state: present - name: userdir diff --git a/host_vars/blackbox.yml b/host_vars/blackbox.yml deleted file mode 100644 index a1f3799..0000000 --- a/host_vars/blackbox.yml +++ /dev/null @@ -1,4 +0,0 @@ -allow_download: true -backup_dirs_extra: - - /home -backup_opts_extra: "" diff --git a/host_vars/bluebox.yml b/host_vars/bluebox.yml deleted file mode 100644 index dacab7d..0000000 --- a/host_vars/bluebox.yml +++ /dev/null @@ -1 +0,0 @@ -allow_download: true diff --git a/installbox.yml b/installbox.yml deleted file mode 100644 index e4155f2..0000000 --- a/installbox.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -## This playbook deploys the installbox. Add 'hostname=XXX' and -## 'domain=YYY' to the installer boot parameters to set hostname and -## domain. - -- name: apply configuration to the installbox - hosts: all - remote_user: ansible - become: true - - vars: - ## This interface provides the default route: - if_wan: "{{ ansible_default_ipv4.interface }}" - - ## Use the first remaining interface for the LAN: - if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}" - - ## LAN IP address range: - ipaddr_lan: 192.168.0.10/24 - dhcp_start: 192.168.0.50 - dhcp_stop: 192.168.0.150 - in_inventory: 192.168.0.[50:150] - - di_dist: "{{ ansible_distribution_release }}" - di_version: "{{ ansible_distribution_major_version }}" - di_pkg: "debian-installer-{{ di_version }}-netboot-amd64" - - ansible_user: ansible - repo_dir: "/home/{{ ansible_user }}/debian-lan" - ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module - - - pre_tasks: - - name: validate if interfaces are available - fail: - msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed." - when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan) - - - roles: - - up2date_debian - - firewalld2if - - dnsmasq - - netbootinstaller - - aptcacher - - prepare4clients diff --git a/installbox6.yml b/installbox6.yml deleted file mode 100644 index dc66943..0000000 --- a/installbox6.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -## This playbook deploys the installbox6. Add 'hostname=XXX' and -## 'domain=YYY' to the installer boot parameters to set hostname and -## domain. - -## FIXME: works only on bookworm (kea-dhcp6, atftpd) - -- name: apply configuration to the installbox6 - hosts: all - remote_user: ansible - become: true - - vars: - ## This interface provides the default route: - if_lan: "{{ ansible_default_ipv4.interface }}" - prefix: '2001:db8:b001::/64' - - ## Find the IPv6 address: FIXME: not needed anymore? - ipv6_lan: "{{ prefix | ipaddr('address') | slaac(ansible_default_ipv4.macaddress) }}" - - di_dist: "{{ ansible_distribution_release }}" - di_version: 11 # "{{ ansible_distribution_major_version }}" - di_pkg: "debian-installer-{{ di_version }}-netboot-amd64" - - extra_pkgs: [binutils] # FIXME: missing dependency in di-netboot-assistant - - ansible_user: ansible - repo_dir: "/home/{{ ansible_user }}/debian-lan" - ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module - - roles: - - up2date_debian - - dhcp6radvdatftpd - - netbootinstaller - - aptcacher - - prepare4clients diff --git a/kerberox-client.yml b/kerberox-client.yml deleted file mode 100644 index 567676e..0000000 --- a/kerberox-client.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# This playbook deploys a client for the kerberox LAN. - -- name: apply configuration to the machines - hosts: all - remote_user: ansible - become: true - vars: - extra_pkgs: - - webext-privacy-badger - - webext-ublock-origin - - krb5-auth-dialog - extra_pkgs_bpo: [] # [ libreoffice ] - ansible_python_interpreter: "/usr/bin/python3" - - vars_prompt: - - name: "kadmin_pwd" - prompt: "Provide kadmin password to fetch kerberos keytab.\nLeave empty if done already" - private: true - - roles: - - up2date_debian - - lanclient - - kerberize - ## Choose either gnome or KDE: - # - gnome - # - kde diff --git a/kerberox.yml b/kerberox.yml deleted file mode 100644 index 084ec74..0000000 --- a/kerberox.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -## This playbook deploys the kerberox server. Add 'hostname=XXX' and -## 'domain=YYY' to the installer boot parameters to set hostname and domain. - -- name: apply configuration to the kerberox server - hosts: all - remote_user: ansible - become: true - - vars: - ## This interface provides the default route: - if_wan: "{{ ansible_default_ipv4.interface }}" - - ## Use the first remaining interface for the LAN: - if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}" - - ## LAN IP address range: - ipaddr_lan: 192.168.0.10/24 - ipaddr_lan_threeoct: "{{ ipaddr_lan.split('.')[0:3] | join('.') }}" - ipaddr_lan_ptr: "{{ (ipaddr_lan | ipaddr('revdns')).split('.')[1:] | join('.') }}" - ipaddr_lan_ptr_threeoct: "{{ ipaddr_lan_ptr.split('.')[0:3] | join('.') }}" - dhcp_start: 192.168.0.50 - dhcp_stop: 192.168.0.150 - in_inventory: 192.168.0.[50:150] - - di_dist: "{{ ansible_distribution_release }}" - di_version: "{{ ansible_distribution_major_version }}" - di_pkg: "debian-installer-{{ di_version }}-netboot-amd64" - - ansible_user: ansible - repo_dir: "/home/{{ ansible_user }}/debian-lan" - ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module - - - vars_prompt: - - name: "foo_pwd" - prompt: - In case you would like to prepare a test user 'foo' and have - not done so yet, provide foo's password here. Leave empty to - just continue - private: true - - - pre_tasks: - - name: validate if interfaces are available - fail: - msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed." - when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan) - - - roles: - - up2date_debian - - firewalld2if - - dnsmasq - - netbootinstaller - - aptcacher - - role: krb5kdcldap - when: not run_in_installer|default(false)|bool - - role: nfsserver - when: not run_in_installer|default(false)|bool - - prepare4clients - - kerberize diff --git a/kiosk.yml b/kiosk.yml deleted file mode 100644 index 4e2126f..0000000 --- a/kiosk.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# This playbook deploys a kiosk-computer - -- name: apply configuration to the machines - hosts: all - remote_user: ansible - become: true - vars: - auto_user: debi - wifi_ssid: "YOUR SSID HERE" - wifi_passwd: "YOUR WIFI-PW HERE" - extra_pkgs: - - webext-privacy-badger - - webext-ublock-origin - extra_pkgs_bpo: [] # [ libreoffice ] - - roles: - - up2date_debian - ## Choose either gnome or KDE: - - gnome - # - kde - - kiosk diff --git a/livebox.yml b/livebox.yml deleted file mode 100644 index 81d0916..0000000 --- a/livebox.yml +++ /dev/null @@ -1,89 +0,0 @@ -## This playbook deploys the LiveBox. -## -## The LiveBox provides Debian Live and Installer images on top -## of an already existing network with minimal modifications to -## existing infrastructure. It does not provide DHCP; the idea -## is to chainload the LiveBox' menu (iPXE or Grub) from PXE -## infrastructure already in place. -## -## To chainload the LiveBox in iPXE use: -## > item livebox Chainload Menu from LiveBox -## > … -## > :livebox chain tftp://livebox.lan/d-i/n-a/menu.ipxe -## -## To chainload the LiveBox in Grub use: -## > menuentry 'Chainload Menu from LiveBox' { -## > configfile (tftp,livebox.lan)/d-i/n-a/grub/grub.cfg -## > } -## ---- -- name: apply configuration to the livebox - hosts: all - remote_user: ansible - become: true - - vars: - extra_pkgs: - - lighttpd - - nfs-kernel-server - extra_pkgs_bpo: - - atftpd - - di-netboot-assistant - - apt-cacher-ng - - live_desktop: - - gnome - - kde - - standard - - live_url: 'https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/current-live/amd64/iso-hybrid/' - - # The edulive role generates customized Debian-Live images. - # Make sure you have sufficient disk space available (~30GiB?). - build_images: - - gnome-edu - - di_dist: "{{ ansible_distribution_release }}" - di_version: "{{ ansible_distribution_major_version }}" - di_pkg: "debian-installer-{{ di_version }}-netboot-amd64" - boot_params: - - boot=live - - netboot=nfs - - components - - locales=de_DE.UTF-8 - - keyboard-layouts=de - - quiet - - splash -# - noroot - - ansible_python_interpreter: "/usr/bin/python3" - - pre_tasks: - - name: preseed atftpd - debconf: - name: atftpd - question: atftpd/basedir - value: /var/lib/tftpboot - vtype: string - - - name: find available iso images - uri: - url: "{{ live_url }}" - return_content: true - register: idx - - - name: find and set ISO image version - set_fact: - version: "{{ idx.content | regex_findall('debian-live-(\\d+\\.\\d+\\.\\d+)-amd64-', '\\1') | first }}" - - - name: define ISO image map - set_fact: - live_iso: "{{ live_iso | default({}) | combine({ item: 'debian-live-' + version + '-amd64-' + item + '+nonfree.iso' }) }}" - loop: "{{ live_desktop }}" - - roles: - - up2date_debian - - netbootinstaller - - aptcacher - - debianlive - - edulive diff --git a/lmn-teacher.yml b/lmn-teacher.yml deleted file mode 100644 index 0a5cc4d..0000000 --- a/lmn-teacher.yml +++ /dev/null @@ -1,72 +0,0 @@ -## This playbook deploys a KDE teacher's laptop machine for LinuxMuster. ---- -- name: apply configuration to the machines - hosts: all - remote_user: ansible - become: yes - pre_tasks: - - name: Preseed unattended-upgrades - debconf: - name: unattended-upgrades - question: unattended-upgrades/enable_auto_updates - value: True - vtype: boolean - - vars: - domain: "{{ ansible_domain }}" - kerberize_uris: steinbeis.schule - apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/"; - ntp_serv: server.pn.steinbeis.schule - proxy: http://firewall.pn.steinbeis.schule:3128 - no_proxy: firewall.pn.steinbeis.schule,server.pn.steinbeis.schule,idam.steinbeis.schule,dw.steinbeis.schule,.pn.steinbeis.schule,.steinbeis.schule - - ## PAM mount nextcloud, remove or leave empty to skip: - web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER) - - ## Local mirror for mscorefonts. Remove or leave empty to use no mirror: - mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/ - - rsyncsecret: Muster! - keys2deploy: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0 andi@netboot' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM andi@yogi' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7 raphael@uranus' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA raphael@pluto' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy sascha@america' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMR4TP7jE+wS7zcH0iUBmlxCbvy9saYeEjonX/0yYfEJ daniel@NB-20-DW' - - ## Use grub-mkpasswd-pbkdf2 to calculate the password hash: - grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB' - nfs4: false - extra_pkgs: - - vim - - mc - - tmux - - krb5-user - - unattended-upgrades - - debconf-utils - extra_pkgs_bpo: [] # [ linux-image-amd64 ] - - roles: - - lmn_network - - up2date_debian - - lmn_sssd - - lmn_kde - - lmn_fvs ## school specific customization -# - lmn_vm - - kerberize -# - lmn_security - - tasks: - - name: enable pam_mkhomedir.so - lineinfile: - dest: /etc/pam.d/common-session - line: "session optional pam_mkhomedir.so umask=0022" - insertbefore: "# end of pam-auth-update config" - - name: Fix unattended-upgrades - ansible.builtin.copy: - dest: /etc/apt/apt.conf.d/20auto-upgrades - content: | - APT::Periodic::Update-Package-Lists "1"; - APT::Periodic::Unattended-Upgrade "1"; diff --git a/minimal-krb5.yml b/minimal-krb5.yml deleted file mode 100644 index 225abef..0000000 --- a/minimal-krb5.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# This playbook does almost nothing. Useful for testing only preseeding. - -- name: apply a minimal configuration with kerberos LAN integration - hosts: all - remote_user: ansible - become: true - roles: - - up2date_debian - - lan-client diff --git a/minimal.yml b/minimal.yml deleted file mode 100644 index 9cdf982..0000000 --- a/minimal.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This playbook does almost nothing. Useful for testing only preseeding. - -- name: apply a minimal configuration to the machine - hosts: all - remote_user: ansible - become: true - roles: - - up2date_debian diff --git a/roles/aptcacher/handlers/main.yml b/roles/aptcacher/handlers/main.yml deleted file mode 100644 index 2d70698..0000000 --- a/roles/aptcacher/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: start apt-cacher-ng - service: name=apt-cacher-ng state=started enabled=yes - listen: "start apt-cacher-ng" diff --git a/roles/aptcacher/tasks/main.yml b/roles/aptcacher/tasks/main.yml deleted file mode 100644 index b1f0ae3..0000000 --- a/roles/aptcacher/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ -- name: install apt-cacher-ng package - apt: - name: - - apt-cacher-ng - - auto-apt-proxy - state: latest # noqa package-latest - -- name: check if preseeded installer is available - stat: path={{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg - register: preseedcfg - -- name: enable apt-cacher-ng for install-clients - replace: - dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg" - regexp: '^d-i mirror/http/proxy string$' - replace: 'd-i mirror/http/proxy string http://{{ ansible_hostname }}:3142/' - when: preseedcfg.stat.exists - -- name: test if firewalld is available - stat: path=/usr/sbin/firewalld - register: firewalld - -- name: allow apt-cacher-ng service in firewalld - firewalld: - zone: internal - port: 3142/tcp - permanent: true - immediate: true - state: enabled - when: not run_in_installer|default(false)|bool and firewalld.stat.exists - -- name: allow apt-cacher-ng service in firewalld, offline - command: "firewall-offline-cmd --zone=internal --add-port=3142/tcp" - when: run_in_installer|default(false)|bool and firewalld.stat.exists - -- name: flush handler to make apt-cacher available - meta: flush_handlers diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml deleted file mode 100644 index 680efc2..0000000 --- a/roles/backup/defaults/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -borg_pwd: "{{ lookup('password', '/tmp/borg.pwd chars=ascii_letters,digits length=32') }}" -borg_pwd_file: "/root/borg.pwd" -borg_key_backup: "/root/borg-key.backup" - -## alternative: "ssh://user@host:port/path/to/repo" -backup_repo: "/var/backups/mnt/backup/borg" - -backup_dirs_extra: "" - -backup_opts: "--exclude-caches" -backup_opts_extra: "" - -www_root: "/var/www" -nc_dir: "{{ www_root }}/nextcloud" -data_dir: "/var/nc-data" diff --git a/roles/backup/files/backup.service b/roles/backup/files/backup.service deleted file mode 100644 index 6f653c2..0000000 --- a/roles/backup/files/backup.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Run backup script - -[Service] -Type=simple -ExecStart=/usr/local/bin/backup diff --git a/roles/backup/files/backup.timer b/roles/backup/files/backup.timer deleted file mode 100644 index 866729d..0000000 --- a/roles/backup/files/backup.timer +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Run backup script daily - -[Timer] -OnCalendar=*-*-* 4:00:00 -Persistent=true -AccuracySec=15min - -[Install] -WantedBy=timers.target diff --git a/roles/backup/handlers/main.yml b/roles/backup/handlers/main.yml deleted file mode 100644 index 3a4f8f6..0000000 --- a/roles/backup/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ -- name: enable backup.service and .timer - systemd: - name: backup.timer - state: started - enabled: true - listen: "enable backup.timer" diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml deleted file mode 100644 index f263d5c..0000000 --- a/roles/backup/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ -- name: install borg - apt: - name: borgbackup - state: latest # noqa package-latest - -- name: check if borg password is available - stat: path="{{ borg_pwd_file }}" - register: borg - -- name: dump borg password - shell: echo -n "{{ borg_pwd }}" > "{{ borg_pwd_file }}" ; chmod 0600 "{{ borg_pwd_file }}" - no_log: true - when: not borg.stat.exists - -- name: provide backup script - template: - src: "backup" - dest: "/usr/local/bin/backup" - mode: "0750" - -- name: provide backup.service and .timer - copy: - src: "{{ item }}" - dest: "/etc/systemd/system/{{ item }}" - mode: 0644 - with_items: - - backup.service - - backup.timer - notify: "enable backup.timer" - -- name: run first backup - command: /usr/local/bin/backup - when: not borg.stat.exists diff --git a/roles/backup/templates/backup b/roles/backup/templates/backup deleted file mode 100755 index 1cc3c5c..0000000 --- a/roles/backup/templates/backup +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -set -eu - -BACKUP=({{ backup_dirs|join(' ') }} {{ backup_dirs_extra|join(' ') }}) -OPTIONS=({{ backup_opts }} {{ backup_opts_extra }}) - -export BORG_REPO="{{ backup_repo }}" -export BORG_PASSCOMMAND="cat {{ borg_pwd_file }}" -KEY_BACKUP="{{ borg_key_backup }}" - -MOUNTED="" - -MNT="$(echo "$BORG_REPO" | sed "s|\(^.*/mnt\).*|\1|")" -if grep -q "$MNT" /etc/fstab ; then - [ -d "$BORG_REPO" ] || mount -v "$MNT" && MOUNTED="TRUE" -fi - -if [ ! -e "$KEY_BACKUP" ] ; then - [[ "$BORG_REPO" =~ @ ]] || mkdir -vp --mode=0750 "$BORG_REPO" - borg init --encryption=repokey - borg key export "$BORG_REPO" "$KEY_BACKUP" -fi - -if [ -e "{{ nc_dir }}/config/config.php" ] ; then - NCDB="{{ data_dir }}/nextcloud-database.dump" - sudo -u www-data /usr/bin/php {{ nc_dir }}/occ maintenance:mode --on - PW="$(grep dbpassword {{ nc_dir }}/config/config.php | \ - sed -e "s/\W*'dbpassword' => '//" -e "s/',$//")" - - echo -n "Dumping data base into '$NCDB' … " - mysqldump --single-transaction -h localhost -u nextcloud -p"$PW" nextcloud > "$NCDB" - chmod 600 "$NCDB" - echo "done." -fi - -echo "Backup ${BACKUP[@]} to $BORG_REPO." -borg create -v --show-rc "${OPTIONS[@]}" ::'{hostname}-{now}' "${BACKUP[@]}" - -borg prune -v --list --prefix='{hostname}-' --show-rc \ - --keep-daily 14 \ - --keep-weekly 8 \ - --keep-monthly 6 \ - --keep-yearly 10 - -if [ -e "{{ nc_dir }}/config/config.php" ] ; then - sudo -u www-data /usr/bin/php {{ nc_dir }}/occ maintenance:mode --off -fi - -if [ "$MOUNTED" = "TRUE" ] ; then - umount -v "$MNT" -fi diff --git a/roles/ddnsupdate/files/ddns-update b/roles/ddnsupdate/files/ddns-update deleted file mode 100755 index 00c4bc8..0000000 --- a/roles/ddnsupdate/files/ddns-update +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -set -eu - -. /etc/ddns-update/ddns-update.conf - -DDHOST="https://www.ddnss.de/upd.php" - -if ! DNSRESULT="$(host $DDNSNAME)" ; then - echo "Could not resolve IP address for '$DDNSNAME', no update." - exit 0 -fi - -DNSIP4="$(echo "$DNSRESULT" | grep -m 1 -oE '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$' || true )" -DNSIP6="$(echo "$DNSRESULT" | grep -m 1 -oE '[0-9a-f]{1,4}:.+:[0-9a-f]{1,4}' || true )" - -REALIP4="$(wget -q -O - https://ip4.ddnss.de/meineip.php | \ - grep -m 1 -oE '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' || true )" -REALIP6="$(wget -q -O - https://ip6.ddnss.de/meineip.php | \ - grep -m 1 -oE '[0-9a-f]{1,4}:.+:[0-9a-f]{1,4}' || true )" - -if [ -z "$REALIP4" -a -z "$REALIP6" ] ; then - echo "Could not detect real IP addresses, exiting." - exit 0 -fi - -echo "Current DNS: IPv4=$DNSIP4, IPv6=$DNSIP6." -echo "Detected: IPv4=$REALIP4, IPv6=$REALIP6." - -if [ "$REALIP4" == "$DNSIP4" -a "$REALIP6" == "$DNSIP6" ] ; then - echo "IP address unchanged, no update." -else - echo "IP address changed: $DNSIP4 → ${REALIP4}, $DNSIP6 → ${REALIP6}, updating ddns." - wget -q -O - $DDHOST'?key='$KEYAUTH'&host='$DDNSNAME'&ip='$REALIP4'&ip6='$REALIP6 \ - | grep -oE "Updated .+ hostname." || echo "Update not confirmed, it might have failed." -fi diff --git a/roles/ddnsupdate/files/ddns-update.service b/roles/ddnsupdate/files/ddns-update.service deleted file mode 100644 index 6c1da59..0000000 --- a/roles/ddnsupdate/files/ddns-update.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Update ddns - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/ddns-update diff --git a/roles/ddnsupdate/files/ddns-update.timer b/roles/ddnsupdate/files/ddns-update.timer deleted file mode 100644 index 0fb72ec..0000000 --- a/roles/ddnsupdate/files/ddns-update.timer +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Update ddns IP-address - -[Timer] -OnBootSec=0 -OnUnitActiveSec=20min -AccuracySec=3min - - -[Install] -WantedBy=timers.target diff --git a/roles/ddnsupdate/handlers/main.yml b/roles/ddnsupdate/handlers/main.yml deleted file mode 100644 index 1022036..0000000 --- a/roles/ddnsupdate/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: enable ddns-update timer - systemd: - name: ddns-update.timer - state: restarted - daemon_reload: true - enabled: true - listen: "enable ddns-update timer" diff --git a/roles/ddnsupdate/tasks/main.yml b/roles/ddnsupdate/tasks/main.yml deleted file mode 100644 index a345036..0000000 --- a/roles/ddnsupdate/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ -- name: make sure /etc/ddns-update/ exists - file: path=/etc/ddns-update/ state=directory recurse=yes - -- name: install ddns-update config - template: - src: ddns-update.conf.j2 - dest: /etc/ddns-update/ddns-update.conf - mode: 0644 - -- name: install ddns-update script - copy: - src: ddns-update - dest: /usr/local/bin/ddns-update - mode: 0755 - -- name: install ddns-update.service - copy: - src: ddns-update.service - dest: /etc/systemd/system/ddns-update.service - mode: 0644 - -- name: install ddns-update.timer - copy: - src: ddns-update.timer - dest: /etc/systemd/system/ddns-update.timer - mode: 0644 - notify: enable ddns-update timer diff --git a/roles/ddnsupdate/templates/ddns-update.conf.j2 b/roles/ddnsupdate/templates/ddns-update.conf.j2 deleted file mode 100644 index cd84e74..0000000 --- a/roles/ddnsupdate/templates/ddns-update.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -DDNSNAME="{{ ddns_domain }}" -KEYAUTH="{{ ddns_updkey }}" diff --git a/roles/debianlive/handlers/main.yml b/roles/debianlive/handlers/main.yml deleted file mode 100644 index affc752..0000000 --- a/roles/debianlive/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: rebuild di-netboot assistant menu - command: - cmd: di-netboot-assistant rebuild-menu - listen: rebuild di-netboot menu - -- name: export nfs - command: - cmd: exportfs -ra - listen: export nfs diff --git a/roles/debianlive/tasks/main.yml b/roles/debianlive/tasks/main.yml deleted file mode 100644 index 1def349..0000000 --- a/roles/debianlive/tasks/main.yml +++ /dev/null @@ -1,128 +0,0 @@ ---- -- name: download debian-live images - get_url: - url: "{{ live_url }}{{ item.value }}" - dest: "/var/cache/di-netboot-assistant/{{ item.value }}" - checksum: "sha256:{{ live_url }}/SHA256SUMS" - register: new_iso - loop: - "{{ live_iso | dict2items }}" - -- name: umount old iso images - mount: - path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}" - state: unmounted - loop: - "{{ live_iso | dict2items }}" - when: new_iso.changed - -- name: prepare live image directory - file: - path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}" - state: directory - mode: 0755 - loop: - "{{ live_iso | dict2items }}" - -- name: make sure loop module is loaded - modprobe: - name: loop - state: present - -- name: loop mount iso images - mount: - path: "/var/lib/tftpboot/d-i/n-live/{{ item.key }}" - src: "/var/cache/di-netboot-assistant/{{ item.value }}" - fstype: iso9660 - opts: loop,ro,nofail - state: mounted - loop: - "{{ live_iso | dict2items }}" - notify: rebuild di-netboot menu - -- name: prepare http downloads - file: - src: "/var/lib/tftpboot/d-i/" - dest: "/var/www/html/d-i" - state: link - -- name: export live image squashfs - lineinfile: - path: /etc/exports - line: "/var/lib/tftpboot/d-i/n-live/ *(ro,crossmnt,no_subtree_check)" - notify: export nfs - -- name: configure ipxe boot menu address and headline - replace: - path: /etc/di-netboot-assistant/ipxemenu.HEAD - regexp: "{{ item.reg }}" - replace: "{{ item.rep }}" - loop: - - reg: '^set 210:string .+$' - rep: 'set 210:string http://{{ ansible_default_ipv4.address }}/' - - reg: '^#(item --gap -- -- Customized Boot Entries.*)$' - rep: '\1' - notify: rebuild di-netboot menu - -- name: configure grub boot menu addresses - lineinfile: - path: /etc/di-netboot-assistant/grub.cfg.HEAD - line: "{{ item.line }}" - regexp: "{{ item.reg }}" - loop: - - line: "set root=(http,{{ ansible_default_ipv4.address }})" - reg: "^set root=" - - line: "set pxe_default_server={{ ansible_default_ipv4.address }}" - reg: "^set pxe_default_server=" - notify: rebuild di-netboot menu - -- name: prepare debian live nfs boot entry title - lineinfile: - path: /etc/di-netboot-assistant/ipxemenu.HEAD - insertafter: '-- Customized Boot Entries --' - line: "item {{ item.key }} Debian GNU/Linux {{ item.key }} NFS" - loop: - "{{ live_iso | dict2items }}" - notify: rebuild di-netboot menu - -- name: find kernel version - shell: - cmd: >- - basename /var/lib/tftpboot/d-i/n-live/{{ item.key }}/live/vmlinuz* - | sed "s/vmlinuz-//" - register: images - changed_when: false - loop: - "{{ live_iso | dict2items }}" - -- name: prepare debian live boot loader ipxe - blockinfile: - path: /etc/di-netboot-assistant/ipxemenu.HEAD - marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}" - block: | - :{{ item.item.key }} - echo Booting Debian GNU/Linux {{ item.item.key }} NFS - kernel ${210:string}d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \ - initrd=initrd.img-{{ item.stdout }} {{ boot_params|join(' ') }} \ - nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/ - initrd ${210:string}d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }} - boot - loop: - "{{ images.results }}" - notify: rebuild di-netboot menu - -- name: prepare debian live boot loader grub - blockinfile: - path: /etc/di-netboot-assistant/grub.cfg.HEAD - insertbefore: "^menuentry 'Boot from local disk..'" - marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.item.key }}" - block: | - menuentry 'Debian GNU/Linux Live {{ item.item.key }} NFS' { - linux (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/vmlinuz-{{ item.stdout }} \ - {{ boot_params|join(' ') }} \ - nfsroot={{ ansible_default_ipv4.address }}:/var/lib/tftpboot/d-i/n-live/{{ item.item.key }}/ - initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-live/{{ item.item.key }}/live/initrd.img-{{ item.stdout }} - } - loop: - "{{ images.results }}" - notify: rebuild di-netboot menu diff --git a/roles/dhcp6radvdatftp/handlers/main.yml b/roles/dhcp6radvdatftp/handlers/main.yml deleted file mode 100644 index 897fb0d..0000000 --- a/roles/dhcp6radvdatftp/handlers/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: restart radvd - systemd: - name: radvd.service - state: restarted - enabled: true - listen: restart radvd - -- name: restart kea-dhcp6-server - systemd: - name: kea-dhcp6-server.service - state: restarted - enabled: true - listen: restart kea-dhcp6-server - -- name: restart network interfaces - systemd: - name: networking - state: restarted - listen: reconfigure network diff --git a/roles/dhcp6radvdatftp/tasks/main.yml b/roles/dhcp6radvdatftp/tasks/main.yml deleted file mode 100644 index 17ecd17..0000000 --- a/roles/dhcp6radvdatftp/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ -## DHCPv6, RAs and TFTP ---- -- name: preseed aftpd - debconf: - name: atftpd - question: atftpd/basedir - value: /var/lib/tftpboot - vtype: string - -- name: install di-netboot-assistant and installer package - apt: - name: - - kea-dhcp6-server - - radvd - - atftpd - state: latest # noqa package-latest - -- name: configure radvd - template: - src: radvd.conf.j2 - dest: /etc/radvd.conf - mode: 0644 - notify: restart radvd - -- name: configure kea-dhcp-server - template: - src: kea-dhcp6.conf.j2 - dest: /etc/kea/kea-dhcp6.conf - mode: 0644 - notify: restart kea-dhcp6-server - -- name: set IPv6 address on interface - blockinfile: - path: /etc/network/interfaces - block: | - allow-hotplug {{ if_lan }} - iface {{ if_lan }} inet6 static - address 2001:db8:b001::1/64 - notify: reconfigure network diff --git a/roles/dhcp6radvdatftp/templates/kea-dhcp6.conf.j2 b/roles/dhcp6radvdatftp/templates/kea-dhcp6.conf.j2 deleted file mode 100644 index 305bde1..0000000 --- a/roles/dhcp6radvdatftp/templates/kea-dhcp6.conf.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{ - "Dhcp6": { - "interfaces-config": { - "interfaces": [ "{{ if_lan }}" ] - }, - "option-data": [ - { - "name": "bootfile-url", - "data": "tftp://[2001:db8:b001::1]/d-i/n-a/grubx64.efi" - } - ], - "subnet6": [ - { - "subnet": "2001:db8:b001::/64", - "pools": [ { "pool": "2001:db8:b001::2 - 2001:db8:b001::ffff" } ], - "interface": "enp1s0" - } - ] - } -} diff --git a/roles/dhcp6radvdatftp/templates/radvd.conf.j2 b/roles/dhcp6radvdatftp/templates/radvd.conf.j2 deleted file mode 100644 index 2d52dc2..0000000 --- a/roles/dhcp6radvdatftp/templates/radvd.conf.j2 +++ /dev/null @@ -1,10 +0,0 @@ -interface {{ if_lan }} -{ - AdvSendAdvert on; - AdvManagedFlag on; - AdvOtherConfigFlag on; - - prefix {{ prefix }} - { - }; -}; diff --git a/roles/dnsdhcptftp/defaults/main.yml b/roles/dnsdhcptftp/defaults/main.yml deleted file mode 100644 index d91fadf..0000000 --- a/roles/dnsdhcptftp/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -name_servers: ns1.{{ ansible_domain }} diff --git a/roles/dnsdhcptftp/handlers/main.yml b/roles/dnsdhcptftp/handlers/main.yml deleted file mode 100644 index 1f48f0f..0000000 --- a/roles/dnsdhcptftp/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: restart isc-dhcp-server - systemd: name=isc-dhcp-server state=restarted enabled=yes - listen: restart isc-dhcp-server - -- name: restart bind - systemd: name=bind9 state=restarted enabled=yes - listen: restart bind - -- name: restart tftpd-hpa - systemd: name=tftpd-hpa state=restarted enabled=yes - listen: restart tftpd-hpa - -- name: restart dhcp-client - systemd: name=ifup@{{ if_wan }} state=restarted enabled=yes - listen: restart dhcp-client diff --git a/roles/dnsdhcptftp/tasks/main.yml b/roles/dnsdhcptftp/tasks/main.yml deleted file mode 100644 index 8eb02e3..0000000 --- a/roles/dnsdhcptftp/tasks/main.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- -- name: preseed tftpd-hpa - debconf: - name: tftpd-hpa - question: tftpd-hpa/directory - value: /var/lib/tftpboot - vtype: string - -- name: install tftpd, dhcpd and named packages - apt: - name: - - isc-dhcp-server - - tftpd-hpa - - bind9 - state: latest # noqa package-latest - -## FIXME: preseeding seems to be ignored -- name: configure TFTP root directory - replace: - path: /etc/default/tftpd-hpa - regexp: '^TFTP_DIRECTORY=".*"$' - replace: 'TFTP_DIRECTORY="/var/lib/tftpboot"' - notify: restart tftpd-hpa - -- name: serve dhcp on LAN interface - replace: - path: /etc/default/isc-dhcp-server - regexp: '^INTERFACESv4=".*"$' - replace: 'INTERFACESv4="{{ if_lan }}"' - notify: restart isc-dhcp-server - -- name: deploy config files for isc-dhcp-server - template: - src: dhcpd.conf.j2 - dest: /etc/dhcp/dhcpd.conf - mode: 0644 - backup: true - notify: restart isc-dhcp-server - -- name: deploy config files for bind9 - template: - src: "{{ item.src }}.j2" - dest: "/etc/bind/{{ item.dest }}" - mode: 0644 - loop: - - src: db.RR - dest: "db.{{ ansible_domain }}" - - src: db.RRinv - dest: "db.{{ ipaddr_lan_threeoct }}" - - src: localzones - dest: localzones - notify: restart bind - -- name: link zone files to writeable directory for DDNS - file: - src: "/etc/bind/{{ item }}" - dest: "/var/lib/bind/{{ item }}" - state: link - loop: - - "db.{{ ansible_domain }}" - - "db.{{ ipaddr_lan_threeoct }}" - notify: restart bind - -- name: enable local bind config - lineinfile: - path: /etc/bind/named.conf.local - line: 'include "/etc/bind/localzones";' - notify: restart bind - -- name: adapt resolv.conf - template: - src: resolv.conf.j2 - dest: /etc/resolv.conf - mode: 0644 - notify: restart isc-dhcp-server - -## stop dhclient from overwriting /etc/resolv.conf: -- name: supersede dhcp client data - blockinfile: - dest: /etc/dhcp/dhclient.conf - block: | - supersede domain-search "{{ ansible_domain }}"; - supersede domain-name-servers 127.0.0.1; - insertbefore: "#send dhcp-client-identifier.*" - notify: restart dhcp-client - -- name: generate rndc key - command: - cmd: rndc-confgen -a - creates: /etc/bind/rndc.key - -- name: copy rndc key - copy: - src: /etc/bind/rndc.key - dest: /etc/dhcp/ - owner: root - group: root - mode: 0640 - remote_src: true - notify: restart isc-dhcp-server diff --git a/roles/dnsdhcptftp/templates/db.RR.j2 b/roles/dnsdhcptftp/templates/db.RR.j2 deleted file mode 100644 index 3bc6776..0000000 --- a/roles/dnsdhcptftp/templates/db.RR.j2 +++ /dev/null @@ -1,17 +0,0 @@ -$TTL 500 -@ IN SOA {{ ansible_fqdn }}. root.{{ ansible_domain }}. ( - 1 ; Serial - 3600 ; Refresh - 1800 ; Retry - 720000 ; Expire - 6400 ) ; Negative Cache TTL -; -@ NS {{ ansible_fqdn }}. - MX 10 {{ ansible_fqdn }}. -{{ ansible_hostname }} A {{ ipaddr_lan | ipaddr("address") }} -_ldap._tcp SRV 100 0 389 {{ ansible_fqdn }}. -ns1 CNAME {{ ansible_fqdn }}. -ns2 CNAME {{ ansible_fqdn }}. -aptcache CNAME {{ ansible_fqdn }}. -homes CNAME {{ ansible_fqdn }}. -ldap CNAME {{ ansible_fqdn }}. diff --git a/roles/dnsdhcptftp/templates/db.RRinv.j2 b/roles/dnsdhcptftp/templates/db.RRinv.j2 deleted file mode 100644 index 3f942c1..0000000 --- a/roles/dnsdhcptftp/templates/db.RRinv.j2 +++ /dev/null @@ -1,11 +0,0 @@ -$TTL 500 -@ IN SOA {{ ansible_fqdn }}. root.{{ ansible_domain }}. ( - 1 ; Serial - 3600 ; Refresh - 1800 ; Retry - 720000 ; Expire - 6400 ) ; Negative Cache TTL -; -@ NS {{ ansible_fqdn }}. - MX 10 {{ ansible_fqdn }}. -{{ ipaddr_lan | ipaddr("address") | regex_replace("^.*\.(.+$)", "\\1") }} PTR {{ ansible_fqdn }}. diff --git a/roles/dnsdhcptftp/templates/dhcpd.conf.j2 b/roles/dnsdhcptftp/templates/dhcpd.conf.j2 deleted file mode 100644 index 1096ab3..0000000 --- a/roles/dnsdhcptftp/templates/dhcpd.conf.j2 +++ /dev/null @@ -1,139 +0,0 @@ -# dhcpd.conf -# -# Sample configuration file for ISC dhcpd -# - -# option definitions common to all supported networks... -option domain-name "{{ ansible_domain }}"; -option domain-name-servers {{ name_servers }}; - -default-lease-time 600; -max-lease-time 7200; - -# The ddns-updates-style parameter controls whether or not the server will -# attempt to do a DNS update when a lease is confirmed. We default to the -# behavior of the version 2 packages ('none', since DHCP v2 didn't -# have support for DDNS.) -#ddns-update-style none; - -use-host-decl-names on; -ddns-update-style standard; - -include "/etc/dhcp/rndc.key"; - -zone {{ ansible_domain }}. { - primary 127.0.0.1; - key rndc-key; -} - -zone {{ ipaddr_lan_ptr }} { - primary 127.0.0.1; - key rndc-key; -} - - -# If this DHCP server is the official DHCP server for the local -# network, the authoritative directive should be uncommented. -authoritative; - -# Use this to send dhcp log messages to a different log file (you also -# have to hack syslog.conf to complete the redirection). -#log-facility local7; - -## The tftpd server IP address, for all clients. -next-server {{ ipaddr_lan | ipaddr("address") }}; - -option arch code 93 = unsigned integer 16; -if option arch = 00:07 { - filename "d-i/n-a/bootnetx64.efi"; -} else { - filename "d-i/n-a/pxelinux.0"; -} - -subnet {{ ipaddr_lan | ipaddr("network") }} netmask {{ ipaddr_lan | ipaddr("netmask") }} { - option routers {{ ipaddr_lan | ipaddr("address") }}; - range {{ dhcp_start }} {{ dhcp_stop }}; -} - - -# No service will be given on this subnet, but declaring it helps the -# DHCP server to understand the network topology. - -#subnet 10.152.187.0 netmask 255.255.255.0 { -#} - -# This is a very basic subnet declaration. - -#subnet 10.254.239.0 netmask 255.255.255.224 { -# range 10.254.239.10 10.254.239.20; -# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; -#} - -# This declaration allows BOOTP clients to get dynamic addresses, -# which we don't really recommend. - -#subnet 10.254.239.32 netmask 255.255.255.224 { -# range dynamic-bootp 10.254.239.40 10.254.239.60; -# option broadcast-address 10.254.239.31; -# option routers rtr-239-32-1.example.org; -#} - -# A slightly different configuration for an internal subnet. -#subnet 10.5.5.0 netmask 255.255.255.224 { -# range 10.5.5.26 10.5.5.30; -# option domain-name-servers ns1.internal.example.org; -# option domain-name "internal.example.org"; -# option routers 10.5.5.1; -# option broadcast-address 10.5.5.31; -# default-lease-time 600; -# max-lease-time 7200; -#} - -# Hosts which require special configuration options can be listed in -# host statements. If no address is specified, the address will be -# allocated dynamically (if possible), but the host-specific information -# will still come from the host declaration. - -#host passacaglia { -# hardware ethernet 0:0:c0:5d:bd:95; -# filename "vmunix.passacaglia"; -# server-name "toccata.example.com"; -#} - -# Fixed IP addresses can also be specified for hosts. These addresses -# should not also be listed as being available for dynamic assignment. -# Hosts for which fixed IP addresses have been specified can boot using -# BOOTP or DHCP. Hosts for which no fixed address is specified can only -# be booted with DHCP, unless there is an address range on the subnet -# to which a BOOTP client is connected which has the dynamic-bootp flag -# set. -#host fantasia { -# hardware ethernet 08:00:07:26:c0:a5; -# fixed-address fantasia.example.com; -#} - -# You can declare a class of clients and then do address allocation -# based on that. The example below shows a case where all clients -# in a certain class get addresses on the 10.17.224/24 subnet, and all -# other clients get addresses on the 10.0.29/24 subnet. - -#class "foo" { -# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; -#} - -#shared-network 224-29 { -# subnet 10.17.224.0 netmask 255.255.255.0 { -# option routers rtr-224.example.org; -# } -# subnet 10.0.29.0 netmask 255.255.255.0 { -# option routers rtr-29.example.org; -# } -# pool { -# allow members of "foo"; -# range 10.17.224.10 10.17.224.250; -# } -# pool { -# deny members of "foo"; -# range 10.0.29.10 10.0.29.230; -# } -#} diff --git a/roles/dnsdhcptftp/templates/localzones.j2 b/roles/dnsdhcptftp/templates/localzones.j2 deleted file mode 100644 index e71d0a7..0000000 --- a/roles/dnsdhcptftp/templates/localzones.j2 +++ /dev/null @@ -1,17 +0,0 @@ -include "/etc/bind/rndc.key"; - -zone "{{ ipaddr_lan_ptr[:-1] }}" { - type master; - notify no; - file "/etc/bind/db.{{ ipaddr_lan_threeoct }}"; - journal "/var/lib/bind/db.{{ ipaddr_lan_threeoct }}.jnl"; - allow-update { key rndc-key; }; -}; - -zone "{{ ansible_domain }}" { - type master; - notify no; - file "/etc/bind/db.{{ ansible_domain }}"; - journal "/var/lib/bind/db.{{ ansible_domain }}.jnl"; - allow-update { key rndc-key; }; -}; diff --git a/roles/dnsdhcptftp/templates/resolv.conf.j2 b/roles/dnsdhcptftp/templates/resolv.conf.j2 deleted file mode 100644 index 36d45af..0000000 --- a/roles/dnsdhcptftp/templates/resolv.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -search {{ ansible_domain }}. -nameserver 127.0.0.1 diff --git a/roles/dnsmasq/handlers/main.yml b/roles/dnsmasq/handlers/main.yml deleted file mode 100644 index f549f18..0000000 --- a/roles/dnsmasq/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: restart dnsmasq - service: name=dnsmasq state=restarted enabled=yes - listen: "restart dnsmasq" diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml deleted file mode 100644 index 00f73a6..0000000 --- a/roles/dnsmasq/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ -- name: check if dnsmasq is already there - stat: path=/etc/dnsmasq.d/dnsmasq-dhcp - register: dnsmasq - -- name: install dnsmasq package - apt: - name: - - dnsmasq - - resolvconf - state: latest # noqa package-latest - -- name: configure dnsmasq dhcp - template: - src: dnsmasq-dhcp.j2 - dest: /etc/dnsmasq.d/dnsmasq-dhcp - mode: 0644 - notify: "restart dnsmasq" - -- name: configure dnsmasq tftp - template: - src: dnsmasq-tftp-netboot-installer.j2 - dest: /etc/dnsmasq.d/tftp-netboot-installer - mode: 0644 - notify: "restart dnsmasq" diff --git a/roles/dnsmasq/templates/dnsmasq-dhcp.j2 b/roles/dnsmasq/templates/dnsmasq-dhcp.j2 deleted file mode 100644 index 77201cf..0000000 --- a/roles/dnsmasq/templates/dnsmasq-dhcp.j2 +++ /dev/null @@ -1,3 +0,0 @@ -interface={{ if_lan }} -dhcp-range={{ dhcp_start }},{{ dhcp_stop }},2h -# dhcp-generate-names ## better use grub to generate names diff --git a/roles/dnsmasq/templates/dnsmasq-tftp-netboot-installer.j2 b/roles/dnsmasq/templates/dnsmasq-tftp-netboot-installer.j2 deleted file mode 100644 index 2289ac9..0000000 --- a/roles/dnsmasq/templates/dnsmasq-tftp-netboot-installer.j2 +++ /dev/null @@ -1,5 +0,0 @@ -enable-tftp -tftp-root={{ tftp_root }} -dhcp-boot=d-i/n-a/pxelinux.0 -dhcp-match=set:efi-x86_64,option:client-arch,7 -dhcp-boot=tag:efi-x86_64,d-i/n-a/bootnetx64.efi diff --git a/roles/educontainer/defaults/main.yml b/roles/educontainer/defaults/main.yml deleted file mode 100644 index b58b8b7..0000000 --- a/roles/educontainer/defaults/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -## generate most of this list with 'tasksel --task-packages standard' -cont_packages: - - systemd-container - - openssh-server - - sudo - - python3 - - auto-apt-proxy - - bash-completion - - ca-certificates - - man-db - - manpages - -cont_packages_extra: [] diff --git a/roles/educontainer/handlers/main.yml b/roles/educontainer/handlers/main.yml deleted file mode 100644 index 70b52ec..0000000 --- a/roles/educontainer/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: enable and restart containers - systemd: - name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service - state: restarted - enabled: true - loop: "{{ containers }}" - listen: enable and restart containers diff --git a/roles/educontainer/tasks/main.yml b/roles/educontainer/tasks/main.yml deleted file mode 100644 index d5dfc93..0000000 --- a/roles/educontainer/tasks/main.yml +++ /dev/null @@ -1,70 +0,0 @@ -## Prepare minimal systemd-nspawn containers for educational use. -## -## Port mapping to the host: -## -## container 0: ssh → host port 10000, HTTP → 10100 -## container 1: ssh → host port 10001, HTTP → 10101 -## ... ... ... -## -## User '{{ contuser }}' in the sudo group. Password is '{{ contpwd }}'. -## - -- name: stop all containers - systemd: - name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service - state: stopped - loop: "{{ containers | reverse }}" - tags: - - never - - stop - - reset - - purge - - setup - - restart - -- name: purge all containers - command: - cmd: machinectl remove {{ contname }}{{ "%02d" | format(item|int) }} - removes: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }} - loop: "{{ containers | reverse }}" - tags: - - never - - purge - - setup - -- name: remove container overlay - file: - path: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}-delta - state: absent - loop: "{{ containers | reverse }}" - tags: - - never - - reset - - purge - - setup - -- name: start all containers - systemd: - name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service - state: started - loop: "{{ containers | reverse }}" - tags: - - never - - start - - reset - - restart - -########### - -- name: check if container template exists - ansible.builtin.stat: - path: "/var/lib/machines/{{ contname }}00" - register: cont - tags: - - always - -- name: import setup.yml tasks - import_tasks: setup.yml - when: cont.stat.isdir is not defined - tags: - - always diff --git a/roles/educontainer/tasks/setup.yml b/roles/educontainer/tasks/setup.yml deleted file mode 100644 index aa117ee..0000000 --- a/roles/educontainer/tasks/setup.yml +++ /dev/null @@ -1,181 +0,0 @@ ---- - -- name: install packages - apt: - name: - - systemd-container - - debootstrap - - auto-apt-proxy - state: latest # noqa package-latest - -- name: prepare machine directory - file: - path: /var/lib/machines/ - state: directory - mode: 0700 - -- name: debootstrap base system - command: - cmd: > - auto-apt-proxy debootstrap - --include={{ cont_packages | union(cont_packages_extra) | join(',') }} - --components=main,contrib,non-free stable - {{ contname }}00 http://deb.debian.org/debian - args: - chdir: /var/lib/machines/ - creates: /var/lib/machines/{{ contname }}00 - notify: enable and restart containers - -- name: provide complete apt sources - copy: - src: /etc/apt/sources.list - dest: /var/lib/machines/{{ contname }}00/etc/apt/sources.list - mode: 0644 - remote_src: true - -- name: configure locale - lineinfile: - path: /var/lib/machines/{{ contname }}00/etc/profile - line: 'export LANG=C' - -## Use 'chroot' here instead of 'systemd-nspawn -D …' to make it work -## with ansible-pull in the preseed debian installer: -- name: upgrade container - command: - cmd: "{{ item }}" - args: - chdir: /var/lib/machines/{{ contname }}00 - loop: - - mount --bind /proc proc - - mount --bind /sys sys - - mount --bind /dev/pts dev/pts - - chroot . sh -c '/usr/bin/apt-get update && DEBIAN_FRONTEND=noninteractive /usr/bin/apt-get full-upgrade --yes' - - umount proc sys dev/pts - register: cmd_result - changed_when: cmd_result.stdout is not search('0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.') - -- name: provide {{ contuser }} user account - command: - cmd: > - chroot . sh -c '/usr/sbin/useradd -m -s /bin/bash - -c "User {{ contuser }},,," -G sudo {{ contuser }}' - args: - chdir: /var/lib/machines/{{ contname }}00 - creates: /var/lib/machines/{{ contname }}00/home/{{ contuser }} - register: user_account - -- name: provide empty password for {{ contuser }} user - command: - cmd: chroot . sh -c "passwd -d {{ contuser }}" - args: - chdir: /var/lib/machines/{{ contname }}00 - when: user_account.changed | default(false) and contpwd | length == 0 - -- name: provide password for container {{ contuser }} user - command: - cmd: chroot . sh -c "echo {{ contuser }}:{{ contpwd }} | chpasswd" - args: - chdir: /var/lib/machines/{{ contname }}00 - when: user_account.changed | default(true) and contpwd | length > 0 - -- name: allow empty passwords in ssh - lineinfile: - path: /var/lib/machines/{{ contname }}00/etc/ssh/sshd_config - insertafter: '#PermitEmptyPasswords no' - line: 'PermitEmptyPasswords yes' - when: user_account.changed | default(false) and contpwd | length == 0 - -- name: prepare directories - file: - path: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item }} - state: directory - mode: 0755 - loop: - - multi-user.target.wants - - sockets.target.wants - - network-online.target.wants - notify: enable and restart containers - -- name: enable systemd-networkd service - file: - src: /lib/systemd/system/{{ item.src }} - dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }} - state: link - follow: false - force: true - loop: - - src: systemd-networkd.service - dest: dbus-org.freedesktop.network1.service - - src: systemd-networkd.service - dest: multi-user.target.wants/systemd-networkd.service - - src: systemd-networkd.socket - dest: sockets.target.wants/systemd-networkd.socket - - src: systemd-networkd-wait-online.service - dest: network-online.target.wants/systemd-networkd-wait-online.service - notify: enable and restart containers - -- name: enable systemd-resolved in containers - file: - src: /lib/systemd/system/{{ item.src }} - dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }} - state: link - follow: false - force: true - loop: - - src: systemd-resolved.service - dest: dbus-org.freedesktop.resolve1.service - - src: systemd-resolved.service - dest: multi-user.target.wants/systemd-resolved.service - notify: enable and restart containers - -######## -- name: prepare local sysctl config file - copy: - content: "# Avoid 'too many open files' error:" - dest: /etc/sysctl.d/inotify.conf - mode: 0644 - force: false - -- name: fix too many open files error - sysctl: - name: fs.inotify.max_user_instances - value: '1024' - sysctl_file: /etc/sysctl.d/inotify.conf - -- name: generate links to the initial container - file: - src: "{{ contname }}00" - dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }} - state: link - loop: "{{ containers[1:] }}" - notify: enable and restart containers - -- name: prepare nspawn config directory - file: - path: /etc/systemd/nspawn - state: directory - mode: 0755 - -- name: provide container configuration - template: - src: contcfg.nspawn.j2 - dest: /etc/systemd/nspawn/{{ contname }}{{ "%02d" | format(item|int) }}.nspawn - mode: 0644 - loop: "{{ containers }}" - notify: enable and restart containers - -- name: provide container hostname file - template: - src: hostname.j2 - dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hostname - mode: 0644 - loop: "{{ containers }}" - notify: enable and restart containers - -- name: provide container hosts file - template: - src: hosts.j2 - dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts - mode: 0644 - loop: "{{ containers }}" - notify: enable and restart containers diff --git a/roles/educontainer/templates/contcfg.nspawn.j2 b/roles/educontainer/templates/contcfg.nspawn.j2 deleted file mode 100644 index 9f8b5ea..0000000 --- a/roles/educontainer/templates/contcfg.nspawn.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Exec] -Capability=CAP_NET_ADMIN -ResolvConf=copy-host - -[Network] -Port=10{{ "%03d" | format(item|int) }}:22 -Port=10{{ "%03d" | format(item|int + 100) }}:80 -Port=10{{ "%03d" | format(item|int + 200) }}:443 - -[Files] -ReadOnly=yes -Overlay=+/:/var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}-delta:/ -PrivateUsersChown=false -BindReadOnly=/var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hostname:/etc/hostname -BindReadOnly=/var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts:/etc/hosts diff --git a/roles/educontainer/templates/hostname.j2 b/roles/educontainer/templates/hostname.j2 deleted file mode 100644 index 3c3ac55..0000000 --- a/roles/educontainer/templates/hostname.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ contname }}{{ "%02d" | format(item|int) }} diff --git a/roles/educontainer/templates/hosts.j2 b/roles/educontainer/templates/hosts.j2 deleted file mode 100644 index 9767fea..0000000 --- a/roles/educontainer/templates/hosts.j2 +++ /dev/null @@ -1,4 +0,0 @@ -127.0.0.1 localhost {{ contname }}{{ "%02d" | format(item|int) }} -::1 localhost {{ contname }}{{ "%02d" | format(item|int) }} ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/roles/edulive/defaults/main.yml b/roles/edulive/defaults/main.yml deleted file mode 100644 index 5834054..0000000 --- a/roles/edulive/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -build_dir: /opt/live-build/ diff --git a/roles/edulive/files/gnome-edu/README b/roles/edulive/files/gnome-edu/README deleted file mode 100644 index 83e60e3..0000000 --- a/roles/edulive/files/gnome-edu/README +++ /dev/null @@ -1,2 +0,0 @@ -This config space is based on: - https://salsa.debian.org/live-team/live-images/-/tree/debian/images/gnome-desktop \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/auto/build b/roles/edulive/files/gnome-edu/auto/build deleted file mode 100755 index f8d8346..0000000 --- a/roles/edulive/files/gnome-edu/auto/build +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -set -e - -lb build noauto "${@}" 2>&1 | tee build.log diff --git a/roles/edulive/files/gnome-edu/auto/clean b/roles/edulive/files/gnome-edu/auto/clean deleted file mode 100755 index 4b8ccaa..0000000 --- a/roles/edulive/files/gnome-edu/auto/clean +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -set -e - -lb clean noauto "${@}" - -rm -f config/binary config/bootstrap config/chroot config/common config/source -rm -f config/control - -rm -f build.log diff --git a/roles/edulive/files/gnome-edu/auto/config b/roles/edulive/files/gnome-edu/auto/config deleted file mode 100755 index 96e38d3..0000000 --- a/roles/edulive/files/gnome-edu/auto/config +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -set -e - -lb config noauto \ - --clean \ - --cache false \ - --net-tarball false \ - --ignore-system-defaults \ - --distribution bullseye \ - --binary-images netboot \ - --mode debian \ - --backports true \ - --linux-packages linux-image \ - --archive-areas "main contrib non-free" \ - --mirror-bootstrap http://localhost:3142/deb.debian.org/debian/ \ - --mirror-chroot-security http://localhost:3142/security.debian.org/debian-security/ \ -"${@}" diff --git a/roles/edulive/files/gnome-edu/config/hooks/0001-plymouth-theme.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/0001-plymouth-theme.hook.chroot deleted file mode 100755 index 16095e0..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/0001-plymouth-theme.hook.chroot +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -set -e - -if [ -e /usr/sbin/plymouth-set-default-theme ] && [ -e /usr/share/plymouth/themes/lines ] -then - plymouth-set-default-theme lines -fi diff --git a/roles/edulive/files/gnome-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot deleted file mode 120000 index 996f766..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/live/0010-disable-kexec-tools.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/live/0010-disable-kexec-tools.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot deleted file mode 120000 index 5ddf090..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/live/0050-disable-sysvinit-tmpfs.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot deleted file mode 100755 index a051368..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/live/0500-desktop.hook.chroot +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -e - -echo 'pref("browser.startup.homepage", "https://www.startpage.com");' >> /etc/firefox-esr/firefox-esr.js -echo 'pref("network.proxy.type", 4);' >> /etc/firefox-esr/firefox-esr.js - -dconf update - -#sed -i "s/^/#/" /etc/xdg/user-dirs.defaults - -sed -i "s/^#WaylandEnable=false$/WaylandEnable=false/" /etc/gdm3/daemon.conf - -## workaround https://bugzilla.gnome.org/show_bug.cgi?id=730587 -#dpkg-divert --divert /usr/bin/gnome-keyring-daemon.bak --rename /usr/bin/gnome-keyring-daemon diff --git a/roles/edulive/files/gnome-edu/config/hooks/live/0600-wireshark.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/live/0600-wireshark.hook.chroot deleted file mode 100755 index 13ce126..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/live/0600-wireshark.hook.chroot +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -set -e - -## allow everybody to run wireshark: -chmod 0755 /usr/bin/dumpcap diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot deleted file mode 120000 index 58123fc..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0020-create-mtab-symlink.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0020-create-mtab-symlink.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot deleted file mode 120000 index c5ab625..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0030-enable-cryptsetup.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0030-enable-cryptsetup.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0040-create-locales-files.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0040-create-locales-files.hook.chroot deleted file mode 120000 index 036e7e0..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0040-create-locales-files.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0040-create-locales-files.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot deleted file mode 120000 index b0ccdb6..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0100-remove-adjtime-configuration.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0100-remove-adjtime-configuration.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot deleted file mode 120000 index 8b68c5c..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0110-remove-backup-files.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0110-remove-backup-files.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot deleted file mode 120000 index 4d55b27..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0120-remove-dbus-machine-id.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0120-remove-dbus-machine-id.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot deleted file mode 120000 index 54f6a9b..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0130-remove-gnome-icon-cache.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0140-remove-log-files.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0140-remove-log-files.hook.chroot deleted file mode 120000 index 2b99cec..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0140-remove-log-files.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0140-remove-log-files.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot deleted file mode 120000 index 0c3cd2f..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0150-remove-mdadm-configuration.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0150-remove-mdadm-configuration.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot deleted file mode 120000 index e57b8d2..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0160-remove-openssh-server-host-keys.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0170-remove-python-py.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0170-remove-python-py.hook.chroot deleted file mode 120000 index 858a942..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0170-remove-python-py.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0170-remove-python-py.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot deleted file mode 120000 index 6cecf66..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0180-remove-systemd-machine-id.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0180-remove-systemd-machine-id.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot deleted file mode 120000 index ada76d9..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0190-remove-temporary-files.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0190-remove-temporary-files.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot deleted file mode 120000 index 9fc0723..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0195-remove-ssl-cert-snakeoil.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot deleted file mode 120000 index f893dcc..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0200-remove-udev-persistent-cd-rules.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot deleted file mode 120000 index a6ee33d..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0300-remove-udev-persistent-net-rules.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot deleted file mode 120000 index 380fdcf..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0400-update-apt-file-cache.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0400-update-apt-file-cache.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot deleted file mode 120000 index dd7150e..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0410-update-apt-xapian-index.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0410-update-apt-xapian-index.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot deleted file mode 120000 index 4da25f8..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0420-update-glx-alternative.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0420-update-glx-alternative.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot deleted file mode 120000 index 13b49d7..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0430-update-mlocate-database.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0430-update-mlocate-database.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot deleted file mode 120000 index 0a65196..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0440-update-nvidia-alternative.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0440-update-nvidia-alternative.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot b/roles/edulive/files/gnome-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot deleted file mode 120000 index 9d4f095..0000000 --- a/roles/edulive/files/gnome-edu/config/hooks/normal/0500-reproducible-glibc.hook.chroot +++ /dev/null @@ -1 +0,0 @@ -/usr/share/live/build/hooks/normal/0500-reproducible-glibc.hook.chroot \ No newline at end of file diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/db/gdm.d/00-login-screen b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/db/gdm.d/00-login-screen deleted file mode 100644 index 23408bc..0000000 --- a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/db/gdm.d/00-login-screen +++ /dev/null @@ -1,8 +0,0 @@ -[org/gnome/login-screen] -disable-user-list=true -logo='/usr/share/desktop-base/debian-logos/logo-text-64.png' - -[org/gnome/settings-daemon/plugins/power] -power-button-action='interactive' -sleep-inactive-ac-timeout=600 -sleep-inactive-ac-type='interactive' diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/db/local.d/defaults b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/db/local.d/defaults deleted file mode 100644 index ffde793..0000000 --- a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/db/local.d/defaults +++ /dev/null @@ -1,34 +0,0 @@ -[org/gnome/shell] -enabled-extensions=['apps-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'places-menu@gnome-shell-extensions.gcampax.github.com', 'drive-menu@gnome-shell-extensions.gcampax.github.com', 'dash-to-dock@micxgx.gmail.com'] - -[org/gnome/desktop/input-sources] -sources=[('xkb', 'de'), ('xkb', 'us')] - -[org/gnome/desktop/wm/preferences] -button-layout='appmenu:minimize,maximize,close' - -[org/gnome/desktop/peripherals/touchpad] -natural-scroll=false -edge-scrolling-enabled=true -tap-to-click=true - -[org/gnome/nautilus/preferences] -default-folder-viewer='list-view' - -[org/gnome/nautilus/list-view] -use-tree-view=true - -[org/gnome/settings-daemon/plugins/power] -power-button-action='interactive' -sleep-inactive-battery-timeout=600 -sleep-inactive-battery-type='hibernate' -sleep-inactive-ac-timeout=6000 -sleep-inactive-ac-type='nothing' - -[org/gnome/desktop/screensaver] -lock-enabled=false - -[org/gnome/desktop/interface] -clock-show-date=true -clock-show-seconds=true -clock-show-weekday=true diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/profile/gdm b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/profile/gdm deleted file mode 100644 index c165d75..0000000 --- a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/profile/gdm +++ /dev/null @@ -1,3 +0,0 @@ -user-db:user -system-db:gdm -file-db:/usr/share/gdm/greeter.dconf-defaults diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/profile/user b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/profile/user deleted file mode 100644 index aca0641..0000000 --- a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/dconf/profile/user +++ /dev/null @@ -1,2 +0,0 @@ -user-db:user -system-db:local diff --git a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml b/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml deleted file mode 100644 index 6a993f9..0000000 --- a/roles/edulive/files/gnome-edu/config/includes.chroot/etc/libvirt/qemu/netboot.xml +++ /dev/null @@ -1,151 +0,0 @@ - - - - netboot - 60ea84db-de6c-493c-8e3f-8e9a99ee19c2 - - - - - - 2097152 - 2097152 - 2 - - hvm - /usr/share/OVMF/OVMF_CODE.fd - /var/lib/libvirt/qemu/nvram/netboot_VARS.fd - - - - - - - - - - - - - - - - destroy - restart - destroy - - - - - - /usr/bin/qemu-system-x86_64 - -
- - -
- - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - - -
- - - - - -
- - - - - -
- - - - - - - - - - - -
- - - -
- - -
- - - - - - - - -
- -