---
- name: install desktop EDU packages and some more
apt:
name:
- atftp
- thunderbird-l10n-de
- webext-privacy-badger
- webext-ublock-origin-firefox
- webext-ublock-origin-chromium
- emacs
- elpa-magit
- elpa-color-theme-modern
- vlc
- gimp
- inkscape
- flameshot
- bluefish
- git
- gitk
- gitg
- wireshark
- nmap
- netcat-openbsd
- net-tools
- ghex
- thonny
- spyder
# - mu-editor
- dia
- vym
- tree
- xdg-desktop-portal-kde
- task-german-kde-desktop
- task-german-desktop
- kde-full
- ttf-mscorefonts-installer
- sqlite3
- sqlitebrowser
- neovim
- qtcreator
- freecad
- librecad
- arduino
- kicad
- keepassxc
- tmux
- curl
- default-jdk
- pulseview
- sigrok
- sigrok-cli
- codeblocks
state: latest
environment:
http_proxy: http://firewall.pn.steinbeis.schule:3128
https_proxy: http://firewall.pn.steinbeis.schule:3128
- name: add {{ ansible_distribution_release }}-backports
apt_repository:
repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main contrib non-free
state: present
update_cache: true
when: ansible_distribution_release == 'bullseye'
- name: install extra packages from backports
apt:
name:
- libreoffice
- libreoffice-l10n-de
state: latest # noqa package-latest
autoremove: true
default_release: "{{ ansible_distribution_release }}-backports"
when: ansible_distribution_release == 'bullseye'
- name: Allow users to dump packets for wireshark
ansible.builtin.file:
path: /usr/bin/dumpcap
mode: '0755'
- name: Add home dirs to apparmor
lineinfile:
dest: /etc/apparmor.d/tunables/home.d/ubuntu
line: >-
@{HOMEDIRS}+=/srv/samba/schools/default-school/teachers/
/srv/samba/schools/default-school/students/*/
- name: Create firefox policies directory
ansible.builtin.file:
path: /etc/firefox-esr/policies
state: directory
mode: '0755'
- name: Create a symbolic link firefox to firefox-esr
ansible.builtin.file:
src: /etc/firefox-esr
dest: /etc/firefox
state: link
- name: copy policy
ansible.builtin.copy:
src: policies.json
dest: /etc/firefox-esr/policies/
- name: tune SDDM login
blockinfile:
path: /etc/sddm.conf
create: true
block: |
[Users]
MaximumUid=999
RememberLastUser=false
RememberLastSession=false
- name: Create directory to avoid suspend
ansible.builtin.file:
path: /etc/systemd/sleep.conf.d/
state: directory
mode: '0755'
- name: Avoid suspending
blockinfile:
path: /etc/systemd/sleep.conf.d/nosuspend.conf
create: true
block: |
[Sleep]
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no
################# general settings ##################
- name: Protect grub menu entries
blockinfile:
path: /etc/grub.d/40_custom
block: |
set superusers='root'
password_pbkdf2 root {{ grub_pwd }}
notify: update grub
- name: Allow booting default entry
lineinfile:
dest: /etc/grub.d/10_linux
line: CLASS="${CLASS} --unrestricted"
insertafter: '^CLASS=.*'
firstmatch: true
notify: update grub
- name: grub timeout
lineinfile:
dest: /etc/default/grub
regexp: '^(GRUB_TIMEOUT=).*'
line: '\g<1>1'
backrefs: yes
notify: update grub
- name: keyboard compose key
lineinfile:
dest: /etc/default/keyboard
regexp: '^(XKBOPTIONS=).*'
line: '\1"compose:caps"'
backrefs: yes