--- - name: Preseed wireshark to allow users sniffing packets ansible.builtin.debconf: name: wireshark-common question: wireshark-common/install-setuid value: 'true' vtype: boolean - name: Preseed ttf-mscorefonts-installer ansible.builtin.debconf: name: ttf-mscorefonts-installer question: msttcorefonts/dlurl value: "{{ mirror_msfonts }}" vtype: string when: mirror_msfonts is defined and mirror_msfonts | length > 0 - name: Install desktop EDU packages and some more ansible.builtin.apt: name: - atftp - audacity - biber - calligraplan - cmake ## for kdevelop - codelite - codelite-plugins - curl - elpa-color-theme-modern - elpa-magit - emacs - filezilla - freeplane - git - git-cola - gitg - gitk - git-gui - htop - jq - jupyter - kchmviewer - kdevelop - kdevelop-php - kdevelop-python - krita - libasound2-dev - libdbus-glib-1-2 ## needed for zotero - libnotify-bin ## needed for pwroff script - libwayland-dev - libxcursor-dev - libxi-dev - libxinerama-dev - libxkbcommon-dev - libxrandr-dev - links2 - minder - mosquitto-clients - neovim - net-tools - netcat-openbsd - nmap - okular-extra-backends ## needed for CHM files - pdf-presenter-console - php-cli - pipx - planner - pulseview - python3-paho-mqtt - python3-websockets - qpdfview - shellcheck - sigrok - sigrok-cli - texlive-lang-german - texlive-latex-recommended - texlive-xetex - texstudio - tmux - tree - ttf-mscorefonts-installer - twinkle - unison-gtk - w3m - wireshark - zulucrypt-gui autoremove: true state: latest environment: http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher - name: Remove update notifications from plasma-discover ansible.builtin.apt: name: - plasma-discover autoremove: true state: absent when: fvs_remove_discover - name: Make sure wireshark works for all users after installation and upgrades ansible.builtin.copy: dest: /etc/apt/apt.conf.d/92wireshark4all mode: '0644' content: | ## Modify permissions after installation/upgrade to allow all ## users dumping packages on network interfaces for wireshark DPkg::Post-Invoke {"/usr/bin/chmod o+x /usr/bin/dumpcap || true"; }; - name: Create firefox policies directory ansible.builtin.file: path: /etc/firefox-esr/policies state: directory mode: '0755' - name: Create a symbolic link firefox to firefox-esr ansible.builtin.file: src: /etc/firefox-esr dest: /etc/firefox state: link - name: Copy firefox policy ansible.builtin.copy: src: policies.json dest: /etc/firefox-esr/policies/ mode: '0644' - name: Create chromium policies directory ansible.builtin.file: path: /etc/chromium/policies/managed state: directory mode: '0755' - name: Set chromium proxy-policy to auto_detect ansible.builtin.copy: dest: /etc/chromium/policies/managed/proxy.json mode: '0644' content: | { "ProxyMode": "auto_detect" } - name: Copy dolphin config scripts ansible.builtin.copy: src: "{{ item }}" dest: /usr/local/bin/ mode: '0755' loop: - lmn-reset-dolphin.sh - lmn-patch-dolphin.sh - lmn-fixhome-dolphin.sh - name: Configure KDE dolphin menu ansible.builtin.copy: src: lmn-dolphin.sh dest: /etc/profile.d/ mode: '0644' - name: Copy fvs-config.js to configure plasma ansible.builtin.copy: src: fvs-config.js dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js mode: '0644' - name: Configure some KDE aspects ansible.builtin.blockinfile: path: /etc/xdg/kdeglobals create: true mode: '0644' block: | [KDE] SingleClick=false [KDE Action Restrictions][$i] action/start_new_session=false #action/switch_user=false #action/lock_screen=false - name: Start with empty session by default ansible.builtin.copy: dest: /etc/xdg/ksmserverrc mode: '0644' content: | [General] loginMode=emptySession # - name: Avoid starting kscreen (confusing autodetection) # ansible.builtin.copy: # dest: /etc/xdg/kded5rc # content: | # [Module-kscreen] # autoload=false # # - name: Disable automatic lock screen and user specific modifications # ansible.builtin.copy: # path: /etc/xdg/kscreenlockerrc # content: | # [Daemon][$i] # Autolock=false # LockOnResume=false # - name: Download libdvdcss from mirror ansible.builtin.get_url: url: "{{ mirror_dvdcss }}/libdvdcss.so.2.2.0" dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2.2.0 mode: '0644' use_proxy: false when: mirror_dvdcss is defined and mirror_dvdcss | length > 0 - name: Link library so name ansible.builtin.file: src: libdvdcss.so.2.2.0 dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2 state: link when: mirror_dvdcss is defined and mirror_dvdcss | length > 0 - name: Patch sddm login screen to show hostname ansible.builtin.blockinfile: path: /usr/share/sddm/themes/debian-breeze/Main.qml marker: // {mark} ANSIBLE MANAGED BLOCK insertbefore: '\s+//Footer' block: | Text { id: hostname anchors.top: parent.top anchors.right: parent.right anchors.topMargin: 10 anchors.rightMargin: 15 color: "#ffffff" text: sddm.hostName + " | <{{ ansible_date_time['date'] }}>" font.pointSize: config.fontSize } - name: Set git default-branch to main ansible.builtin.copy: dest: /etc/gitconfig mode: '0644' content: | [init] defaultBranch = main - name: Adjust mmcblk-device gid to allow users to access SD-cards ansible.builtin.copy: dest: /etc/udev/rules.d/80-mmcblk.rules mode: '0644' content: | KERNEL=="mmcblk[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users" KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users" - name: Include sync ansible.builtin.include_tasks: sync.yml