---
- name: Enable wake-on-lan for all ethernet connections
ansible.builtin.copy:
dest: /etc/NetworkManager/conf.d/wake-on-lan.conf
mode: '0644'
content: |
[connection]
ethernet.wake-on-lan=64
- name: Prepare directory for apt-daily override
ansible.builtin.file:
path: /etc/systemd/system/apt-daily.timer.d/
mode: '0755'
state: directory
- name: Run apt update early to avoid outdated package lists
ansible.builtin.copy:
dest: /etc/systemd/system/apt-daily.timer.d/override.conf
mode: '0644'
content: |
[Timer]
RandomizedDelaySec=30m
# Avoid suspend
- name: Create directory to avoid suspend
ansible.builtin.file:
path: /etc/systemd/sleep.conf.d/
state: directory
mode: '0755'
when: misc_avoid_suspend
- name: Avoid suspending
ansible.builtin.blockinfile:
path: /etc/systemd/sleep.conf.d/nosuspend.conf
create: true
mode: '0644'
block: |
[Sleep]
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no
when: misc_avoid_suspend
# Auto Poweroff
- name: Copy pwroff script
ansible.builtin.copy:
src: pwroff
dest: /usr/local/sbin/
mode: '0755'
- name: Provide services and timers for pwroff
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop:
- pwroff.service
- pwroff.timer
when: misc_pwroff
- name: Enable pwroff.timer
ansible.builtin.systemd:
name: pwroff.timer
enabled: true
when: misc_pwroff
# Shut down when idle for too long
- name: Shut down when idle for too long
ansible.builtin.copy:
dest: /etc/xdg/powermanagementprofilesrc
mode: '0644'
content: |
[AC][SuspendSession]
idleTime=7200000
suspendType=8
when: misc_pwroff_idle
# Boot splash
- name: Enable boot splash screen
ansible.builtin.replace:
dest: "/etc/default/grub"
regexp: '"quiet"$'
replace: '"quiet splash"'
notify: Run update-grub
# Grub settings
- name: Protect editing grub menu entries
ansible.builtin.blockinfile:
path: /etc/grub.d/40_custom
block: |
set superusers='root'
export superusers
password_pbkdf2 root {{ grub_pwd }}
notify: Run update-grub
- name: Allow booting grub menu entries
ansible.builtin.lineinfile:
dest: /etc/grub.d/10_linux
line: CLASS="${CLASS} --unrestricted"
insertafter: '^CLASS=.*'
firstmatch: true
notify: Run update-grub
- name: Disable Grub submenus
ansible.builtin.lineinfile:
dest: /etc/default/grub
line: 'GRUB_DISABLE_SUBMENU=true'
insertafter: '^GRUB_TIMEOUT=.*'
notify: Run update-grub
- name: Grub timeout
ansible.builtin.lineinfile:
dest: /etc/default/grub
regexp: '^(GRUB_TIMEOUT=).*'
line: '\g<1>1'
backrefs: true
notify: Run update-grub
# PXE first boot order
- name: Copy some scripts
ansible.builtin.copy:
src: bootorder.sh
dest: /usr/local/sbin/
mode: '0755'
when: misc_pxe_first
- name: PXE first boot order
ansible.builtin.command: /usr/local/sbin/bootorder.sh
register: cmd_result
changed_when: cmd_result.stdout is not search('Nothing to do.')
when: misc_pxe_first
# Disable Caps Lock
- name: Keyboard compose key
ansible.builtin.lineinfile:
dest: /etc/default/keyboard
regexp: '^(XKBOPTIONS=).*'
line: '\1"compose:caps"'
backrefs: true
# Activate unattended upgrades
- name: Install unattended-upgrades
ansible.builtin.apt:
name:
- unattended-upgrades
- name: Update all packages unattended
ansible.builtin.replace:
path: /etc/apt/apt.conf.d/50unattended-upgrades
regexp: '^//(\s+"origin=.+-updates";)$'
replace: ' \1'
# Install reporter
- name: Copy reporter
ansible.builtin.copy:
src: reporter
dest: /usr/local/sbin/
mode: '0755'
- name: Provide services and timers for reporter
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop:
- reporter.service
- reporter.timer
when: misc_reporter
- name: Enable reporter.timer
ansible.builtin.systemd:
name: reporter.timer
enabled: true
when: misc_reporter
# Prepare CloneScreen on Presenter PCs
- name: Fix primary screen for class room PCs with projector
when: misc_clonescreen
block:
- name: Set primary screen for login
ansible.builtin.blockinfile:
path: /usr/share/sddm/scripts/Xsetup
block: |
xrandr --output {{ dual_screen[0] }} --primary
when: dual_screen is defined
- name: Reset primary screen for login
ansible.builtin.blockinfile:
path: /usr/share/sddm/scripts/Xsetup
state: absent
when: dual_screen is not defined
- name: Deploy fix-screen script
ansible.builtin.template:
src: lmn-fix-screen.j2
dest: /usr/local/bin/lmn-fix-screen
mode: '0755'
- name: Deploy fix-screen autostarter
ansible.builtin.copy:
dest: /etc/xdg/autostart/lmn-fix-screen.desktop
mode: '0644'
content: |
[Desktop Entry]
Name=fix-screen
Exec=lmn-fix-screen
Type=Application
NoDisplay=true