## This playbook deploys a KDE desktop machine for LinuxMuster.
---
- name: apply configuration to the machines
hosts: all
remote_user: ansible
become: yes
pre_tasks:
- pause:
prompt: "Enter global-admin AD password. Leave empty to skip domain join"
echo: false
register: adpw
no_log: true
when: "ansible_cmdline.adpw is not defined"
- name: preseed apparmor
debconf:
name: apparmor
question: apparmor/homedirs
value: >-
/srv/samba/schools/default-school/teachers/
/srv/samba/schools/default-school/students/*/
vtype: string
vars:
domain: "{{ ansible_domain }}"
kerberize_uris: steinbeis.schule
apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/";
ntp_serv: server.pn.steinbeis.schule
proxy: http://firewall.pn.steinbeis.schule:3128
no_proxy: firewall.pn.steinbeis.schule,server.pn.steinbeis.schule,idam.steinbeis.schule,dw.steinbeis.schule,.pn.steinbeis.schule,.steinbeis.schule
## PAM mount nextcloud, remove or leave empty to skip:
web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER)
## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/
rsyncsecret: Muster!
keys2deploy:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0 andi@netboot'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM andi@yogi'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7 raphael@uranus'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA raphael@pluto'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy sascha@america'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMR4TP7jE+wS7zcH0iUBmlxCbvy9saYeEjonX/0yYfEJ daniel@NB-20-DW'
## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
nfs4: false
extra_pkgs:
- vim
- mc
- tmux
- krb5-user
- unattended-upgrades
- debconf-utils
extra_pkgs_bpo: [] # [ linux-image-amd64 ]
roles:
- lmn_network
- up2date_debian
- lmn_sssd
- lmn_mount
- lmn_kde
- lmn_fvs ## school specific customization
- lmn_vm
- lmn_printer
- kerberize
- lmn_security
tasks:
- name: Add local user 'virti' in the 'libvirt' group
ansible.builtin.user:
name: virti
password: $y$j9T$DuSvAO63v5LvoJmJ1rB0B0$D4tovIz79AdLHs5I6tYa7rxr3SWknQeUFvGaaKvUpo3
comment: Libvirt VM User,,,
shell: /bin/bash
groups: libvirt
append: yes
when: false
- name: Fix 8086:4909 external graphics card
replace:
dest: "/etc/default/grub"
regexp: 'GRUB_CMDLINE_LINUX=""$'
replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
notify: Run update-grub
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
- name: Fix sound on 312A
replace:
dest: "/etc/default/grub"
regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
replace: 'GRUB_CMDLINE_LINUX=""'
notify: Run update-grub
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
- name: Fix sound on 312A and 312D
apt:
name: firmware-sof-signed
state: latest
when: >
ansible_board_vendor == "LENOVO" and
(ansible_board_name == "312D" or ansible_board_name == "312A")
## bullseye fixes:
- name: add bookworm firmware repository if needed
apt_repository:
repo: deb http://deb.debian.org/debian/ bookworm non-free-firmware
state: present
update_cache: true
when: >
ansible_board_vendor == "LENOVO" and
ansible_board_name == "32CB" and
ansible_distribution_release == "bullseye"
- name: upgrade non-free-firmware packages
apt:
upgrade: true
autoremove: true
autoclean: true
when: >
ansible_board_vendor == "LENOVO" and
ansible_board_name == "32CB" and
ansible_distribution_release == "bullseye"