84c7a4d1c6
The reporting service can still be installed without sending automatic reports. This allows an automatic report to be sent after the initial installation. The report can also be triggered by user interaction.
216 lines
5.1 KiB
YAML
216 lines
5.1 KiB
YAML
---
|
|
- name: Enable wake-on-lan for all ethernet connections
|
|
ansible.builtin.copy:
|
|
dest: /etc/NetworkManager/conf.d/wake-on-lan.conf
|
|
mode: '0644'
|
|
content: |
|
|
[connection]
|
|
ethernet.wake-on-lan=64
|
|
|
|
- name: Prepare directory for apt-daily override
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/system/apt-daily.timer.d/
|
|
mode: '0755'
|
|
state: directory
|
|
|
|
- name: Run apt update early to avoid outdated package lists
|
|
ansible.builtin.copy:
|
|
dest: /etc/systemd/system/apt-daily.timer.d/override.conf
|
|
mode: '0644'
|
|
content: |
|
|
[Timer]
|
|
RandomizedDelaySec=30m
|
|
|
|
# Avoid suspend
|
|
|
|
- name: Create directory to avoid suspend
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/sleep.conf.d/
|
|
state: directory
|
|
mode: '0755'
|
|
when: misc_avoid_suspend
|
|
|
|
- name: Avoid suspending
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/systemd/sleep.conf.d/nosuspend.conf
|
|
create: true
|
|
mode: '0644'
|
|
block: |
|
|
[Sleep]
|
|
AllowSuspend=no
|
|
AllowHibernation=no
|
|
AllowSuspendThenHibernate=no
|
|
AllowHybridSleep=no
|
|
when: misc_avoid_suspend
|
|
|
|
# Auto Poweroff
|
|
|
|
- name: Copy pwroff script
|
|
ansible.builtin.copy:
|
|
src: pwroff
|
|
dest: /usr/local/sbin/
|
|
mode: '0755'
|
|
|
|
- name: Provide services and timers for pwroff
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: "/etc/systemd/system/{{ item }}"
|
|
mode: '0644'
|
|
loop:
|
|
- pwroff.service
|
|
- pwroff.timer
|
|
when: misc_pwroff
|
|
|
|
- name: Enable pwroff.timer
|
|
ansible.builtin.systemd:
|
|
name: pwroff.timer
|
|
enabled: true
|
|
when: misc_pwroff
|
|
|
|
# Shut down when idle for too long
|
|
|
|
- name: Shut down when idle for too long
|
|
ansible.builtin.copy:
|
|
dest: /etc/xdg/powermanagementprofilesrc
|
|
mode: '0644'
|
|
content: |
|
|
[AC][SuspendSession]
|
|
idleTime=7200000
|
|
suspendType=8
|
|
when: misc_pwroff_idle
|
|
|
|
# Boot splash
|
|
|
|
- name: Enable boot splash screen
|
|
ansible.builtin.replace:
|
|
dest: "/etc/default/grub"
|
|
regexp: '"quiet"$'
|
|
replace: '"quiet splash"'
|
|
notify: Run update-grub
|
|
|
|
# Grub settings
|
|
|
|
- name: Protect editing grub menu entries
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/grub.d/40_custom
|
|
block: |
|
|
set superusers='root'
|
|
export superusers
|
|
password_pbkdf2 root {{ grub_pwd }}
|
|
notify: Run update-grub
|
|
|
|
- name: Allow booting grub menu entries
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/grub.d/10_linux
|
|
line: CLASS="${CLASS} --unrestricted"
|
|
insertafter: '^CLASS=.*'
|
|
firstmatch: true
|
|
notify: Run update-grub
|
|
|
|
- name: Disable Grub submenus
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/default/grub
|
|
line: 'GRUB_DISABLE_SUBMENU=true'
|
|
insertafter: '^GRUB_TIMEOUT=.*'
|
|
notify: Run update-grub
|
|
|
|
- name: Grub timeout
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/default/grub
|
|
regexp: '^(GRUB_TIMEOUT=).*'
|
|
line: '\g<1>1'
|
|
backrefs: true
|
|
notify: Run update-grub
|
|
|
|
# PXE first boot order
|
|
|
|
- name: Copy some scripts
|
|
ansible.builtin.copy:
|
|
src: bootorder.sh
|
|
dest: /usr/local/sbin/
|
|
mode: '0755'
|
|
when: misc_pxe_first
|
|
|
|
- name: PXE first boot order
|
|
ansible.builtin.command: /usr/local/sbin/bootorder.sh
|
|
register: cmd_result
|
|
changed_when: cmd_result.stdout is not search('Nothing to do.')
|
|
when: misc_pxe_first
|
|
|
|
# Disable Caps Lock
|
|
|
|
- name: Keyboard compose key
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/default/keyboard
|
|
regexp: '^(XKBOPTIONS=).*'
|
|
line: '\1"compose:caps"'
|
|
backrefs: true
|
|
|
|
# Activate unattended upgrades
|
|
|
|
- name: Install unattended-upgrades
|
|
ansible.builtin.apt:
|
|
name:
|
|
- unattended-upgrades
|
|
|
|
- name: Update all packages unattended
|
|
ansible.builtin.replace:
|
|
path: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
regexp: '^//(\s+"origin=.+-updates";)$'
|
|
replace: ' \1'
|
|
|
|
# Install reporter
|
|
|
|
- name: Copy reporter
|
|
ansible.builtin.template:
|
|
src: reporter.j2
|
|
dest: /usr/local/sbin/reporter
|
|
mode: '0755'
|
|
|
|
- name: Provide services and timers for reporter
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: "/etc/systemd/system/{{ item }}"
|
|
mode: '0644'
|
|
loop:
|
|
- reporter.service
|
|
- reporter.timer
|
|
when: misc_reporter
|
|
|
|
- name: Enable reporter.timer
|
|
ansible.builtin.systemd:
|
|
name: reporter.timer
|
|
enabled: true
|
|
when: misc_reporter
|
|
|
|
# Prepare CloneScreen on Presenter PCs
|
|
|
|
- name: Fix primary screen for class room PCs with projector
|
|
when: misc_clonescreen
|
|
block:
|
|
- name: Set primary screen for login
|
|
ansible.builtin.blockinfile:
|
|
path: /usr/share/sddm/scripts/Xsetup
|
|
block: |
|
|
xrandr --output {{ dual_screen[0] }} --primary
|
|
when: dual_screen is defined
|
|
- name: Reset primary screen for login
|
|
ansible.builtin.blockinfile:
|
|
path: /usr/share/sddm/scripts/Xsetup
|
|
state: absent
|
|
when: dual_screen is not defined
|
|
- name: Deploy fix-screen script
|
|
ansible.builtin.template:
|
|
src: lmn-fix-screen.j2
|
|
dest: /usr/local/bin/lmn-fix-screen
|
|
mode: '0755'
|
|
- name: Deploy fix-screen autostarter
|
|
ansible.builtin.copy:
|
|
dest: /etc/xdg/autostart/lmn-fix-screen.desktop
|
|
mode: '0644'
|
|
content: |
|
|
[Desktop Entry]
|
|
Name=fix-screen
|
|
Exec=lmn-fix-screen
|
|
Type=Application
|
|
NoDisplay=true
|