e89ecc1f3a
The previous solution did not work for the graphical user interface. Group membership did only show up on the console.
222 lines
5.3 KiB
YAML
222 lines
5.3 KiB
YAML
---
|
|
- name: Preseed wireshark to allow users sniffing packets
|
|
ansible.builtin.debconf:
|
|
name: wireshark-common
|
|
question: wireshark-common/install-setuid
|
|
value: 'true'
|
|
vtype: boolean
|
|
|
|
- name: Preseed ttf-mscorefonts-installer
|
|
ansible.builtin.debconf:
|
|
name: ttf-mscorefonts-installer
|
|
question: msttcorefonts/dlurl
|
|
value: "{{ mirror_msfonts }}"
|
|
vtype: string
|
|
when: mirror_msfonts is defined and mirror_msfonts | length > 0
|
|
|
|
|
|
- name: Install desktop EDU packages and some more
|
|
apt:
|
|
name:
|
|
- atftp
|
|
- calligraplan
|
|
- cmake ## for kdevelop
|
|
- codelite
|
|
- codelite-plugins
|
|
- curl
|
|
- elpa-color-theme-modern
|
|
- elpa-magit
|
|
- emacs
|
|
- filezilla
|
|
- freeplane
|
|
- git
|
|
- gitg
|
|
- gitk
|
|
- htop
|
|
- jupyter
|
|
- kdevelop
|
|
- kdevelop-php
|
|
- kdevelop-python
|
|
- krita
|
|
- libnotify-bin ## needed for pwroff script
|
|
- links2
|
|
- minder
|
|
- neovim
|
|
- net-tools
|
|
- netcat-openbsd
|
|
- nmap
|
|
- php-cli
|
|
- planner
|
|
- pulseview
|
|
- python3-websockets
|
|
- sigrok
|
|
- sigrok-cli
|
|
- tmux
|
|
- tree
|
|
- ttf-mscorefonts-installer
|
|
- unison-gtk
|
|
- w3m
|
|
- wireshark
|
|
- zulucrypt-gui
|
|
autoremove: true
|
|
state: latest
|
|
environment:
|
|
http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
|
|
|
|
|
|
- name: Make sure wireshark works for all users after installation and upgrades
|
|
ansible.builtin.copy:
|
|
dest: /etc/apt/apt.conf.d/92wireshark4all
|
|
content: |
|
|
## Modify permissions after installation/upgrade to allow all
|
|
## users dumping packages on network interfaces for wireshark
|
|
DPkg::Post-Invoke {"/usr/bin/chmod o+x /usr/bin/dumpcap || true"; };
|
|
|
|
|
|
- name: Create firefox policies directory
|
|
ansible.builtin.file:
|
|
path: /etc/firefox-esr/policies
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create a symbolic link firefox to firefox-esr
|
|
ansible.builtin.file:
|
|
src: /etc/firefox-esr
|
|
dest: /etc/firefox
|
|
state: link
|
|
|
|
- name: Copy firefox policy
|
|
ansible.builtin.copy:
|
|
src: policies.json
|
|
dest: /etc/firefox-esr/policies/
|
|
|
|
- name: Update all packages unattended
|
|
ansible.builtin.replace:
|
|
path: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
regexp: '^//(\s+"origin=.+-updates";)$'
|
|
replace: ' \1'
|
|
|
|
- name: Copy some scripts
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /usr/local/sbin/
|
|
mode: 0755
|
|
loop:
|
|
- pwroff
|
|
- bootorder.sh
|
|
- reporter
|
|
|
|
- name: Provide services and timers for some scripts
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/etc/systemd/system/{{ item }}"
|
|
mode: 0644
|
|
loop:
|
|
- pwroff.service
|
|
- pwroff.timer
|
|
- reporter.service
|
|
- reporter.timer
|
|
|
|
- name: Enable pwroff.timer
|
|
systemd:
|
|
name: "{{ item }}"
|
|
enabled: true
|
|
loop:
|
|
- pwroff.timer
|
|
- reporter.timer
|
|
|
|
- name: PXE first boot order
|
|
command: /usr/local/sbin/bootorder.sh
|
|
register: cmd_result
|
|
changed_when: cmd_result.stdout is not search('Nothing to do.')
|
|
when: boot_pxe | default(False)
|
|
|
|
- name: Copy dolphin config scripts
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: /usr/local/bin/
|
|
mode: 0755
|
|
loop:
|
|
- lmn-reset-dolphin.sh
|
|
- lmn-patch-dolphin.sh
|
|
|
|
- name: Configure KDE dolphin menu
|
|
ansible.builtin.copy:
|
|
src: lmn-dolphin.sh
|
|
dest: /etc/profile.d/
|
|
|
|
|
|
- name: Copy fvs-config.js to configure plasma
|
|
ansible.builtin.copy:
|
|
src: fvs-config.js
|
|
dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
|
|
mode: 0644
|
|
|
|
|
|
- name: Configure some KDE aspects
|
|
blockinfile:
|
|
path: /etc/xdg/kdeglobals
|
|
create: true
|
|
block: |
|
|
[KDE]
|
|
SingleClick=false
|
|
|
|
[KDE Action Restrictions][$i]
|
|
action/start_new_session=false
|
|
#action/switch_user=false
|
|
#action/lock_screen=false
|
|
|
|
- name: Shut down when idle for too long
|
|
ansible.builtin.copy:
|
|
dest: /etc/xdg/powermanagementprofilesrc
|
|
content: |
|
|
[AC][SuspendSession][$i]
|
|
idleTime=7200000
|
|
suspendType=8
|
|
|
|
- name: Start with empty session by default
|
|
ansible.builtin.copy:
|
|
dest: /etc/xdg/ksmserverrc
|
|
content: |
|
|
[General]
|
|
loginMode=emptySession
|
|
|
|
#- name: Disable automatic lock screen and user specific modifications
|
|
# ansible.builtin.copy:
|
|
# path: /etc/xdg/kscreenlockerrc
|
|
# content: |
|
|
# [Daemon][$i]
|
|
# Autolock=false
|
|
# LockOnResume=false
|
|
#
|
|
|
|
- name: Download libdvdcss from mirror
|
|
ansible.builtin.get_url:
|
|
url: "{{ mirror_dvdcss }}/libdvdcss.so.2.2.0"
|
|
dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2.2.0
|
|
use_proxy: False
|
|
when: mirror_dvdcss is defined and mirror_dvdcss | length > 0
|
|
|
|
- name: Link library so name
|
|
ansible.builtin.file:
|
|
src: libdvdcss.so.2.2.0
|
|
dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2
|
|
state: link
|
|
when: mirror_dvdcss is defined and mirror_dvdcss | length > 0
|
|
|
|
- name: Patch sddm login screen to show hostname
|
|
blockinfile:
|
|
path: /usr/share/sddm/themes/debian-breeze/Main.qml
|
|
marker: // {mark} ANSIBLE MANAGED BLOCK
|
|
insertbefore: '\s+//Footer'
|
|
block: |
|
|
Text {
|
|
id: hostname
|
|
anchors.top: parent.top
|
|
anchors.right: parent.right
|
|
anchors.topMargin: 10
|
|
anchors.rightMargin: 15
|
|
color: "#ffffff"
|
|
text: sddm.hostName + " | <{{ ansible_date_time['date'] }}>"
|
|
font.pointSize: config.fontSize
|
|
}
|