218 lines
4.7 KiB
YAML
218 lines
4.7 KiB
YAML
---
|
|
- name: preseed packages
|
|
ansible.builtin.debconf:
|
|
name: ttf-mscorefonts-installer
|
|
question: "{{ item.q }}"
|
|
value: "{{ item.v }}"
|
|
vtype: string
|
|
loop:
|
|
- q: msttcorefonts/dlurl
|
|
v: http://livebox.pn.steinbeis.schule/mscorefonts/
|
|
- q: msttcorefonts/http_proxy
|
|
v:
|
|
|
|
- name: Install desktop EDU packages and some more
|
|
apt:
|
|
name:
|
|
- task-kde-desktop
|
|
- task-german-kde-desktop
|
|
- task-german-desktop
|
|
- xdg-desktop-portal-kde
|
|
- xdg-desktop-portal-wlr # share screen in browser
|
|
- kde-full
|
|
- akonadi-backend-sqlite
|
|
- thunderbird-l10n-de
|
|
- webext-privacy-badger
|
|
- webext-ublock-origin-firefox
|
|
- webext-ublock-origin-chromium
|
|
- atftp
|
|
- emacs
|
|
- elpa-magit
|
|
- elpa-color-theme-modern
|
|
- vlc
|
|
- gimp
|
|
- inkscape
|
|
- flameshot
|
|
- bluefish
|
|
- git
|
|
- gitk
|
|
- gitg
|
|
- wireshark
|
|
- nmap
|
|
- netcat-openbsd
|
|
- net-tools
|
|
- ghex
|
|
- thonny
|
|
- spyder
|
|
- mu-editor
|
|
- dia
|
|
- vym
|
|
- tree
|
|
- ttf-mscorefonts-installer
|
|
- sqlite3
|
|
- sqlitebrowser
|
|
- neovim
|
|
- qtcreator
|
|
- freecad
|
|
- librecad
|
|
- arduino
|
|
- kicad
|
|
- keepassxc
|
|
- tmux
|
|
- curl
|
|
- pulseview
|
|
- sigrok
|
|
- sigrok-cli
|
|
- codeblocks
|
|
state: latest
|
|
|
|
- name: Add {{ ansible_distribution_release }}-backports
|
|
apt_repository:
|
|
repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main contrib non-free
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_distribution_release == 'bullseye'
|
|
|
|
- name: Install extra packages from backports
|
|
apt:
|
|
name:
|
|
- libreoffice
|
|
- libreoffice-l10n-de
|
|
state: latest # noqa package-latest
|
|
autoremove: true
|
|
default_release: "{{ ansible_distribution_release }}-backports"
|
|
when: ansible_distribution_release == 'bullseye'
|
|
|
|
|
|
- name: Enable splash screen
|
|
replace:
|
|
dest: "/etc/default/grub"
|
|
regexp: '"quiet"$'
|
|
replace: '"quiet splash"'
|
|
notify: Run update-grub
|
|
|
|
|
|
- name: Create akonadi config dir
|
|
ansible.builtin.file:
|
|
path: /etc/xdg/akonadi/
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Use sqlite in akonadi
|
|
blockinfile:
|
|
path: /etc/xdg/akonadi/akonadiserverrc
|
|
create: true
|
|
block: |
|
|
[%General]
|
|
Driver=QSQLITE3
|
|
|
|
|
|
- name: Allow users to dump packets for wireshark
|
|
ansible.builtin.file:
|
|
path: /usr/bin/dumpcap
|
|
mode: '0755'
|
|
|
|
|
|
- name: Add home dirs to apparmor
|
|
lineinfile:
|
|
dest: /etc/apparmor.d/tunables/home.d/ubuntu
|
|
line: >-
|
|
@{HOMEDIRS}+=/srv/samba/schools/default-school/teachers/
|
|
/srv/samba/schools/default-school/students/*/
|
|
|
|
|
|
- name: Create firefox policies directory
|
|
ansible.builtin.file:
|
|
path: /etc/firefox-esr/policies
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create a symbolic link firefox to firefox-esr
|
|
ansible.builtin.file:
|
|
src: /etc/firefox-esr
|
|
dest: /etc/firefox
|
|
state: link
|
|
|
|
- name: copy policy
|
|
ansible.builtin.copy:
|
|
src: policies.json
|
|
dest: /etc/firefox-esr/policies/
|
|
|
|
|
|
- name: tune SDDM login
|
|
blockinfile:
|
|
path: /etc/sddm.conf
|
|
create: true
|
|
block: |
|
|
[Users]
|
|
MaximumUid=999
|
|
RememberLastUser=false
|
|
RememberLastSession=false
|
|
|
|
- name: Create directory to avoid suspend
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/sleep.conf.d/
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
|
|
- name: Avoid suspending
|
|
blockinfile:
|
|
path: /etc/systemd/sleep.conf.d/nosuspend.conf
|
|
create: true
|
|
block: |
|
|
[Sleep]
|
|
AllowSuspend=no
|
|
AllowHibernation=no
|
|
AllowSuspendThenHibernate=no
|
|
AllowHybridSleep=no
|
|
|
|
|
|
- name: Copy pwroff script
|
|
copy:
|
|
src: pwroff
|
|
dest: /usr/local/sbin/
|
|
mode: 0755
|
|
|
|
- name: Provide service and timer for pwroff script
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/etc/systemd/system/{{ item }}"
|
|
mode: 0644
|
|
with_items:
|
|
- pwroff.service
|
|
- pwroff.timer
|
|
notify: enable pwroff.timer
|
|
|
|
|
|
################# general settings ##################
|
|
- name: Protect grub menu entries
|
|
blockinfile:
|
|
path: /etc/grub.d/40_custom
|
|
block: |
|
|
set superusers='root'
|
|
password_pbkdf2 root {{ grub_pwd }}
|
|
notify: Run update-grub
|
|
|
|
- name: Allow booting default entry
|
|
lineinfile:
|
|
dest: /etc/grub.d/10_linux
|
|
line: CLASS="${CLASS} --unrestricted"
|
|
insertafter: '^CLASS=.*'
|
|
firstmatch: true
|
|
notify: Run update-grub
|
|
|
|
- name: grub timeout
|
|
lineinfile:
|
|
dest: /etc/default/grub
|
|
regexp: '^(GRUB_TIMEOUT=).*'
|
|
line: '\g<1>3'
|
|
backrefs: yes
|
|
notify: Run update-grub
|
|
|
|
- name: keyboard compose key
|
|
lineinfile:
|
|
dest: /etc/default/keyboard
|
|
regexp: '^(XKBOPTIONS=).*'
|
|
line: '\1"compose:caps"'
|
|
backrefs: yes
|