Added role kiosk/website

dehydrated
Felix Stupp 4 years ago
parent ab528baaff
commit 1cea46b161
Signed by: zocker
GPG Key ID: 93E1BD26F6B02FB7

@ -73,6 +73,10 @@ ssh_host_key_types:
backend_smtp_port: 12891 backend_smtp_port: 12891
backend_imap_port: 12892 backend_imap_port: 12892
# System configuration
global_users_directory: "/home"
# Application configurations # Application configurations
global_ansible_facts_directory: "/etc/ansible/facts.d" global_ansible_facts_directory: "/etc/ansible/facts.d"
@ -90,6 +94,9 @@ global_certbot_configuration_directory: "/etc/letsencrypt"
global_certbot_configuration_file: "{{ global_certbot_configuration_directory }}/cli.ini" global_certbot_configuration_file: "{{ global_certbot_configuration_directory }}/cli.ini"
global_certbot_certificates_directory: "/etc/letsencrypt/live" global_certbot_certificates_directory: "/etc/letsencrypt/live"
global_chromium_configuration_directory: "/etc/chromium"
global_chromium_managed_policies_file: "{{ global_chromium_configuration_directory }}/policies/managed"
global_dns_upstream_servers: global_dns_upstream_servers:
- "9.9.9.11" - "9.9.9.11"
- "149.112.112.11" - "149.112.112.11"
@ -111,6 +118,8 @@ global_ip_discover_register_pass: "{{ lookup('password', 'credentials/ip_discove
global_interfaces_directory: "/etc/network/interfaces.d" global_interfaces_directory: "/etc/network/interfaces.d"
global_lightdm_configuration_directory: "/etc/lightdm"
global_log_directory: "/var/log" global_log_directory: "/var/log"
global_mysql_socket_path: "/var/run/mysqld/mysqld.sock" global_mysql_socket_path: "/var/run/mysqld/mysqld.sock"

@ -0,0 +1,26 @@
---
kiosk_user: kiosk
kiosk_user_directory: "{{ global_users_directory }}/{{ kiosk_user }}"
kiosk_user_pass: "{{ lookup('password', 'credentials/' + inventory_hostname + '/user/kiosk chars=digits,ascii_letters length=80') }}"
i3_xkbmap: en
i3_autostart: >-
/usr/bin/chromium
--user-data-dir={{ kiosk_user_directory | quote }}/chromium
--start-fullscreen
--force-device-scale-factor={{ zoom_factor | quote }}
{{ kiosk_website | quote }}
i3_background: "#000000"
chromium_policies:
HomepageIsNewTabPage: no
HomepageLocation: "{{ kiosk_website }}"
NewTabPageLocation: "{{ kiosk_website }}"
RestoreOnStartup: 5 # Show new tab page i.e. ignore restorable sessions
ShowHomeButton: yes
autostart_script: "{{ kiosk_user_directory }}/autostart.sh"
# kiosk_website: "https://example.com"
zoom_factor: 1

@ -0,0 +1,86 @@
---
- name: Install packages for Web UI
apt:
state: present
name:
# main packages
- chromium # Webbrowser
- i3 # Window Manager
- lightdm # Login Manager with Autologin
# tools
- xdotool # simulate keyboard inputs on X11
- name: Create autologin group for LightDM
group:
state: present
name: autologin
- name: Configure kiosk user
user:
state: present
name: "{{ kiosk_user }}"
home: "{{ kiosk_user_directory }}"
create_home: yes
move_home: yes
shell: /usr/bin/bash
groups:
- audio
- autologin
- video
append: yes
password: "{{ kiosk_user_pass | password_hash('sha512', LOCAL_SALT) }}"
update_password: on_create
- name: Configure lightdm
template:
src: "{{ item }}"
dest: "{{ global_lightdm_configuration_directory }}/{{ item }}"
owner: root
group: root
mode: u=rw,g=r,o=r
loop:
- lightdm.conf
- lightdm-gtk-greeter.conf
- name: Store autostart script
template:
src: autostart.sh
dest: "{{ autostart_script }}"
owner: root
group: root
mode: u=rwx,g=rx,o=rx
- name: Create configuration directories for kiosk user
file:
state: directory
path: "{{ kiosk_user_directory }}/{{ item }}"
owner: root
group: "{{ kiosk_user }}"
mode: u=rwx,g=rx,o=
loop:
- .config/i3
- name: Configure i3 for kiosk user
template:
src: "i3.cfg"
dest: "{{ kiosk_user_directory }}/.config/i3/config"
owner: root
group: "{{ kiosk_user }}"
mode: u=rw,g=r,o=
- name: Create policy directory for chromium globally
file:
state: directory
path: "{{ global_chromium_managed_policies_file | dirname }}"
owner: root
group: root
mode: u=rwx,g=rx,o=rx
- name: Configure policies for chromium globally
copy:
content: "{{ chromium_policies | to_nice_json }}"
dest: "{{ chromium_policies_file }}"
owner: root
group: root
mode: u=rw,g=r,o=r

@ -0,0 +1,2 @@
#!/usr/bin/env sh
exec {{ i3_autostart }}

@ -0,0 +1,93 @@
# German keyboard layout
exec --no-startup-id setxkbmap {{ i3_xkbmap }}
# i3 config file (v4)
#
# Please see https://i3wm.org/docs/userguide.html for a complete reference!
# Meta key as modifier
set $mod Mod4
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
#font pango:monospace 8
# This font is widely installed, provides lots of unicode glyphs, right-to-left
# text rendering and scalability on retina/hidpi displays (thanks to pango).
font pango:DejaVu Sans 12
# Before i3 v4.8, we used to recommend this one as the default:
# font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
# The font above is very space-efficient, that is, it looks good, sharp and
# clear in small sizes. However, its unicode glyph coverage is limited, the old
# X core fonts rendering does not support right-to-left and this being a bitmap
# font, it doesnt scale on retina/hidpi displays.
# change focus
bindsym $mod+j focus left
bindsym $mod+k focus down
bindsym $mod+l focus up
bindsym $mod+semicolon focus right
# alternatively, you can use the cursor keys:
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# move focused window
bindsym $mod+Shift+j move left
bindsym $mod+Shift+k move down
bindsym $mod+Shift+l move up
bindsym $mod+Shift+semicolon move right
# alternatively, you can use the cursor keys:
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
# split in horizontal orientation
bindsym $mod+h split h
# split in vertical orientation
bindsym $mod+v split v
# enter fullscreen mode for the focused container
bindsym $mod+f fullscreen toggle
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# change focus between tiling / floating windows
bindsym $mod+space focus mode_toggle
# focus the parent container
bindsym $mod+a focus parent
# reload the configuration file
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
bindsym $mod+Shift+r restart
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+e exec "i3-msg exit"
# poweroff computer
bindsym $mod+Control+s exec "systemctl poweroff"
# reboot computer
bindsym $mod+Control+r exec "systemctl reboot"
# open homepage on windows button
bindsym $mod exec "xdotool key Alt_L+Home"
exec --no-startup-id xsetroot -solid {{ i3_background | quote }}
exec --no-startup-id {{ autostart_script | quote }}
# Disable screensaver / power saving functions turning display off after a certain timeout
exec xset s off
exec xset -dpms
bindsym $mod+t exec --no-startup-id "xterm"

@ -0,0 +1,66 @@
# LightDM GTK+ Configuration
# Available configuration options listed below.
#
# Appearance:
# theme-name = GTK+ theme to use
# icon-theme-name = Icon theme to use
# cursor-theme-name = Cursor theme to use
# cursor-theme-size = Cursor size to use
# background = Background file to use, either an image path or a color (e.g. #772953)
# user-background = false|true ("true" by default) Display user background (if available)
# transition-duration = Length of time (in milliseconds) to transition between background images ("500" by default)
# transition-type = ease-in-out|linear|none ("ease-in-out" by default)
#
# Fonts:
# font-name = Font to use
# xft-antialias = false|true Whether to antialias Xft fonts
# xft-dpi = Resolution for Xft in dots per inch (e.g. 96)
# xft-hintstyle = none|slight|medium|hintfull What degree of hinting to use
# xft-rgba = none|rgb|bgr|vrgb|vbgr Type of subpixel antialiasing
#
# Login window:
# active-monitor = Monitor to display greeter window (name or number). Use #cursor value to display greeter at monitor with cursor. Can be a semicolon separated list
# position = x y ("50% 50%" by default) Login window position
# default-user-image = Image used as default user icon, path or #icon-name
# hide-user-image = false|true ("false" by default)
#
# Panel:
# panel-position = top|bottom ("top" by default)
# clock-format = strftime-format string, e.g. %H:%M
# indicators = semi-colon ";" separated list of allowed indicator modules. Built-in indicators include "~a11y", "~language", "~session", "~power", "~clock", "~host", "~spacer". Unity indicators can be represented by short name (e.g. "sound", "power"), service file name, or absolute path
#
# Accessibility:
# a11y-states = states of accessibility features: "name" - save state on exit, "-name" - disabled at start (default value for unlisted), "+name" - enabled at start. Allowed names: contrast, font, keyboard, reader.
# keyboard = command to launch on-screen keyboard (e.g. "onboard")
# keyboard-position = x y[;width height] ("50%,center -0;50% 25%" by default) Works only for "onboard"
# reader = command to launch screen reader (e.g. "orca")
# at-spi-enabled = false|true ("true" by default) Enables accessibility at-spi-command if the greeter is built with it enabled
#
# Security:
# allow-debugging = false|true ("false" by default)
# screensaver-timeout = Timeout (in seconds) until the screen blanks when the greeter is called as lockscreen
#
# Template for per-monitor configuration:
# [monitor: name]
# background = overrides default value
# user-background = overrides default value
# laptop = false|true ("false" by default) Marks monitor as laptop display
# transition-duration = overrides default value
#
[greeter]
#background="#002244" # TODO Fix
user-background=false
hide-user-image=true
#theme-name=
#icon-theme-name=
#font-name=
#xft-antialias=
#xft-dpi=
#xft-hintstyle=
#xft-rgba=
#indicators=
#clock-format=
#keyboard=
#reader=
#position=
#screensaver-timeout=

@ -0,0 +1,169 @@
#
# General configuration
#
# start-default-seat = True to always start one seat if none are defined in the configuration
# greeter-user = User to run greeter as
# minimum-display-number = Minimum display number to use for X servers
# minimum-vt = First VT to run displays on
# lock-memory = True to prevent memory from being paged to disk
# user-authority-in-system-dir = True if session authority should be in the system location
# guest-account-script = Script to be run to setup guest account
# logind-check-graphical = True to on start seats that are marked as graphical by logind
# log-directory = Directory to log information to
# run-directory = Directory to put running state in
# cache-directory = Directory to cache to
# sessions-directory = Directory to find sessions
# remote-sessions-directory = Directory to find remote sessions
# greeters-directory = Directory to find greeters
# backup-logs = True to move add a .old suffix to old log files when opening new ones
# dbus-service = True if LightDM provides a D-Bus service to control it
#
[LightDM]
#start-default-seat=true
#greeter-user=lightdm
#minimum-display-number=0
#minimum-vt=7
#lock-memory=true
#user-authority-in-system-dir=false
#guest-account-script=guest-account
#logind-check-graphical=false
#log-directory=/var/log/lightdm
#run-directory=/var/run/lightdm
#cache-directory=/var/cache/lightdm
#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions
#remote-sessions-directory=/usr/share/lightdm/remote-sessions
#greeters-directory=$XDG_DATA_DIRS/lightdm/greeters:$XDG_DATA_DIRS/xgreeters
#backup-logs=true
#dbus-service=true
#
# Seat configuration
#
# Seat configuration is matched against the seat name glob in the section, for example:
# [Seat:*] matches all seats and is applied first.
# [Seat:seat0] matches the seat named "seat0".
# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client".
#
# type = Seat type (local, xremote, unity)
# pam-service = PAM service to use for login
# pam-autologin-service = PAM service to use for autologin
# pam-greeter-service = PAM service to use for greeters
# xserver-backend = X backend to use (mir)
# xserver-command = X server command to run (can also contain arguments e.g. X -special-option)
# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option)
# xserver-config = Config file to pass to X server
# xserver-layout = Layout to pass to X server
# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server
# xserver-share = True if the X server is shared for both greeter and session
# xserver-hostname = Hostname of X server (only for type=xremote)
# xserver-display-number = Display number of X server (only for type=xremote)
# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true)
# xdmcp-port = XDMCP UDP/IP port to communicate on
# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)
# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option)
# unity-compositor-timeout = Number of seconds to wait for compositor to start
# greeter-session = Session to load for greeter
# greeter-hide-users = True to hide the user list
# greeter-allow-guest = True if the greeter should show a guest login option
# greeter-show-manual-login = True if the greeter should offer a manual login option
# greeter-show-remote-login = True if the greeter should offer a remote login option
# user-session = Session to load for users
# allow-user-switching = True if allowed to switch users
# allow-guest = True if guest login is allowed
# guest-session = Session to load for guests (overrides user-session)
# session-wrapper = Wrapper script to run session with
# greeter-wrapper = Wrapper script to run greeter with
# guest-wrapper = Wrapper script to run guest sessions with
# display-setup-script = Script to run when starting a greeter session (runs as root)
# display-stopped-script = Script to run after stopping the display server (runs as root)
# greeter-setup-script = Script to run when starting a greeter (runs as root)
# session-setup-script = Script to run when starting a user session (runs as root)
# session-cleanup-script = Script to run when quitting a user session (runs as root)
# autologin-guest = True to log in as guest by default
# autologin-user = User to log in with by default (overrides autologin-guest)
# autologin-user-timeout = Number of seconds to wait before loading default user
# autologin-session = Session to load for automatic login (overrides user-session)
# autologin-in-background = True if autologin session should not be immediately activated
# exit-on-failure = True if the daemon should exit if this seat fails
#
[Seat:*]
#type=local
#pam-service=lightdm
#pam-autologin-service=lightdm-autologin
#pam-greeter-service=lightdm-greeter
#xserver-backend=
#xserver-command=X
#xmir-command=Xmir
#xserver-config=
#xserver-layout=
#xserver-allow-tcp=false
#xserver-share=true
#xserver-hostname=
#xserver-display-number=
#xdmcp-manager=
#xdmcp-port=177
#xdmcp-key=
#unity-compositor-command=unity-system-compositor
#unity-compositor-timeout=60
#greeter-session=example-gtk-gnome
#greeter-hide-users=false
#greeter-allow-guest=true
#greeter-show-manual-login=false
#greeter-show-remote-login=true
#user-session=default
#allow-user-switching=true
#allow-guest=true
#guest-session=
#session-wrapper=lightdm-session
#greeter-wrapper=
#guest-wrapper=
#display-setup-script=
#display-stopped-script=
#greeter-setup-script=
#session-setup-script=
#session-cleanup-script=
#autologin-guest=false
autologin-user={{ kiosk_user }}
#autologin-user-timeout=0
#autologin-in-background=false
autologin-session=i3
#exit-on-failure=false
#
# XDMCP Server configuration
#
# enabled = True if XDMCP connections should be allowed
# port = UDP/IP port to listen for connections on
# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present)
# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf)
# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset)
#
# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively
# it can be a word and the first 7 characters are used as the key.
#
[XDMCPServer]
#enabled=false
#port=177
#listen-address=
#key=
#hostname=
#
# VNC Server configuration
#
# enabled = True if VNC connections should be allowed
# command = Command to run Xvnc server with
# port = TCP/IP port to listen for connections on
# listen-address = Host/address to listen for VNC connections (use all addresses if not present)
# width = Width of display to use
# height = Height of display to use
# depth = Color depth of display to use
#
[VNCServer]
#enabled=false
#command=Xvnc
#port=5900
#listen-address=
#width=1024
#height=768
#depth=8
Loading…
Cancel
Save