--- - name: Do bootstrap hosts: all gather_facts: false roles: - role: bootstrap bootstrap_user: debian ansible_ssh_pass: debian bootstrap_become_pass: debian bootstrap_expected_user: "{{ admin_user }}" bootstrap_expected_become_pass: "{{ admin_pass }}" - name: Configure ImageViewer hosts: all roles: - role: boot system_name: ImageViewer plymouth_theme_pack: pack_3 plymouth_theme: loader tasks: - name: Update and upgrade packages apt: upgrade: safe allow_unauthenticated: no update_cache: yes cache_valid_time: 3600 install_recommends: no autoclean: yes autoremove: yes - name: Install required packages apt: state: present name: # Backend - aptitude # Package manager (used by auto update) - git # For auto updating Ansible playbook - python3 # For Ansible and kiosk script - ufw # Firewall - policykit-1 # For communication between privileged and non-privileged applications - ntfs-3g # For supporting NTFS partitions - gvfs-backends # For automatic mount by pcmanfm - gvfs-fuse # For automatic mount by pcmanfm - network-manager # For using wifi connections (for auto update) # Frontend dependencies - lightdm # Desktop Manager, autologin and relogin to admin account - lightdm-gtk-greeter # Greeter for Desktop Manager - xorg # XServer - i3-wm # Window Manager - i3status # Status infos for i3-bar - suckless-tools # Tools for i3 config - fonts-dejavu-core # Font for fancy i3 / urxvt # Frontend applications - rxvt-unicode # Terminal for admin account and kiosk script - pcmanfm # File Manager for admin account - lxde-icon-theme # For icons in pcmanfm - imv # Image Viewer # Dev - bash-completion - curl - vim - wget allow_unauthenticated: no update_cache: yes cache_valid_time: 3600 install_recommends: no autoclean: yes autoremove: yes - name: Allow SSH through firewall ufw: rule: allow port: '22' proto: tcp - name: Enable firewall ufw: state: enabled policy: deny direction: incoming - name: Configure SystemD LoginD lineinfile: path: /etc/systemd/logind.conf regexp: '^#?{{ item.key }}=' line: "{{ item.key }}={{ item.value }}" loop: "{{ entries | dict2items }}" vars: entries: HandlePowerKey: poweroff HandleSuspendKey: suspend HandleHibernateKey: suspend HandleLidSwitch: suspend HandleLidSwitchExternalPower: suspend HandleLidSwitchDocked: suspend - name: Create group autologin for LightDM group: state: present name: autologin - name: Configure system settings template: src: "global/{{ item.key }}" dest: "{{ item.value }}" owner: root group: root mode: u=rw,g=r,o=r loop: "{{ config_files | dict2items }}" vars: config_files: lightdm.conf: /etc/lightdm/lightdm.conf lightdm-gtk-greeter.conf: /etc/lightdm/lightdm-gtk-greeter.conf sudo_allow_update: /etc/sudoers.d/allow_update # Admin User Configuration - name: Configure admin user user: state: present name: "{{ admin_user }}" home: "{{ admin_home }}" create_home: yes move_home: yes shell: /bin/bash groups: - audio - video - netdev - plugdev - sudo append: yes password: "{{ admin_pass | password_hash('sha512', LOCAL_SALT) }}" update_password: on_create - name: Create admin user configuration directories file: state: directory path: "{{ admin_home }}/{{ item }}" owner: "{{ admin_user }}" group: "{{ admin_user }}" mode: u=rwx,g=rx,o= loop: - .config/i3 - .config/i3status - name: Configure environment for admin user template: src: "admin/{{ item.key }}" dest: "{{ admin_home }}/{{ item.value }}" owner: "{{ admin_user }}" group: "{{ admin_user }}" mode: u=rw,g=r,o= loop: "{{ config_files | dict2items }}" vars: config_files: i3.cfg: .config/i3/config i3status.cfg: .config/i3status/config status.sh: .config/i3status/call Xresources: .Xresources # UI User Configuration - name: Configure UI user user: state: present name: "{{ ui_user }}" home: "{{ ui_home }}" create_home: yes move_home: yes shell: /bin/bash groups: - audio - autologin - video append: yes password: "{{ ui_pass | password_hash('sha512', LOCAL_SALT) }}" - name: Create UI user configuration directories file: state: directory path: "{{ ui_home }}/{{ item }}" owner: root group: "{{ ui_user }}" mode: u=rwx,g=rx,o= loop: - bin - .config/i3 - .config/imv - name: Configure environment for UI user template: src: "ui/{{ item.key }}" dest: "{{ ui_home }}/{{ item.value }}" owner: root group: "{{ ui_user }}" mode: u=rw,g=r,o= loop: "{{ config_files | dict2items }}" vars: config_files: i3.cfg: .config/i3/config imv.conf: .config/imv/config Xresources: .Xresources - name: Install client for kiosk template: src: client.py dest: "{{ ui_home }}/bin/client.py" owner: root group: "{{ ui_user }}" mode: u=rwx,g=rx,o= # Shared directory - name: Create shared directory structure for both users file: state: directory path: "{{ shared_dir }}" owner: "{{ admin_user }}" group: "{{ ui_user }}" mode: u=rwx,g=rx,o=rx # Test Images - name: Unpack test images unarchive: src: "test-images.tar.gz" dest: "{{ shared_dir }}" owner: "{{ admin_user }}" group: "{{ ui_user }}" mode: u=rwx,g=rx,o=rx # Post Setup - name: Disable root access user: state: present name: root password: '!' - name: Remove setup crontab entry cron: state: absent name: setup call playbook user: root