zocker
/
imageviewer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
imageviewer/playbook/site.yml

225 lines
6.6 KiB
YAML
Raw Permalink Blame History

---
- name: Do bootstrap
hosts: all
gather_facts: false
roles:
- role: bootstrap
bootstrap_user: debian
ansible_ssh_pass: debian
bootstrap_become_pass: debian
bootstrap_expected_user: "{{ admin_user }}"
bootstrap_expected_become_pass: "{{ admin_pass }}"
- name: Configure ImageViewer
hosts: all
roles:
- role: boot
system_name: ImageViewer
plymouth_theme_pack: pack_3
plymouth_theme: loader
tasks:
- name: Update and upgrade packages
apt:
upgrade: safe
allow_unauthenticated: no
update_cache: yes
cache_valid_time: 3600
install_recommends: no
autoclean: yes
autoremove: yes
- name: Install required packages
apt:
state: present
name:
# Backend
- aptitude # Package manager (used by auto update)
- git # For auto updating Ansible playbook
- python3 # For Ansible and kiosk script
- ufw # Firewall
- policykit-1 # For communication between privileged and non-privileged applications
- ntfs-3g # For supporting NTFS partitions
- gvfs-backends # For automatic mount by pcmanfm
- gvfs-fuse # For automatic mount by pcmanfm
- network-manager # For using wifi connections (for auto update)
# Frontend dependencies
- lightdm # Desktop Manager, autologin and relogin to admin account
- lightdm-gtk-greeter # Greeter for Desktop Manager
- xorg # XServer
- i3-wm # Window Manager
- i3status # Status infos for i3-bar
- suckless-tools # Tools for i3 config
- fonts-dejavu-core # Font for fancy i3 / urxvt
# Frontend applications
- rxvt-unicode # Terminal for admin account and kiosk script
- pcmanfm # File Manager for admin account
- lxde-icon-theme # For icons in pcmanfm
- imv # Image Viewer
# Dev
- bash-completion
- curl
- vim
- wget
allow_unauthenticated: no
update_cache: yes
cache_valid_time: 3600
install_recommends: no
autoclean: yes
autoremove: yes
- name: Allow SSH through firewall
ufw:
rule: allow
port: '22'
proto: tcp
- name: Enable firewall
ufw:
state: enabled
policy: deny
direction: incoming
- name: Configure SystemD LoginD
lineinfile:
path: /etc/systemd/logind.conf
regexp: '^#?{{ item.key }}='
line: "{{ item.key }}={{ item.value }}"
loop: "{{ entries | dict2items }}"
vars:
entries:
HandlePowerKey: poweroff
HandleSuspendKey: suspend
HandleHibernateKey: suspend
HandleLidSwitch: suspend
HandleLidSwitchExternalPower: suspend
HandleLidSwitchDocked: suspend
- name: Create group autologin for LightDM
group:
state: present
name: autologin
- name: Configure system settings
template:
src: "global/{{ item.key }}"
dest: "{{ item.value }}"
owner: root
group: root
mode: u=rw,g=r,o=r
loop: "{{ config_files | dict2items }}"
vars:
config_files:
lightdm.conf: /etc/lightdm/lightdm.conf
lightdm-gtk-greeter.conf: /etc/lightdm/lightdm-gtk-greeter.conf
sudo_allow_update: /etc/sudoers.d/allow_update
# Admin User Configuration
- name: Configure admin user
user:
state: present
name: "{{ admin_user }}"
home: "{{ admin_home }}"
create_home: yes
move_home: yes
shell: /bin/bash
groups:
- audio
- video
- netdev
- plugdev
- sudo
append: yes
password: "{{ admin_pass | password_hash('sha512', LOCAL_SALT) }}"
update_password: on_create
- name: Create admin user configuration directories
file:
state: directory
path: "{{ admin_home }}/{{ item }}"
owner: "{{ admin_user }}"
group: "{{ admin_user }}"
mode: u=rwx,g=rx,o=
loop:
- .config/i3
- .config/i3status
- name: Configure environment for admin user
template:
src: "admin/{{ item.key }}"
dest: "{{ admin_home }}/{{ item.value }}"
owner: "{{ admin_user }}"
group: "{{ admin_user }}"
mode: u=rw,g=r,o=
loop: "{{ config_files | dict2items }}"
vars:
config_files:
i3.cfg: .config/i3/config
i3status.cfg: .config/i3status/config
status.sh: .config/i3status/call
Xresources: .Xresources
# UI User Configuration
- name: Configure UI user
user:
state: present
name: "{{ ui_user }}"
home: "{{ ui_home }}"
create_home: yes
move_home: yes
shell: /bin/bash
groups:
- audio
- autologin
- video
append: yes
password: "{{ ui_pass | password_hash('sha512', LOCAL_SALT) }}"
- name: Create UI user configuration directories
file:
state: directory
path: "{{ ui_home }}/{{ item }}"
owner: root
group: "{{ ui_user }}"
mode: u=rwx,g=rx,o=
loop:
- bin
- .config/i3
- .config/imv
- name: Configure environment for UI user
template:
src: "ui/{{ item.key }}"
dest: "{{ ui_home }}/{{ item.value }}"
owner: root
group: "{{ ui_user }}"
mode: u=rw,g=r,o=
loop: "{{ config_files | dict2items }}"
vars:
config_files:
i3.cfg: .config/i3/config
imv.conf: .config/imv/config
Xresources: .Xresources
- name: Install client for kiosk
template:
src: client.py
dest: "{{ ui_home }}/bin/client.py"
owner: root
group: "{{ ui_user }}"
mode: u=rwx,g=rx,o=
# Shared directory
- name: Create shared directory structure for both users
file:
state: directory
path: "{{ shared_dir }}"
owner: "{{ admin_user }}"
group: "{{ ui_user }}"
mode: u=rwx,g=rx,o=rx
# Test Images
- name: Unpack test images
unarchive:
src: "test-images.tar.gz"
dest: "{{ shared_dir }}"
owner: "{{ admin_user }}"
group: "{{ ui_user }}"
mode: u=rwx,g=rx,o=rx
# Post Setup
- name: Disable root access
user:
state: present
name: root
password: '!'
- name: Remove setup crontab entry
cron:
state: absent
name: setup call playbook
user: root
Reference in New Issue View Git Blame Copy Permalink