You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
246 lines
7.2 KiB
YAML
246 lines
7.2 KiB
YAML
---
|
|
|
|
- name: Do bootstrap
|
|
hosts: all
|
|
gather_facts: false
|
|
roles:
|
|
- role: bootstrap
|
|
bootstrap_user: debian
|
|
ansible_ssh_pass: debian
|
|
bootstrap_become_pass: debian
|
|
bootstrap_expected_user: "{{ admin_user }}"
|
|
bootstrap_expected_become_pass: "{{ admin_pass }}"
|
|
|
|
- name: Configure ImageViewer
|
|
hosts: all
|
|
handlers:
|
|
- name: update-grub
|
|
command: /usr/sbin/update-grub
|
|
- name: rebuild initrd
|
|
command: /usr/sbin/update-initramfs -u
|
|
tasks:
|
|
- name: Update and upgrade packages
|
|
apt:
|
|
upgrade: safe
|
|
allow_unauthenticated: no
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
install_recommends: no
|
|
autoclean: yes
|
|
autoremove: yes
|
|
- name: Install required packages
|
|
apt:
|
|
state: present
|
|
name:
|
|
# Backend
|
|
- aptitude # Package manager (used by auto update)
|
|
- git # For auto updating Ansible playbook
|
|
- python3 # For Ansible and kiosk script
|
|
- ufw # Firewall
|
|
- policykit-1 # For communication between privileged and non-privileged applications
|
|
- ntfs-3g # For supporting NTFS partitions
|
|
- gvfs-backends # For automatic mount by pcmanfm
|
|
- gvfs-fuse # For automatic mount by pcmanfm
|
|
- network-manager # For using wifi connections (for auto update)
|
|
# Frontend dependencies
|
|
- plymouth # Bootup Splash
|
|
- plymouth-themes # Bootup Splash Theme
|
|
- lightdm # Desktop Manager, autologin and relogin to admin account
|
|
- lightdm-gtk-greeter # Greeter for Desktop Manager
|
|
- xorg # XServer
|
|
- i3-wm # Window Manager
|
|
- i3status # Status infos for i3-bar
|
|
- suckless-tools # Tools for i3 config
|
|
- fonts-dejavu-core # Font for fancy i3 / urxvt
|
|
# Frontend applications
|
|
- rxvt-unicode # Terminal for admin account and kiosk script
|
|
- pcmanfm # File Manager for admin account
|
|
- lxde-icon-theme # For icons in pcmanfm
|
|
- imv # Image Viewer
|
|
# Dev
|
|
- bash-completion
|
|
- curl
|
|
- vim
|
|
- wget
|
|
allow_unauthenticated: no
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
install_recommends: no
|
|
autoclean: yes
|
|
autoremove: yes
|
|
- name: Allow SSH through firewall
|
|
ufw:
|
|
rule: allow
|
|
port: '22'
|
|
proto: tcp
|
|
- name: Enable firewall
|
|
ufw:
|
|
state: enabled
|
|
policy: deny
|
|
direction: incoming
|
|
- name: Configure GRUB
|
|
template:
|
|
src: global/default_grub.txt
|
|
dest: /etc/default/grub
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
notify:
|
|
- update-grub
|
|
- name: Configure Plymouth
|
|
template:
|
|
src: global/plymouthd.conf
|
|
dest: /etc/plymouth/plymouthd.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
notify:
|
|
- rebuild initrd
|
|
- name: Configure SystemD LoginD
|
|
lineinfile:
|
|
path: /etc/systemd/logind.conf
|
|
regexp: '^#?{{ item.key }}='
|
|
line: "{{ item.key }}={{ item.value }}"
|
|
loop: "{{ entries | dict2items }}"
|
|
vars:
|
|
entries:
|
|
HandlePowerKey: poweroff
|
|
HandleSuspendKey: suspend
|
|
HandleHibernateKey: suspend
|
|
HandleLidSwitch: suspend
|
|
HandleLidSwitchExternalPower: suspend
|
|
HandleLidSwitchDocked: suspend
|
|
- name: Create group autologin for LightDM
|
|
group:
|
|
state: present
|
|
name: autologin
|
|
- name: Configure system settings
|
|
template:
|
|
src: "global/{{ item.key }}"
|
|
dest: "{{ item.value }}"
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
loop: "{{ config_files | dict2items }}"
|
|
vars:
|
|
config_files:
|
|
lightdm.conf: /etc/lightdm/lightdm.conf
|
|
lightdm-gtk-greeter.conf: /etc/lightdm/lightdm-gtk-greeter.conf
|
|
sudo_allow_update: /etc/sudoers.d/allow_update
|
|
# Admin User Configuration
|
|
- name: Configure admin user
|
|
user:
|
|
state: present
|
|
name: "{{ admin_user }}"
|
|
home: "{{ admin_home }}"
|
|
create_home: yes
|
|
move_home: yes
|
|
shell: /bin/bash
|
|
groups:
|
|
- audio
|
|
- video
|
|
- netdev
|
|
- plugdev
|
|
- sudo
|
|
append: yes
|
|
password: "{{ admin_pass | password_hash('sha512', LOCAL_SALT) }}"
|
|
update_password: on_create
|
|
- name: Create admin user configuration directories
|
|
file:
|
|
state: directory
|
|
path: "{{ admin_home }}/{{ item }}"
|
|
owner: "{{ admin_user }}"
|
|
group: "{{ admin_user }}"
|
|
mode: u=rwx,g=rx,o=
|
|
loop:
|
|
- .config/i3
|
|
- .config/i3status
|
|
- name: Configure environment for admin user
|
|
template:
|
|
src: "admin/{{ item.key }}"
|
|
dest: "{{ admin_home }}/{{ item.value }}"
|
|
owner: "{{ admin_user }}"
|
|
group: "{{ admin_user }}"
|
|
mode: u=rw,g=r,o=
|
|
loop: "{{ config_files | dict2items }}"
|
|
vars:
|
|
config_files:
|
|
i3.cfg: .config/i3/config
|
|
i3status.cfg: .config/i3status/config
|
|
status.sh: .config/i3status/call
|
|
Xresources: .Xresources
|
|
# UI User Configuration
|
|
- name: Configure UI user
|
|
user:
|
|
state: present
|
|
name: "{{ ui_user }}"
|
|
home: "{{ ui_home }}"
|
|
create_home: yes
|
|
move_home: yes
|
|
shell: /bin/bash
|
|
groups:
|
|
- audio
|
|
- autologin
|
|
- video
|
|
append: yes
|
|
password: "{{ ui_pass | password_hash('sha512', LOCAL_SALT) }}"
|
|
update_password: on_create
|
|
- name: Create UI user configuration directories
|
|
file:
|
|
state: directory
|
|
path: "{{ ui_home }}/{{ item }}"
|
|
owner: root
|
|
group: "{{ ui_user }}"
|
|
mode: u=rwx,g=rx,o=
|
|
loop:
|
|
- bin
|
|
- .config/i3
|
|
- .config/imv
|
|
- name: Configure environment for UI user
|
|
template:
|
|
src: "ui/{{ item.key }}"
|
|
dest: "{{ ui_home }}/{{ item.value }}"
|
|
owner: root
|
|
group: "{{ ui_user }}"
|
|
mode: u=rw,g=r,o=
|
|
loop: "{{ config_files | dict2items }}"
|
|
vars:
|
|
config_files:
|
|
i3.cfg: .config/i3/config
|
|
imv.conf: .config/imv/config
|
|
Xresources: .Xresources
|
|
- name: Install client for kiosk
|
|
template:
|
|
src: client.py
|
|
dest: "{{ ui_home }}/bin/client.py"
|
|
owner: root
|
|
group: "{{ ui_user }}"
|
|
mode: u=rwx,g=rx,o=
|
|
# Shared directory
|
|
- name: Create shared directory structure for both users
|
|
file:
|
|
state: directory
|
|
path: "{{ shared_dir }}"
|
|
owner: "{{ admin_user }}"
|
|
group: "{{ ui_user }}"
|
|
mode: u=rwx,g=rx,o=rx
|
|
# Test Images
|
|
- name: Unpack test images
|
|
unarchive:
|
|
src: "test-images.tar.gz"
|
|
dest: "{{ shared_dir }}"
|
|
owner: "{{ admin_user }}"
|
|
group: "{{ ui_user }}"
|
|
mode: u=rwx,g=rx,o=rx
|
|
# Post Setup
|
|
- name: Disable root access
|
|
user:
|
|
state: present
|
|
name: root
|
|
password: '!'
|
|
- name: Remove setup crontab entry
|
|
cron:
|
|
state: absent
|
|
name: setup call playbook
|
|
user: root
|