1
0
Fork 0
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

231 lines
4.9 KiB
YAML

---
- name: SSH
hosts: all
tasks:
- name: Ensure root ssh directory exists
file:
path: /root/.ssh
state: directory
- name: Import SSH keys
authorized_key:
user: root
key: '{{ item }}'
state: present
loop: '{{ ssh_keys }}'
- name: General
hosts: all
tasks:
- name: Install Software
community.general.xbps:
name:
- avahi
- chrony
state: present
- name: Enable Avahi service
community.general.runit:
name: avahi-daemon
enabled: true
state: started
- name: Enable Chrony service
community.general.runit:
name: chronyd
enabled: true
state: started
- name: Disable wpa_supplicant
community.general.runit:
name: wpa_supplicant
enabled: false
state: stopped
- name: Disable redundant TTYs
community.general.runit:
name: '{{ item }}'
enabled: false
state: stopped
loop:
- agetty-tty3
- agetty-tty4
- agetty-tty5
- agetty-tty6
- name: Users
hosts: all
tasks:
- name: Set bash as default shell for root
user:
name: root
shell: /bin/bash
- name: User student
user:
name: student
password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
groups:
# Arduino serial access
- dialout
state: present
- name: Lock bash configuration files for student
# Can be removed after LDAP setup
file:
path: '{{ item }}'
owner: root
group: root
mode: 644
state: touch
loop:
- /home/student/.bashrc
- /home/student/.bash_profile
- name: Disable SSH for user student
ansible.builtin.lineinfile:
path: "/etc/ssh/sshd_config"
line: "DenyUsers student"
create: true
- name: Software
hosts: all
tasks:
- name: Add non-free repository
community.general.xbps:
name: void-repo-nonfree
state: present
- name: Upgrade all packages
community.general.xbps:
upgrade: true
- name: Install packages
community.general.xbps:
name: '{{ xbps_install }}'
state: present
when: xbps_install
- name: Recursively remove packages
community.general.xbps:
name: '{{ xbps_remove }}'
state: absent
recurse: true
when: xbps_remove
- name: Gnome
hosts: all
handlers:
- name: Update dconf database
command: 'dconf update'
tasks:
- name: Install Gnome
community.general.xbps:
name:
- dbus
- gnome
- gnome-apps
- gdm
- xorg # Prevents a crash on some systems
- mesa-vdpau
- mesa-vaapi
- pipewire
state: present
- name: Enable services
community.general.runit:
name: '{{ item }}'
enabled: true
state: started
loop:
- dbus
- gdm
- name: Enable autologin
copy:
src: 'files/desktop/autologin'
dest: '/etc/gdm/custom.conf'
notify: Update dconf database
- name: Ensure directories exist
file:
path: '{{item}}'
state: directory
loop:
- /etc/dconf/db/local.d
- /etc/dconf/db/local.d/locks
- name: Create user profile
copy:
src: 'files/desktop/profile/user'
dest: '/etc/dconf/profile/user'
- name: Copy configuration files
copy:
src: 'files/desktop/main'
dest: '/etc/dconf/db/local.d/main'
notify: Update dconf database
- name: Set screen timeout
template:
src: 'files/desktop/screensaver'
dest: '/etc/dconf/db/local.d/screensaver'
notify: Update dconf database
- name: GRUB
hosts: all
handlers:
- name: grub-mkconfig
command: 'grub-mkconfig -o /boot/grub/grub.cfg'
tasks:
- name: Copy GRUB configuration
template:
src: 'files/grub/grub'
dest: '/etc/default/grub'
notify: grub-mkconfig
- name: Firefox
hosts: all
tasks:
- name: Ensure Firefox extensions folder exists
file:
path: "/usr/lib64/firefox/distribution/extensions"
state: directory
- name: Install firefox extensions
copy:
src: "{{ item }}"
dest: "/usr/lib64/firefox/distribution/extensions/"
loop:
- "files/firefox/uBlock0@raymondhill.net.xpi"
- name: Bakaláři
hosts: teachers
tasks:
- name: Create a desktop shortcut for Bakaláři
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- src: "files/bakalari/bakalari.desktop"
dest: "/usr/share/applications/bakalari.desktop"
- src: "files/bakalari/bakalari.png"
dest: "/usr/share/icons/bakalari.png"