General rewrite

This is a big rewrite of all playbooks and assets. We should probably split the playbooks into roles in the future.
1 year ago · c0f18e93ab
parent 3aed386936
commit c0f18e93ab
31 changed files with 333 additions and 206 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,3 @@
+[defaults]
+inventory=hosts
+forks=8
--- a/bakalari.yaml
+++ b/bakalari.yaml
@ -1,10 +0,0 @@
- name: Install Bakaláři
-  hosts: ucitelske
-  user: administrator
-  become: true
-  tasks:
-    - name: Create desktop shortcut for Bakaláři
-      copy: src={{ item.src }} dest={{ item.dest }}
-      with_items:
-        - { src: 'files/bakalari.desktop', dest: '/usr/share/applications/bakalari.desktop' }
-        - { src: 'files/bakalari.png', dest: '/usr/share/icons/bakalari.png' }
--- a/desktop.yaml
+++ b/desktop.yaml
@ -0,0 +1,62 @@
+---
+- name: Gnome desktop setup
+  hosts: all
+  user: root
+
+  tasks:
+    - name: Enable autologin
+      copy:
+        src: 'files/desktop/autologin'
+        dest: '/etc/gdm/custom.conf'
+
+    - name: Pin applications to dash
+      copy:
+        src: 'files/desktop/dash'
+        dest: '/etc/dconf/db/local.d/dash'
+
+    - name: Set wallpaper
+      copy: src={{ item.src }} dest={{ item.dest }}
+      with_items:
+        - { src: 'files/desktop/background', dest: '/etc/dconf/db/local.d/background' }
+        - { src: 'files/desktop/wallpaper.jpg', dest: '/usr/local/share/wallpaper.jpg' }
+
+    - name: Remove old wallpaper config
+      # This can be deleted in the future
+      file:
+        path: '/etc/dconf/db/local.d/wallpaper'
+        state: absent
+
+    - name: Lock desktop wallpaper settings
+      copy:
+        src: 'files/desktop/lock/background'
+        dest: '/etc/dconf/db/local.d/locks/background'
+
+    - name: GDM usernames profile
+      copy:
+        src: 'files/desktop/profile'
+        dest: '/etc/dconf/profile/gdm'
+
+    - name: GDM login screen configuration - don't show all users
+      copy:
+        src: 'files/desktop/login-screen'
+        dest: '/etc/dconf/db/gdm.d/login-screen'
+
+    - name: GDM login screen configuration - disable accessibility
+      # Not working, perhaps broken GDM
+      copy:
+        src: 'files/desktop/accessibility'
+        dest: '/etc/dconf/db/gdm.d/accessibility'
+
+    - name: GDM screensaver with short delay
+      copy:
+        src: 'files/desktop/screensaver-short'
+        dest: '/etc/dconf/db/local.d/screensaver'
+
+    - name: GDM screensaver with long delay
+      when: inventory_hostname in groups['teacher:children']
+      copy:
+        src: 'files/desktop/screensaver-long'
+        dest: '/etc/dconf/db/local.d/screensaver'
+
+    - name: Update dconf database
+      command: "dconf update"
--- a/files/desktop/accessibility
+++ b/files/desktop/accessibility
--- a/files/desktop/autologin
+++ b/files/desktop/autologin
@ -0,0 +1,3 @@
+[daemon]
+AutomaticLoginEnable=True
+AutomaticLogin=student
--- a/files/desktop/background
+++ b/files/desktop/background
--- a/files/desktop/dash
+++ b/files/desktop/dash
--- a/files/desktop/jirka.jpg
+++ b/files/desktop/jirka.jpg
--- a/files/desktop/lock/background
+++ b/files/desktop/lock/background
@ -0,0 +1,5 @@
+# Lock desktop background settings
+/org/gnome/desktop/background/picture-uri
+/org/gnome/desktop/background/picture-options
+/org/gnome/desktop/background/primary-color
+/org/gnome/desktop/background/secondary-color
--- a/files/desktop/login-screen
+++ b/files/desktop/login-screen
--- a/files/desktop/profile
+++ b/files/desktop/profile
--- a/files/desktop/screensaver-long
+++ b/files/desktop/screensaver-long
--- a/files/desktop/screensaver-short
+++ b/files/desktop/screensaver-short
--- a/files/desktop/wallpaper.jpg
+++ b/files/desktop/wallpaper.jpg
--- a/files/repositories/vscode
+++ b/files/repositories/vscode
--- a/firefox.yaml
+++ b/firefox.yaml
@ -1,12 +0,0 @@
- name: Firefox configuration
-  hosts: all
-  user: administrator
-  become: true
-
-  tasks:
-    - name: Firefox addons folder
-      file: path=/usr/lib64/firefox/distribution/extensions state=directory
-    - name: Firefox addons installation
-      copy:
-        src: 'files/firefox-addons/uBlock0@raymondhill.net.xpi'
-        dest: '/usr/lib64/firefox/distribution/extensions/uBlock0@raymondhill.net.xpi'
--- a/gnome-config.yaml
+++ b/gnome-config.yaml
@ -1,46 +0,0 @@
- name: GJK GNOME configuration
-  hosts: all
-  user: administrator
-  become: true
-
-  tasks:
-    - name: Pin applications to dash
-      copy:
-        src: 'gdm/dash'
-        dest: '/etc/dconf/db/local.d/dash'
-
-    - name: Set wallpaper
-      copy: src={{ item.src }} dest={{ item.dest }}
-      with_items:
-        - { src: 'gdm/wallpaper', dest: '/etc/dconf/db/local.d/wallpaper' }
-        - { src: 'files/wallpaper.jpg', dest: '/usr/local/share/wallpaper.jpg' }
-
-    - name: GDM usernames profile
-      copy:
-        src: 'gdm/profile'
-        dest: '/etc/dconf/profile/gdm'
-
-    - name: GDM login screen configuration - don't show all users
-      copy:
-        src: 'gdm/login-screen'
-        dest: '/etc/dconf/db/gdm.d/login-screen'
-
-    - name: GDM login screen configuration - disable accessibility
-      # Not working, perhaps broken GDM
-      copy:
-        src: 'gdm/accessibility'
-        dest: '/etc/dconf/db/gdm.d/accessibility'
-
-    - name: GDM screensaver with short delay
-      copy:
-        src: 'gdm/screensaver-short'
-        dest: '/etc/dconf/db/local.d/screensaver'
-
-    - name: GDM screensaver with long delay
-      when: inventory_hostname in groups['ucitelske']
-      copy:
-        src: 'gdm/screensaver-long'
-        dest: '/etc/dconf/db/local.d/screensaver'
-
-    - name: Update dconf database
-      command: "dconf update"
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@ -0,0 +1,60 @@
+---
+ssh_keys:
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm981GRiUIsp8e4bTDv+d9SyHfQ8P18W5oovgmAfnip em@x210
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqmyaaIqRU9hx8PxRnIqe/pRANIxrEEscuMWrHZF1yh snowflake@flakeX230
+
+dnf_install:
+  # Domain join requirements
+  # - sssd
+  # - oddjob
+  # - oddjob-mkhomedir
+  # - adcli
+  # - samba-common-tools
+  # General
+  - git
+  - code
+  - gcc-c++
+  - guile
+  - valgrind
+  - htop
+  - python3-idle
+  - texstudio
+  - screen
+  - tmux
+  - vim
+  - emacs
+  # Web Browsers
+  - firefox
+  # Multimedia
+  - celluloid
+  - audacity
+  - gimp
+  - inkscape
+  - kdenlive
+  - shotcut
+  - krita
+  - mypaint
+  # Multimedia codecs
+  - ffmpeg-libs
+  # CAD
+  - freecad
+  - kicad
+  - openscad
+  - prusa-slicer
+  # Databases
+  - sqlitebrowser
+  # Fun & games
+  - sl
+  - cowsay
+  - figlet
+  - asciiquarium
+  - cbonsai
+  - cmatrix
+  - openarena
+  - frozen-bubble
+dnf_remove:
+  - john
+  - chromium
+flatpak_install:
+  - cc.arduino.arduinoide
+flatpak_remove:
--- a/halt.yaml
+++ b/halt.yaml
@ -1,8 +0,0 @@
- name: Shutdown all machines
-  hosts: all
-  user: administrator
-  become: true
-
-  tasks:
-    - name: Unconditionally shut down the machine with all defaults
-      community.general.shutdown:
--- a/26
+++ b/26
@ -1,5 +1,20 @@
-[PoV]
-VU00.local
+[pov:children]
+students_pov
+teacher_pov
+
+[pom:children]
+students_pom
+teacher_pom
+
+[teacher:children]
+teacher_pov
+teacher_pom
+
+[students:children]
+students_pov
+students_pom
+
+[students_pov]
 VU01.local
 VU02.local
 VU03.local
@ -16,8 +31,7 @@ VU13.local
 VU14.local
 VU15.local

-[PoM]
-MU01.local
+[students_pom]
 MU02.local
 MU03.local
 MU04.local
@ -36,6 +50,8 @@ MU16.local
 MU17.local
 MU18.local

-[ucitelske]
+[teacher_pov]
 VU00.local
+
+[teacher_pom]
 MU01.local
--- a/readme.md
+++ b/readme.md
@ -3,7 +3,16 @@ These are all files for machine management at GJK via Ansible.
 Push your SSH keys to all machines to the `administrator` user. Here is a sample playbook execution.

 ```
-ansible-playbook -i hosts -l PoM --key-file ~/.ssh/keys/gjk-ansible -K update.yaml
+ansible-playbook all setup.yaml
+ansible-playbook all --key-file ~/.ssh/keys/gjk-ansible setup.yaml
+```
+
+You shoud laso setup your ssh, eg.:
+
+```
+Host VU* MU*
+	User root
+	IdentityFile ~/.ssh/keys/gjk-ansible
 ```

 GDM configuration can be found at <https://help.gnome.org/admin/system-admin-guide/stable/index.html.en>.
--- a/reboot.yaml
+++ b/reboot.yaml
@ -0,0 +1,8 @@
+---
+- name: Reboot all machines
+  hosts: all
+  user: root
+
+  tasks:
+    - name: Reboot all machines
+      ansible.builtin.reboot:
--- a/roles/bakalari/files/bakalari.desktop
+++ b/roles/bakalari/files/bakalari.desktop
--- a/roles/bakalari/files/bakalari.png
+++ b/roles/bakalari/files/bakalari.png
--- a/roles/bakalari/tasks/main.yaml
+++ b/roles/bakalari/tasks/main.yaml
@ -0,0 +1,10 @@
+---
+- name: Create a desktop shortcut for Bakaláři
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+  loop:
+    - src: "files/bakalari.desktop"
+      dest: "/usr/share/applications/bakalari.desktop"
+    - src: "files/bakalari.png"
+      dest: "/usr/share/icons/bakalari.png"
--- a/setup.yaml
+++ b/setup.yaml
@ -1,70 +1,95 @@
- name: GJK Fedora setting up script
+---
+- name: GJK client setup
  hosts: all
-  user: administrator
-  become: true
+  user: root
+
  tasks:
-    - name: Importing RPM Fusion (free) key
+    # Repositories
+    - name: Import RPM Fusion (free) key
      ansible.builtin.rpm_key:
        state: present
        key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020
-    - name: Importing RPM Fusion (non-free) key
+
+    - name: Import RPM Fusion (non-free) key
      ansible.builtin.rpm_key:
        state: present
        key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
-    - name: Importing Microsoft VS Code key
+
+    - name: Import Microsoft VS Code key
      ansible.builtin.rpm_key:
        state: present
        key: https://packages.microsoft.com/keys/microsoft.asc
+
    - name: Activate RPM Fusion repository
      dnf:
        name:
-          - https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ansible_distribution_major_version}}.noarch.rpm
-          - https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ansible_distribution_major_version}}.noarch.rpm
+          - https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm
+          - https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm
        state: present
+
    - name: Activate VS Code repository
      copy:
-        src: repositories/vscode
+        src: files/repositories/vscode
        dest: /etc/yum.repos.d/vscode.repo
-    - name: Update system
+
+
+    # Flatpak
+    - name: Enable flathub repo
+      command: "{{ item }}"
+      loop: "{{ commands }}"
+      vars:
+        commands:
+          - "flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo"
+          - "flatpak remote-modify --enable flathub"
+
+
+    - name: Upgrade packages
      dnf:
+        update_cache: true
        name: "*"
        state: latest
-    - name: Boot Windows by default (PoV)
-      when: inventory_hostname in groups['PoV']
-      command: "grub2-set-default \"Windows 8 (on /dev/sda1)\""
-    - name: Boot Windows by default (PoM)
-      when: inventory_hostname in groups['PoM']
-      command: "grub2-set-default \"Windows Boot Manager (on /dev/nvme0n1p1)\""
-    - name: Add Czech keyboard layout
-      command: "localectl set-x11-keymap us,cz"
+
    - name: Install NVIDIA drivers
-      when: inventory_hostname in groups['PoV']
      dnf:
        name:
          - akmod-nvidia
        state: present
-    - name: Add flathub repo
-      command: "flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo"
-    - name: Enable flathub repo
-      command: "flatpak remote-modify --enable flathub"
-    - name: Create Administrator user
+      when: inventory_hostname in groups['pov:children']
+
+    - name: Set default boot option to Windows
+      command: "grub2-set-default \"{{ default_boot_option }}\""
+      vars:
+        default_boot_option: >-
+          {% if inventory_hostname in groups['pov:children'] %}
+            Windows 8 (on /dev/sda1)
+          {% elif inventory_hostname in groups['pom:children'] %}
+            Windows Boot Manager (on /dev/nvme0n1p1)
+          {% endif %}
+      when:
+        - inventory_hostname in groups['pov:children']
+        - inventory_hostname in groups['pom:children']
+
+    - name: Add Czech keyboard layout
+      command: "localectl set-x11-keymap us,cz"
+
+    # Firefox
+    - name: Ensure Firefox addons folder exists
+      file:
+        path: /usr/lib64/firefox/distribution/extensions
+        state: directory
+    - name: Install firefox addons
+      copy:
+        src: "{{ item }}"
+        dest: "/usr/lib64/firefox/distribution/extensions/"
+      loop:
+        - "files/firefox-addons/uBlock0@raymondhill.net.xpi"
+
+    - name: Setup user student
      user:
-        name: administrator
-        password: "$6$7BN9WWJY2XJuixhs$tirH/J9WV8HX9tf9J7DVFEdYSt0UA6N2TGu0Exih0fIAYHA/RDJPpTgGbYtxw6You4THNpYoFNiRO.HVESkRd0"
-        # generovat heslo pomocí `mkpasswd --method=sha-512`
+        name: student
+        password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
        groups:
-          - wheel
-          - dialout
+          - dialout  # Arduino serial access
        state: present
-    #- name: Update student user
-    #  user:
-    #    name: student
-    #    groups:
-    #      - wheel
-    #      - dialout
-    #    state: present
-    # - name: Remove student user
-    #   user:
-    #     name: student
-    #     state: absent
-    #     remove: true
+        # state: absent
+        # remove: true
--- a/shudown.yaml
+++ b/shudown.yaml
@ -0,0 +1,8 @@
+---
+- name: Shutdown all machines
+  hosts: all
+  user: root
+
+  tasks:
+    - name: Shutting down
+      community.general.shutdown:
--- a/software.yaml
+++ b/software.yaml
@ -1,66 +1,41 @@
- name: GJK Fedora software setup
+---
+- name: Software setup
  hosts: all
-  user: administrator
-  become: true
+  user: root
+
+  handlers:
+    - name: Dependency cleanup
+      ansible.builtin.dnf:
+        autoremove: true

  tasks:
+    - name: Upgrade packages
+      ansible.builtin.dnf:
+        update_cache: true
+        name: "*"
+        state: latest
+
    - name: Install applications
-      dnf:
-        name:
-          # General
-          - git
-          - code
-          - gcc-c++
-          - guile
-          - valgrind
-          - htop
-          - python3-idle
-          - texstudio
-          - screen
-          - tmux
-          - vim
-          - emacs
-          # Multimedia
-          - audacity
-          - gimp
-          - inkscape
-          - kdenlive
-          - shotcut
-          - krita
-          - mypaint
-          - celluloid
-          # CAD
-          - freecad
-          - kicad
-          - prusa-slicer
-          # Multimedia codecs
-          - ffmpeg-libs
-          # Domain join requirements
-          - sssd
-          - oddjob
-          - oddjob-mkhomedir
-          - adcli
-          - samba-common-tools
-          # Fun
-          - sl
-          - cowsay
-          - figlet
-          # Games
-          #- openarena
+      ansible.builtin.dnf:
+        name: "{{ dnf_install }}"
        state: present
+      when: dnf_install

-    - name: Remove unused applications
-      dnf:
-        name:
-          - openarena
+    - name: Remove applications
+      ansible.builtin.dnf:
+        name: "{{ dnf_remove }}"
        state: absent
+      when: dnf_remove
+      notify: Dependency cleanup

-    - name: Dependency cleanup
-      dnf:
-        autoremove: yes
-
-    - name: Install required apps from flatpak
+    - name: Install apps from Flatpak
      community.general.flatpak:
-        name:
-          - cc.arduino.arduinoide
+        name: "{{ flatpak_install }}"
        state: present
+      when: flatpak_install
+
+    - name: Remove apps from Flatpak
+      community.general.flatpak:
+        name: "{{ flatpak_remove }}"
+        state: absent
+      when: flatpak_remove
--- a/ssh.yaml
+++ b/ssh.yaml
@ -0,0 +1,46 @@
+---
+- name: Reconfigure old ssh to new config
+  hosts: all
+  user: root
+
+  handlers:
+    - name: restart ssh
+      systemd:
+        name: sshd
+        state: restarted
+
+  tasks:
+    - name: Ensure root ssh directory exists
+      file:
+        path: /root/.ssh
+        state: directory
+        owner: root
+        group: root
+        mode: '0700'
+
+    - name: Ensure authorized_keys file exists
+      file:
+        path: /root/.ssh/authorized_keys
+        state: touch
+        owner: root
+        group: root
+        mode: '0600'
+
+    - name: Purge old authorized_keys file
+      shell: "echo '' > /root/.ssh/authorized_keys"
+
+    - name: Import new SSH keys
+      authorized_key:
+        user: root
+        key: "{{ item }}"
+        state: present
+      loop: "{{ ssh_keys }}"
+
+    - name: Enable Root Login
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        regexp: '^PermitRootLogin'
+        line: "PermitRootLogin prohibit-password"
+        state: present
+      notify:
+        - restart ssh
--- a/student.yaml
+++ b/student.yaml
@ -1,12 +0,0 @@
- name: GJK Fedora setting up script
-  hosts: all
-  user: administrator
-  become: true
-  tasks:
-    - name: Update student user
-      user:
-        name: student
-        password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
-        groups:
-          - dialout
-        state: present
--- a/update.yaml
+++ b/update.yaml
@ -1,15 +0,0 @@
- name: GJK Fedora update script
-  hosts: all
-  user: administrator
-  become: true
-  tasks:
-    - name: Update system
-      dnf:
-        name: "*"
-        state: latest
-    - name: Boot Windows by default (PoV)
-      when: inventory_hostname in groups['PoV']
-      command: "grub2-set-default \"Windows 8 (on /dev/sda1)\""
-    - name: Boot Windows by default (PoM)
-      when: inventory_hostname in groups['PoM']
-      command: "grub2-set-default \"Windows Boot Manager (on /dev/nvme0n1p1)\""