diff --git a/README.md b/README.md index 8a5804e..6285208 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,42 @@ ansible-gnu-corporate-workstation is a set of roles that enable Active Directory - Currently supports Ubuntu 16.04 LTS with Unity, will support other flavors and OS - Supports single command to deploy +### Requirements, if not installed + +- wget +- sudo ### Installation +Run the following command using a terminal emulator : ``` -wget https://raw.githubusercontent.com/paulbsd/ansible-gnu-corporate-workstation/master/provision.sh; bash provision.sh +wget -O provision.sh https://raw.githubusercontent.com/paulbsd/ansible-gnu-corporate-workstation/master/provision.sh; bash provision.sh +... +sudo reboot ``` + +### License + +Copyright (c) 2017, PaulBSD +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this +list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright notice, +this list of conditions and the following disclaimer in the documentation +and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/Vagrantfile b/Vagrantfile index 3bd3617..6c8b378 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -4,7 +4,7 @@ Vagrant.configure("2") do |config| config.vm.box = "boxcutter/ubuntu1604-desktop" config.vm.provision "ansible" do |ansible| - ansible.verbose = "vv" + #ansible.verbose = "vv" ansible.playbook = "test.yml" end end diff --git a/playbook.yml b/playbook.yml index 5b7ec04..0342dc6 100644 --- a/playbook.yml +++ b/playbook.yml @@ -12,18 +12,25 @@ - kbdvariant: "latin9" - localelang: "fr_FR" - localelanguage: "fr_FR:" + - timezone: "Europe/Paris" - languagepacks: - language-pack-fr - language-pack-fr-base vars_prompt: + - name: "timezone" + prompt: "Timezone " + default: "Europe/Paris" - name: "ad_dns_domain" prompt: "Active Directory DNS domain name " private: no + default: "organization.int" - name: "ad_nt_domain" prompt: "NT domain name " private: no + default: "ORGANIZATION" - name: "ad_admin_username" prompt: "Admin username " private: no + default: "Administrator" - name: "ad_admin_password" prompt: "Admin password " diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index b27422d..70e81a4 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -1,21 +1,26 @@ +--- - name: Update apt sources apt: update_cache=yes upgrade=yes - tags: apt + tags: + - prereqs + - apt - name: Install utils main utils apt: name={{ item }} with_items: - - htop - - ncdu - - tmux - tags: prereqs + - "{{ apt_pkgs }}" + tags: + - prereqs + - apt - name: Install needed language packs apt: name={{ item }} with_items: - language-pack-fr - language-pack-fr-base - tags: prereqs + tags: + - prereqs + - apt diff --git a/roles/common/tasks/hostname.yml b/roles/common/tasks/hostname.yml new file mode 100644 index 0000000..96fe3bb --- /dev/null +++ b/roles/common/tasks/hostname.yml @@ -0,0 +1,26 @@ +--- +- name: Set hostname + shell: hostname {{ ansible_hostname }}.{{ ad_dns_domain }} + +- name: Set hostname file + template: + src=hostname.j2 + dest=/etc/hostname + mode=0644 + owner=root + group=root + tags: + - prereqs + - hostname + +- name: Set hosts file + template: + src=hosts.j2 + dest=/etc/hosts + mode=0644 + owner=root + group=root + tags: + - prereqs + - hostname + diff --git a/roles/common/tasks/keyboard.yml b/roles/common/tasks/keyboard.yml index 7c45191..4fdaaac 100644 --- a/roles/common/tasks/keyboard.yml +++ b/roles/common/tasks/keyboard.yml @@ -1,3 +1,4 @@ +--- - name: Set keyboard layouts template: src=keyboard.j2 @@ -5,5 +6,7 @@ mode=0644 owner=root group=root - tags: prereqs + tags: + - prereqs + - keyboard diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 861490e..8b40c06 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,8 +1,16 @@ +--- - name: Install aptitude command: apt-get install -y aptitude -- name: Include apt updates +- name: Update lists, upgrade and install needed packages + include: apt.yml + +- name: Include keyboard configuration include: keyboard.yml -- name: Install needed packages - include: apt.yml +- name: Include hostname configuration + include: hostname.yml + +- name: Include time configuration + include: time.yml + diff --git a/roles/common/tasks/time.yml b/roles/common/tasks/time.yml new file mode 100644 index 0000000..efd780a --- /dev/null +++ b/roles/common/tasks/time.yml @@ -0,0 +1,10 @@ +--- +- name: Set Timezone + file: + src=/usr/share/zoneinfo/{{ timezone }} + dest=/etc/localtime + force=yes + state=link + tags: + - prereqs + - timezone diff --git a/roles/common/templates/hostname.j2 b/roles/common/templates/hostname.j2 new file mode 100644 index 0000000..2ed4d11 --- /dev/null +++ b/roles/common/templates/hostname.j2 @@ -0,0 +1 @@ +{{ ansible_hostname }}.{{ ad_dns_domain }} diff --git a/roles/common/templates/hosts.j2 b/roles/common/templates/hosts.j2 new file mode 100644 index 0000000..2c1d111 --- /dev/null +++ b/roles/common/templates/hosts.j2 @@ -0,0 +1,7 @@ +127.0.0.1 localhost +127.0.1.1 {{ ansible_hostname }}.{{ ad_dns_domain }} {{ ansible_hostname }} + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/roles/common/vars/main.yml b/roles/common/vars/main.yml new file mode 100644 index 0000000..14385c1 --- /dev/null +++ b/roles/common/vars/main.yml @@ -0,0 +1,7 @@ +--- +apt_pkgs: + - htop + - ntp + - ntpdate + - ncdu + - tmux diff --git a/roles/gdm/tasks/main.yml b/roles/gdm/tasks/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/gdm/tasks/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/gdm/templates/lightdm.conf.j2 b/roles/gdm/templates/lightdm.conf.j2 new file mode 100644 index 0000000..1718b24 --- /dev/null +++ b/roles/gdm/templates/lightdm.conf.j2 @@ -0,0 +1,6 @@ +[SeatDefaults] +allow-guest=false +greeter-hide-users=true +greeter-show-manual-login=true +autologin-user= + diff --git a/roles/gdm/templates/users.conf.j2 b/roles/gdm/templates/users.conf.j2 new file mode 100644 index 0000000..aa2c3fd --- /dev/null +++ b/roles/gdm/templates/users.conf.j2 @@ -0,0 +1,15 @@ +# +# User accounts configuration +# +# NOTE: If you have AccountsService installed on your system, then LightDM will +# use this instead and these settings will be ignored +# +# minimum-uid = Minimum UID required to be shown in greeter +# hidden-users = Users that are not shown to the user +# hidden-shells = Shells that indicate a user cannot login +# +[UserList] +minimum-uid=500 +hidden-users=nobody nobody4 noaccess +hidden-shells=/bin/false /usr/sbin/nologin + diff --git a/roles/lightdm/handlers/main.yml b/roles/lightdm/handlers/main.yml deleted file mode 100644 index 2b3780d..0000000 --- a/roles/lightdm/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart lightdm - service: - name=lightdm - state=restarted diff --git a/roles/lightdm/tasks/main.yml b/roles/lightdm/tasks/main.yml index 5706e28..f464266 100644 --- a/roles/lightdm/tasks/main.yml +++ b/roles/lightdm/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Set lightdm main configuration file template: src=lightdm.conf.j2 @@ -5,7 +6,6 @@ mode=0644 owner=root group=root - notify: restart lightdm tags: lightdm - name: Set lightdm users.conf file @@ -15,6 +15,4 @@ mode=0644 owner=root group=root - notify: restart lightdm tags: lightdm - diff --git a/roles/samba/tasks/.main.yml.swp b/roles/samba/tasks/.main.yml.swp deleted file mode 100644 index 406c5e8..0000000 Binary files a/roles/samba/tasks/.main.yml.swp and /dev/null differ diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index 82736ab..78c028b 100644 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Install samba and required tools apt: name={{ item }} @@ -10,7 +11,8 @@ - ntpdate - samba - winbind - tags: samba_install + tags: + - samba - name: Install nsswitch passwd config lineinfile: @@ -18,7 +20,9 @@ regexp="^passwd:" line="passwd{{ ':' }} files winbind" notify: restart samba - tags: samba_nsswitch + tags: + - samba + - nsswitch - name: Install nsswitch group config lineinfile: @@ -26,7 +30,9 @@ regexp="^group:" line="group{{ ':' }} files winbind" notify: restart samba - tags: samba_nsswitch + tags: + - samba + - nsswitch - name: Install nsswitch shadow config lineinfile: @@ -34,7 +40,9 @@ regexp="^shadow:" line="shadow{{ ':' }} files winbind" notify: restart samba - tags: samba_nsswitch + tags: + - samba + - nsswitch - name: Install samba configuration template: @@ -44,7 +52,9 @@ owner=root group=root notify: restart samba - tags: samba_smbconf + tags: + - samba + - smbconf - name: Enable samba services service: @@ -54,9 +64,12 @@ - smbd - nmbd - winbind - tags: samba_services + tags: + - samba - name: Join domain shell: net ads join -U {{ ad_admin_username }}%{{ ad_admin_password }} notify: restart samba - tags: samba_join + register: join_domain + tags: samba + diff --git a/test.yml b/test.yml index 35f56db..4e5a2b7 100644 --- a/test.yml +++ b/test.yml @@ -12,10 +12,12 @@ - kbdvariant: "latin9" - localelang: "fr_FR" - localelanguage: "fr_FR:" + - timezone: "Europe/Paris" - languagepacks: - language-pack-fr - language-pack-fr-base - - ad_dns_domain: AD.PAULBSD.NET + - ad_dns_domain: ad.paulbsd.net - ad_nt_domain: AD - ad_admin_username: Administrator - ad_admin_password: Password50 +