paulbsd/ansible-gnu-corporate-workstation
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated roles

Browse Source
This commit is contained in:
Paul 2020-04-26 19:30:39 +02:00
parent 3b3b274ab0
commit 83f0771733
28 changed files with 165 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Vagrantfile vendored
View File

@ -2,9 +2,9 @@
# vi: set ft=ruby : # vi: set ft=ruby :
Vagrant.configure("2") do |config| Vagrant.configure("2") do |config|
config.vm.box = "boxcutter/ubuntu1604-desktop" config.vm.box = "fasmat/ubuntu2004-desktop"
config.vm.box_version = "20.0425.1"
config.vm.provision "ansible" do |ansible| config.vm.provision "ansible" do |ansible|
#ansible.verbose = "vv"
ansible.playbook = "test.yml" ansible.playbook = "test.yml"
end end
end end

23
playbook.yml
View File

@ -5,15 +5,14 @@
- common - common
- samba - samba
- pam - pam
- lightdm
vars: vars:
- kbdlang: "fr" kbdlang: "fr"
- kbdmodel: "pc105" kbdmodel: "pc105"
- kbdvariant: "latin9" kbdvariant: "latin9"
- localelang: "fr_FR" localelang: "fr_FR"
- localelanguage: "fr_FR:" localelanguage: "fr_FR:"
- timezone: "Europe/Paris" timezone: "Europe/Paris"
- languagepacks: languagepacks:
- language-pack-fr - language-pack-fr
- language-pack-fr-base - language-pack-fr-base
vars_prompt: vars_prompt:
@ -21,16 +20,16 @@
prompt: "Timezone " prompt: "Timezone "
default: "Europe/Paris" default: "Europe/Paris"
- name: "ad_dns_domain" - name: "ad_dns_domain"
prompt: "Active Directory DNS domain name " prompt: "Active Directory DNS domain name : "
private: no private: no
default: "organization.int" default: "organization.int"
- name: "ad_nt_domain" - name: "ad_nt_domain"
prompt: "NT domain name " prompt: "NT domain name : "
private: no private: no
default: "ORGANIZATION" default: "ORGANIZATION"
- name: "ad_admin_username" - name: "ad_admin_username"
prompt: "Admin username " prompt: "Admin username : "
private: no private: no
default: "Administrator" default: "Administrator"
- name: "ad_admin_password" - name: "ad_admin_password"
prompt: "Admin password " prompt: "Admin password : "

17
roles/common/defaults/main.yml Normal file
View File

@ -0,0 +1,17 @@
---
apt_pkgs:
- htop
- ntp
- ntpdate
- ncdu
- tmux
kbdlang: "fr"
kbdmodel: "pc105"
kbdvariant: "latin9"
localelang: "fr_FR"
localelanguage: "fr_FR:"
timezone: "Europe/Paris"
languagepacks:
- language-pack-fr
- language-pack-fr-base

24
roles/common/tasks/apt.yml
View File

@ -1,26 +1,18 @@
--- ---
- name: Update apt sources - name: Update apt sources
apt: apt:
update_cache=yes update_cache: yes
upgrade=yes
tags: tags:
- prereqs - apt_prereqs
- apt
- name: Install utils main utils - name: Install utils main utils
apt: name={{ item }} apt:
with_items: name: "{{ apt_pkgs }}"
- "{{ apt_pkgs }}"
tags: tags:
- prereqs - apt_prereqs
- apt
- name: Install needed language packs - name: Install needed language packs
apt: name={{ item }} apt:
with_items: name: "{{ languagepacks }}"
- language-pack-fr
- language-pack-fr-base
tags: tags:
- prereqs - apt_prereqs
- apt

23
roles/common/tasks/hostname.yml
View File

@ -1,26 +1,25 @@
--- ---
- name: Set hostname - name: Set hostname
shell: hostname {{ ansible_hostname }}.{{ ad_dns_domain }} shell: "hostname {{ ansible_hostname }}.{{ ad_dns_domain }}"
- name: Set hostname file - name: Set hostname file
template: template:
src=hostname.j2 src: hostname.j2
dest=/etc/hostname dest: /etc/hostname
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: tags:
- prereqs - prereqs
- hostname - hostname
- name: Set hosts file - name: Set hosts file
template: template:
src=hosts.j2 src: hosts.j2
dest=/etc/hosts dest: /etc/hosts
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: tags:
- prereqs - prereqs
- hostname - hostname

11
roles/common/tasks/keyboard.yml
View File

@ -1,12 +1,11 @@
--- ---
- name: Set keyboard layouts - name: Set keyboard layouts
template: template:
src=keyboard.j2 src: keyboard.j2
dest=/etc/default/keyboard dest: /etc/default/keyboard
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: tags:
- prereqs - prereqs
- keyboard - keyboard

4
roles/common/tasks/main.yml
View File

@ -1,7 +1,4 @@
--- ---
- name: Install aptitude
command: apt-get install -y aptitude
- name: Update lists, upgrade and install needed packages - name: Update lists, upgrade and install needed packages
include: apt.yml include: apt.yml
@ -13,4 +10,3 @@
- name: Include time configuration - name: Include time configuration
include: time.yml include: time.yml

8
roles/common/tasks/time.yml
View File

@ -1,10 +1,10 @@
--- ---
- name: Set Timezone - name: Set Timezone
file: file:
src=/usr/share/zoneinfo/{{ timezone }} src: "/usr/share/zoneinfo/{{ timezone }}"
dest=/etc/localtime dest: "/etc/localtime"
force=yes force: yes
state=link state: link
tags: tags:
- prereqs - prereqs
- timezone - timezone

1
roles/common/templates/keyboard.j2
View File

@ -8,4 +8,3 @@ XKBVARIANT="{{ kbdvariant }}"
XKBOPTIONS="" XKBOPTIONS=""
BACKSPACE="guess" BACKSPACE="guess"

6
roles/common/vars/main.yml
View File

@ -1,7 +1 @@
--- ---
apt_pkgs:
- htop
- ntp
- ntpdate
- ncdu
- tmux

1
roles/gdm/tasks/main.yml
View File

@ -1 +0,0 @@
---

6
roles/gdm/templates/lightdm.conf.j2
View File

@ -1,6 +0,0 @@
[SeatDefaults]
allow-guest=false
greeter-hide-users=true
greeter-show-manual-login=true
autologin-user=

15
roles/gdm/templates/users.conf.j2
View File

@ -1,15 +0,0 @@
#
# User accounts configuration
#
# NOTE: If you have AccountsService installed on your system, then LightDM will
# use this instead and these settings will be ignored
#
# minimum-uid = Minimum UID required to be shown in greeter
# hidden-users = Users that are not shown to the user
# hidden-shells = Shells that indicate a user cannot login
#
[UserList]
minimum-uid=500
hidden-users=nobody nobody4 noaccess
hidden-shells=/bin/false /usr/sbin/nologin

1
roles/lightdm/defaults/main.yml Normal file
View File

@ -0,0 +1 @@
---

26
roles/lightdm/tasks/main.yml
View File

@ -1,18 +1,24 @@
--- ---
- name: Create lightdm config dir
file:
path: /etc/lightdm
state: directory
tags: lightdm
- name: Set lightdm main configuration file - name: Set lightdm main configuration file
template: template:
src=lightdm.conf.j2 src: lightdm.conf.j2
dest=/etc/lightdm/lightdm.conf dest: /etc/lightdm/lightdm.conf
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: lightdm tags: lightdm
- name: Set lightdm users.conf file - name: Set lightdm users.conf file
template: template:
src=users.conf.j2 src: users.conf.j2
dest=/etc/lightdm/users.conf dest: /etc/lightdm/users.conf
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: lightdm tags: lightdm

1
roles/lightdm/templates/lightdm.conf.j2
View File

@ -3,4 +3,3 @@ allow-guest=false
greeter-hide-users=true greeter-hide-users=true
greeter-show-manual-login=true greeter-show-manual-login=true
autologin-user= autologin-user=

1
roles/lightdm/templates/users.conf.j2
View File

@ -12,4 +12,3 @@
minimum-uid=500 minimum-uid=500
hidden-users=nobody nobody4 noaccess hidden-users=nobody nobody4 noaccess
hidden-shells=/bin/false /usr/sbin/nologin hidden-shells=/bin/false /usr/sbin/nologin

1
roles/lightdm/vars/main.yml Normal file
View File

@ -0,0 +1 @@
---

1
roles/pam/defaults/main.yml Normal file
View File

@ -0,0 +1 @@
---

51
roles/pam/tasks/main.yml
View File

@ -1,46 +1,45 @@
--- ---
- name: Install common-account - name: Install common-account
template: template:
src=common-account.j2 src: common-account.j2
dest=/etc/pam.d/common-account dest: /etc/pam.d/common-account
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: pam tags: pam
- name: Install common-auth - name: Install common-auth
template: template:
src=common-auth.j2 src: common-auth.j2
dest=/etc/pam.d/common-auth dest: /etc/pam.d/common-auth
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: pam tags: pam
- name: Install common-password - name: Install common-password
template: template:
src=common-password.j2 src: common-password.j2
dest=/etc/pam.d/common-password dest: /etc/pam.d/common-password
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: pam tags: pam
- name: Install common-session - name: Install common-session
template: template:
src=common-session.j2 src: common-session.j2
dest=/etc/pam.d/common-session dest: /etc/pam.d/common-session
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: pam tags: pam
- name: Install common-session-noninteractive - name: Install common-session-noninteractive
template: template:
src=common-session-noninteractive.j2 src: common-session-noninteractive.j2
dest=/etc/pam.d/common-session-noninteractive dest: /etc/pam.d/common-session-noninteractive
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
tags: pam tags: pam

1
roles/pam/vars/main.yml Normal file
View File

@ -0,0 +1 @@
---

14
roles/samba/defaults/main.yml Normal file
View File

@ -0,0 +1,14 @@
---
samba_packages:
- heimdal-clients
- libnss-winbind
- libpam-winbind
- ntp
- ntpdate
- samba
- winbind
samba_daemons:
- smbd
- nmbd
- winbind

12
roles/samba/handlers/main.yml
View File

@ -1,8 +1,6 @@
- name: restart samba ---
- name: Restart samba
service: service:
name={{ item }} name: "{{ item }}"
state=restarted state: restarted
with_items: loop: "{{ samba_daemons }}"
- smbd
- nmbd
- winbind

73
roles/samba/tasks/main.yml
View File

@ -1,75 +1,62 @@
--- ---
- name: Install samba and required tools - name: Install samba and required tools
apt: apt:
name={{ item }} name: "{{ item }}"
state=present state: present
with_items: loop: "{{ samba_packages }}"
- heimdal-clients tags: samba
- libnss-winbind
- libpam-winbind
- ntp
- ntpdate
- samba
- winbind
tags:
- samba
- name: Install nsswitch passwd config - name: Install nsswitch passwd config
lineinfile: lineinfile:
dest=/etc/nsswitch.conf dest: /etc/nsswitch.conf
regexp="^passwd:" regexp: "^passwd:"
line="passwd{{ ':' }} files winbind" line: "passwd{{ ':' }} files winbind"
notify: restart samba notify: Restart samba
tags: tags:
- samba - samba
- nsswitch - nsswitch
- name: Install nsswitch group config - name: Install nsswitch group config
lineinfile: lineinfile:
dest=/etc/nsswitch.conf dest: /etc/nsswitch.conf
regexp="^group:" regexp: "^group:"
line="group{{ ':' }} files winbind" line: "group{{ ':' }} files winbind"
notify: restart samba notify: Restart samba
tags: tags:
- samba - samba
- nsswitch - nsswitch
- name: Install nsswitch shadow config - name: Install nsswitch shadow config
lineinfile: lineinfile:
dest=/etc/nsswitch.conf dest: /etc/nsswitch.conf
regexp="^shadow:" regexp: "^shadow:"
line="shadow{{ ':' }} files winbind" line: "shadow{{ ':' }} files winbind"
notify: restart samba notify: Restart samba
tags: tags:
- samba - samba
- nsswitch - nsswitch
- name: Install samba configuration - name: Install samba configuration
template: template:
src=smb.conf.j2 src: smb.conf.j2
dest=/etc/samba/smb.conf dest: /etc/samba/smb.conf
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
notify: restart samba notify: Restart samba
tags: tags:
- samba - samba
- smbconf - smbconf
- name: Enable samba services - name: Enable samba services
service: service:
name={{ item }} name: "{{ item }}"
enabled=yes enabled: yes
with_items: loop: "{{ samba_daemons }}"
- smbd
- nmbd
- winbind
tags:
- samba
- name: Join domain
shell: net ads join -U {{ ad_admin_username }}%{{ ad_admin_password }}
notify: restart samba
register: join_domain
tags: samba tags: samba
- name: Join domain
shell: "net ads join -U {{ ad_admin_username }}%{{ ad_admin_password }}"
notify: Restart samba
register: join_domain
tags: samba

1
roles/samba/vars/main.yml Normal file
View File

@ -0,0 +1 @@
---