222 lines
5.1 KiB
YAML
222 lines
5.1 KiB
YAML
---
|
|
|
|
|
|
###############################################
|
|
# Miscelaneous pre-run tasks
|
|
###############################################
|
|
- name: Set timezone to America/Los Angeles
|
|
become: true
|
|
community.general.timezone:
|
|
name: America/Los_Angeles
|
|
|
|
- name: Update Grub
|
|
when: update_grub_timeout | bool
|
|
block:
|
|
- name: Check for /etc/default/grub
|
|
stat:
|
|
path: /etc/default/grub
|
|
register: grub_file
|
|
|
|
- name: Set Grub timeout 1s
|
|
when: grub_file.stat.exists
|
|
lineinfile:
|
|
path: /etc/default/grub
|
|
regexp: 'GRUB_TIMEOUT=5'
|
|
line: ' GRUB_TIMEOUT=1'
|
|
|
|
- name: Update GRUB
|
|
when: grub_file.stat.exists
|
|
shell: update-grub
|
|
become: yes
|
|
|
|
- name: Disable ssh host checking for root
|
|
copy:
|
|
content: |
|
|
Host *
|
|
StrictHostKeyChecking no
|
|
|
|
dest: /root/.ssh/config
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
|
|
###############################################
|
|
# Update cosmos scripts
|
|
###############################################
|
|
|
|
- name: Preboot fix - Copy Files
|
|
block:
|
|
|
|
- name: update_issue.sh
|
|
copy:
|
|
src: /var/jenkins_home/ansible/roles/pxe_server/files/init/update_issue.sh
|
|
dest: /root/update_issue.sh
|
|
mode: 0755
|
|
|
|
- name: stat.sh
|
|
copy:
|
|
src: /var/jenkins_home/ansible/roles/pxe_server/files/init/stat.sh
|
|
dest: /root/stat.sh
|
|
mode: 0755
|
|
|
|
###############################################
|
|
# Passwordless SSH-ing for root
|
|
###############################################
|
|
|
|
- name: Save private key file
|
|
when: not public_deploy | bool
|
|
copy:
|
|
dest: /root/.ssh/id_rsa
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
content: "{{ matt_private_key }}"
|
|
|
|
- name: Create ssh config in skel
|
|
file:
|
|
path: /etc/skel/.ssh/
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
- name: Disable ssh host checking for everyone
|
|
copy:
|
|
content: |
|
|
Host *
|
|
StrictHostKeyChecking no
|
|
|
|
dest: /etc/skel/.ssh/config
|
|
mode: '0600'
|
|
|
|
###############################################
|
|
# MPV Stuff
|
|
###############################################
|
|
|
|
- name: Create mpv config in skel
|
|
when: not init_light | bool
|
|
file:
|
|
path: /etc/skel/.config/mpv
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
- name: Enable mpv support for hardware acceleration
|
|
when: not init_light | bool
|
|
# https://wiki.debian.org/HardwareVideoAcceleration#:~:text=To%20enable%20it%2C%20use%20the,conf).
|
|
copy:
|
|
content: |
|
|
hwdec
|
|
|
|
dest: /etc/skel/.config/mpv/mpv.conf
|
|
mode: '0600'
|
|
|
|
###############################################
|
|
# Create admin_users group
|
|
###############################################
|
|
|
|
- name: Create admin_users group
|
|
block:
|
|
|
|
- name: Create group
|
|
group:
|
|
name: admin_users
|
|
state: present
|
|
|
|
- name: check sudoers.d path
|
|
file:
|
|
path: /etc/sudoers.d/
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
- name: Make sure admin_users exists
|
|
shell: touch /etc/sudoers.d/admin_users
|
|
|
|
- name: Add admin_users group to sudoers
|
|
lineinfile:
|
|
path: /etc/sudoers.d/admin_users
|
|
state: present
|
|
regexp: '^%admin_users'
|
|
line: '%admin_users ALL=(ALL:ALL) ALL'
|
|
|
|
###############################################
|
|
# Final Miscelenea
|
|
###############################################
|
|
|
|
# This will allow all users access to install apps in the app store
|
|
- name: Allow app store access for all users
|
|
copy:
|
|
content: |
|
|
polkit.addRule(function(action, subject) {
|
|
if (action.id == "org.freedesktop.packagekit.package-install" ||
|
|
action.id == "org.freedesktop.packagekit.package-remove" ||
|
|
action.id == "org.freedesktop.packagekit.system-update") {
|
|
return polkit.Result.YES;
|
|
}
|
|
});
|
|
dest: /etc/polkit-1/rules.d/10-allow-kde-store.rules
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Remove Default Users
|
|
when: not save_pi_user | bool
|
|
ignore_errors: yes
|
|
shell: "deluser {{ default_users_item }}"
|
|
loop: "{{ default_users }}"
|
|
loop_control:
|
|
loop_var: default_users_item
|
|
|
|
- name: remove default openvpn profile if hyperv or requested
|
|
shell: |
|
|
systemctl stop openvpn-client@cosmos-client.service
|
|
systemctl disable openvpn-client@cosmos-client.service
|
|
systemctl daemon-reload
|
|
when: is_hyperv | bool or no_vpn | bool
|
|
|
|
# cosmostat script for all
|
|
- name: create cosmostat
|
|
shell: "cp /root/stat.sh /usr/bin/cosmostat"
|
|
|
|
- name: add cosmostat to skel .bash_aliases
|
|
copy:
|
|
dest: "/etc/skel/.bash_aliases"
|
|
mode: '0600'
|
|
content: |
|
|
cosmostat
|
|
|
|
# log group for security issues
|
|
- name: Ensure group 'log' exists
|
|
group:
|
|
name: log
|
|
state: present
|
|
|
|
- name: Recursively change ownership of a directory
|
|
file:
|
|
path: /var/log
|
|
state: directory
|
|
group: log
|
|
mode: '0775'
|
|
|
|
- name: mark cosmos-init complete
|
|
shell: "touch /opt/cosmos/init-complete"
|
|
|
|
# install cockpit if requested
|
|
# ldap breaks it
|
|
- name: install cockpit
|
|
when: intall_cockpit | bool and not install_LDAP | bool
|
|
block:
|
|
|
|
- name: Install cockpit
|
|
apt:
|
|
name:
|
|
- cockpit
|
|
state: present
|
|
|
|
- name: allow root login with cockpit
|
|
lineinfile:
|
|
path: "/etc/cockpit/disallowed-users"
|
|
regexp: '^root'
|
|
state: absent
|
|
|
|
|
|
|
|
|
|
... |