From 5c62ac12d98d273b3949c8205e0b063e57ca7f34 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sat, 23 Jan 2021 01:54:06 +0100
Subject: [PATCH] update..

---
 chnarzfoo5                                    |  6 +++
 group_vars/all/main.yml                       | 54 +++++++++++++++++++
 roles/common/tasks/apt.yml                    |  5 +-
 roles/common/tasks/main.yml                   | 18 +++----
 roles/common/tasks/samba-install.yml          | 30 ++++++-----
 .../common/tasks/ubuntu-x11vnc-1604-amd64.yml | 12 ++---
 6 files changed, 96 insertions(+), 29 deletions(-)
 create mode 100644 chnarzfoo5

diff --git a/chnarzfoo5 b/chnarzfoo5
new file mode 100644
index 0000000..0c0e8bf
--- /dev/null
+++ b/chnarzfoo5
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+31636634663435353134626165646639623263333334633237353366663935336663316335633630
+3635316232346431663930333264343034306537313931300a386436643162316634336636616662
+32326535313537626137313863353530633637623432623035343631663132656464363062663665
+3538363833346239330a373334636163313334313630366434386534333666326466393366633534
+6230
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 5e40708..d651887 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -560,6 +560,7 @@ microcode_amd_package:
 
 firmware_packages:
   - firmware-linux
+  - firmware-linux-free
 
 firmware_non_free_packages:
    - firmware-linux-nonfree
@@ -1100,6 +1101,15 @@ nis_user:
     is_samba_user: true
     password: '20-birgit_20%'
 
+  - name: stefan
+    groups:
+      - verwaltung
+      - transfer
+      - scans
+      - lpadmin
+    is_samba_user: true
+    password: 'Ste20fan21!'
+
 
 # ==========
 # vars used by roles/common/tasks/samba-install.yml
@@ -1184,6 +1194,7 @@ samba_shares:
       - fsj
       - thomas
       - frauke
+      - stefan
   - name: Verwaltung
     path: /data/samba/Verwaltung
     group_valid_users: verwaltung
@@ -1205,6 +1216,7 @@ samba_shares:
       - fsj
       - thomas
       - frauke
+      - stefan
   - name: Scans
     path: /data/samba/Scans
     group_valid_users: scans
@@ -1225,6 +1237,7 @@ samba_shares:
       - fsj
       - thomas
       - frauke
+      - stefan
   - name: Buero_Scans
     path: /data/samba/Scans/Buero_Scans
     group_valid_users: scans
@@ -1305,6 +1318,16 @@ samba_shares:
     recycle_path: '@Recycle.Bin'
     user:
       - birgit
+  - name: Stefan_Scans
+    path: /data/samba/Scans/Stefan_Scans
+    group_valid_users: scans
+    group_write_list: scans
+    file_create_mask: '0660'
+    dir_create_mask: '2770'
+    vfs_object_recycle: true
+    recycle_path: '@Recycle.Bin'
+    user:
+      - stefan
   - name: Kamera
     path: /data/samba/Kamera
     group_valid_users: intern
@@ -1490,6 +1513,37 @@ sudoers_server_file_user_privileges: []
 sudoers_server_file_group_privileges: []
 
 
+# ==========
+# vars used by roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml
+# vars used by roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml
+# ==========
+
+# Created with command:
+#
+#    ansible-vault encrypt_string --name vnc_password chnarzfoo5
+#
+vnc_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          61333762633237386161633864373161306434373963303663303265343664393235343266616336
+          3339363138343264313135326539333263663731643730300a663863363339336234616438663536
+          64613766313335643236393138373062616465353337616666373733336536613064373831353362
+          3037396533636664330a643763613431613638326236666261656461313664316265326561653362
+          3664
+
+
+# ==========
+# vars used by roles/common/tasks/luks.yml
+# ==========
+
+# Note!
+#
+# Define this vriable client specific in files
+# 'host_vars/<client-pc>'
+#
+luks_device: []
+
+
+
 # ====================
 # ====================
 # ====================
diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml
index d774700..249ed87 100644
--- a/roles/common/tasks/apt.yml
+++ b/roles/common/tasks/apt.yml
@@ -230,9 +230,11 @@
 
 - name: (apt.yml) Install Firmware packages
   apt:
-     name: "{{ firmware_non_free_packages }}"
+     name: "{{ firmware_packages }}"
      state: present
      default_release: "{{ ansible_distribution_release }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
   tags:
     - apt-initial-install
     - apt-firmware
@@ -245,6 +247,7 @@
      default_release: "{{ ansible_distribution_release }}"
   when:
     - apt_debian_contrib_nonfree_enable
+    - ansible_facts['distribution'] == "Debian"
   tags:
     - apt-initial-install
     - apt-firmware
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 91d10c1..55cb505 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -40,6 +40,15 @@
   tags: git
 
 
+# tags supported inside nis-user.yml:
+#
+#    nis-user
+- import_tasks: nis-user.yml
+  when: "groups['nis_server']|string is search(inventory_hostname)"
+  tags:
+    - nis-user
+
+
 # tags supported inside ntp.yml:
 #
 #    ntp-server
@@ -111,15 +120,6 @@
     - nis-install-server
 
 
-# tags supported inside nis-user.yml:
-#
-#    nis-user
-- import_tasks: nis-user.yml
-  when: "groups['nis_server']|string is search(inventory_hostname)"
-  tags:
-    - nis-user
-
-
 # tags supported inside nis-install-client.yml:
 #
 #    nis-install-client
diff --git a/roles/common/tasks/samba-install.yml b/roles/common/tasks/samba-install.yml
index 1630662..41ab72f 100644
--- a/roles/common/tasks/samba-install.yml
+++ b/roles/common/tasks/samba-install.yml
@@ -23,6 +23,8 @@
   with_items: "{{ samba_shares }}"
   loop_control:
     label: '{{ item.name }}'
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
   tags:
     - samba-shares
 
@@ -89,18 +91,21 @@
   stat:
     path: /root/bin/samba/clean_samba_trash.sh
   register: clean_samba_trash_exists
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
 
 - name: (samba-install.yml) Adjust configuration for script 'clean_samba_trash.sh'
   template: 
     dest: /root/bin/samba/conf/clean_samba_trash.conf
     src: root/bin/samba/conf/clean_samba_trash.conf.j2
   when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
     - clean_samba_trash_exists.stat.exists|bool
   tags:
     - samba-server
 
 
-- name: Check if cleaning up trash dirs is configured
+- name: (samba-install.yml) Check if cleaning up trash dirs is configured
   lineinfile:
     path: /root/bin/samba/conf/clean_samba_trash.conf
     regexp: "^trash_dirs=*"
@@ -108,8 +113,11 @@
   check_mode: yes
   changed_when: false
   register: clean_samba_trash_dirs
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
 
-- name: Creates a cron job for cleaning up samba trash dirs
+
+- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
   cron:
     name: '{{ samba_cronjob_trash_dirs.name }}'
     minute: '{{ samba_cronjob_trash_dirs.minute }}'
@@ -120,6 +128,7 @@
     user: "{{ samba_cronjob_trash_dirs.user | default('root') }}"
     job: "{{ samba_cronjob_trash_dirs.job }}"
   when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
     - clean_samba_trash_dirs.found
 
 
@@ -131,27 +140,21 @@
   stat:
     path: /root/bin/samba/set_permissions_samba_shares.sh
   register: set_permissions_on_samba_shares_exists
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
 
 - name: (samba-install.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
   template: 
     dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
     src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
   when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
     - set_permissions_on_samba_shares_exists.stat.exists|bool
   tags:
     - samba-server
 
 
-- name: Check if cleaning up trash dirs is configured
-  lineinfile:
-    path: /root/bin/samba/conf/clean_samba_trash.conf
-    regexp: "^trash_dirs=*"
-    state: absent
-  check_mode: yes
-  changed_when: false
-  register: set_permissions_samba_shares
-
-- name: Creates a cron job for cleaning up samba trash dirs
+- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
   cron:
     name: '{{ samba_cronjob_permissions.name }}'
     minute: '{{ samba_cronjob_permissions.minute }}'
@@ -162,7 +165,8 @@
     user: "{{ samba_cronjob_permissions.user | default('root') }}"
     job: "{{ samba_cronjob_permissions.job }}"
   when:
-    - set_permissions_samba_shares.found
+    - "groups['samba_server']|string is search(inventory_hostname)"
+    - clean_samba_trash_dirs.found
 
 
 # ---
diff --git a/roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml b/roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml
index 9793984..34ee9b5 100644
--- a/roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml
+++ b/roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml
@@ -54,10 +54,10 @@
       enabled: yes
       state: started
 
-  - name: "(ubuntu-x11vnc-1604-amd64.yml) Blocks x11vnc in GreenOS Desktop Environment for enduser "
-    file:
-      path: "/usr/share/applications/x11vnc.desktop"
-      mode: 0740
-      owner: root
-      group: administrator
+#  - name: "(ubuntu-x11vnc-1604-amd64.yml) Blocks x11vnc in GreenOS Desktop Environment for enduser "
+#    file:
+#      path: "/usr/share/applications/x11vnc.desktop"
+#      mode: 0740
+#      owner: root
+#      group: administrator