diff --git a/roles/common/files/root/_bashrc b/roles/common/files/root/_bashrc new file mode 100644 index 0000000..51521be --- /dev/null +++ b/roles/common/files/root/_bashrc @@ -0,0 +1,110 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +[ -z "$PS1" ] && return + +# don't put duplicate lines in the history. See bash(1) for more options +# ... or force ignoredups and ignorespace +HISTCONTROL=ignoredups:ignorespace + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=1000 +HISTFILESIZE=2000 + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# make less more friendly for non-text input files, see lesspipe(1) +[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + alias grep='grep --color=auto' + alias fgrep='fgrep --color=auto' + alias egrep='egrep --color=auto' +fi + +# some more ls aliases +alias ll='ls -alF' +alias la='ls -A' +alias l='ls -CF' + +alias ..='cd ..' +alias ...='cd ../..' +alias ....='cd ../../..' + +alias poweroff='echo -e "\n\tplease use: /sbin/poweroff\n"' +alias reboot='echo -e "\n\tplease use: /sbin/reboot\n"' + + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then +# . /etc/bash_completion +#fi + +export EDITOR=vim + diff --git a/roles/common/files/root/_profile b/roles/common/files/root/_profile new file mode 100644 index 0000000..158f473 --- /dev/null +++ b/roles/common/files/root/_profile @@ -0,0 +1,25 @@ +# ~/.profile: executed by Bourne-compatible login shells. + +if [ "$BASH" ]; then + if [ -f ~/.bashrc ]; then + . ~/.bashrc + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi +if [ -d "$HOME/bin/admin-stuff" ] ; then + PATH="$HOME/bin/admin-stuff:$PATH" +fi + +# this is for the midnight-commander +# to become the last directory the midnight commander was in +# as the current directory when leaving the midnight commander +# +if [ -f "/usr/share/mc/bin/mc.sh" ] ; then + source /usr/share/mc/bin/mc.sh +fi + +mesg n || true diff --git a/roles/common/files/root/_vimrc b/roles/common/files/root/_vimrc new file mode 100644 index 0000000..0bf54d9 --- /dev/null +++ b/roles/common/files/root/_vimrc @@ -0,0 +1,173 @@ +" An example for a vimrc file. +" +" Maintainer: Bram Moolenaar +" Last change: 1999 Sep 09 +" +" To use it, copy it to +" for Unix and OS/2: ~/.vimrc +" for Amiga: s:.vimrc +" for MS-DOS and Win32: $VIM\_vimrc + +" This line should not be removed as it ensures that various options are +" properly set to work with the Vim-related packages available in Debian. +runtime! debian.vim + +set nocompatible " Use Vim defaults (much better!) +set bs=2 " allow backspacing over everything in insert mode +set ai " always set autoindenting on +" set backup " keep a backup file +"set viminfo='20,\"50 " read/write a .viminfo file, don't store more + " than 50 lines of registers +set viminfo='20,\"50,:20,%,n~/.viminfo +set history=50 " keep 50 lines of command line history +set ruler " show the cursor position all the time +set ignorecase " suchen case-insenitiv +set showmatch " zeige passende klammern +set shell=/bin/bash " shell to start with ! +set expandtab " tabs --> blanks +set showmode " anzeige INSERT/REPLACE/... + +" set smartcase " Do smart case matching + +set incsearch " Incremental search + " Start searching when you type the first character of + " the search string. As you type in more characters, the + " search is refined. + +set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme + +" einrueckung +set shiftwidth=3 +set tabstop=3 +" Round indent to multiple of 'shiftwidth' for > and < commands +set shiftround + +" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries +" let &guioptions = substitute(&guioptions, "t", "", "g") + +" Don't use Ex mode, use Q for formatting +map Q gq + +" Make p in isual Visual mode replace the selected text with the "" register. +vnoremap p :let current_reg = @"gvdi=current_reg + +" Switch syntax highlighting on, when the terminal has colors +" Also switch on highlighting the last used search pattern. +if &t_Co > 2 || has("gui_running") + syntax on + set hlsearch +endif + +" Only do this part when compiled with support for autocommands. +if has("autocmd") + +" In text files, always limit the width of text to 78 characters + autocmd BufRead *.txt set tw=78 + + augroup cprog + " Remove all cprog autocommands + au! + + " When starting to edit a file: + " For C and C++ files set formatting of comments and set C-indenting on. + " For other files switch it off. + " Don't change the order, it's important that the line with * comes first. + autocmd FileType * set formatoptions=tcql nocindent comments& + autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,:// + augroup END + + augroup gzip + " Remove all gzip autocommands + au! + + " Enable editing of gzipped files + " set binary mode before reading the file + autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin + autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip") + autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2") + autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip") + autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2") + autocmd FileAppendPre *.gz call GZIP_appre("gunzip") + autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2") + autocmd FileAppendPost *.gz call GZIP_write("gzip") + autocmd FileAppendPost *.bz2 call GZIP_write("bzip2") + + " After reading compressed file: Uncompress text in buffer with "cmd" + fun! GZIP_read(cmd) + let ch_save = &ch + set ch=2 + execute "'[,']!" . a:cmd + set nobin + let &ch = ch_save + execute ":doautocmd BufReadPost " . expand("%:r") + endfun + + " After writing compressed file: Compress written file with "cmd" + fun! GZIP_write(cmd) + if rename(expand(""), expand(":r")) == 0 + execute "!" . a:cmd . " :r" + endif + endfun + + " Before appending to compressed file: Uncompress file with "cmd" + fun! GZIP_appre(cmd) + execute "!" . a:cmd . " " + call rename(expand(":r"), expand("")) + endfun + + augroup END + + " This is disabled, because it changes the jumplist. Can't use CTRL-O to go + " back to positions in previous files more than once. + if 0 + " When editing a file, always jump to the last cursor position. + " This must be after the uncompress commands. + autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif + endif + +endif " has("autocmd") + +" toggle syntax highlighting +map :if exists("syntax_on") syntax off else syntax on endif +map :nohls + +" use to toggle line numbers +nmap :set number! + + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + + +" set color for search +hi clear search +hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse + +" set color for Comment +hi clear Comment +"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold +"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold +highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold +"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold + +" Go back to the position the cursor was on the last time this file was edited +au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif + +" visual shifting (does not exit Visual mode) +vnoremap < >gv + +" Scroll when cursor gets within 3 characters of top/bottom edge +set scrolloff=3 + +" Show line, column number, and relative position within a file in the status line +" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L] +"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\ +set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%% +" Always show status line, even for one window +set laststatus=2 +highlight StatusLine cterm=none ctermfg=white ctermbg=blue + diff --git a/roles/common/tasks/luks.yml b/roles/common/tasks/luks.yml new file mode 100644 index 0000000..5bc74c6 --- /dev/null +++ b/roles/common/tasks/luks.yml @@ -0,0 +1,9 @@ +- name: (luks.ym) add new key to the LUKS container (container has to exist) + luks_device: + #device: "{{ luks_device }}" + #keyfile: "{{ role_path + '/files/vault/luks_default_passwd' }}" + #new_keyfile: "{{ role_path + '/files/vault/luks_new_passwd' }}" + device: "/dev/sda3" + keyfile: "/vault/luks_default_passwd" + new_keyfile: "/vault/luks_new_passwd" + diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index a4d6e2a..a345546 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -62,3 +62,40 @@ # tags: # - samba-shares +# Tasks: Configure VNC (x11vnc) for Ubuntu systems +# +# Supported OS: +# - Ubuntu 16.04LTSi +# - Ubuntu 18.04LTSi + +- name: "For OS: Ubuntu 16.04LTS, Arch: amd64" + import_tasks: ubuntu-x11vnc-1604-amd64.yml + when: + - ansible_distribution_version == "16.04" + - ansible_architecture == "x86_64" + tags: + - x11vnc + - x11vnc-1604 + - finish-client-install + +- name: "For OS: Ubuntu 18.04LTS, Arch: amd64" + import_tasks: ubuntu-x11vnc-1804-amd64.yml + when: + - ansible_distribution_version == "18.04" + - ansible_architecture == "x86_64" + tags: + - x11vnc + - x11vnc-1804 + - finish-client-install + +#- name: "Configure LUKS" +# import_tasks: luks.yml +# when: "groups['client_pc']|string is search(inventory_hostname)" +# tags: +# - luks + +- import_tasks: root-systemfiles.yml + when: "groups['nis_client']|string is search(inventory_hostname)" + tags: + - root-systemfiles + - finish-client-install diff --git a/roles/common/tasks/root-systemfiles.yml b/roles/common/tasks/root-systemfiles.yml new file mode 100644 index 0000000..96f1096 --- /dev/null +++ b/roles/common/tasks/root-systemfiles.yml @@ -0,0 +1,88 @@ +--- + +# --- +# Check if local template directories exists +# --- + +# root +- name: (root-systemfiles.yml) Check if local template directory exists for root + local_action: stat path={{ role_path }}/files/root + register: local_template_dir_root + +# -- +# Copy .bashrc +# --- + +- name: (root-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists + stat: + path: /root/.bashrc.ORIG + register: bashrc_root_orig_exists + tags: + - bash + +- name: (root-systemfiles.yml) Backup /root/.bashrc file + command: cp /root/.bashrc /root/.bashrc.ORIG + when: bashrc_root_orig_exists.stat.exists == False + tags: + - bash + +- name: (root-systemfiles.yml) copy .bashrc for user root + copy: + src: "{{ role_path + '/files/root/_bashrc' }}" + dest: "/root/.bashrc" + owner: root + group: root + mode: 0644 + when: + - local_template_dir_root.stat.exists + - lookup('fileglob', role_path + '/files/root/_bashrc') + tags: + - bash + +# -- +# Copy .profile +# --- + +- name: (root-systemfiles.yml) Check if file '/root/.profile.ORIG' exists + stat: + path: /root/.profile.ORIG + register: profile_root_orig_exists + tags: + - profile + +- name: (root-systemfiles.yml) Backup existing users .profile file + command: cp -a /root/.profile /root/.profile.ORIG + when: profile_root_orig_exists.stat.exists == False + tags: + - profile + +- name: (root-systemfiles.yml) copy .profile for user root + copy: + src: "{{ role_path + '/files/root/_profile' }}" + dest: "/root/.profile" + owner: root + group: root + mode: 0644 + when: + - local_template_dir_root.stat.exists + - lookup('fileglob', role_path + '/files/root/_profile') + tags: + - profile + +# -- +# Copy .vimrc +# --- + +- name: (root-systemfiles.yml) copy .vimrc for user root + copy: + src: "{{ role_path + '/files/root/_vimrc' }}" + dest: "/root/.vimrc" + owner: root + group: root + mode: 0644 + when: + - local_template_dir_root.stat.exists + - lookup('fileglob', role_path + '/files/root/_vimrc') + tags: + - vim + diff --git a/roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml b/roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml new file mode 100644 index 0000000..9793984 --- /dev/null +++ b/roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml @@ -0,0 +1,63 @@ + # Title: app-x11vnc-server + # + # Author: Luc Rutten + # Version: 1.0 + # File: tasks/main.yml + # + # Description: + # Remote support + # + # Source: + # - http://c-nergy.be/blog/?p=8984 + + - name: "(ubuntu-x11vnc-1604-amd64.yml) check if x11vnc is already installed, if not found skipping...." + stat: + path: /usr/bin/x11vnc + register: x11vnc_active + + - name: "(ubuntu-x11vnc-1604-amd64.yml) Install packages" + apt: + name: ['x11vnc'] + update_cache: yes + state: present + when: x11vnc_active.stat.exists == False + + - name: "(ubuntu-x11vnc-1804-amd64.yml) Install packages" + apt: + name: "{{ packages }}" + update_cache: yes + state: present + vars: + packages: + - x11vnc + + - name: "(ubuntu-x11vnc-1604-amd64.yml) Store password" + shell: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass" + + - name: "(ubuntu-x11vnc-1604-amd64.yml) Set permissions on /etc/x11vnc.pass" + file: + path: /etc/x11vnc.pass + mode: 0644 + + - name: "(ubuntu-x11vnc-1604-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service" + template: + src: lib/systemd/system/x11vnc.service.j2 + dest: /lib/systemd/system/x11vnc.service + + - name: "(ubuntu-x11vnc-1604-amd64.yml) Start x11vnc service" + shell: service x11vnc start + + - name: "(ubuntu-x11vnc-1604-amd64.yml) Enable x11vnc service on boot" + systemd: + name: x11vnc.service + daemon_reload: yes + enabled: yes + state: started + + - name: "(ubuntu-x11vnc-1604-amd64.yml) Blocks x11vnc in GreenOS Desktop Environment for enduser " + file: + path: "/usr/share/applications/x11vnc.desktop" + mode: 0740 + owner: root + group: administrator + diff --git a/roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml b/roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml new file mode 100644 index 0000000..7c803be --- /dev/null +++ b/roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml @@ -0,0 +1,48 @@ +--- + # Title: app-x11vnc-server + # + # Author: Luc Rutten + # Version: 1.0 + # File: tasks/main.yml + # + # Description: + # Remote support + # + # Source: + # - http://c-nergy.be/blog/?p=8984 + + - name: "(ubuntu-x11vnc-1804-amd64.yml) Install packages" + apt: + name: "{{ packages }}" + update_cache: yes + state: present + vars: + packages: + - x11vnc + + - name: "(ubuntu-x11vnc-1804-amd64.yml) Store password" + raw: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass" + + - name: "(ubuntu-x11vnc-1804-amd64.yml) Set permissions on /etc/x11vnc.pass" + file: + path: "/etc/x11vnc.pass" + mode: 0644 + + - name: "(ubuntu-x11vnc-1804-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service" + template: + src: lib/systemd/system/x11vnc.service.j2 + dest: /lib/systemd/system/x11vnc.service + + - name: "(ubuntu-x11vnc-1804-amd64.yml) Enable service" + systemd: + name: x11vnc.service + enabled: true + state: restarted + + - name: "(ubuntu-x11vnc-1804-amd64.yml) Remove whisker menu entry for allusers (except owner and group)" + file: + path: "/usr/share/applications/x11vnc.desktop" + mode: 0750 + owner: root + group: root + diff --git a/roles/common/templates/lib/systemd/system/x11vnc.service.j2 b/roles/common/templates/lib/systemd/system/x11vnc.service.j2 new file mode 100644 index 0000000..cca2330 --- /dev/null +++ b/roles/common/templates/lib/systemd/system/x11vnc.service.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Start x11vnc at startup. +After=multi-user.target + +[Service] +Type=simple +ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -shared + +[Install] +WantedBy=multi-user.target