Add task to finish client install (x1vnc,..)

roles/common/files/root/_bashrc

@@ -0,0 +1,110 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# ... or force ignoredups and ignorespace
+HISTCONTROL=ignoredups:ignorespace
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+   # We have color support; assume it's compliant with Ecma-48
+   # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+   # a case would tend to support setf rather than setaf.)
+   color_prompt=yes
+    else
+   color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    alias grep='grep --color=auto'
+    alias fgrep='fgrep --color=auto'
+    alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -CF'
+
+alias ..='cd ..'
+alias ...='cd ../..'
+alias ....='cd ../../..'
+
+alias poweroff='echo -e "\n\tplease use:  /sbin/poweroff\n"'
+alias reboot='echo -e "\n\tplease use:  /sbin/reboot\n"'
+
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+#    . /etc/bash_completion
+#fi
+
+export EDITOR=vim
+

roles/common/files/root/_profile

@@ -0,0 +1,25 @@
+# ~/.profile: executed by Bourne-compatible login shells.
+
+if [ "$BASH" ]; then
+  if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+  fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+   PATH="$HOME/bin:$PATH"
+fi
+if [ -d "$HOME/bin/admin-stuff" ] ; then
+   PATH="$HOME/bin/admin-stuff:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [ -f "/usr/share/mc/bin/mc.sh" ] ; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+mesg n  || true

roles/common/files/root/_vimrc

@@ -0,0 +1,173 @@
+" An example for a vimrc file.
+"
+" Maintainer:   Bram Moolenaar <Bram@vim.org>
+" Last change:  1999 Sep 09
+"
+" To use it, copy it to
+"     for Unix and OS/2:  ~/.vimrc
+"             for Amiga:  s:.vimrc
+"  for MS-DOS and Win32:  $VIM\_vimrc
+
+" This line should not be removed as it ensures that various options are
+" properly set to work with the Vim-related packages available in Debian.
+runtime! debian.vim
+
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " allow backspacing over everything in insert mode
+set ai                  " always set autoindenting on
+" set backup            " keep a backup file
+"set viminfo='20,\"50    " read/write a .viminfo file, don't store more
+                        " than 50 lines of registers
+set viminfo='20,\"50,:20,%,n~/.viminfo
+set history=50          " keep 50 lines of command line history
+set ruler               " show the cursor position all the time
+set ignorecase          " suchen case-insenitiv
+set showmatch           " zeige passende klammern
+set shell=/bin/bash     " shell to start with !
+set expandtab           " tabs --> blanks
+set showmode            " anzeige INSERT/REPLACE/...
+
+" set smartcase           " Do smart case matching
+
+set incsearch           " Incremental search
+                        " Start searching when you type the first character of 
+                        " the search string. As you type in more characters, the 
+                        " search is refined.
+
+set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
+
+" einrueckung
+set shiftwidth=3
+set tabstop=3
+" Round indent to multiple of 'shiftwidth' for > and < commands
+set shiftround
+
+" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
+" let &guioptions = substitute(&guioptions, "t", "", "g")
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make p in isual Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif
+
+" Only do this part when compiled with support for autocommands.
+if has("autocmd")
+
+" In text files, always limit the width of text to 78 characters
+ autocmd BufRead *.txt set tw=78
+
+ augroup cprog
+  " Remove all cprog autocommands
+  au!
+
+  " When starting to edit a file:
+  "   For C and C++ files set formatting of comments and set C-indenting on.
+  "   For other files switch it off.
+  "   Don't change the order, it's important that the line with * comes first.
+  autocmd FileType *      set formatoptions=tcql nocindent comments&
+  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
+ augroup END
+
+ augroup gzip
+  " Remove all gzip autocommands
+  au!
+
+  " Enable editing of gzipped files
+  " set binary mode before reading the file
+  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
+  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
+  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
+  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
+  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
+  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
+  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
+  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
+  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
+
+  " After reading compressed file: Uncompress text in buffer with "cmd"
+  fun! GZIP_read(cmd)
+    let ch_save = &ch
+    set ch=2
+    execute "'[,']!" . a:cmd
+    set nobin
+    let &ch = ch_save
+    execute ":doautocmd BufReadPost " . expand("%:r")
+  endfun
+
+  " After writing compressed file: Compress written file with "cmd"
+  fun! GZIP_write(cmd)
+    if rename(expand("<afile>"), expand("<afile>:r")) == 0
+      execute "!" . a:cmd . " <afile>:r"
+    endif
+  endfun
+
+  " Before appending to compressed file: Uncompress file with "cmd"
+  fun! GZIP_appre(cmd)
+    execute "!" . a:cmd . " <afile>"
+    call rename(expand("<afile>:r"), expand("<afile>"))
+  endfun
+
+ augroup END
+
+ " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
+ " back to positions in previous files more than once.
+ if 0
+  " When editing a file, always jump to the last cursor position.
+  " This must be after the uncompress commands.
+   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
+ endif
+
+endif " has("autocmd")
+
+" toggle syntax highlighting
+map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
+map <F11> :nohls <CR>
+
+" use <F6> to toggle line numbers
+nmap <silent> <F6> :set number!<CR>
+
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+set background=dark
+
+
+" set color for search
+hi clear search
+hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
+
+" set color for Comment
+hi clear Comment
+"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
+"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
+highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
+"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
+
+" Go back to the position the cursor was on the last time this file was edited
+au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
+
+" visual shifting (does not exit Visual mode)
+vnoremap < <gv
+vnoremap > >gv
+
+" Scroll when cursor gets within 3 characters of top/bottom edge
+set scrolloff=3
+
+" Show line, column number, and relative position within a file in the status line
+" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
+"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
+set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
+" Always show status line, even for one window
+set laststatus=2
+highlight StatusLine cterm=none ctermfg=white ctermbg=blue
+

roles/common/tasks/luks.yml

@@ -0,0 +1,9 @@
+- name: (luks.ym) add new key to the LUKS container (container has to exist)
+  luks_device:
+    #device: "{{ luks_device }}"
+    #keyfile: "{{ role_path + '/files/vault/luks_default_passwd' }}"
+    #new_keyfile: "{{ role_path + '/files/vault/luks_new_passwd' }}"
+    device: "/dev/sda3"
+    keyfile: "/vault/luks_default_passwd"
+    new_keyfile: "/vault/luks_new_passwd"
+

roles/common/tasks/main.yml

@@ -62,3 +62,40 @@
 #  tags:
 #    - samba-shares
 
+# Tasks: Configure VNC (x11vnc) for Ubuntu systems
+#
+# Supported OS:
+#   - Ubuntu 16.04LTSi
+#   - Ubuntu 18.04LTSi
+
+- name: "For OS: Ubuntu 16.04LTS, Arch: amd64"
+  import_tasks: ubuntu-x11vnc-1604-amd64.yml
+  when:
+    - ansible_distribution_version ==  "16.04"
+    - ansible_architecture == "x86_64"
+  tags:
+    - x11vnc
+    - x11vnc-1604
+    - finish-client-install
+
+- name: "For OS: Ubuntu 18.04LTS, Arch: amd64"
+  import_tasks: ubuntu-x11vnc-1804-amd64.yml
+  when:
+    - ansible_distribution_version ==  "18.04"
+    - ansible_architecture == "x86_64"
+  tags:
+    - x11vnc
+    - x11vnc-1804
+    - finish-client-install
+
+#- name: "Configure LUKS"
+#  import_tasks: luks.yml
+#  when: "groups['client_pc']|string is search(inventory_hostname)"
+#  tags:
+#    - luks
+
+- import_tasks: root-systemfiles.yml
+  when: "groups['nis_client']|string is search(inventory_hostname)"
+  tags:
+    - root-systemfiles
+    - finish-client-install

roles/common/tasks/root-systemfiles.yml

@@ -0,0 +1,88 @@
+---
+
+# ---
+# Check if local template directories exists
+# ---
+
+# root
+- name: (root-systemfiles.yml) Check if local template directory exists for root
+  local_action: stat path={{ role_path }}/files/root
+  register: local_template_dir_root
+
+# --
+# Copy .bashrc
+# ---
+
+- name: (root-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
+  stat:
+    path: /root/.bashrc.ORIG
+  register: bashrc_root_orig_exists
+  tags:
+    - bash
+
+- name: (root-systemfiles.yml) Backup /root/.bashrc file
+  command: cp /root/.bashrc /root/.bashrc.ORIG
+  when: bashrc_root_orig_exists.stat.exists == False 
+  tags:
+    - bash
+
+- name: (root-systemfiles.yml) copy .bashrc for user root
+  copy: 
+    src: "{{ role_path + '/files/root/_bashrc' }}"
+    dest: "/root/.bashrc"
+    owner: root
+    group: root
+    mode: 0644
+  when: 
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', role_path + '/files/root/_bashrc')
+  tags:
+    - bash
+
+# --
+# Copy .profile
+# ---
+
+- name: (root-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
+  stat:
+    path: /root/.profile.ORIG
+  register: profile_root_orig_exists
+  tags:
+    - profile
+
+- name: (root-systemfiles.yml) Backup existing users .profile file
+  command: cp -a /root/.profile /root/.profile.ORIG
+  when: profile_root_orig_exists.stat.exists == False 
+  tags:
+    - profile
+
+- name: (root-systemfiles.yml) copy .profile for user root
+  copy: 
+    src: "{{ role_path + '/files/root/_profile' }}"
+    dest: "/root/.profile"
+    owner: root
+    group: root
+    mode: 0644
+  when: 
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', role_path + '/files/root/_profile')
+  tags:
+    - profile
+    
+# --
+# Copy .vimrc
+# ---
+
+- name: (root-systemfiles.yml) copy .vimrc for user root
+  copy: 
+    src: "{{ role_path + '/files/root/_vimrc' }}"
+    dest: "/root/.vimrc"
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', role_path + '/files/root/_vimrc')
+  tags:
+    - vim
+

roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml

@@ -0,0 +1,63 @@
+  # Title: app-x11vnc-server
+  #
+  # Author: Luc Rutten
+  # Version: 1.0
+  # File: tasks/main.yml
+  #
+  # Description:
+  #   Remote support
+  #
+  # Source:
+  #   - http://c-nergy.be/blog/?p=8984
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) check if x11vnc is already installed, if not found skipping...."
+    stat:
+      path: /usr/bin/x11vnc
+    register: x11vnc_active
+ 
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Install packages"
+    apt:
+      name: ['x11vnc']
+      update_cache: yes
+      state: present
+    when: x11vnc_active.stat.exists == False
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Install packages"
+    apt:
+      name: "{{ packages }}"
+      update_cache: yes
+      state: present
+    vars:
+      packages:
+      - x11vnc
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Store password"
+    shell: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass"
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Set permissions on /etc/x11vnc.pass"
+    file:
+     path: /etc/x11vnc.pass
+     mode: 0644
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"
+    template:
+      src: lib/systemd/system/x11vnc.service.j2
+      dest: /lib/systemd/system/x11vnc.service
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Start x11vnc service"
+    shell: service x11vnc start
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Enable x11vnc service on boot"
+    systemd:
+      name: x11vnc.service
+      daemon_reload: yes
+      enabled: yes
+      state: started
+
+  - name: "(ubuntu-x11vnc-1604-amd64.yml) Blocks x11vnc in GreenOS Desktop Environment for enduser "
+    file:
+      path: "/usr/share/applications/x11vnc.desktop"
+      mode: 0740
+      owner: root
+      group: administrator
+

roles/common/tasks/ubuntu-x11vnc-1804-amd64.yml

@@ -0,0 +1,48 @@
+---
+  # Title: app-x11vnc-server
+  #
+  # Author: Luc Rutten
+  # Version: 1.0
+  # File: tasks/main.yml
+  #
+  # Description:
+  #   Remote support
+  #
+  # Source:
+  #   - http://c-nergy.be/blog/?p=8984
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Install packages"
+    apt:
+      name: "{{ packages }}"
+      update_cache: yes
+      state: present
+    vars:
+      packages:
+      - x11vnc
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Store password"
+    raw: "x11vnc -storepasswd {{ vnc_password }} /etc/x11vnc.pass"
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Set permissions on /etc/x11vnc.pass"
+    file:
+     path: "/etc/x11vnc.pass"
+     mode: 0644
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"
+    template:
+      src: lib/systemd/system/x11vnc.service.j2
+      dest: /lib/systemd/system/x11vnc.service
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Enable service"
+    systemd:
+      name: x11vnc.service
+      enabled: true
+      state: restarted
+
+  - name: "(ubuntu-x11vnc-1804-amd64.yml) Remove whisker menu entry for allusers (except owner and group)"
+    file:
+      path: "/usr/share/applications/x11vnc.desktop"
+      mode: 0750
+      owner: root
+      group: root
+

roles/common/templates/lib/systemd/system/x11vnc.service.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=Start x11vnc at startup.
+After=multi-user.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -shared
+
+[Install]
+WantedBy=multi-user.target