ansible/vdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Tim Dittler 2020-01-13 14:51:16 +01:00
commit 7c454c1ed4
No known key found for this signature in database
GPG Key ID: 714E3F93A7C7B03B
127 changed files with 7674 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README.md Normal file
View File

@ -0,0 +1,23 @@
Ansible playbook VDK
====================
Rechner von USB-Stick provisionieren
------------------------------------
1. USB-Stick mit NTFS formatieren
2. Alle Daten kopieren
3. ansible.cfg löschen
4. In `playbook.yml` `hosts: all` durch `hosts: localhost` ersetzen
5. Auf zu installierendem Client `/media/lokaladmin/$STICK_NAME/bootstrap.sh` ausführen
Andere Rechner aus der Ferne aktualisieren
------------------------------------------
1. Als `lokaladmin` anmelden
2. Diese Dateien in ein Verzeichnis kopieren (Der aktuelle Stand ist momentan auf pc109 im Ordner `/home/lokaladmin/ansible`)
3. `ansible-playbook playbook.yml -kK -D`
TODO
----
* Ich arbeite gerade noch daran, die Problematik mit lightdm zu lösen.

3
ansible.cfg Normal file
View File

@ -0,0 +1,3 @@
[defaults]
inventory = hosts
host_key_checking = False

13
bootstrap.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
DIR=$(dirname $0)
cd $DIR
sudo apt update
sudo apt -y upgrade
sudo apt -y install openssh-server ansible
sudo ansible-playbook playbook.yml -D
sudo apt -y autoremove
# clean up
sudo rm -r ~/.ansible

2
files/00-favorite-apps Executable file
View File

@ -0,0 +1,2 @@
[org/gnome/shell]
favorite-apps = ['firefox.desktop', 'thunderbird.desktop', 'org.gnome.Nautilus.desktop', 'libreoffice-writer.desktop', 'libreoffice-calc.desktop', 'libreoffice-impress.desktop']

2
files/01-recursive-search Executable file
View File

@ -0,0 +1,2 @@
[org/gnome/nautilus/preferences]
recursive-search='always'

2
files/02-energy Executable file
View File

@ -0,0 +1,2 @@
[org/gnome/desktop/session]
idle-delay=uint32 900

3489
files/CLP3550.PPD Executable file
View File

File diff suppressed because it is too large Load Diff

BIN
files/CQue_v4.0.5_Linux_64_DE.deb Executable file
View File

Binary file not shown.

134
files/Canon_LBP712Cx.ppd Executable file
View File

@ -0,0 +1,134 @@
*PPD-Adobe: "4.3"
*FormatVersion: "4.3"
*FileVersion: "2.2"
*LanguageVersion: English
*LanguageEncoding: ISOLatin1
*PSVersion: "(3010.000) 0"
*LanguageLevel: "3"
*FileSystem: False
*PCFileName: "ippeve.ppd"
*Manufacturer: "CNLBP712C"
*ModelName: "CNLBP712C"
*Product: "(CNLBP712C)"
*NickName: "CNLBP712C"
*ShortNickName: "CNLBP712C"
*ColorDevice: True
*cupsVersion: 2.2
*cupsSNMPSupplies: False
*cupsLanguages: "en"
*cupsFilter2: "image/jpeg image/jpeg 0 -"
*cupsFilter2: "application/vnd.cups-pdf application/pdf 10 -"
*cupsFilter2: "image/urf image/urf 100 -"
*OpenUI *PageSize: PickOne
*OrderDependency: 10 AnySetup *PageSize
*DefaultPageSize: A4
*PageSize A4: "<</PageSize[595.275590551181 841.889763779528]>>setpagedevice"
*PageSize A5: "<</PageSize[419.527559055118 595.275590551181]>>setpagedevice"
*PageSize A6: "<</PageSize[297.637795275591 419.527559055118]>>setpagedevice"
*PageSize B5: "<</PageSize[515.905511811024 728.503937007874]>>setpagedevice"
*PageSize Executive: "<</PageSize[522 756]>>setpagedevice"
*PageSize Letter: "<</PageSize[612 792]>>setpagedevice"
*PageSize Legal: "<</PageSize[612 1008]>>setpagedevice"
*PageSize Statement: "<</PageSize[396 612]>>setpagedevice"
*PageSize FanFoldGermanLegal: "<</PageSize[612 936]>>setpagedevice"
*PageSize 3x5: "<</PageSize[216 360]>>setpagedevice"
*PageSize Postcard: "<</PageSize[283.464566929134 419.527559055118]>>setpagedevice"
*PageSize DoublePostcardRotated: "<</PageSize[419.527559055118 566.929133858268]>>setpagedevice"
*PageSize 200x296mm: "<</PageSize[566.929133858268 839.055118110236]>>setpagedevice"
*PageSize EnvC5: "<</PageSize[459.212598425197 649.133858267717]>>setpagedevice"
*PageSize Env10: "<</PageSize[296.985826771654 684]>>setpagedevice"
*PageSize EnvMonarch: "<</PageSize[278.985826771654 540]>>setpagedevice"
*PageSize EnvDL: "<</PageSize[311.811023622047 623.622047244094]>>setpagedevice"
*PageSize EnvChou3: "<</PageSize[340.157480314961 666.141732283465]>>setpagedevice"
*PageSize 198x275mm: "<</PageSize[561.259842519685 779.527559055118]>>setpagedevice"
*CloseUI: *PageSize
*OpenUI *PageRegion: PickOne
*OrderDependency: 10 AnySetup *PageRegion
*DefaultPageRegion: A4
*PageRegion A4: "<</PageSize[595.275590551181 841.889763779528]>>setpagedevice"
*PageRegion A5: "<</PageSize[419.527559055118 595.275590551181]>>setpagedevice"
*PageRegion A6: "<</PageSize[297.637795275591 419.527559055118]>>setpagedevice"
*PageRegion B5: "<</PageSize[515.905511811024 728.503937007874]>>setpagedevice"
*PageRegion Executive: "<</PageSize[522 756]>>setpagedevice"
*PageRegion Letter: "<</PageSize[612 792]>>setpagedevice"
*PageRegion Legal: "<</PageSize[612 1008]>>setpagedevice"
*PageRegion Statement: "<</PageSize[396 612]>>setpagedevice"
*PageRegion FanFoldGermanLegal: "<</PageSize[612 936]>>setpagedevice"
*PageRegion 3x5: "<</PageSize[216 360]>>setpagedevice"
*PageRegion Postcard: "<</PageSize[283.464566929134 419.527559055118]>>setpagedevice"
*PageRegion DoublePostcardRotated: "<</PageSize[419.527559055118 566.929133858268]>>setpagedevice"
*PageRegion 200x296mm: "<</PageSize[566.929133858268 839.055118110236]>>setpagedevice"
*PageRegion EnvC5: "<</PageSize[459.212598425197 649.133858267717]>>setpagedevice"
*PageRegion Env10: "<</PageSize[296.985826771654 684]>>setpagedevice"
*PageRegion EnvMonarch: "<</PageSize[278.985826771654 540]>>setpagedevice"
*PageRegion EnvDL: "<</PageSize[311.811023622047 623.622047244094]>>setpagedevice"
*PageRegion EnvChou3: "<</PageSize[340.157480314961 666.141732283465]>>setpagedevice"
*PageRegion 198x275mm: "<</PageSize[561.259842519685 779.527559055118]>>setpagedevice"
*CloseUI: *PageRegion
*DefaultImageableArea: A4
*DefaultPaperDimension: A4
*ImageableArea A4: "14.173228346457 14.173228346457 581.102362204724 827.716535433071"
*PaperDimension A4: "595.275590551181 841.889763779528"
*ImageableArea A5: "14.173228346457 14.173228346457 405.354330708661 581.102362204724"
*PaperDimension A5: "419.527559055118 595.275590551181"
*ImageableArea A6: "14.173228346457 14.173228346457 283.464566929134 405.354330708661"
*PaperDimension A6: "297.637795275591 419.527559055118"
*ImageableArea B5: "14.173228346457 14.173228346457 501.732283464567 714.330708661417"
*PaperDimension B5: "515.905511811024 728.503937007874"
*ImageableArea Executive: "14.173228346457 14.173228346457 507.826771653543 741.826771653543"
*PaperDimension Executive: "522 756"
*ImageableArea Letter: "14.173228346457 14.173228346457 597.826771653543 777.826771653543"
*PaperDimension Letter: "612 792"
*ImageableArea Legal: "14.173228346457 14.173228346457 597.826771653543 993.826771653543"
*PaperDimension Legal: "612 1008"
*ImageableArea Statement: "14.173228346457 14.173228346457 381.826771653543 597.826771653543"
*PaperDimension Statement: "396 612"
*ImageableArea FanFoldGermanLegal: "14.173228346457 14.173228346457 597.826771653543 921.826771653543"
*PaperDimension FanFoldGermanLegal: "612 936"
*ImageableArea 3x5: "14.173228346457 14.173228346457 201.826771653543 345.826771653543"
*PaperDimension 3x5: "216 360"
*ImageableArea Postcard: "14.173228346457 14.173228346457 269.291338582677 405.354330708661"
*PaperDimension Postcard: "283.464566929134 419.527559055118"
*ImageableArea DoublePostcardRotated: "14.173228346457 14.173228346457 405.354330708661 552.755905511811"
*PaperDimension DoublePostcardRotated: "419.527559055118 566.929133858268"
*ImageableArea 200x296mm: "14.173228346457 14.173228346457 552.755905511811 824.88188976378"
*PaperDimension 200x296mm: "566.929133858268 839.055118110236"
*ImageableArea EnvC5: "14.173228346457 14.173228346457 445.03937007874 634.96062992126"
*PaperDimension EnvC5: "459.212598425197 649.133858267717"
*ImageableArea Env10: "14.173228346457 14.173228346457 282.812598425197 669.826771653543"
*PaperDimension Env10: "296.985826771654 684"
*ImageableArea EnvMonarch: "14.173228346457 14.173228346457 264.812598425197 525.826771653543"
*PaperDimension EnvMonarch: "278.985826771654 540"
*ImageableArea EnvDL: "14.173228346457 14.173228346457 297.637795275591 609.448818897638"
*PaperDimension EnvDL: "311.811023622047 623.622047244094"
*ImageableArea EnvChou3: "14.173228346457 14.173228346457 325.984251968504 651.968503937008"
*PaperDimension EnvChou3: "340.157480314961 666.141732283465"
*ImageableArea 198x275mm: "14.173228346457 14.173228346457 547.086614173228 765.354330708661"
*PaperDimension 198x275mm: "561.259842519685 779.527559055118"
*OpenUI *InputSlot: PickOne
*OrderDependency: 10 AnySetup *InputSlot
*DefaultInputSlot: ByPassTray
*InputSlot Auto/Automatic: "<</MediaPosition 0>>setpagedevice"
*InputSlot ByPassTray/Mehrzweck: "<</MediaPosition 19>>setpagedevice"
*InputSlot Tray1/Fach 1: "<</MediaPosition 20>>setpagedevice"
*CloseUI: *InputSlot
*OpenUI *ColorModel/Farbmodus: PickOne
*OrderDependency: 10 AnySetup *ColorModel
*ColorModel RGB/Farbe: "<</cupsColorSpace 19/cupsBitsPerColor 8/cupsColorOrder 0/cupsCompression 0>>setpagedevice"
*DefaultColorModel: RGB
*CloseUI: *ColorModel
*OpenUI *Duplex/Doppelseitig drucken: PickOne
*OrderDependency: 10 AnySetup *Duplex
*DefaultDuplex: None
*Duplex None/Aus (Einseitig): "<</Duplex false>>setpagedevice"
*Duplex DuplexNoTumble/Lange Kante (Hochformat): "<</Duplex true/Tumble false>>setpagedevice"
*Duplex DuplexTumble/Kurze Kante (Querformat): "<</Duplex true/Tumble true>>setpagedevice"
*CloseUI: *Duplex
*cupsBackSide: Normal
*DefaultResolution: 300dpi
*OpenUI *cupsPrintQuality/Druckqualität: PickOne
*OrderDependency: 10 AnySetup *cupsPrintQuality
*DefaultcupsPrintQuality: Normal
*cupsPrintQuality Draft/Entwurf: "<</HWResolution[300 150]>>setpagedevice"
*cupsPrintQuality Normal/Normal: "<</HWResolution[300 300]>>setpagedevice"
*CloseUI: *cupsPrintQuality

BIN
files/FrutigerLTStd-Black.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-BlackCn.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-BlackItalic.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-Bold.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-BoldCn.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-BoldItalic.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-Cn.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-ExtraBlackCn.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-Italic.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-Light.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-LightCn.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-LightItalic.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-Roman.otf Executable file
View File

Binary file not shown.

BIN
files/FrutigerLTStd-UltraBlack.otf Executable file
View File

Binary file not shown.

224
files/UTAX_TA_3555i.ppd Executable file
View File

@ -0,0 +1,224 @@
*PPD-Adobe: "4.3"
*FormatVersion: "4.3"
*FileVersion: "2.2"
*LanguageVersion: English
*LanguageEncoding: ISOLatin1
*PSVersion: "(3010.000) 0"
*LanguageLevel: "3"
*FileSystem: False
*PCFileName: "ippeve.ppd"
*Manufacturer: "3555i"
*ModelName: "3555i"
*Product: "(3555i)"
*NickName: "3555i"
*ShortNickName: "3555i"
*ColorDevice: False
*cupsVersion: 2.2
*cupsSNMPSupplies: False
*cupsLanguages: "en"
*cupsFilter2: "image/jpeg image/jpeg 0 -"
*cupsFilter2: "application/vnd.cups-pdf application/pdf 10 -"
*cupsFilter2: "image/urf image/urf 100 -"
*OpenUI *PageSize: PickOne
*OrderDependency: 10 AnySetup *PageSize
*DefaultPageSize: A4
*PageSize A3: "<</PageSize[841.889763779528 1190.551181102362]>>setpagedevice"
*PageSize B4: "<</PageSize[728.503937007874 1031.811023622047]>>setpagedevice"
*PageSize Tabloid: "<</PageSize[792 1224]>>setpagedevice"
*PageSize roc8k: "<</PageSize[774 1116]>>setpagedevice"
*PageSize EnvC4: "<</PageSize[649.133858267717 918.425196850394]>>setpagedevice"
*PageSize ARCHB: "<</PageSize[864 1296]>>setpagedevice"
*PageSize A4: "<</PageSize[595.275590551181 841.889763779528]>>setpagedevice"
*PageSize A5: "<</PageSize[419.527559055118 595.275590551181]>>setpagedevice"
*PageSize A6: "<</PageSize[297.637795275591 419.527559055118]>>setpagedevice"
*PageSize ISOB5: "<</PageSize[498.897637795276 708.661417322835]>>setpagedevice"
*PageSize Legal: "<</PageSize[612 1008]>>setpagedevice"
*PageSize Letter: "<</PageSize[612 792]>>setpagedevice"
*PageSize Executive: "<</PageSize[522 756]>>setpagedevice"
*PageSize Statement: "<</PageSize[396 612]>>setpagedevice"
*PageSize EnvC5: "<</PageSize[459.212598425197 649.133858267717]>>setpagedevice"
*PageSize EnvC6: "<</PageSize[323.149606299213 459.212598425197]>>setpagedevice"
*PageSize EnvDL: "<</PageSize[311.811023622047 623.622047244094]>>setpagedevice"
*PageSize EnvMonarch: "<</PageSize[278.985826771654 540]>>setpagedevice"
*PageSize B5: "<</PageSize[515.905511811024 728.503937007874]>>setpagedevice"
*PageSize B6: "<</PageSize[362.834645669291 515.905511811024]>>setpagedevice"
*PageSize EnvYou4: "<</PageSize[297.637795275591 666.141732283465]>>setpagedevice"
*PageSize Postcard: "<</PageSize[283.464566929134 419.527559055118]>>setpagedevice"
*PageSize DoublePostcardRotated: "<</PageSize[419.527559055118 566.929133858268]>>setpagedevice"
*PageSize roc16k: "<</PageSize[558 774]>>setpagedevice"
*PageSize FanFoldGermanLegal: "<</PageSize[612 936]>>setpagedevice"
*PageSize Env10: "<</PageSize[296.985826771654 684]>>setpagedevice"
*PageSize Env9: "<</PageSize[278.985826771654 638.985826771654]>>setpagedevice"
*PageSize EnvPersonal: "<</PageSize[260.985826771654 468]>>setpagedevice"
*PageSize Folio: "<</PageSize[595.275590551181 935.433070866142]>>setpagedevice"
*CloseUI: *PageSize
*OpenUI *PageRegion: PickOne
*OrderDependency: 10 AnySetup *PageRegion
*DefaultPageRegion: A4
*PageRegion A3: "<</PageSize[841.889763779528 1190.551181102362]>>setpagedevice"
*PageRegion B4: "<</PageSize[728.503937007874 1031.811023622047]>>setpagedevice"
*PageRegion Tabloid: "<</PageSize[792 1224]>>setpagedevice"
*PageRegion roc8k: "<</PageSize[774 1116]>>setpagedevice"
*PageRegion EnvC4: "<</PageSize[649.133858267717 918.425196850394]>>setpagedevice"
*PageRegion ARCHB: "<</PageSize[864 1296]>>setpagedevice"
*PageRegion A4: "<</PageSize[595.275590551181 841.889763779528]>>setpagedevice"
*PageRegion A5: "<</PageSize[419.527559055118 595.275590551181]>>setpagedevice"
*PageRegion A6: "<</PageSize[297.637795275591 419.527559055118]>>setpagedevice"
*PageRegion ISOB5: "<</PageSize[498.897637795276 708.661417322835]>>setpagedevice"
*PageRegion Legal: "<</PageSize[612 1008]>>setpagedevice"
*PageRegion Letter: "<</PageSize[612 792]>>setpagedevice"
*PageRegion Executive: "<</PageSize[522 756]>>setpagedevice"
*PageRegion Statement: "<</PageSize[396 612]>>setpagedevice"
*PageRegion EnvC5: "<</PageSize[459.212598425197 649.133858267717]>>setpagedevice"
*PageRegion EnvC6: "<</PageSize[323.149606299213 459.212598425197]>>setpagedevice"
*PageRegion EnvDL: "<</PageSize[311.811023622047 623.622047244094]>>setpagedevice"
*PageRegion EnvMonarch: "<</PageSize[278.985826771654 540]>>setpagedevice"
*PageRegion B5: "<</PageSize[515.905511811024 728.503937007874]>>setpagedevice"
*PageRegion B6: "<</PageSize[362.834645669291 515.905511811024]>>setpagedevice"
*PageRegion EnvYou4: "<</PageSize[297.637795275591 666.141732283465]>>setpagedevice"
*PageRegion Postcard: "<</PageSize[283.464566929134 419.527559055118]>>setpagedevice"
*PageRegion DoublePostcardRotated: "<</PageSize[419.527559055118 566.929133858268]>>setpagedevice"
*PageRegion roc16k: "<</PageSize[558 774]>>setpagedevice"
*PageRegion FanFoldGermanLegal: "<</PageSize[612 936]>>setpagedevice"
*PageRegion Env10: "<</PageSize[296.985826771654 684]>>setpagedevice"
*PageRegion Env9: "<</PageSize[278.985826771654 638.985826771654]>>setpagedevice"
*PageRegion EnvPersonal: "<</PageSize[260.985826771654 468]>>setpagedevice"
*PageRegion Folio: "<</PageSize[595.275590551181 935.433070866142]>>setpagedevice"
*CloseUI: *PageRegion
*DefaultImageableArea: A4
*DefaultPaperDimension: A4
*ImageableArea A3: "11.338582677165 11.338582677165 830.551181102362 1179.212598425197"
*PaperDimension A3: "841.889763779528 1190.551181102362"
*ImageableArea B4: "11.338582677165 11.338582677165 717.165354330709 1020.472440944882"
*PaperDimension B4: "728.503937007874 1031.811023622047"
*ImageableArea Tabloid: "11.338582677165 11.338582677165 780.661417322835 1212.661417322835"
*PaperDimension Tabloid: "792 1224"
*ImageableArea roc8k: "11.338582677165 11.338582677165 762.661417322835 1104.661417322835"
*PaperDimension roc8k: "774 1116"
*ImageableArea EnvC4: "11.338582677165 11.338582677165 637.795275590551 907.086614173228"
*PaperDimension EnvC4: "649.133858267717 918.425196850394"
*ImageableArea ARCHB: "11.338582677165 11.338582677165 852.661417322835 1284.661417322835"
*PaperDimension ARCHB: "864 1296"
*ImageableArea A4: "11.338582677165 11.338582677165 583.937007874016 830.551181102362"
*PaperDimension A4: "595.275590551181 841.889763779528"
*ImageableArea A5: "11.338582677165 11.338582677165 408.188976377953 583.937007874016"
*PaperDimension A5: "419.527559055118 595.275590551181"
*ImageableArea A6: "11.338582677165 11.338582677165 286.299212598425 408.188976377953"
*PaperDimension A6: "297.637795275591 419.527559055118"
*ImageableArea ISOB5: "11.338582677165 11.338582677165 487.55905511811 697.322834645669"
*PaperDimension ISOB5: "498.897637795276 708.661417322835"
*ImageableArea Legal: "11.338582677165 11.338582677165 600.661417322835 996.661417322835"
*PaperDimension Legal: "612 1008"
*ImageableArea Letter: "11.338582677165 11.338582677165 600.661417322835 780.661417322835"
*PaperDimension Letter: "612 792"
*ImageableArea Executive: "11.338582677165 11.338582677165 510.661417322835 744.661417322835"
*PaperDimension Executive: "522 756"
*ImageableArea Statement: "11.338582677165 11.338582677165 384.661417322835 600.661417322835"
*PaperDimension Statement: "396 612"
*ImageableArea EnvC5: "11.338582677165 11.338582677165 447.874015748031 637.795275590551"
*PaperDimension EnvC5: "459.212598425197 649.133858267717"
*ImageableArea EnvC6: "11.338582677165 11.338582677165 311.811023622047 447.874015748031"
*PaperDimension EnvC6: "323.149606299213 459.212598425197"
*ImageableArea EnvDL: "11.338582677165 11.338582677165 300.472440944882 612.283464566929"
*PaperDimension EnvDL: "311.811023622047 623.622047244094"
*ImageableArea EnvMonarch: "11.338582677165 11.338582677165 267.647244094488 528.661417322835"
*PaperDimension EnvMonarch: "278.985826771654 540"
*ImageableArea B5: "11.338582677165 11.338582677165 504.566929133858 717.165354330709"
*PaperDimension B5: "515.905511811024 728.503937007874"
*ImageableArea B6: "11.338582677165 11.338582677165 351.496062992126 504.566929133858"
*PaperDimension B6: "362.834645669291 515.905511811024"
*ImageableArea EnvYou4: "11.338582677165 11.338582677165 286.299212598425 654.803149606299"
*PaperDimension EnvYou4: "297.637795275591 666.141732283465"
*ImageableArea Postcard: "11.338582677165 11.338582677165 272.125984251969 408.188976377953"
*PaperDimension Postcard: "283.464566929134 419.527559055118"
*ImageableArea DoublePostcardRotated: "11.338582677165 11.338582677165 408.188976377953 555.590551181102"
*PaperDimension DoublePostcardRotated: "419.527559055118 566.929133858268"
*ImageableArea roc16k: "11.338582677165 11.338582677165 546.661417322835 762.661417322835"
*PaperDimension roc16k: "558 774"
*ImageableArea FanFoldGermanLegal: "11.338582677165 11.338582677165 600.661417322835 924.661417322835"
*PaperDimension FanFoldGermanLegal: "612 936"
*ImageableArea Env10: "11.338582677165 11.338582677165 285.647244094488 672.661417322835"
*PaperDimension Env10: "296.985826771654 684"
*ImageableArea Env9: "11.338582677165 11.338582677165 267.647244094488 627.647244094488"
*PaperDimension Env9: "278.985826771654 638.985826771654"
*ImageableArea EnvPersonal: "11.338582677165 11.338582677165 249.647244094488 456.661417322835"
*PaperDimension EnvPersonal: "260.985826771654 468"
*ImageableArea Folio: "11.338582677165 11.338582677165 583.937007874016 924.094488188976"
*PaperDimension Folio: "595.275590551181 935.433070866142"
*OpenUI *InputSlot: PickOne
*OrderDependency: 10 AnySetup *InputSlot
*DefaultInputSlot: Tray1
*InputSlot Auto/Automatic: "<</MediaPosition 0>>setpagedevice"
*InputSlot ByPassTray/Mehrzweck: "<</MediaPosition 19>>setpagedevice"
*InputSlot Tray1/Fach 1: "<</MediaPosition 20>>setpagedevice"
*InputSlot Tray2/Fach 2: "<</MediaPosition 21>>setpagedevice"
*InputSlot Tray3/Fach 3: "<</MediaPosition 22>>setpagedevice"
*InputSlot Tray4/Fach 4: "<</MediaPosition 23>>setpagedevice"
*CloseUI: *InputSlot
*OpenUI *MediaType: PickOne
*OrderDependency: 10 AnySetup *MediaType
*DefaultMediaType: Stationery
*MediaType Auto/Automatic: "<</MediaType(Auto)>>setpagedevice"
*MediaType Stationery/Standardpapier: "<</MediaType(Stationery)>>setpagedevice"
*MediaType Transparency/Transparenz: "<</MediaType(Transparency)>>setpagedevice"
*MediaType Envelope/Umschlag: "<</MediaType(Envelope)>>setpagedevice"
*MediaType Labels/Etiketten: "<</MediaType(Labels)>>setpagedevice"
*MediaType StationeryCoated/Beschichtetes Papier: "<</MediaType(StationeryCoated)>>setpagedevice"
*MediaType Photographic/Fotopapier: "<</MediaType(Photographic)>>setpagedevice"
*MediaType Cardstock/Cardstock: "<</MediaType(Cardstock)>>setpagedevice"
*MediaType StationeryLightweight/Lightweight Paper: "<</MediaType(StationeryLightweight)>>setpagedevice"
*MediaType StationeryPreprinted/Vorbedrucktes Papier: "<</MediaType(StationeryPreprinted)>>setpagedevice"
*MediaType StationeryBond/stationery-bond: "<</MediaType(StationeryBond)>>setpagedevice"
*MediaType StationeryColored/stationery-colored: "<</MediaType(StationeryColored)>>setpagedevice"
*MediaType StationeryPrepunched/Gelochtes Papier: "<</MediaType(StationeryPrepunched)>>setpagedevice"
*MediaType StationeryLetterhead/Briefkopf: "<</MediaType(StationeryLetterhead)>>setpagedevice"
*MediaType StationeryHeavyweight/Schweres Papier: "<</MediaType(StationeryHeavyweight)>>setpagedevice"
*MediaType StationeryFine/Vellum Paper: "<</MediaType(StationeryFine)>>setpagedevice"
*CloseUI: *MediaType
*OpenUI *ColorModel/Farbmodus: PickOne
*OrderDependency: 10 AnySetup *ColorModel
*ColorModel Gray/Graustufen: "<</cupsColorSpace 18/cupsBitsPerColor 8/cupsColorOrder 0/cupsCompression 0>>setpagedevice"
*DefaultColorModel: Gray
*CloseUI: *ColorModel
*OpenUI *Duplex/Doppelseitig drucken: PickOne
*OrderDependency: 10 AnySetup *Duplex
*DefaultDuplex: None
*Duplex None/Aus (Einseitig): "<</Duplex false>>setpagedevice"
*Duplex DuplexNoTumble/Lange Kante (Hochformat): "<</Duplex true/Tumble false>>setpagedevice"
*Duplex DuplexTumble/Kurze Kante (Querformat): "<</Duplex true/Tumble true>>setpagedevice"
*CloseUI: *Duplex
*cupsBackSide: ManualTumble
*OpenUI *OutputBin: PickOne
*OrderDependency: 10 AnySetup *OutputBin
*DefaultOutputBin: Left
*OutputBin Left/Left Tray: ""
*OutputBin Top/Top Tray: ""
*CloseUI: *OutputBin
*OpenUI *StapleLocation/Heftung: PickOne
*OrderDependency: 10 AnySetup *StapleLocation
*DefaultStapleLocation: None
*StapleLocation None/None: ""
*StapleLocation staple-top-left/Einfachheftung (Hochformat): ""
*cupsIPPFinishings 20/staple-top-left: "*StapleLocation staple-top-left"
*StapleLocation staple-bottom-left/Single Staple (Reverse Landscape): ""
*cupsIPPFinishings 21/staple-bottom-left: "*StapleLocation staple-bottom-left"
*StapleLocation staple-top-right/Einfachheftung (Querformat): ""
*cupsIPPFinishings 22/staple-top-right: "*StapleLocation staple-top-right"
*StapleLocation staple-bottom-right/Single Staple (Reverse Portrait): ""
*cupsIPPFinishings 23/staple-bottom-right: "*StapleLocation staple-bottom-right"
*StapleLocation staple-dual-left/Double Staple (Portrait): ""
*cupsIPPFinishings 28/staple-dual-left: "*StapleLocation staple-dual-left"
*StapleLocation staple-dual-top/Double Staple (Landscape): ""
*cupsIPPFinishings 29/staple-dual-top: "*StapleLocation staple-dual-top"
*StapleLocation staple-dual-right/Double Staple (Reverse Portrait): ""
*cupsIPPFinishings 30/staple-dual-right: "*StapleLocation staple-dual-right"
*StapleLocation staple-dual-bottom/Double Staple (Reverse Landscape): ""
*cupsIPPFinishings 31/staple-dual-bottom: "*StapleLocation staple-dual-bottom"
*CloseUI: *StapleLocation
*DefaultResolution: 600dpi
*OpenUI *cupsPrintQuality/Druckqualität: PickOne
*OrderDependency: 10 AnySetup *cupsPrintQuality
*DefaultcupsPrintQuality: Normal
*cupsPrintQuality Draft/Entwurf: "<</HWResolution[600 300]>>setpagedevice"
*cupsPrintQuality Normal/Normal: "<</HWResolution[600 600]>>setpagedevice"
*CloseUI: *cupsPrintQuality

16
files/install.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
if [ ! -d /usr/share/cups/model ]; then
sudo mkdir /usr/share/cups/model
fi
if [ ! -d /usr/share/cups/model/UTAX_TA ]; then
sudo mkdir /usr/share/cups/model/UTAX_TA
fi
sudo cp CLP3550.PPD /usr/share/cups/model/UTAX_TA/CLP3550.PPD
sudo cp kyofilter_B /usr/lib/cups/filter/kyofilter_B
sudo chmod 555 /usr/lib/cups/filter/kyofilter_B
if [ -f /usr/lib/cups/filter/kyofilter_B ] &&
[ -f /usr/share/cups/model/UTAX_TA/CLP3550.PPD ]; then
echo "Installation completed"
else
echo "Installation failed"
fi

BIN
files/kyofilter_B Executable file
View File

Binary file not shown.

4
files/lightdm.conf Executable file
View File

@ -0,0 +1,4 @@
[SeatDefaults]
user-session=ubuntu
allow-guest=false
greeter-hide-users=true

6
files/modules Executable file
View File

@ -0,0 +1,6 @@
mii
usbnet
cdc_ether
r8152
ax88179_178a
e1000e

2
files/user Executable file
View File

@ -0,0 +1,2 @@
user-db:user
system-db:local

BIN
files/veracrypt-1.24-Update3-Ubuntu-18.04-amd64.deb Executable file
View File

Binary file not shown.

30
gnome.yml Normal file
View File

@ -0,0 +1,30 @@
---
- name: create new user profile
copy:
src: user
dest: /etc/dconf/profile/user
owner: root
group: root
mode: 0644
- name: create local config dir
file:
path: /etc/dconf/db/local.d
state: directory
owner: root
group: root
mode: 0755
- name: configure gnome defaults
copy:
src: "{{ item }}"
dest: /etc/dconf/db/local.d/
owner: root
group: root
mode: 0644
with_items:
- 00-favorite-apps
- 01-recursive-search
- 02-energy
notify: dconf update

18
hosts Normal file
View File

@ -0,0 +1,18 @@
[all]
pc101
pc102
pc103
pc104
pc105
# pc106 noch nicht umgestellt
pc107
pc108
pc109
pc110
pc111
pc112
pc113
pc114
pc115
pc116 ansible_host=192.168.112.138
pc117 ansible_host=192.168.112.127

31
initramfs.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: install dropbear-initramfs
apt:
name: "{{ physicals_packages_dropbear }}"
state: present
- name: install admin ssh keys into initramfs
authorized_key:
user: root
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCvAISe8/nJhWT1CAe2uBUPqfLBxe44HhnSSWNbqh+97nYnMr+wUj7hj/uGswsrd0mkYAnXfWsCEQJdqwtRDRiq7WVNfG3sHnFasb7MB1+Ti04cPqWKhEtxhpJRy4GKoIs3cX/1SI+GB8r6QuxN4NnjOEi3zyRBE/abQGvRe+fuq2bDI4pU4Ldy0isEG12MgUOSyq69ED3uOGpfZmVqaq5Z+j9m8k49PTz5lcWcJ0M7gCqnVCaN7ONoptdUJTI7EjnnpoQvgfGBNgBBx4zBWTf10UUHT+GYD0Ok6che7TTv1ImQyYmIvMlc4sV3yUgHrTWc7SwpzYBXCzqhrWZyDmV chris@sol"
path: /etc/dropbear-initramfs/authorized_keys
notify: update initramfs
- name: add modules for initramfs
copy:
src: modules
dest: /etc/initramfs-tools/modules
owner: root
group: root
mode: 0644
notify: update initramfs
- name: configure initramfs network options in kernel boot parameters
lineinfile:
backrefs: yes
dest: /etc/default/grub
regexp: '^GRUB_CMDLINE_LINUX_DEFAULT='
line: 'GRUB_CMDLINE_LINUX_DEFAULT="ip={{ kernel_network_params.address }}::{{ kernel_network_params.gateway }}:{{ kernel_network_params.netmask }}::{{ kernel_network_params.device }}:{{ kernel_network_params.autoconf }} quiet apparmor=1 security=apparmor"'
when: kernel_network_params|d()
notify: update grub

233
playbook.yml Normal file
View File

@ -0,0 +1,233 @@
---
- hosts: all
become: true
vars:
apt_packages:
- aptitude
- arj
- cifs-utils
- chromium-browser
- curl
- ethtool
- exfat-fuse
- exfat-utils
- firefox-locale-de
- gimp
- git
- gnupg2
- grsync
- haveged
- httrack
- keepassxc
- lightdm
- mc
- net-tools
- nextcloud-client
- ntpdate
- pdfshuffler
- smb4k
- synaptic
- thunderbird-locale-de
- vim
- vim-doc
- vlc
- x11vnc
- xz-utils
apt_repositories:
- repo: ppa:nextcloud-devs/client
packages_absent:
- gnome-initial-setup
- ubuntu-web-launchers
- update-notifier
debs_present:
- CQue_v4.0.5_Linux_64_DE.deb
- veracrypt-1.24-Update3-Ubuntu-18.04-amd64.deb
physicals_packages_dropbear:
- dropbear-initramfs
- kbd
admin_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== christoph"
fonts_shared:
- type: 'opentype'
src: FrutigerLTStd-BlackCn.otf
dest: frutiger/FrutigerLTStd-BlackCn.otf
- type: 'opentype'
src: FrutigerLTStd-BlackItalic.otf
dest: frutiger/FrutigerLTStd-BlackItalic.otf
- type: 'opentype'
src: FrutigerLTStd-Black.otf
dest: frutiger/FrutigerLTStd-Black.otf
- type: 'opentype'
src: FrutigerLTStd-BoldCn.otf
dest: frutiger/FrutigerLTStd-BoldCn.otf
- type: 'opentype'
src: FrutigerLTStd-BoldItalic.otf
dest: frutiger/FrutigerLTStd-BoldItalic.otf
- type: 'opentype'
src: FrutigerLTStd-Bold.otf
dest: frutiger/FrutigerLTStd-Bold.otf
- type: 'opentype'
src: FrutigerLTStd-Cn.otf
dest: frutiger/FrutigerLTStd-Cn.otf
- type: 'opentype'
src: FrutigerLTStd-ExtraBlackCn.otf
dest: frutiger/FrutigerLTStd-ExtraBlackCn.otf
- type: 'opentype'
src: FrutigerLTStd-Italic.otf
dest: frutiger/FrutigerLTStd-Italic.otf
- type: 'opentype'
src: FrutigerLTStd-LightCn.otf
dest: frutiger/FrutigerLTStd-LightCn.otf
- type: 'opentype'
src: FrutigerLTStd-LightItalic.otf
dest: frutiger/FrutigerLTStd-LightItalic.otf
- type: 'opentype'
src: FrutigerLTStd-Light.otf
dest: frutiger/FrutigerLTStd-Light.otf
- type: 'opentype'
src: FrutigerLTStd-Roman.otf
dest: frutiger/FrutigerLTStd-Roman.otf
- type: 'opentype'
src: FrutigerLTStd-UltraBlack.otf
dest: frutiger/FrutigerLTStd-UltraBlack.otf
pre_tasks:
- name: add group lokaladmin
group:
name: lokaladmin
gid: 1000
- name: ensure lokaladmin is present
user:
name: lokaladmin
group: lokaladmin
groups: adm, cdrom, sudo, dip, plugdev, lpadmin, sambashare
append: True
uid: 1000
password: "$6$bzVyhcWa$X3NeSycmO8qhgjtYDjjg8ANBt1jf.uvRHdkaVL6qTFhXk6RQvChJQpUtBH1Ccg5t5VR/qqoDgOgieYsX08nK31"
- name: add authorized_key for christoph
authorized_key:
user: "{{ item }}"
key: "{{ admin_key }}"
with_items:
- root
- lokaladmin
- name: Disable motd-news
lineinfile:
dest: /etc/default/motd-news
regexp: '^ENABLED='
line: 'ENABLED=0'
- name: Delete unnecessary packages
apt:
pkg: "{{ packages_absent }}"
state: absent
tags: apt
roles:
- role: weareinteractive.apt
tags: apt
- role: ontic.fonts
tags: fonts
- role: freedomofpress.signal-desktop
tags: signal
tasks:
- name: copy debs
copy:
src: "{{ item }}"
dest: /root/
owner: root
group: root
mode: 0644
with_items: "{{ debs_present }}"
tags: apt
- name: install local debs
apt:
deb: "/root/{{ item }}"
with_items: "{{ debs_present }}"
tags: apt
- name: system time cron job
cron:
name: adjust system time
minute: 3
job: /usr/sbin/ntpdate 192.168.112.254 > /dev/null
- name: wake-on-lan cron job
cron:
name: "enable wake-on-lan interface {{ item }}"
special_time: reboot
job: /sbin/ethtool -s {{ item }} wol g
when: item != "lo"
with_items: "{{ ansible_interfaces }}"
tags: wol
- name: set default editor
alternatives:
name: editor
path: /usr/bin/vim
- name: get christoph admin scripts
git:
repo: https://git.oopen.de/script/{{ item }}
dest: /root/bin/{{ item }}
with_items:
- admin-stuff
- monitoring
- name: configure lightdm
copy:
src: lightdm.conf
dest: /etc/lightdm/lightdm.conf
owner: root
group: root
mode: 0644
- name: make lightdm default
file:
path: /etc/systemd/system/display-manager.service
src: /lib/systemd/system/lightdm.service
state: link
- name: make lightdm default (X11)
copy:
dest: /etc/X11/default-display-manager
content: "/usr/bin/lightdm"
owner: root
group: root
mode: 0644
- import_tasks: initramfs.yml
- import_tasks: gnome.yml
tags:
- gnome
- name: copy printer drivers
copy:
src: "{{ item }}"
dest: /usr/share/ppd/custom
owner: root
group: lpadmin
mode: 0664
with_items:
- Canon_LBP712Cx.ppd
- UTAX_TA_3555i.ppd
notify: configure printers
tags: printer
handlers:
- name: update initramfs
command: update-initramfs -u
- name: dconf update
command: dconf update
- name: configure printers
shell: "lpadmin -p Kopierer -E -v socket://192.168.112.5 -P /usr/share/ppd/custom/UTAX_TA_3555i.ppd && lpadmin -p Farbdrucker -E -v socket://192.168.112.7 -P /usr/share/ppd/custom/Canon_LBP712Cx.ppd && lpadmin -d Kopierer"
# use christophs role to configure NFS/NIS
- hosts: all
become: true
roles:
- common

20
roles/common/files/etc/nsswitch.conf Executable file
View File

@ -0,0 +1,20 @@
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat systemd nis
group: compat systemd nis
shadow: compat nis
gshadow: files
hosts: files nis mdns4_minimal [NOTFOUND=return] dns myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

4
roles/common/files/etc/systemd/system/rpcbind.socket.d/override.conf Executable file
View File

@ -0,0 +1,4 @@
[Unit]
DefaultDependencies=no
Wants=rpcbind.target
Before=rpcbind.target

3
roles/common/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf Executable file
View File

@ -0,0 +1,3 @@
[Service]
IPAddressAllow=192.168.0.0/16

26
roles/common/handlers/main.yml Executable file
View File

@ -0,0 +1,26 @@
---
- name: Renew nis databases
shell: make -C /var/yp
when:
- "groups['nis_server']|string is search(inventory_hostname)"
- name: Reload nfs
service:
name: nfs-kernel-server
state: reloaded
enabled: yes
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
- name: Restart systemd-logind.service
service:
name: systemd-logind
daemon_reload: yes
state: restarted
- name: Restart rpcbind
service:
name: rpcbind
daemon_reload: yes
state: restarted

9
roles/common/tasks/main.yml Executable file
View File

@ -0,0 +1,9 @@
---
- import_tasks: nfs.yml
tags:
- nfs
- import_tasks: nis-install-client.yml
# when: "groups['nis_client']|string is search(inventory_hostname)"
tags:
- nis-install

26
roles/common/tasks/nfs.yml Executable file
View File

@ -0,0 +1,26 @@
---
- name: (nfs.yml) Ensure NFS utilities (clients) are installed.
apt:
pkg: nfs-common
state: present
when:
- ansible_os_family == "Debian"
tags:
- nfs-client
- name: (nfs.yml) NFS Mount exports from nfs server
mount:
path: "{{ item.path }}"
src: "{{ item.src }}"
fstype: nfs
opts: "{{ item.mount_opts }}"
dump: "{{ item.dump | default(omit) }}"
passno: "{{ item.passno | default(omit) }}"
state: mounted
loop: "{{ nfs_exports }}"
loop_control:
label: '{{ item.src }}'
tags:
- nfs-client

310
roles/common/tasks/nis-install-client.yml Executable file
View File

@ -0,0 +1,310 @@
---
# ---
# Install nis
# ---
- name: (nis-install-client.yml) Set (nis) default domain (/etc/defaultdomain)
template:
dest: /etc/defaultdomain
src: etc/defaultdomain.j2
owner: root
group: root
mode: 0644
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Create preconfigured /etc/yp.conf on nis clients
template:
dest: /etc/yp.conf
src: etc/yp.conf.j2
owner: root
group: root
mode: 0644
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Install nis common packages
package:
name: "{{ item }}"
state: present
with_items: "{{ nis_common_packages }}"
tags:
- nis-install
- nis-install-client
# ---
# /etc/default/nis
# ---
- name: (nis-install-client.yml) Check if file '/etc/default/nis.ORIG' exists
stat:
path: /etc/default/nis.ORIG
register: default_nis_exists
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Backup existing file /etc/default/nis
command: cp -a /etc/default/nis /etc/default/nis.ORIG
when:
- default_nis_exists.stat.exists == False
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISSERVER' (client)
replace:
path: /etc/default/nis
regexp: '^NISSERVER=.*'
replace: 'NISSERVER=false'
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (client)
replace:
path: /etc/default/nis
regexp: '^NISCLIENT=.*'
replace: 'NISCLIENT=true'
tags:
- nis-install
- nis-install-client
# ---
# /etc/{passwd,group,shadow}
# ---
- name: (nis-install-client.yml) Add '+::::::' to file /etc/passwd
lineinfile:
path: /etc/passwd
line: '+::::::'
insertafter: EOF
state: present
owner: root
group: root
mode: '0644'
when: "ansible_distribution_major_version|int < 18"
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Add '+:::' to file /etc/group
lineinfile:
path: /etc/group
line: '+:::'
insertafter: EOF
state: present
owner: root
group: root
mode: '0644'
when: "ansible_distribution_major_version|int < 18"
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Add '+::::::::' to file /etc/shadow
lineinfile:
path: /etc/shadow
line: '+::::::::'
insertafter: EOF
state: present
owner: root
group: shadow
mode: '0640'
when: "ansible_distribution_major_version|int < 18"
tags:
- nis-install
- nis-install-client
# ---
# /etc/hosts
# ---
- name: (nis-install-client.yml) Check if file '/etc/hosts.ORIG' exists
stat:
path: /etc/hosts.ORIG
register: etc_hosts_orig_exists
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Backup existing file /etc/hosts
command: cp -a /etc/hosts /etc/hosts.ORIG
when:
- etc_hosts_orig_exists.stat.exists == False
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Add nis-server to file /etc/hosts
lineinfile:
path: /etc/hosts
line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[1] }}'
insertafter: EOF
state: present
owner: root
group: root
mode: '0644'
tags:
- nis-install
- nis-install-client
# ---
# /etc/nsswitch.conf
# ---
#- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
# stat:
# path: /etc/nsswitch.conf.ORIG
# register: nsswitch_conf_orig_exists
# tags:
# - nis-install
# - nis-install-client
#
#- name: (nis.yml) Backup existing file /etc/nsswitch.conf
# command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG
# when:
# - nsswitch_conf_orig_exists.stat.exists == False
# tags:
# - nis-install
# - nis-install-client
#
#- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set hosts)
# replace:
# path: /etc/nsswitch.conf
# regexp: '(hosts:\s+files)\s+([^nis].*)'
# replace: '\1 nis \2'
# tags:
# - nis-install
# - nis-install-client
#
#- name: (nis-install-client.yml) Adjust file /etc/nsswitch.conf (set passwd/group/shadow)
# replace:
# path: /etc/nsswitch.conf
# regexp: '^({{ item }}:\s+.*(?!nis).*)'
# replace: '\1 nis'
# with_items:
# - passwd
# - group
# - shadow
# tags:
# - nis-install
# - nis-install-client
- name: Copy /etc/nsswitch.conf
copy:
src: etc/nsswitch.conf
dest: /etc/nsswitch.conf
owner: root
group: root
mode: 0644
# ---
# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
# ---
# - !! Using NIS client in Ubuntu 18.04 crashes both Gnome and Unity !!
# - ===================================================================
#
# - Unter NIS in Ubuntu 18.04 stütrzt Gnome und Unity ab
# -
# - Abhilfe schafft:
# -
#
# - Create a new directory in /etc/systemd/system/ named exactly after the
# - service you want to extend including a '.d', here this would be:
# - systemd-logind.service.d
# -
# - mkdir /etc/systemd/system/systemd-logind.service.d
#
# - Create a new file choose_an_appropriate_name.conf (e.g. nis_allow_network.conf)
# - inside the newly created directory with the following content, which specifies
# - the IP or IP range you want to be allowed:
# -
# - cat <<EOF > /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
# - [Service]
# - IPAddressAllow=192.168.0.0/16
# - EOF
# -
# - systemctl daemon-reload
# - systemctl restart systemd-logind.service
- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/systemd-logind.service.d exists
file:
path: /etc/systemd/system/systemd-logind.service.d
owner: root
group: root
mode: '0755'
state: directory
when: "ansible_distribution_major_version|int >= 18"
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf exists
copy:
src: "{{ role_path + '/files/etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf' }}"
dest: /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
owner: root
group: root
mode: '0755'
when: "ansible_distribution_major_version|int >= 18"
# XXX: killt meine Xsession (Tim)
# notify:
# - Restart systemd-logind.service
tags:
- nis-install
- nis-install-client
# - Seit Ubuntu 16.04 startet nis vor dem portmapper (rpcbind). Das Starten
# - schlägt deshalb fehl und nis steht nicht zur Verfügung.
# -
# - Abhilfe:
# -
# - Run "systemctl edit rpcbind.socket" and add the following:
# -
# - [Unit]
# - DefaultDependencies=no
# - Wants=rpcbind.target
# - Before=rpcbind.target
# -
# - You can see your changes:
# - cat /etc/systemd/system/rpcbind.socket.d/override.conf
- name: (nis-install-client.yml) Ensure directory /etc/systemd/system/rpcbind.socket.d exists
file:
path: /etc/systemd/system/rpcbind.socket.d
owner: root
group: root
mode: '0755'
state: directory
when: "ansible_distribution_major_version|int >= 16"
tags:
- nis-install
- nis-install-client
- name: (nis-install-client.yml) Ensure file /files/etc/systemd/system/rpcbind.socket.d/override.conf exists
copy:
src: "{{ role_path + '/files/etc/systemd/system/rpcbind.socket.d/override.conf' }}"
dest: /etc/systemd/system/rpcbind.socket.d/override.conf
owner: root
group: root
mode: '0755'
when: "ansible_distribution_major_version|int >= 16"
notify:
- Restart rpcbind
tags:
- nis-install
- nis-install-client
# TODO:
# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
# /etc/systemd/system/rpcbind.socket.d/override.conf

1
roles/common/templates/etc/defaultdomain.j2 Executable file
View File

@ -0,0 +1 @@
{{ nis_domain }}

31
roles/common/templates/etc/exports.j2 Executable file
View File

@ -0,0 +1,31 @@
# {{ ansible_managed }}
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
{% set count = namespace(nfs_exports=100) %}
{% for export in nfs_exports %}
{% set export_str= namespace(nfs_exports = export.src.split(":")[1]) %}
{% set count.nfs_exports = count.nfs_exports + 10 %}
{% for network in export.export_networks %}
{% if export.fs_encrypted is defined and export.fs_encrypted is sameas true %}
{% set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~",fsid="~count.nfs_exports~")" %}
#{{ export.src.split(":")[1] }} {{ network }}({{ export.export_opt }},fsid={{ count.nfs_exports }})
{% else %}
{% set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~")" %}
#{{ export.src.split(":")[1] }} {{ network }}({{ export.export_opt }})
{% endif %}
{% endfor %}
{{ export_str.nfs_exports }}
{% endfor %}

34
roles/common/templates/etc/sudoers.d/50-user.j2 Executable file
View File

@ -0,0 +1,34 @@
# {{ ansible_managed }}
{% for item in sudoers_file_defaults | default([]) %}
Defaults {{ item }}
{% endfor %}
# Host alias specification
{% for item in sudoers_file_host_aliases | default([]) %}
Host_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User alias specification
{% for item in sudoers_file_user_aliases | default([]) %}
User_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Cmnd alias specification
{% for item in sudoers_file_cmnd_aliases | default([]) %}
Cmnd_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Runas alias specification
{% for item in sudoers_file_runas_aliases | default([]) %}
Runas_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User privilege specification
{# rules for nis users #}
{% for item in nis_user | default([]) %}
{{ item.name }} ALL=(root)NOPASSWD: MOUNT
{% endfor %}
# Group privilege specification

56
roles/common/templates/etc/sudoers.j2 Executable file
View File

@ -0,0 +1,56 @@
# {{ ansible_managed }}
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
{% for item in sudoers_defaults %}
{% if item != '' %}
Defaults {{ item }}
{% endif %}
{% endfor %}
# Host alias specification
{% for item in sudoers_host_aliases | default([]) %}
Host_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User alias specification
{% for item in sudoers_user_aliases | default([]) %}
User_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Cmnd alias specification
{% for item in sudoers_cmnd_aliases | default([]) %}
Cmnd_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# Runas alias specification
{% for item in sudoers_runas_aliases | default([]) %}
Runas_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}
# User privilege specification
{% for item in sudoers_user_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# Group privilege specification
{% for item in sudoers_group_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d

24
roles/common/templates/etc/yp.conf.j2 Executable file
View File

@ -0,0 +1,24 @@
# {{ ansible_managed }}
# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
# Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
# Use broadcast on the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
# Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
# Use server HOSTNAME for the local domain. The
# IP-address of server must be listed in /etc/hosts.
#
# broadcast
# If no server for the default domain is specified or
# none of them is rechable, try a broadcast call to
# find a server.
#
domain {{ nis_domain }} server {{ nis_server_address }}

779
roles/common/vars/main.yml Executable file
View File

@ -0,0 +1,779 @@
---
# ---
# NFS
# ---
nfs_server: 192.168.112.10
# Set 'fs_encrypted' to true if filesystem lives on an encrypted
# partition.
#
nfs_exports:
- src: 192.168.112.10:/data/home
path: /data/home
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.112.0/24
- 10.0.112.0/24
- 10.1.112.0/24
- 192.168.63.0/24
fs_encrypted: false
- src: 192.168.112.10:/data/shares
path: /data/shares
mount_opts: users,rsize=8192,wsize=8192,hard,intr
export_opt: rw,root_squash,sync,subtree_check
export_networks:
- 192.168.112.0/24
- 10.0.112.0/24
- 10.1.112.0/24
- 192.168.63.0/24
fs_encrypted: false
# ---
# Samba / NIS
# ---
samba_server: file-mbr.mbr-bln.netz
samba_shares:
- name: Arbeitsrechtliches
user:
- anne
- bianca
- birgit.erhardt
- christina.wendt
- chris
- sysadm
- name: Ausschreibungen
user:
- anne
- bianca
- chris
- matthias.mueller
- sysadm
- name: BGN-Finanzen-Personal
user:
- anne
- bianca
- carolin
- christina.wendt
- chris
- sysadm
- ulf.balmer
- name: BVV-Projekt
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: Finanzen
user:
- anne
- bianca
- birgit.erhardt
- christina.wendt
- chris
- sysadm
- name: Install
user:
- chris
- sysadm
- lokaladmin
- name: Kamera
user:
- anne
- axis
- bianca
- chris
- sysadm
- name: MBR
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: Mobilisierungsplattform
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: RIAS
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: RIAS-Finanzen-Personal
user:
- anne
- bianca
- benjamin
- birgit.erhardt
- christina.wendt
- chris
- sysadm
- name: SCAN
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: VDK
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
- name: Video
user:
- alexander.rasumny
- anna.mueller1
- anne
- benjamin
- bianca
- birgit.erhardt
- bjoern.renkewitz
- carolin
- christina.wendt
- chris
- daniel.poensgen
- doku2
- doku_4
- doku_7
- dorina.feldmann
- franziska
- johannes.radke
- judith.heinmueller
- kristina.holzapfel
- lavinia.schwedersky
- manja.kasten
- mathias
- matthias.mueller
- michael.sulies
- michael.trube
- pia.lamberty
- praktikum
- praktikum_rias
- praktikum2
- praktikum2_rias
- praktikum3
- praktikum4
- sabine.kritter
- samuel.signer
- scan
- simon
- sysadm
- ulf.balmer
nis_domain: mbr-bln.netz
#nis_domain: local.netz
nis_server_address: 192.168.112.10
nis_server_name: file-mbr.mbr-bln.netz
#nis_server_name: luna.local.netz
nis_common_packages:
- nis
- nscd
nis_deleted_user: []
nis_base_home: /data/home
nis_groups:
- name: mbr-buero
group_id: 1200
- name: mbr-finanzen
group_id: 1210
- name: mbr-personal
group_id: 1220
- name: mbr-kamera
group_id: 1250
- name: mbr-admins
group_id: 1260
- name: vdk
group_id: 1300
- name: rias
group_id: 1400
- name: rias-finanzen-personal
group_id: 1410
- name: bgn
group_id: 1500
- name: bgn-finanzen-personal
group_id: 1510
nis_user:
- name: chris
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
38643435653764393333613564393733666139656264343833333632373938323230393036303234
3633303562636465643930643961663165646237386664370a386362346162313037353163383365
61343263386239316164613935633062343165363863376462653165306464633136313839343962
3865353333373661390a643564386432643532396632323664383330646430613033643130626430
6139
- name: lokaladmin
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: 'd4r1usz'
- name: sysadm
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: 'KPk_Wf2F'
- name: alexander.rasumny
groups:
- mbr-buero
is_samba_user: true
password: 'twT9Rjbv9mjq'
- name: anna.mueller1
groups:
- mbr-buero
is_samba_user: true
password: '5xp5ll9ar13us!'
- name: anne
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: 'YA!LiLiC0MP5'
- name: axis
groups:
- mbr-buero
is_samba_user: true
password: '20_axis_16'
- name: benjamin
groups:
- mbr-buero
- vdk
- rias
- rias-finanzen-personal
is_samba_user: true
password: 'C2-0U#ch'
- name: bianca
groups:
- mbr-buero
- mbr-finanzen
- mbr-personal
- mbr-kamera
- mbr-admins
- vdk
- rias
- rias-finanzen-personal
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: '73_BiBole_29'
- name: birgit.erhardt
groups:
- mbr-buero
- mbr-finanzen
- vdk
is_samba_user: true
password: '20_purpel!rain_17'
- name: bjoern.renkewitz
groups:
- mbr-buero
is_samba_user: true
password: 'Tz9-Wq-51'
- name: carolin
groups:
- mbr-buero
- bgn-finanzen-personal
is_samba_user: true
password: '20_carol1n_14'
- name: christina.wendt
groups:
- mbr-buero
- mbr-finanzen
- vdk
- rias-finanzen-personal
- bgn-finanzen-personal
is_samba_user: true
password: '8!Varianten'
- name: daniel.poensgen
groups:
- mbr-buero
is_samba_user: true
password: 'rcMRCm7jcpbp'
- name: doku_4
groups:
- mbr-buero
is_samba_user: true
password: 'PwmNvPh9KM4T'
- name: doku_7
groups:
- mbr-buero
is_samba_user: true
password: 'TFhCW9J4Vn4F'
- name: dorina.feldmann
groups:
- mbr-buero
is_samba_user: true
password: '17?4XPQ_!abc'
- name: franziska
groups:
- mbr-buero
is_samba_user: true
password: 'f49mCjbj3Jh7'
- name: frederick.kannenberg
groups:
- mbr-buero
is_samba_user: true
password: 'riasFK2019!#'
- name: doku2
groups:
- mbr-buero
is_samba_user: true
password: '*M0ss4d*'
- name: johannes.radke
groups:
- mbr-buero
is_samba_user: true
password: 'Furzf4brik!'
- name: judith.heinmueller
groups:
- mbr-buero
is_samba_user: true
password: 't32_aHxV.'
- name: kristina.holzapfel
groups:
- mbr-buero
is_samba_user: true
password: 'c7PvX_39.'
- name: lavinia.schwedersky
groups:
- mbr-buero
is_samba_user: true
password: 'xJw.3R9vKf/N'
- name: manja.kasten
groups:
- mbr-buero
is_samba_user: true
password: 'Rasili_&n'
- name: mathias
groups:
- mbr-buero
is_samba_user: true
password: 'p3r*45p3r4*4d*45tr4m'
- name: matthias.mueller
groups:
- mbr-buero
- mbr-personal
is_samba_user: true
password: 'V1v@H@f3rdr1nk'
- name: michael.sulies
groups:
- mbr-buero
is_samba_user: true
password: 'Cryst4lp4l4c3'
- name: michael.trube
groups:
- mbr-buero
- mbr-kamera
is_samba_user: true
password: '*R13sl1ng*'
- name: pia.lamberty
groups:
- mbr-buero
is_samba_user: true
password: 'oasd31*as+Q%'
- name: praktikum
groups:
- mbr-buero
is_samba_user: true
password: '_F313r4b3nd*'
- name: praktikum_rias
groups:
- mbr-buero
is_samba_user: true
password: '7z7F%d3cv_dfjz'
- name: praktikum2
groups:
- mbr-buero
is_samba_user: true
password: '20praktikum213'
- name: praktikum2_rias
groups:
- mbr-buero
is_samba_user: true
password: 'ctnrk3CczcJ9'
- name: praktikum3
groups:
- mbr-buero
is_samba_user: true
password: 'Q56V.6kf/JLQ'
- name: praktikum4
groups:
- mbr-buero
is_samba_user: true
password: '6jA,nmD,fdK!'
- name: sabine.kritter
groups:
- mbr-buero
is_samba_user: true
password: '#17_abc_?!'
- name: samuel.signer
groups:
- mbr-buero
is_samba_user: true
password: 'S4mmyC0mput3r!'
- name: scan
groups:
- mbr-buero
is_samba_user: true
password: '20scan13'
- name: simon
groups:
- mbr-buero
is_samba_user: true
password: 'S4u3rkr4ut!'
- name: ulf.balmer
groups:
- mbr-buero
- bgn
- bgn-finanzen-personal
is_samba_user: true
password: 'ALL3_e6ene#'
# ---
# vars used by roles/ansible_dependencies
# ---
apt_ansible_dependencies:
- python
- python-apt
- python3
- python3-apt
- lsb-release
- apt-transport-https
- dbus
- sudo
- vim
- net-tools
- vlan
# ---
# vars used by roles/ansible_user
# ---
ssh_keys_admin:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== chris@luna'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyWbdnjnN/xfy1F6kPbsRXp8zvJEh8uHfTZuZKyaRV/iRuhsvqRiDB+AhUAlIaPwgQ8itaI6t5hijD+sZf+2oXXbNy3hkOHTrCDKCoVAWfMRKPuA1m8RqS4ZXXgayaeCzVnPEq6UrC5z0wO/XBwAktT37RRSQ/Hq2zCHy36NQEQYrhF3+ytX7ayb10pJAMVGRctYmr5YnLEVMSIREbPxZTNc80H1zqNPVJwYZhl8Ox61U4MoNhJmJwbKWPRPZsJpbTh9W2EU37tdwRBVQP6yxhua3TR6C7JnNPVY0IK23BYlNtQEDY4PHcIuewkamEWpP0+jhEjtwy1TqjRPdU/y+2uQjC6FSOVMsSPxgd8mw4cSsfp+Ard7P+YOevUXD81+jFZ3Wz0PRXbWMWAm2OCe7n8jVvkXMz+KxSYtrsvKNw1WugJq1z//bJNMTK6ISWpqaXDevGYQRJJ8dPbMmbey40WpS5CA/l29P7fj/cOl59w3LZGshrMOm7lVz9qysVV0ylfE3OpfKCGitkpY0Asw4lSkuLHoNZnDo6I5/ulRuKi6gsLk27LO5LYS8Zm1VOis/qHk1Gg1+QY47C4RzdTUxlU1CGesPIiQ1uUX2Z4bD7ebTrrOuEFcmNs3Wu5nif21Qq0ELEWhWby6ChFrbFHPn+hWlDwNM0Nr11ftwg0+sqVw== root@luna'
ansible_remote_user:
- name: lokaladmin
password: $6$KLQUDbiw$qvsGUndXr2G3DxhML6maD/nsJtXfElSLQ7ufkMuJu2vACbYX7kqNXdiU17oX6CyN5L1xARZ.TiES/w7zfh0Cu/
shell: /bin/bash
# ---
# vars used by roles/common/tasks/basic.yml
# ---
time_zone: Europe/Berlin
locales:
- en_US.UTF-8
- de_DE.UTF-8
set_default_limit_nofile: false
# ---
# vars used by roles/common/tasks/sudoers.yml
# ---
sudo_users:
- lokaladmin
# /etc/sudoers
#
sudoers_defaults:
- env_reset
- mail_badpass
- 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
sudoers_host_aliases: []
sudoers_user_aliases: []
sudoers_cmnd_aliases: []
sudoers_runas_aliases: []
sudoers_user_privileges:
- name: root
entry: 'ALL=(ALL:ALL) ALL'
sudoers_group_privileges: []
# /etc/sudoers.d/50-user
#
sudoers_file_defaults: []
sudoers_file_host_aliases: []
sudoers_file_user_aliases: []
sudoers_file_cmnd_aliases:
- name: MOUNT
entry: '/bin/mount,/bin/umount'
sudoers_file_runas_aliases: []

1
roles/freedomofpress.signal-desktop/.gitignore vendored Executable file
View File

@ -0,0 +1 @@
.molecule/

11
roles/freedomofpress.signal-desktop/.yamllint Executable file
View File

@ -0,0 +1,11 @@
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
truthy: disable

44
roles/freedomofpress.signal-desktop/README.md Executable file
View File

@ -0,0 +1,44 @@
Signal Desktop Ansible role
===========================
Installs [Signal Desktop] on Linux hosts via `apt`.
Requirements
------------
Debian or Ubuntu.
Role Variables
--------------
```yaml
# GPG full fingerprint of apt repo key, retrieved from:
# https://updates.signal.org/desktop/apt/keys.asc
signal_desktop_gpg_fingerprint: "DBA36B5181D0C816F630E889D980A17457F6FB06"
# Prerequisites for configuring HTTPS apt repo.
signal_desktop_apt_dependencies:
- apt-transport-https
- gpg
# Pinning the Xenial repo, works fine on e.g. Debian Stretch.
# The Signal team does not maintain specific versions for other dists,
# so intentionally not using `{{ ansible_distribution }}`
signal_desktop_apt_repo: "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main"
```
Example Playbook
----------------
```yaml
- hosts: workstations
roles:
- role: freedomofpress.signal-desktop
```
License
-------
MIT

13
roles/freedomofpress.signal-desktop/defaults/main.yml Executable file
View File

@ -0,0 +1,13 @@
---
# GPG full fingerprint of apt repo key, retrieved from:
# https://updates.signal.org/desktop/apt/keys.asc
signal_desktop_gpg_fingerprint: "DBA36B5181D0C816F630E889D980A17457F6FB06"
# Prerequisites for configuring HTTPS apt repo.
signal_desktop_apt_dependencies:
- apt-transport-https
# Pinning the Xenial repo, works fine on e.g. Debian Stretch.
# The Signal team does not maintain specific versions for other dists,
# so intentionally not using `{{ ansible_distribution }}`
signal_desktop_apt_repo: "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main"

51
roles/freedomofpress.signal-desktop/files/signal-apt-key.asc Executable file
View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFjlSicBEACgho//0EzxuvuCn01LwFqGAgwPKcSSl4L+AWws5/YbsZZvmTBk
ggIiVOCIMh+d3cmGu5W3ydaeUbWbFGNsxO44EB5YBZcuLa5EzRKbNPVaOXKXmhp+
w0mEbkoKbF+3mz3lifwBnzcBpukyJDgcJSq8cXfq5JsDPR1KAL6ph/kwKeiDNg+8
oFgqfboukK56yPTYc9iM8hkTFdx9L6JCJaZGaDMfihoQm2caKAmqc+TlpgtKbBL0
t5hrzDpCPpJvCddu1NRysTcqfACSSocvoqY0dlbNPMN8j04LH8hcKGFipuLdI8qx
BFqlMIQJCVJhr05E8rEsI4nYEyG44YoPopTFLuQa+wewZsQkLwcfYeCecU1KxlpE
OI3xRtALJjA/C/AzUXVXsWn7Xpcble8i3CKkm5LgX5zvR6OxTbmBUmpNgKQiyxD6
TrP3uADm+0P6e8sJQtA7DlxZLA6HuSi+SQ2WNcuyLL3Q/lJE0qBRWVJ08nI9vvxR
vAs20LKxq+D1NDhZ2jfG2+5agY661fkx66CZNFdz5OgxJih1UXlwiHpn6qhP7Rub
OJ54CFb+EwyzDVVKj3EyIZ1FeN/0I8a0WZV6+Y/p08DsDLcKgqcDtK01ydWYP0tA
o1S2Z7Jsgya50W7ZuP/VkobDqhOmE0HDPggX3zEpXrZKuMnRAcz6Bgi6lwARAQAB
tDFPcGVuIFdoaXNwZXIgU3lzdGVtcyA8c3VwcG9ydEB3aGlzcGVyc3lzdGVtcy5v
cmc+iQI3BBMBCgAhBQJY5UonAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
ENmAoXRX9vsGU00P/RBPPc5qx1EljTW3nnTtgugORrJhYl1CxNvrohVovAF4oP1b
UIGT5/3FoDsxJHSEIvorPFSaG2+3CBhMB1k950Ig2c2n+PTnNk6D0YIUbbEI0KTX
nLbCskdpy/+ICiaLfJZMe11wcQpkoNbG587JdQwnGegbQoo580CTSsYMdnvGzC8A
l1F7r37RVZToJMGgfMKK3oz8xIDXqOe5oiiKcV36tZ5V/PCDAu0hXYBRchtqHlHP
cKWeRTb1aDkbQ7SPlJ2bSvUjFdB6KahlSGJl3nIU5zAH2LA/tUQY16Z1QaJmfkEb
RY61B/LPv1TaA1SIUW32ej0NmeF09Ze4Cggdkacxv6E+CaBVbz5rLh6m91acBibm
pJdGWdZyQU90wYFRbSsqdDNB+0DvJy6AUg4e5f79JYDWT/Szdr0TLKmdPXOxa1Mb
i34UebYI7WF7q22e7AphpO/JbHcD+N6yYtN6FkUAmJskGkkgYzsM/G8OEbBRS7A+
eg3+NdQRFhKa7D7nIuufXDOTMUUkUqNYLC+qvZVPJrWnK9ZsGKsP0EUZTfEGkmEN
UzmASxyMMe6JHmm5Alk4evJeQ31U5jy7ntZSWEV1pSGmSEJLRNJtycciFJpsEp/p
LkL0iFb30R9bHBp6cg7gjXbqZ9ZpEsxtZMBuqS70ZZyQdu2yGDQCBk7eLKCjuQIN
BFjlSicBEACsxCLVUE7UuxsEjNblTpSEysoTD6ojc2nWP/eCiII5g6SwA/tQKiQI
ZcGZsTZB9kTbCw4T3hVEmzPl6u2G6sY9Kh1NHKMR3jXvMC+FHODhOGyAOPERjHCJ
g20XF2/Gg462iW8e3lS7CQBzbplUCW/oMajj2Qkc61NLtxxzsssXjCKExub2HxCQ
AYtenuDtLU73G75BoghWJ19dIkodnEI0/fzccsgiP5xeVgmkWJPo9xKJtrBS5gcS
s7yaGY9YYo71RFzkpJpeAeLrJJqt+2KqH1u0EJUbs8YVGXKlnYeSNisg4OaRsldW
JmDDCD5WUdFq2LNdVisfwirgjmwYpLrzVMbmzPvdmxQ1NYzJsX4ARSL/wuKCvEub
gh1AR5oV7mUEA9I3KRH0TIDOnH4nGG3kqArzrV2E1WtnNzFII0IN9/48xY7Vkxs7
Oil+E+wCpzUv/tF4ALx5TAXoPd66ddEOxzDrtBpEzsouszt7uUyncyT3X6ip5l9f
mI4uxbsjwkLVfd1WpD1uvp869oyx6wtHluswr1VY/cbnHO8J6J35JVMhYQdMOaTZ
rX6npe/YOHJ4a7YzLMfdrxyzK1wq5xu/9LgclMTdIhAKvnaXBg41jsid5n0GdIeW
ek8WAVNyvuvoTwm3GG6+/pkTwu0J79lAMD1mhJsuSca6SFNgYnd+PQARAQABiQIf
BBgBCgAJBQJY5UonAhsMAAoJENmAoXRX9vsGvRgQAJ4tWnK2TncCpu5nTCxYMXjW
LuvwORq8EBWczHS6SjLdwmSVKGKSYtl2n6nCkloVY6tONMoiCWmtcq7SJMJoyZw3
XIf82Z39tzn/conjQcP0aIOFzww1XG7YiaTAhsDZ62kchukI52jUYm2w8cTZMEZB
oIwIWBpmLlyaDhjIM5neY5RuL7IbIpS/fdk2lwfAwcNq6z/ri2E5RWl3AEINdLUO
gAiVMagNJaJ+ap7kMcwOLoI2GD84mmbtDWemdUZ3HnqLHv0mb1djsWL6LwjCuOgK
l2GDrWCh18mE+9mVB1Lo7jzYXNSHXQP6FlDE6FhGO1nNBs2IJzDvmewpnO+a/0pw
dCerATHWtrCKwMOHrbGLSiTKEjnNt/74gKjXxdFKQkpaEfMFCeiAOFP93tKjRRhP
5wf1JHBZ1r1+pgfZlS5F20XnM2+f/K1dWmgh+4Grx8pEHGQGLP+A22O7iWjg9pS+
LD3yikgyGGyQxgcN3sJBQ4yxakOUDZiljm3uNyklUMCiMjTvT/F02PalQMapvA5w
7Gwg5mSI8NDs3RtiG1rKl9Ytpdq7uHaStlHwGXBVfvayDDKnlpmndee2GBiU/hc2
ZsYHzEWKXME/ru6EZofUFxeVdev5+9ztYJBBZCGMug5Xp3Gxh/9JUWi6F1+9qAyz
N+O606NOXLwcmq5KZL0g
=zyVo
-----END PGP PUBLIC KEY BLOCK-----

2
roles/freedomofpress.signal-desktop/handlers/main.yml Executable file
View File

@ -0,0 +1,2 @@
---
# handlers file for signal-desktop

1
roles/freedomofpress.signal-desktop/meta/.galaxy_install_info Executable file
View File

@ -0,0 +1 @@
{install_date: 'Sun Jan 12 13:47:06 2020', version: master}

22
roles/freedomofpress.signal-desktop/meta/main.yml Executable file
View File

@ -0,0 +1,22 @@
---
galaxy_info:
author: Conor Schaefer (@conorsch)
description: Installs Signal Desktop on Linux hosts.
company: Freedom of the Press Foundation (@freedomofpress)
license: MIT
min_ansible_version: 2.4
platforms:
- name: Debian
versions:
- stretch
galaxy_tags:
- chat
- communications
- desktop
- encryption
- im
- secure
- signal
- workstation
dependencies: []

9
roles/freedomofpress.signal-desktop/molecule/default/Dockerfile.j2 Executable file
View File

@ -0,0 +1,9 @@
# Molecule managed
FROM {{ item.image }}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python python-devel python2-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi

16
roles/freedomofpress.signal-desktop/molecule/default/INSTALL.rst Executable file
View File

@ -0,0 +1,16 @@
*******
Install
*******
Requirements
============
* Docker Engine
* docker-py
Install
=======
.. code-block:: bash
$ sudo pip install docker-py

47
roles/freedomofpress.signal-desktop/molecule/default/create.yml Executable file
View File

@ -0,0 +1,47 @@
---
- name: Create
hosts: localhost
connection: local
gather_facts: False
no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
vars:
molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}"
molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
tasks:
- name: Create Dockerfiles from image names
template:
src: "{{ molecule_scenario_directory }}/Dockerfile.j2"
dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}"
with_items: "{{ molecule_yml.platforms }}"
register: platforms
- name: Discover local Docker images
docker_image_facts:
name: "molecule_local/{{ item.item.name }}"
with_items: "{{ platforms.results }}"
register: docker_images
- name: Build an Ansible compatible image
docker_image:
path: "{{ molecule_ephemeral_directory }}"
name: "molecule_local/{{ item.item.image }}"
dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
force: "{{ item.item.force | default(True) }}"
with_items: "{{ platforms.results }}"
when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
- name: Create molecule instance(s)
docker_container:
name: "{{ item.name }}"
hostname: "{{ item.name }}"
image: "molecule_local/{{ item.image }}"
state: started
recreate: False
log_driver: syslog
command: "{{ item.command | default('sleep infinity') }}"
privileged: "{{ item.privileged | default(omit) }}"
volumes: "{{ item.volumes | default(omit) }}"
capabilities: "{{ item.capabilities | default(omit) }}"
with_items: "{{ molecule_yml.platforms }}"

16
roles/freedomofpress.signal-desktop/molecule/default/destroy.yml Executable file
View File

@ -0,0 +1,16 @@
---
- name: Destroy
hosts: localhost
connection: local
gather_facts: False
no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
vars:
molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
tasks:
- name: Destroy molecule instance(s)
docker_container:
name: "{{ item.name }}"
state: absent
force_kill: "{{ item.force_kill | default(True) }}"
with_items: "{{ molecule_yml.platforms }}"

20
roles/freedomofpress.signal-desktop/molecule/default/molecule.yml Executable file
View File

@ -0,0 +1,20 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
platforms:
- name: instance
image: debian:stretch
provisioner:
name: ansible
lint:
name: ansible-lint
scenario:
name: default
verifier:
name: testinfra
lint:
name: flake8

5
roles/freedomofpress.signal-desktop/molecule/default/playbook.yml Executable file
View File

@ -0,0 +1,5 @@
---
- name: Converge
hosts: all
roles:
- role: signal-desktop

5
roles/freedomofpress.signal-desktop/molecule/default/prepare.yml Executable file
View File

@ -0,0 +1,5 @@
---
- name: Prepare
hosts: all
gather_facts: False
tasks: []

15
roles/freedomofpress.signal-desktop/molecule/default/tests/test_default.py Executable file
View File

@ -0,0 +1,15 @@
import os
import pytest
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
@pytest.mark.parametrize('pkg', [
'apt-transport-https',
'signal-desktop',
])
def test_packages_installed(host, pkg):
assert host.package(pkg).is_installed

27
roles/freedomofpress.signal-desktop/tasks/main.yml Executable file
View File

@ -0,0 +1,27 @@
---
# tasks file for signal-desktop
- name: Installs apt repo prerequisites.
become: yes
apt:
name: "{{ item }}"
state: present
with_items: "{{ signal_desktop_apt_dependencies }}"
- name: Install Signal apt repo GPG key.
become: yes
apt_key:
data: "{{ lookup('file', 'signal-apt-key.asc') }}"
state: present
keyring: /etc/apt/trusted.gpg.d/signal-desktop.gpg
- name: Add Signal apt repo.
become: yes
apt_repository:
repo: "{{ signal_desktop_apt_repo }}"
state: present
- name: Installs Signal desktop.
become: yes
apt:
name: signal-desktop
state: present

2
roles/freedomofpress.signal-desktop/vars/main.yml Executable file
View File

@ -0,0 +1,2 @@
---
# vars file for signal-desktop

10
roles/ontic.fonts/.gitignore vendored Executable file
View File

@ -0,0 +1,10 @@
# IDE
/.cache/
/.externalToolBuilders/
/.idea/
/.settings/
/.buildpath
/.project
# Vagrant
/.vagrant/

30
roles/ontic.fonts/.travis.yml Executable file
View File

@ -0,0 +1,30 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
services: 'docker'
env:
- distribution: 'centos'
version: '7'
- distribution: 'debian'
version: '9'
- distribution: 'ubuntu'
version: '16.04'
- distribution: 'ubuntu'
version: '18.04'
before_install:
- 'export container_id=$(date +%s)'
- 'export cleanup=false'
- 'wget -O ${PWD}/tests/docker.sh https://raw.githubusercontent.com/ontic/ansible-role-test/master/docker.sh'
- 'chmod +x ${PWD}/tests/docker.sh'
- '${PWD}/tests/docker.sh build'
script:
- '${PWD}/tests/docker.sh test'
- '${PWD}/tests/docker.sh verify'
notifications:
webhooks: 'https://galaxy.ansible.com/api/v1/notifications/'

5
roles/ontic.fonts/COPYING Executable file
View File

@ -0,0 +1,5 @@
Copyright (c) 2010-2018 Ontic. (http://www.ontic.com.au). All rights reserved.
Each Ontic source file included in this distribution is subject to the New BSD license
that is bundled with this package in the LICENSE file. To understand any restrictions on
the use and redistribution of this package please see the LICENSE file for precise details.

26
roles/ontic.fonts/LICENSE Executable file
View File

@ -0,0 +1,26 @@
Copyright (c) 2010-2018 Ontic. (http://www.ontic.com.au). All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of Ontic (http://www.ontic.com.au). nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

81
roles/ontic.fonts/README.md Executable file
View File

@ -0,0 +1,81 @@
# Ontic Fonts ![Status](https://img.shields.io/badge/project-maintained-brightgreen.svg)
| Branch | Build | Galaxy | Release |
| :----------------- | :------------------ | :------------------ | :------------------- |
| **master** | [![Build](https://img.shields.io/travis/ontic/ansible-role-fonts/master.svg)](https://travis-ci.org/ontic/ansible-role-fonts) | [![Galaxy](https://img.shields.io/badge/galaxy-ontic.fonts-blue.svg)](https://galaxy.ansible.com/ontic/fonts) | [![Release](https://img.shields.io/github/release/ontic/ansible-role-fonts.svg)](https://github.com/ontic/ansible-role-fonts/releases) |
## Introduction
This role installs fonts on RedHat/CentOS and Debian/Ubuntu Linux servers.
## Requirements
| Name | Version |
| :-------------------------------------------------------------------------------------------- | :------------ |
None | N/A |
## Installation
We strongly suggest installing this role using [Ansible Galaxy](https://galaxy.ansible.com) so that any dependencies
will get resolved and downloaded automatically. However, we've listed a few other alternatives.
### 1.1 Downloading
Download the project files as a `.zip` archive, extracting them into your `./roles/` directory.
### 1.2 Cloning
Clone the project it into your `./roles/` directory.
### 1.3 Ansible Galaxy
The easiest way to install this module is via the command line:
```
$ ansible-galaxy install ontic.fonts
```
If you have multiple roles to install, the ansible-galaxy CLI can be fed a `requirements.yml` file.
```yml
- src: ontic.fonts
```
```
$ ansible-galaxy install -r requirements.yml
```
Alternatively you could download the source by setting the repository in your `requirements.yml` file:
```yml
- src: git+https://github.com/ontic/ansible-role-fonts.git
version: master
name: ontic.fonts
```
### 2.1 Enabling
Enable the role in your playbook file.
```yml
- name: Example web server
hosts: web_servers
roles:
- { role: ontic.fonts }
```
## Documentation
Full documentation is available in the [docs](/docs) directory.
## Contributors
Below lists all individuals having contributed to the repository. If you would like to get involved, we encourage
you to do so by making a [pull](../../pulls) request or submitting an [issue](../../issues).
* [Adam Dyson](https://github.com/adamdyson)
## License
Licensed under the BSD License. See the [LICENSE](/LICENSE) file for details.

7
roles/ontic.fonts/defaults/main.yml Executable file
View File

@ -0,0 +1,7 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
fonts_shared:
fonts_user:

20
roles/ontic.fonts/docs/README.md Executable file
View File

@ -0,0 +1,20 @@
# Documentation
## Example
```
fonts_shared:
- type: 'truetype'
src: 'Fabulous.ttf'
dest: 'dafont/Fabulous.ttf'
fonts_user:
- name: 'johndoe'
type: 'opentype'
src: 'Aulyars.otf'
dest: 'dafont/Aulyars.otf'
```
## Role Variables
Available variables are listed below, along with default values (see [defaults/main.yml](/defaults/main.yml)):

8
roles/ontic.fonts/handlers/main.yml Executable file
View File

@ -0,0 +1,8 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
- name: 'rebuild fonts cache'
become: yes
shell: 'fc-cache -v -f'

1
roles/ontic.fonts/meta/.galaxy_install_info Executable file
View File

@ -0,0 +1 @@
{install_date: 'Fri Jan 10 18:39:38 2020', version: v2.4.0}

31
roles/ontic.fonts/meta/main.yml Executable file
View File

@ -0,0 +1,31 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
dependencies: []
galaxy_info:
author: 'Adam Dyson'
description: 'This role installs fonts on RedHat/CentOS and Debian/Ubuntu Linux servers.'
company: 'Ontic'
license: 'BSD-3-Clause'
min_ansible_version: '2.4'
platforms:
- name: 'Ubuntu'
versions:
- 'xenial'
- 'bionic'
- name: 'Debian'
versions:
- 'stretch'
- name: 'EL'
versions:
- '7'
galaxy_tags:
- 'ontic'
- 'system'
- 'typography'
- 'font'
- 'truetype'
- 'opentype'

52
roles/ontic.fonts/tasks/configure.yml Executable file
View File

@ -0,0 +1,52 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
- name: 'Fonts | Configure shared font directories.'
become: yes
file:
path: '/usr/local/share/fonts/{{ item.type }}/{{ item.dest | dirname }}'
state: 'directory'
group: 'root'
owner: 'root'
mode: '0755'
with_items: '{{ fonts_shared }}'
when: 'fonts_shared | default(None) != None'
- name: 'Fonts | Configure shared fonts.'
become: yes
copy:
src: '{{ item.src }}'
dest: '/usr/local/share/fonts/{{ item.type }}/{{ item.dest }}'
owner: 'root'
group: 'root'
mode: '0644'
register: 'fonts_shared_installed'
notify: 'rebuild fonts cache'
with_items: '{{ fonts_shared }}'
when: 'fonts_shared | default(None) != None'
- name: 'Fonts | Configure user font directories.'
become: yes
file:
path: '/home/{{ item.name }}/.fonts/{{ item.type }}/{{ item.dest | dirname }}'
state: 'directory'
owner: '{{ item.owner | default(item.name) }}'
group: '{{ item.group | default(omit) }}'
mode: '0755'
with_items: '{{ fonts_user }}'
when: 'fonts_user | default(None) != None'
- name: 'Fonts | Configure user fonts.'
become: yes
copy:
src: '{{ item.src }}'
dest: '/home/{{ item.name }}/.fonts/{{ item.type }}/{{ item.dest }}'
owner: '{{ item.owner | default(item.name) }}'
group: '{{ item.group | default(omit) }}'
mode: '{{ item.mode | default(omit) }}'
register: 'fonts_user_installed'
notify: 'rebuild fonts cache'
with_items: '{{ fonts_user }}'
when: 'fonts_user | default(None) != None'

28
roles/ontic.fonts/tasks/main.yml Executable file
View File

@ -0,0 +1,28 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
- name: 'Fonts | Include OS-specific variables.'
include_vars: '{{ item }}'
with_first_found:
- '{{ ansible_distribution }}.yml'
- '{{ ansible_os_family }}.yml'
tags:
- 'fonts'
- 'fonts-package'
- 'fonts-configure'
- 'package'
- 'configure'
- import_tasks: 'package.yml'
tags:
- 'fonts'
- 'fonts-package'
- 'package'
- import_tasks: 'configure.yml'
tags:
- 'fonts'
- 'fonts-configure'
- 'configure'

78
roles/ontic.fonts/tasks/package.yml Executable file
View File

@ -0,0 +1,78 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
- name: 'Fonts | Debian | Install HTTPS transport.'
become: yes
apt:
name: 'apt-transport-https'
state: 'latest'
when: 'ansible_os_family == "Debian"'
- name: 'Fonts | Debian | Update repository list.'
become: yes
apt_repository:
repo: '{{ item }}'
state: 'present'
update_cache: false
register: 'fonts_multiverse_installed'
notify: 'rebuild fonts cache'
with_items: '{{ fonts_repositories }}'
when: 'ansible_distribution == "Debian"'
- name: 'Fonts | Debian | Update APT cache.'
become: yes
apt:
update_cache: yes
when: 'ansible_os_family == "Debian" and fonts_multiverse_installed.changed'
- name: 'Fonts | Debian | Install Microsoft Core Fonts prerequisites.'
become: yes
apt:
name: '{{ item }}'
state: 'present'
with_items:
- 'libfreetype6'
- 'libfreetype6-dev'
- 'fontconfig'
when: 'ansible_os_family == "Debian"'
- name: 'Fonts | Debian | Accept Microsoft Core Fonts EULA.'
become: yes
debconf:
name: 'ttf-mscorefonts-installer'
question: 'msttcorefonts/accepted-mscorefonts-eula'
value: 'true'
vtype: 'select'
when: 'ansible_os_family == "Debian"'
- name: 'Fonts | Debian | Install Microsoft Core Fonts.'
become: yes
apt:
name: 'ttf-mscorefonts-installer'
state: 'present'
register: 'fonts_microsoft_installed'
notify: 'rebuild fonts cache'
when: 'ansible_os_family == "Debian"'
- name: 'Fonts | RedHat | Install Microsoft Core Fonts prerequisites.'
become: yes
yum:
name: '{{ item }}'
state: 'present'
with_items:
- 'curl'
- 'cabextract'
- 'xorg-x11-font-utils'
- 'fontconfig'
when: 'ansible_os_family == "RedHat"'
- name: 'Fonts | RedHat | Install Microsoft Core Fonts.'
become: yes
yum:
name: 'https://raw.githubusercontent.com/therevoman/mscorefonts2-code/master/RPMS/noarch/msttcore-fonts-installer-2.6-1.noarch.rpm'
state: 'present'
validate_certs: no
notify: 'rebuild fonts cache'
when: 'ansible_os_family == "RedHat"'

BIN
roles/ontic.fonts/tests/fonts/Aulyars.otf Executable file
View File

Binary file not shown.

BIN
roles/ontic.fonts/tests/fonts/Fabulous.ttf Executable file
View File

Binary file not shown.

6
roles/ontic.fonts/tests/test-verify.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
# Verify the installed fonts.
docker exec --tty ${container_id} env TERM=xterm fc-list | grep true | sed -e "s|^.*/||" -e "s/:style=\(\<.*\>\).*$/ - \1/" -e "s/,.*$//" | sort

18
roles/ontic.fonts/tests/test.yml Executable file
View File

@ -0,0 +1,18 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
- hosts: 'localhost'
vars:
fonts_shared:
- type: 'truetype'
src: '{{ role_path }}/tests/fonts/Fabulous.ttf'
dest: 'dafont/Fabulous.ttf'
fonts_user:
- name: 'root'
type: 'opentype'
src: '{{ role_path }}/tests/fonts/Aulyars.otf'
dest: 'dafont/Aulyars.otf'
roles:
- { role: 'role_under_test' }

8
roles/ontic.fonts/vars/Debian.yml Executable file
View File

@ -0,0 +1,8 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
fonts_repositories:
- 'deb http://ftp.debian.org/debian/ stable main non-free contrib'
- 'deb-src http://ftp.debian.org/debian/ stable main non-free contrib'

5
roles/ontic.fonts/vars/RedHat.yml Executable file
View File

@ -0,0 +1,5 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---

10
roles/ontic.fonts/vars/Ubuntu.yml Executable file
View File

@ -0,0 +1,10 @@
# Copyright (c) Ontic. (http://www.ontic.com.au). All rights reserved.
# See the COPYING file bundled with this package for license details.
---
fonts_repositories:
- 'deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} multiverse'
- 'deb-src http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} multiverse'
- 'deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates multiverse'
- 'deb-src http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates multiverse'

2
roles/weareinteractive.apt/.ansible-lint Executable file
View File

@ -0,0 +1,2 @@
exclude_paths:
- ./meta/readme.yml

4
roles/weareinteractive.apt/.clog.toml Executable file
View File

@ -0,0 +1,4 @@
[clog]
changelog = "CHANGELOG.md"
repository = "https://github.com/weareinteractive/ansible-apt"
from-latest-tag = true

19
roles/weareinteractive.apt/.editorconfig Executable file
View File

@ -0,0 +1,19 @@
# EditorConfig helps developers define and maintain consistent
# coding styles between different editors and IDEs
# editorconfig.org
root = true
[*]
# Change these settings to your own preference
indent_size = 2
indent_style = space
# We recommend you to keep these unchanged
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
[Makefile]
indent_style = tab

8
roles/weareinteractive.apt/.gitignore vendored Executable file
View File

@ -0,0 +1,8 @@
*.log
*.retry
.DS_Store
.vagrant
.vscode/*
!.vscode/settings.json
!.vscode/extensions.json
.idea

60
roles/weareinteractive.apt/.travis.yml Executable file
View File

@ -0,0 +1,60 @@
---
sudo: required
language: python
services:
- docker
env:
global:
- role: weareinteractive.apt
matrix:
- distribution: Ubuntu
distribution_version: "18.04"
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- distribution: Ubuntu
distribution_version: "16.04"
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- distribution: Ubuntu
distribution_version: "14.04"
init: /sbin/init
run_opts: ""
- distribution: Debian
distribution_version: "9"
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- distribution: Debian
distribution_version: "8"
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
before_install:
- sudo apt-get update
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
- docker pull ansiblecheck/ansiblecheck:"${distribution,,}"-"${distribution_version}"
script:
- container_id=$(mktemp)
# Start The Built Container In The Background
- docker run -d -v "${PWD}":/etc/ansible/roles/${role}:ro ${run_opts} ansiblecheck/ansiblecheck:"${distribution,,}"-"${distribution_version}" "${init}" > "${container_id}"
# Print ansible version
- docker exec -t "$(cat ${container_id})" env TERM=xterm ansible --version
# Ansible syntax check.
- 'docker exec -t "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/${role}/tests/main.yml --syntax-check'
# Test role.
- 'docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook /etc/ansible/roles/${role}/tests/main.yml'
# Test Idempotence
- idempotence=$(mktemp)
- docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/${role}/tests/main.yml | tee -a ${idempotence}
- >
tail ${idempotence}
| grep -q 'failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

5
roles/weareinteractive.apt/.vscode/extensions.json vendored Executable file
View File

@ -0,0 +1,5 @@
{
"recommendations": [
"vscoss.vscode-ansible"
]
}

5
roles/weareinteractive.apt/.vscode/settings.json vendored Executable file
View File

@ -0,0 +1,5 @@
{
"files.associations": {
"*.yml": "ansible"
}
}

230
roles/weareinteractive.apt/CHANGELOG.md Executable file
View File

@ -0,0 +1,230 @@
<a name="2.9.1"></a>
### 2.9.1 (2019-12-08)
#### Bug Fixes
* fix lint error ([65f889bd](https://github.com/weareinteractive/ansible-apt/commit/65f889bd07e3a7fd33e7df42023e7543b8af7c4a))
<a name="2.9.0"></a>
## 2.9.0 (2019-12-08)
#### Bug Fixes
* fix logic with apt_remove_recommends variable ([eaea78e1](https://github.com/weareinteractive/ansible-apt/commit/eaea78e1fb43f86b2a27db23ba121e805de8d835))
<a name="2.8.0"></a>
## 2.8.0 (2019-10-18)
#### Features
* remove depricated apt_remount_filesystem ([7ca12fb4](https://github.com/weareinteractive/ansible-apt/commit/7ca12fb483e0cd8272589e5b1393e4c74611fb2a))
<a name="2.7.0"></a>
## 2.7.0 (2019-09-16)
#### Features
* extend unattended update config Merge branch 'pbessonies-feature/update_unattended_template' ([7b2c0e4f](https://github.com/weareinteractive/ansible-apt/commit/7b2c0e4fadf07feb8ef3a97425a282b38315a44b))
<a name="2.6.1"></a>
### 2.6.1 (2019-09-16)
#### Bug Fixes
* ensure unattended-upgrades package installation ([03740eea](https://github.com/weareinteractive/ansible-apt/commit/03740eea70fdf744256e708798ea048be22a2a9e))
#### Features
* add bool check ([1f9f71d3](https://github.com/weareinteractive/ansible-apt/commit/1f9f71d32df59563ebb2fb40b82ddc2e916e9de8))
<a name="2.5.1"></a>
### 2.5.1 (2019-06-17)
#### Features
* update syntax to ansible 2.8 ([fa5f8740](https://github.com/weareinteractive/ansible-apt/commit/fa5f87400d1d1db233bffcf8ced0b82c6460fd4d))
<a name="2.5.0"></a>
## 2.5.0 (2018-12-12)
#### Features
* add apt pinning ([349d5b09](https://github.com/weareinteractive/ansible-apt/commit/349d5b09a9b90513da4b66829eca1172da692e96))
* added apt pinning ([d66994de](https://github.com/weareinteractive/ansible-apt/commit/d66994de87a291cb5a2ebfe2ed4867e290ad68fb))
<a name="2.4.2"></a>
### 2.4.2 (2018-11-01)
#### Features
* add options to apt_keys and apt_repositories ([f2ce4e0e](https://github.com/weareinteractive/ansible-apt/commit/f2ce4e0e6d41f539610adb34e0ac1093e482677c))
* added options ([bb80fe88](https://github.com/weareinteractive/ansible-apt/commit/bb80fe8804ee2bac18065b89a8abcadc14f0ed9b))
<a name="2.4.1"></a>
### 2.4.1 (2018-11-01)
#### Bug Fixes
* fix deprication warning for ansible 2.7 and apt package loops ([556b6445](https://github.com/weareinteractive/ansible-apt/commit/556b6445e748004846c6e16248d9d92b69afd0c3))
<a name="2.5.0"></a>
## 2.5.0 (2018-10-08)
<a name="2.3.1"></a>
### 2.3.1 (2017-12-18)
#### Bug Fixes
* rename missing include to include_tasks ([da051d29](https://github.com/weareinteractive/ansible-apt/commit/da051d29e279e48061e7e6b41f504a00f1508b16))
<a name="2.3.0"></a>
## 2.3.0 (2017-12-18)
#### Features
* upgrade tasks for ansible 2.4 ([6e5a1ca4](https://github.com/weareinteractive/ansible-apt/commit/6e5a1ca49a855e7c183446cb4a2d817d58bab59f))
<a name="2.2.0"></a>
## 2.2.0 (2017-08-24)
#### Features
* add option to alter solution cost ([cfaf694c](https://github.com/weareinteractive/ansible-apt/commit/cfaf694c6ea921e6d6209db0e851c84dd35c8fe2))
* allow multiple file systems to be remounted ([5cb5a96c](https://github.com/weareinteractive/ansible-apt/commit/5cb5a96cfbdce66f7b5f4d2f7716e1e30279ac98))
<a name="2.1.0"></a>
## 2.1.0 (2017-01-27)
#### Features
* use builtin autoremove option ([87a34935](https://github.com/weareinteractive/ansible-apt/commit/87a34935874f78d4752f2557c9094496eb51a391))
<a name="2.0.3"></a>
### 2.0.3 (2016-08-18)
#### Bug Fixes
* fix proxy config conditions ([27787e80](https://github.com/weareinteractive/ansible-apt/commit/27787e80dc805a828af35b7206aae835e9d8b0aa))
<a name="2.0.2"></a>
### 2.0.2 (2016-04-25)
#### Features
* always get latest unattended-upgrades instead of just present ([a927d6af](https://github.com/weareinteractive/ansible-apt/commit/a927d6afbc0b35481c5eea3623cd5eebf7a3d415))
<a name="2.0.1"></a>
### 2.0.1 (2016-03-22)
#### Features
* escape bare variables ([96525b39](https://github.com/weareinteractive/ansible-apt/commit/96525b393671352973d81abfcb942272f70dc6bd))
<a name="2.0.0"></a>
## 2.0.0 (2016-03-15)
#### Features
* update to ansible 2.0 ([052bc675](https://github.com/weareinteractive/ansible-apt/commit/052bc675f01ded71c7bd9bd7e8154ecb2f600c4a))
<a name="1.8.0"></a>
## 1.8.0 (2016-01-11)
#### Features
* add support for proxy servers ([91ae92f5](https://github.com/weareinteractive/ansible-apt/commit/91ae92f56e7f3fa2f9851adc03235d3985dd7b7e))
<a name="1.7.1"></a>
### 1.7.1 (2015-12-03)
#### Features
* adds variables to configure apt ([3ec652be](https://github.com/weareinteractive/ansible-apt/commit/3ec652be9513b0d8b9b1bb7f317aa6a4c30256ff))
* only adds 50unattended-upgrades config if enabled ([14742e5e](https://github.com/weareinteractive/ansible-apt/commit/14742e5ee87bf135edf8756ce9cd197ca65b346d))
* updates travis tests ([2d1873da](https://github.com/weareinteractive/ansible-apt/commit/2d1873daec0e1b76e4bcafbb898ac63c4b12e91f))
* using ansible-role to generate README ([3abe7246](https://github.com/weareinteractive/ansible-apt/commit/3abe72463af5d4d101570e233d497a96e910e4ea))
* adds CHANGELOG ([5f4c6673](https://github.com/weareinteractive/ansible-apt/commit/5f4c66734445e239fb96faec557a6c5e708cd5b3))
#### Bug Fixes
* fixes quotation marks on 'APT::Periodic::Enable' value ([bf19c900](https://github.com/weareinteractive/ansible-apt/commit/bf19c90034badb1173ad9b204d815d17cd33ba9d))
* fixes the usage of unattended upgrades ([04f25734](https://github.com/weareinteractive/ansible-apt/commit/04f25734fa29aba48ec3f9461c9488785bfe8ae3))
<a name="1.7.0"></a>
## 1.7.0 (2015-11-30)
#### Features
* adds variables to configure apt ([3ec652be](https://github.com/weareinteractive/ansible-apt/commit/3ec652be9513b0d8b9b1bb7f317aa6a4c30256ff))
* only adds 50unattended-upgrades config if enabled ([14742e5e](https://github.com/weareinteractive/ansible-apt/commit/14742e5ee87bf135edf8756ce9cd197ca65b346d))
* updates travis tests ([2d1873da](https://github.com/weareinteractive/ansible-apt/commit/2d1873daec0e1b76e4bcafbb898ac63c4b12e91f))
* using ansible-role to generate README ([3abe7246](https://github.com/weareinteractive/ansible-apt/commit/3abe72463af5d4d101570e233d497a96e910e4ea))
* adds CHANGELOG ([5f4c6673](https://github.com/weareinteractive/ansible-apt/commit/5f4c66734445e239fb96faec557a6c5e708cd5b3))
#### Bug Fixes
* fixes the usage of unattended upgrades ([04f25734](https://github.com/weareinteractive/ansible-apt/commit/04f25734fa29aba48ec3f9461c9488785bfe8ae3))

22
roles/weareinteractive.apt/LICENSE Executable file
View File

@ -0,0 +1,22 @@
Copyright (c) We Are Interactive
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without
restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following
conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.

41
roles/weareinteractive.apt/Makefile Executable file
View File

@ -0,0 +1,41 @@
PWD=$(shell pwd)
ROLE_NAME=weareinteractive.apt
ROLE_PATH=/etc/ansible/roles/$(ROLE_NAME)
TEST_VERSION=ansible --version
TEST_SYNTAX=ansible-playbook -v -i 'localhost,' -c local $(ROLE_PATH)/tests/main.yml --syntax-check
TEST_PLAYBOOK=ansible-playbook -v -i 'localhost,' -c local $(ROLE_PATH)/tests/main.yml
TEST_IDEMPOTENT=$(TEST_PLAYBOOK) | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1)
TEST_CMD=$(TEST_VERSION); $(TEST_SYNTAX); $(TEST_DEPS); $(TEST_PLAYBOOK); $(TEST_IDEMPOTENT)
docs:
ansible-role docgen
lint:
ansible-lint .
ubuntu%: TEST_DEPS=apt-get update && \
apt-get install -y python
ubuntu18.04: dist=ubuntu-18.04
ubuntu18.04: .run
ubuntu16.04: dist=ubuntu-16.04
ubuntu16.04: .run
ubuntu14.04: dist=ubuntu-14.04
ubuntu14.04: .run
debian%: TEST_DEPS=apt-get update && \
apt-get install -y python
debian9: dist=debian-9
debian9: .run
debian8: dist=debian-8
debian8: .run
.run:
@echo "RUN:"
@echo " docker run -it --rm -v $(PWD):$(ROLE_PATH) ansiblecheck/ansiblecheck:$(dist) /bin/bash"
@echo " $(TEST_CMD)"
@docker run -it --rm -v $(PWD):$(ROLE_PATH) ansiblecheck/ansiblecheck:$(dist) /bin/bash -c "$(TEST_CMD)"

268
roles/weareinteractive.apt/README.md Executable file
View File

@ -0,0 +1,268 @@
# Ansible weareinteractive.apt role
[![Build Status](https://img.shields.io/travis/weareinteractive/ansible-apt.svg)](https://travis-ci.org/weareinteractive/ansible-apt)
[![Galaxy](http://img.shields.io/badge/galaxy-weareinteractive.apt-blue.svg)](https://galaxy.ansible.com/weareinteractive/apt)
[![GitHub Tags](https://img.shields.io/github/tag/weareinteractive/ansible-apt.svg)](https://github.com/weareinteractive/ansible-apt)
[![GitHub Stars](https://img.shields.io/github/stars/weareinteractive/ansible-apt.svg)](https://github.com/weareinteractive/ansible-apt)
> `weareinteractive.apt` is an [Ansible](http://www.ansible.com) role which:
>
> * updates apt
> * cleans up apt
> * configures apt
> * installs packages
> * add repositories
> * add keys
> * apt pinning
> * manages unattended upgrades
> * optionally alters solution cost
> * optionally allows filesystems to be remounted
**Note:**
> Since Ansible Galaxy supports [organization](https://www.ansible.com/blog/ansible-galaxy-2-release) now, this role has moved from `franklinkim.apt` to `weareinteractive.apt`!
## Installation
Using `ansible-galaxy`:
```shell
$ ansible-galaxy install weareinteractive.apt
```
Using `requirements.yml`:
```yaml
- src: weareinteractive.apt
```
Using `git`:
```shell
$ git clone https://github.com/weareinteractive/ansible-apt.git weareinteractive.apt
```
## Dependencies
* Ansible >= 2.4
## Variables
Here is a list of all the default variables for this role, which are also available in `defaults/main.yml`.
```yaml
---
# apt_unattended_upgrades_blacklist:
# - vim
# - libc6
# apt_mails:
# - root
# - foo@dev.null
# apt_keys:
# - id: 473041FA
# file: /tmp/apt.gpg
# data: "{{ lookup('file', 'apt.asc') }}"
# keyring: /etc/apt/trusted.gpg.d/debian.gpg
# keyserver: keyserver.ubuntu.com
# url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
# validate_certs: yes
# state: present
# apt_repositories:
# - codename: trusty
# filename: google-chrome
# mode: 0644
# repo: 'ppa:nginx/stable'
# state: present
# update_cache: yes
# sets the amount of time the cache is valid
apt_cache_valid_time: 3600
# upgrade system: safe | full | dist
apt_upgrade: no
# packages to install
apt_packages: []
# remove packages that are no longer needed for dependencies
apt_autoremove: yes
# remove .deb files for packages no longer on your system
apt_autoclean: yes
# .deb packages to install.
apt_deb_packages: []
# whether or not suggested packages should be installed.
apt_install_suggests: no
# do not install Recommended packages by default
apt_install_recommends: no
# allow 'apt-get autoremove' to remove recommended packages
apt_remove_recommends: no
# Enable the update/upgrade script
apt_periodic: yes
# Do “apt-get update” automatically every n-days (0=disable)
apt_update_package_lists: 1
# Do “apt-get upgrade download-only” every n-days (0=disable)
apt_download_upgradeable_packages: 0
# Do “apt-get autoclean” every n-days (0=disable)
apt_auto_clean_interval: 0
# enable unattended-upgrades
apt_unattended_upgrades: yes
# list of origins patterns to control which packages are upgraded
# replaces allowed-origins, kept for compatibility
apt_unattended_upgrades_origins: []
# List of allowed-origins, default value kept for compatibility
# set to null to use origins-pattern
apt_unattended_upgrades_allowed:
- ${distro_id}:${distro_codename}-security
# list of packages to not update (regexp are supported)
apt_unattended_upgrades_blacklist: []
# Split the upgrade into the smallest possible chunks so that
# they can be interrupted with SIGUSR1. This makes the upgrade
# a bit slower but it has the benefit that shutdown while a upgrade
# is running is possible (with a small delay)
apt_unattended_upgrades_minimal_steps: no
# Send email to this address for problems or packages upgrades
# If empty or unset then no email is sent, make sure that you
# have a working mail setup on your system. A package that provides
# 'mailx' must be installed. E.g. "user@example.com"
apt_mails: []
# Set this value to "true" to get emails only on errors. Default
# is to always send a mail if Unattended-Upgrade::Mail is set
apt_unattended_upgrades_notify_error_only: yes
# Do automatic removal of new unused dependencies after the upgrade
# (equivalent to apt-get autoremove)
apt_unattended_upgrades_autoremove: yes
# Automatically reboot *WITHOUT CONFIRMATION*
# if the file /var/run/reboot-required is found after the upgrade
apt_unattended_upgrades_automatic_reboot: no
# Automatically reboot even if there are users currently logged in.
apt_unattended_upgrades_automatic_reboot_with_users: no
# If automatic reboot is enabled and needed, reboot at the specific
# time instead of immediately
# Values: now | 02:00 | ...
apt_unattended_upgrades_automatic_reboot_time: now
# Enable logging to syslog.
apt_unattended_upgrades_syslog_enable: no
# Specify syslog facility.
apt_unattended_upgrades_syslog_facility: daemon
# Override download timer ? Default no
apt_unattended_upgrades_download_timer_override: null
# In case of override :
# apt_unattended_upgrades_download_timer_override:
# on_calendar_replace: (true|false) If true, delete default system schedule. If not, default and new schedules will be merged
# on_calendar: new schedule, see man systemd.time.7, example : 'Mon..Fri *-*-* 6:00'
# randomized_delay_sec: random delay in sec
# persistent: (true|false)
# See systemd.time.5 for random delay and persistent
# Override upgrade timer the same way
apt_unattended_upgrades_upgrade_timer_override: null
# apt_unattended_upgrades_upgrade_timer_override:
# on_calendar_replace:
# on_calendar:
# randomized_delay_sec:
# persistent:
# remount file system: currently supported options are rootfs and tmpfs
# tmpfs: remount tmp before running if mounted noexec
# rootfs: remount root filesystem r/w before running if mounted r/o
apt_remount_filesystems: []
# repositories to register
apt_repositories: []
# gpg keys for external repositories
apt_keys: []
# HTTP proxy server (optional)
# apt_http_proxy_address:
# HTTP pipeline depth (optional)
# apt_http_pipeline_depth: 5
# Change Aptitudes solution costs, default is not to change anything
# Mirror https://lists.debian.org/543FF3BD.1020609@zen.co.uk
# apt_aptitude_solution_cost:
# - priority
# - removals
# - canceled-actions
apt_aptitude_solution_cost: []
# List of preferences options.
# apt_preferences:
# - file: perl
# package: perl
# pin: "version 5.20*"
# priority: 1001
apt_preferences: []
```
## Handlers
These are the handlers that are defined in `handlers/main.yml`.
```yaml
---
- name: reload systemd
systemd:
daemon_reload: true
```
## Usage
This is an example playbook:
```yaml
---
- hosts: all
become: yes
roles:
- weareinteractive.apt
vars:
apt_cache_valid_time: 7200
apt_packages:
- vim
- tree
- ca-certificates
apt_deb_packages:
- "https://releases.hashicorp.com/vagrant/2.1.5/vagrant_2.1.5_x86_64.deb"
apt_mails:
- root
apt_preferences:
- file: perl
package: perl
pin: "version 5.20*"
priority: 1001
apt_unattended_upgrades_notify_error_only: no
```
## Testing
```shell
$ git clone https://github.com/weareinteractive/ansible-apt.git
$ cd ansible-apt
$ make test
```
## Contributing
In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.
1. Fork it
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create new Pull Request
*Note: To update the `README.md` file please install and run `ansible-role`:*
```shell
$ gem install ansible-role
$ ansible-role docgen
```
## License
Copyright (c) We Are Interactive under the MIT license.

141
roles/weareinteractive.apt/defaults/main.yml Executable file
View File

@ -0,0 +1,141 @@
---
# apt_unattended_upgrades_blacklist:
# - vim
# - libc6
# apt_mails:
# - root
# - foo@dev.null
# apt_keys:
# - id: 473041FA
# file: /tmp/apt.gpg
# data: "{{ lookup('file', 'apt.asc') }}"
# keyring: /etc/apt/trusted.gpg.d/debian.gpg
# keyserver: keyserver.ubuntu.com
# url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
# validate_certs: yes
# state: present
# apt_repositories:
# - codename: trusty
# filename: google-chrome
# mode: 0644
# repo: 'ppa:nginx/stable'
# state: present
# update_cache: yes
# sets the amount of time the cache is valid
apt_cache_valid_time: 3600
# upgrade system: safe | full | dist
apt_upgrade: no
# packages to install
apt_packages: []
# remove packages that are no longer needed for dependencies
apt_autoremove: yes
# remove .deb files for packages no longer on your system
apt_autoclean: yes
# .deb packages to install.
apt_deb_packages: []
# whether or not suggested packages should be installed.
apt_install_suggests: no
# do not install Recommended packages by default
apt_install_recommends: no
# allow 'apt-get autoremove' to remove recommended packages
apt_remove_recommends: no
# Enable the update/upgrade script
apt_periodic: yes
# Do “apt-get update” automatically every n-days (0=disable)
apt_update_package_lists: 1
# Do “apt-get upgrade download-only” every n-days (0=disable)
apt_download_upgradeable_packages: 0
# Do “apt-get autoclean” every n-days (0=disable)
apt_auto_clean_interval: 0
# enable unattended-upgrades
apt_unattended_upgrades: yes
# list of origins patterns to control which packages are upgraded
# replaces allowed-origins, kept for compatibility
apt_unattended_upgrades_origins: []
# List of allowed-origins, default value kept for compatibility
# set to null to use origins-pattern
apt_unattended_upgrades_allowed:
- ${distro_id}:${distro_codename}-security
# list of packages to not update (regexp are supported)
apt_unattended_upgrades_blacklist: []
# Split the upgrade into the smallest possible chunks so that
# they can be interrupted with SIGUSR1. This makes the upgrade
# a bit slower but it has the benefit that shutdown while a upgrade
# is running is possible (with a small delay)
apt_unattended_upgrades_minimal_steps: no
# Send email to this address for problems or packages upgrades
# If empty or unset then no email is sent, make sure that you
# have a working mail setup on your system. A package that provides
# 'mailx' must be installed. E.g. "user@example.com"
apt_mails: []
# Set this value to "true" to get emails only on errors. Default
# is to always send a mail if Unattended-Upgrade::Mail is set
apt_unattended_upgrades_notify_error_only: yes
# Do automatic removal of new unused dependencies after the upgrade
# (equivalent to apt-get autoremove)
apt_unattended_upgrades_autoremove: yes
# Automatically reboot *WITHOUT CONFIRMATION*
# if the file /var/run/reboot-required is found after the upgrade
apt_unattended_upgrades_automatic_reboot: no
# Automatically reboot even if there are users currently logged in.
apt_unattended_upgrades_automatic_reboot_with_users: no
# If automatic reboot is enabled and needed, reboot at the specific
# time instead of immediately
# Values: now | 02:00 | ...
apt_unattended_upgrades_automatic_reboot_time: now
# Enable logging to syslog.
apt_unattended_upgrades_syslog_enable: no
# Specify syslog facility.
apt_unattended_upgrades_syslog_facility: daemon
# Override download timer ? Default no
apt_unattended_upgrades_download_timer_override: null
# In case of override :
# apt_unattended_upgrades_download_timer_override:
# on_calendar_replace: (true|false) If true, delete default system schedule. If not, default and new schedules will be merged
# on_calendar: new schedule, see man systemd.time.7, example : 'Mon..Fri *-*-* 6:00'
# randomized_delay_sec: random delay in sec
# persistent: (true|false)
# See systemd.time.5 for random delay and persistent
# Override upgrade timer the same way
apt_unattended_upgrades_upgrade_timer_override: null
# apt_unattended_upgrades_upgrade_timer_override:
# on_calendar_replace:
# on_calendar:
# randomized_delay_sec:
# persistent:
# remount file system: currently supported options are rootfs and tmpfs
# tmpfs: remount tmp before running if mounted noexec
# rootfs: remount root filesystem r/w before running if mounted r/o
apt_remount_filesystems: []
# repositories to register
apt_repositories: []
# gpg keys for external repositories
apt_keys: []
# HTTP proxy server (optional)
# apt_http_proxy_address:
# HTTP pipeline depth (optional)
# apt_http_pipeline_depth: 5
# Change Aptitudes solution costs, default is not to change anything
# Mirror https://lists.debian.org/543FF3BD.1020609@zen.co.uk
# apt_aptitude_solution_cost:
# - priority
# - removals
# - canceled-actions
apt_aptitude_solution_cost: []
# List of preferences options.
# apt_preferences:
# - file: perl
# package: perl
# pin: "version 5.20*"
# priority: 1001
apt_preferences: []

5
roles/weareinteractive.apt/handlers/main.yml Executable file
View File

@ -0,0 +1,5 @@
---
- name: reload systemd
systemd:
daemon_reload: true

2
roles/weareinteractive.apt/meta/.galaxy_install_info Executable file
View File

@ -0,0 +1,2 @@
install_date: Sat Jan 11 17:32:26 2020
version: 2.9.1

142
roles/weareinteractive.apt/meta/main.yml Executable file
View File

@ -0,0 +1,142 @@
---
galaxy_info:
author: franklin
company: We Are Interactive
description: Configures apt and installs/updates packages
min_ansible_version: 2.4
license: MIT
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If travis integration is cofigured, only notification for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
github_branch: master
#
# Below are all platforms currently available. Just uncomment
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
platforms:
#- name: EL
# versions:
# - all
# - 5
# - 6
# - 7
#- name: GenericUNIX
# versions:
# - all
# - any
#- name: Solaris
# versions:
# - all
# - 10
# - 11.0
# - 11.1
# - 11.2
# - 11.3
#- name: Fedora
# versions:
# - all
# - 16
# - 17
# - 18
# - 19
# - 20
# - 21
# - 22
# - 23
#- name: Windows
# versions:
# - all
# - 2012R2
#- name: SmartOS
# versions:
# - all
# - any
#- name: opensuse
# versions:
# - all
# - 12.1
# - 12.2
# - 12.3
# - 13.1
# - 13.2
#- name: Amazon
# versions:
# - all
# - 2013.03
# - 2013.09
#- name: GenericBSD
# versions:
# - all
# - any
#- name: FreeBSD
# versions:
# - all
# - 10.0
# - 10.1
# - 10.2
# - 8.0
# - 8.1
# - 8.2
# - 8.3
# - 8.4
# - 9.0
# - 9.1
# - 9.1
# - 9.2
# - 9.3
- name: Ubuntu
versions:
- all
# - lucid
# - maverick
# - natty
# - oneiric
# - precise
# - quantal
# - raring
# - saucy
# - trusty
# - utopic
# - vivid
# - wily
#- name: SLES
# versions:
# - all
# - 10SP3
# - 10SP4
# - 11
# - 11SP1
# - 11SP2
# - 11SP3
#- name: GenericLinux
# versions:
# - all
# - any
- name: Debian
versions:
- all
# - etch
# - jessie
# - lenny
# - squeeze
# - wheezy
#
# List tags for your role here, one per line. A tag is
# a keyword that describes and categorizes the role.
# Users find roles by searching for tags. Be sure to
# remove the '[]' above if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of
# alphanumeric characters. Maximum 20 tags per role.
galaxy_tags:
- system
- apt
# List your role dependencies here, one per line. Only
# dependencies available via galaxy should be listed here.
# Be sure to remove the '[]' above if you add dependencies
# to this list.
dependencies: []

Some files were not shown because too many files have changed in this diff Show More