vdk/playbook.yml

---
- hosts: all
  become: true
  vars:
    apt_packages:
      - aptitude
      - arj
      - cifs-utils
      - chromium-browser
      - curl
      - ethtool
      - exfat-fuse
      - exfat-utils
      - firefox-locale-de
      - gimp
      - git
      - gnupg2
      - grsync
      - haveged
      - httrack
      - keepassxc
      - lightdm
      - mc
      - net-tools
      - nextcloud-client
      - ntpdate
      - pdfshuffler
      - smb4k
      - synaptic
      - thunderbird-locale-de
      - vim
      - vim-doc
      - vlc
      - x11vnc
      - xz-utils
    apt_repositories:
      - ppa:nextcloud-devs/client
    packages_absent:
      - apport
      - gnome-initial-setup
      - ubuntu-web-launchers
    debs_present:
      - CQue_v4.0.5_Linux_64_DE.deb
      - veracrypt-1.24-Update3-Ubuntu-18.04-amd64.deb
    fonts_shared:
      - type: 'opentype'
        src: FrutigerLTStd-BlackCn.otf
        dest: frutiger/FrutigerLTStd-BlackCn.otf
      - type: 'opentype'
        src: FrutigerLTStd-BlackItalic.otf
        dest: frutiger/FrutigerLTStd-BlackItalic.otf
      - type: 'opentype'
        src: FrutigerLTStd-Black.otf
        dest: frutiger/FrutigerLTStd-Black.otf
      - type: 'opentype'
        src: FrutigerLTStd-BoldCn.otf
        dest: frutiger/FrutigerLTStd-BoldCn.otf
      - type: 'opentype'
        src: FrutigerLTStd-BoldItalic.otf
        dest: frutiger/FrutigerLTStd-BoldItalic.otf
      - type: 'opentype'
        src: FrutigerLTStd-Bold.otf
        dest: frutiger/FrutigerLTStd-Bold.otf
      - type: 'opentype'
        src: FrutigerLTStd-Cn.otf
        dest: frutiger/FrutigerLTStd-Cn.otf
      - type: 'opentype'
        src: FrutigerLTStd-ExtraBlackCn.otf
        dest: frutiger/FrutigerLTStd-ExtraBlackCn.otf
      - type: 'opentype'
        src: FrutigerLTStd-Italic.otf
        dest: frutiger/FrutigerLTStd-Italic.otf
      - type: 'opentype'
        src: FrutigerLTStd-LightCn.otf
        dest: frutiger/FrutigerLTStd-LightCn.otf
      - type: 'opentype'
        src: FrutigerLTStd-LightItalic.otf
        dest: frutiger/FrutigerLTStd-LightItalic.otf
      - type: 'opentype'
        src: FrutigerLTStd-Light.otf
        dest: frutiger/FrutigerLTStd-Light.otf
      - type: 'opentype'
        src: FrutigerLTStd-Roman.otf
        dest: frutiger/FrutigerLTStd-Roman.otf
      - type: 'opentype'
        src: FrutigerLTStd-UltraBlack.otf
        dest: frutiger/FrutigerLTStd-UltraBlack.otf
    admin_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== christoph"
    physicals_packages_dropbear:
      - dropbear-initramfs
      - kbd

  pre_tasks:
    - name: add group lokaladmin
      group:
        name: lokaladmin
        gid: 1000

    - name: ensure lokaladmin is present
      user:
        name: lokaladmin
        group: lokaladmin
        groups: adm, cdrom, sudo, dip, plugdev, lpadmin, sambashare
        append: True
        uid: 1000
        password: "$6$bzVyhcWa$X3NeSycmO8qhgjtYDjjg8ANBt1jf.uvRHdkaVL6qTFhXk6RQvChJQpUtBH1Ccg5t5VR/qqoDgOgieYsX08nK31"

    - name: add authorized_key for christoph
      authorized_key:
        user: "{{ item }}"
        key: "{{ admin_key }}"
      with_items:
        - root
        - lokaladmin

    - name: Disable motd-news
      lineinfile:
        dest: /etc/default/motd-news
        regexp: '^ENABLED='
        line: 'ENABLED=0'

  roles:
    - role: ontic.fonts
      tags: fonts
    - role: freedomofpress.signal-desktop
      tags: signal

  tasks:

    - name: Install repositories
      apt_repository:
        repo: "{{ item }}"
      with_items: "{{ apt_repositories }}"
      tags:
        - apt
        - nextcloud

    - name: Install packages
      apt:
       pkg: "{{ apt_packages }}"
      tags:
        - apt
        - lightdm
        - nextcloud

    - name: Delete unnecessary packages
      apt:
        pkg: "{{ packages_absent }}"
        state: absent
      tags: apt

    - name: copy debs
      copy:
        src: "{{ item }}"
        dest: /root/
        owner: root
        group: root
        mode: 0644
      with_items: "{{ debs_present }}"
      tags: apt

    - name: install local debs
      apt:
        deb: "/root/{{ item }}"
      with_items: "{{ debs_present }}"
      tags: apt

    - name: system time cron job
      cron:
        name: adjust system time
        minute: 3
        job: /usr/sbin/ntpdate 192.168.112.254 > /dev/null

    - name: wake-on-lan cron job
      cron:
        name: "enable wake-on-lan interface {{ item }}"
        special_time: reboot
        job: /sbin/ethtool -s {{ item }} wol g
      when: item != "lo"
      with_items: "{{ ansible_interfaces }}"
      tags: wol

    - name: set default editor
      alternatives:
        name: editor
        path: /usr/bin/vim

    - name: get christoph admin scripts
      git:
        repo: https://git.oopen.de/script/{{ item }}
        dest: /root/bin/{{ item }}
      with_items:
        - admin-stuff
        - monitoring

    - name: configure lightdm
      copy:
        src: lightdm.conf
        dest: /etc/lightdm/lightdm.conf
        owner: root
        group: root
        mode: 0644
      tags: lightdm

    - name: make lightdm default (debconf)
      debconf:
        name: 'shared'
        question: 'shared/default-x-display-manager'
        vtype: 'select'
        value: 'lightdm'
      tags: lightdm

    - name: make lightdm default (systemd)
      file:
        path: /etc/systemd/system/display-manager.service
        src: /lib/systemd/system/lightdm.service
        state: link
      tags: lightdm

    - name: make lightdm default (X11)
      copy:
        dest: /etc/X11/default-display-manager
        content: "/usr/sbin/lightdm\n"
        owner: root
        group: root
        mode: 0644
      tags: lightdm

    - import_tasks: initramfs.yml
    - import_tasks: gnome.yml
      tags:
        - gnome

    - name: copy printer drivers
      copy:
        src: "{{ item }}"
        dest: /usr/share/ppd/custom
        owner: root
        group: lpadmin
        mode: 0664
      with_items:
        - Canon_LBP712Cx.ppd
        - UTAX_TA_3555i.ppd
      notify: configure printers
      tags: printer

  handlers:
    - name: update initramfs
      command: update-initramfs -u
    - name: dconf update
      command: dconf update
    - name: configure printers
      shell: "lpadmin -p Kopierer -E -v socket://192.168.112.5 -P /usr/share/ppd/custom/UTAX_TA_3555i.ppd && lpadmin -p Farbdrucker -E -v socket://192.168.112.7 -P /usr/share/ppd/custom/Canon_LBP712Cx.ppd && lpadmin -d Kopierer"

  # use christophs role to configure NFS/NIS
- hosts: all
  become: true
  roles:
    - common