wvss/lmn-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

2025-06-26-13-33-49: Cronjob

Browse source
This commit is contained in:
lmn-client 2025-06-26 13:33:49 +02:00
commit 29049c8da1
127 changed files with 7089 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
roles/lmn_misc/defaults/main.yml Normal file
View file

@ -0,0 +1,9 @@
---
misc_avoid_suspend: true
misc_pwroff: true
misc_pwroff_idle: true
misc_pxe_first: false
misc_reporter: false
misc_reporter_serv: "localhost 1234"
misc_clonescreen: false
misc_clonescreen_mode: "1920x1080@60"

18
roles/lmn_misc/files/bootorder.sh Normal file
View file

@ -0,0 +1,18 @@
#!/usr/bin/bash
#
# fix boot order: first PXE, then Debian
#
set -eu
cur="$(efibootmgr | grep -Ei 'BootOrder:' | \
sed -E 's/^BootOrder: ([[:xdigit:]]{4}),.+$/\1/')"
pxeip4="$(efibootmgr | grep -Ei "IP.*4" | \
sed -E 's/^Boot([[:xdigit:]]{4}).+$/\1/')"
debian="$(efibootmgr | grep -Ei "debian" | \
sed -E 's/^Boot([[:xdigit:]]{4}).+$/\1/')"
if [[ "$cur" != "$pxeip4" ]] && [[ -n "$pxeip4" ]] && [[ -n "$debian" ]] ; then
efibootmgr -o $pxeip4,$debian
else
echo "Nothing to do."
fi

48
roles/lmn_misc/files/pwroff Executable file
View file

@ -0,0 +1,48 @@
#!/bin/bash
#
# logout idle users and shutdown machine
#
set -eu
action="systemctl poweroff"
uptime=$(cat /proc/uptime | cut -f1 -d.)
maxidle=3600 ## seconds
u=($(loginctl list-users --no-legend | sort -hr | head -1))
una=${u[1]:-''}
uid=${u[0]:-''}
talk2dbus() {
local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
sudo -u $una DISPLAY=$display \
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus "$@"
}
########
## shutdown if nobody is loged in:
if [[ -z "$una" ]] || [[ $uid -lt 1000 ]] ; then
exec $action
fi
# FIXME: find idle time independent of running screensaver
if ! t=$(talk2dbus qdbus org.kde.screensaver /ScreenSaver GetActiveTime) ; then
echo "No graphical logins found."
else
idle=$(( t / 1000 ))
if [[ $idle -gt $maxidle ]] && [[ ! -d "/srv/samba/schools/default-school/teachers/" ]] ; then
talk2dbus notify-send -i system-shutdown -u critical -a 'Important System Information' \
'Please log out, the system will shut down soon!' \
'There has been no activity for too long.'
## shutdown:
#talk2dbus qdbus org.kde.ksmserver /KSMServer logout 1 2 0
## logout:
talk2dbus qdbus org.kde.ksmserver /KSMServer logout 1 0 0 || \
loginctl terminate-user $una
echo "Log-out user $una after being idle for $idle seconds."
else
echo "The user $una has been idle for $idle seconds."
fi
fi
#w -s | grep tty | sed "s/[[:space:]]\+/ /g" | cut -f4 -d ' '

6
roles/lmn_misc/files/pwroff.service Normal file
View file

@ -0,0 +1,6 @@
[Unit]
Description=Run pwroff script
[Service]
Type=simple
ExecStart=/usr/local/sbin/pwroff

9
roles/lmn_misc/files/pwroff.timer Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Run pwroff script every 15 min after 90 min uptime
[Timer]
OnBootSec=90min
OnUnitActiveSec=15min
[Install]
WantedBy=timers.target

33
roles/lmn_misc/files/reporter Executable file
View file

@ -0,0 +1,33 @@
#!/usr/bin/bash
#
# Send stdout of some commands to monitoring server.
# Collect the reports with 'nc -u -k -l 1234' on 'sendto'.
# Use /bin/nc.openbsd, /bin/nc.traditional seems not to work.
#
set -eu
sendto="collector.steinbeis.schule 1234"
n=0
cmds=(
'uname -a'
'tail -1 /var/local/ansible-stamps'
'ip route list default'
'ip link show | \
sed -nE -e "s/^[2-9]: (\S+): .+/\1/p" -e "s/.+ether ([0-9a-f:]+) .+/\1/p" | \
paste - -'
)
# 'w'
# 'uptime'
# 'ls -d --full-time /home/ansible/.ansible/tmp/'
# 'ip addr show'
# 'apt list --upgradeable -o Apt::Cmd::Disable-Script-Warning=true'
r="$HOSTNAME ------- $(date --rfc-3339=seconds) -------
$(for c in "${cmds[@]}" ; do
n=$(( n + 1 ))
echo -n "$n"
eval "$c" | sed 's/^/\t/'
done | sed "s/^/$HOSTNAME /")
## -------------------------------------------------"
echo "$r" | nc -w 1 -u $sendto

6
roles/lmn_misc/files/reporter.service Normal file
View file

@ -0,0 +1,6 @@
[Unit]
Description=Run reporting script
[Service]
Type=simple
ExecStart=/usr/local/sbin/reporter

9
roles/lmn_misc/files/reporter.timer Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Run reporter script every 15 min
[Timer]
OnBootSec=5min
OnUnitActiveSec=15min
[Install]
WantedBy=timers.target

2
roles/lmn_misc/handlers/main.yml Normal file
View file

@ -0,0 +1,2 @@
- name: Run update-grub
ansible.builtin.command: update-grub

217
roles/lmn_misc/tasks/main.yml Normal file
View file

@ -0,0 +1,217 @@
---
- name: Enable wake-on-lan for all ethernet connections
ansible.builtin.copy:
dest: /etc/NetworkManager/conf.d/wake-on-lan.conf
mode: '0644'
content: |
[connection]
ethernet.wake-on-lan=64
- name: Prepare directory for apt-daily override
ansible.builtin.file:
path: /etc/systemd/system/apt-daily.timer.d/
mode: '0755'
state: directory
- name: Run apt update early to avoid outdated package lists
ansible.builtin.copy:
dest: /etc/systemd/system/apt-daily.timer.d/override.conf
mode: '0644'
content: |
[Timer]
RandomizedDelaySec=30m
# Avoid suspend
- name: Create directory to avoid suspend
ansible.builtin.file:
path: /etc/systemd/sleep.conf.d/
state: directory
mode: '0755'
when: misc_avoid_suspend
- name: Avoid suspending
ansible.builtin.blockinfile:
path: /etc/systemd/sleep.conf.d/nosuspend.conf
create: true
mode: '0644'
block: |
[Sleep]
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no
when: misc_avoid_suspend
# Auto Poweroff
- name: Copy pwroff script
ansible.builtin.copy:
src: pwroff
dest: /usr/local/sbin/
mode: '0755'
- name: Provide services and timers for pwroff
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop:
- pwroff.service
- pwroff.timer
when: misc_pwroff
- name: Enable pwroff.timer
ansible.builtin.systemd:
name: pwroff.timer
enabled: true
when: misc_pwroff
# Shut down when idle for too long
- name: Shut down when idle for too long
ansible.builtin.copy:
dest: /etc/xdg/powermanagementprofilesrc
mode: '0644'
content: |
[AC][SuspendSession]
idleTime=7200000
suspendType=8
when: misc_pwroff_idle
# Boot splash
- name: Enable boot splash screen
ansible.builtin.replace:
dest: "/etc/default/grub"
regexp: '"quiet"$'
replace: '"quiet splash"'
notify: Run update-grub
# Grub settings
- name: Protect editing grub menu entries
ansible.builtin.blockinfile:
path: /etc/grub.d/40_custom
block: |
set superusers='root'
export superusers
password_pbkdf2 root {{ grub_pwd }}
notify: Run update-grub
when: grub_pwd | bool | default(false)
- name: Allow booting grub menu entries
ansible.builtin.lineinfile:
dest: /etc/grub.d/10_linux
line: CLASS="${CLASS} --unrestricted"
insertafter: '^CLASS=.*'
firstmatch: true
notify: Run update-grub
- name: Disable Grub submenus
ansible.builtin.lineinfile:
dest: /etc/default/grub
line: 'GRUB_DISABLE_SUBMENU=true'
insertafter: '^GRUB_TIMEOUT=.*'
notify: Run update-grub
- name: Grub timeout
ansible.builtin.lineinfile:
dest: /etc/default/grub
regexp: '^(GRUB_TIMEOUT=).*'
line: '\g<1>1'
backrefs: true
notify: Run update-grub
# PXE first boot order
- name: Copy some scripts
ansible.builtin.copy:
src: bootorder.sh
dest: /usr/local/sbin/
mode: '0755'
when: misc_pxe_first
- name: PXE first boot order
ansible.builtin.command: /usr/local/sbin/bootorder.sh
register: cmd_result
changed_when: cmd_result.stdout is not search('Nothing to do.')
when: misc_pxe_first
# Disable Caps Lock
- name: Keyboard compose key
ansible.builtin.lineinfile:
dest: /etc/default/keyboard
regexp: '^(XKBOPTIONS=).*'
line: '\1"compose:caps"'
backrefs: true
# Activate unattended upgrades
- name: Install unattended-upgrades
ansible.builtin.apt:
name:
- unattended-upgrades
- name: Update all packages unattended
ansible.builtin.replace:
path: /etc/apt/apt.conf.d/50unattended-upgrades
regexp: '^//(\s+"origin=.+-updates";)$'
replace: ' \1'
# Install reporter
- name: Copy reporter
ansible.builtin.template:
src: reporter.j2
dest: /usr/local/sbin/reporter
mode: '0755'
- name: Provide services and timers for reporter
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
mode: '0644'
loop:
- reporter.service
- reporter.timer
when: misc_reporter
- name: Enable reporter.timer
ansible.builtin.systemd:
name: reporter.timer
enabled: true
when: misc_reporter
# Prepare CloneScreen on Presenter PCs
- name: Fix primary screen for class room PCs with projector
when: misc_clonescreen
block:
- name: Set primary screen for login
ansible.builtin.blockinfile:
path: /usr/share/sddm/scripts/Xsetup
block: |
xrandr --output {{ dual_screen[0] }} --primary
when: dual_screen is defined
- name: Reset primary screen for login
ansible.builtin.blockinfile:
path: /usr/share/sddm/scripts/Xsetup
state: absent
when: dual_screen is not defined
- name: Deploy fix-screen script
ansible.builtin.template:
src: lmn-fix-screen.j2
dest: /usr/local/bin/lmn-fix-screen
mode: '0755'
- name: Deploy fix-screen autostarter
ansible.builtin.copy:
dest: /etc/xdg/autostart/lmn-fix-screen.desktop
mode: '0644'
content: |
[Desktop Entry]
Name=fix-screen
Exec=lmn-fix-screen
Type=Application
NoDisplay=true

29
roles/lmn_misc/templates/lmn-fix-screen.j2 Normal file
View file

@ -0,0 +1,29 @@
#!/usr/bin/bash
#
# Set the primary screen after login
# Clone screen on all displays
# Set audio-default-sink
#
set -eu
if [[ "$XDG_SESSION_TYPE" = wayland ]] ; then
while ! kscreen-doctor -o; do
sleep 1
done
sleep 2
{% if dual_screen is defined %}
kscreen-doctor output.{{ dual_screen[1] }}.priority.1
{% endif %}
for N in $(kscreen-doctor -j | jq -r .outputs[].name) ; do
kscreen-doctor output.$N.mode.{{ misc_clonescreen_mode }} output.$N.position.0,0 output.$N.scale.$(kscreen-doctor -j | jq .outputs[].scale | sort | head -1);
done
fi
{% if audio_output is defined %}
pactl set-card-profile alsa_card.{{ audio_output[0] }} output:{{ audio_output[1] }}
pactl set-default-sink alsa_output.{{ audio_output[0] }}.{{ audio_output[1] }}
{% else %}
if pactl list cards | grep output:hdmi-stereo: | grep verfügbar:\ ja; then
pactl set-card-profile $(pactl list short cards | grep -m1 pci | head -1 | cut -f2) output:hdmi-stereo
pactl set-default-sink $(pactl list short cards | grep -m1 pci | head -1 | cut -f2 | sed s/card/output/g).output:hdmi-stereo
fi
{% endif %}

33
roles/lmn_misc/templates/reporter.j2 Executable file
View file

@ -0,0 +1,33 @@
#!/usr/bin/bash
#
# Send stdout of some commands to monitoring server.
# Collect the reports with 'nc -u -k -l 1234' on 'sendto'.
# Use /bin/nc.openbsd, /bin/nc.traditional seems not to work.
#
set -eu
sendto="{{ misc_reporter_serv }} 1234"
n=0
cmds=(
'uname -a'
'tail -1 /var/local/ansible-stamps'
'ip route list default'
'ip link show | \
sed -nE -e "s/^[2-9]: (\S+): .+/\1/p" -e "s/.+ether ([0-9a-f:]+) .+/\1/p" | \
paste - -'
)
# 'w'
# 'uptime'
# 'ls -d --full-time /home/ansible/.ansible/tmp/'
# 'ip addr show'
# 'apt list --upgradeable -o Apt::Cmd::Disable-Script-Warning=true'
r="$HOSTNAME ------- $(date --rfc-3339=seconds) -------
$(for c in "${cmds[@]}" ; do
n=$(( n + 1 ))
echo -n "$n"
eval "$c" | sed 's/^/\t/'
done | sed "s/^/$HOSTNAME /")
## -------------------------------------------------"
echo "$r" | nc -w 1 -u $sendto