wvss/lmn-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lmn-client/lmn-client.yml

103 lines
3 KiB
YAML
Raw Blame History

## This playbook deploys a client for LinuxMuster.
#
# Use the following in the installer's preseed file:
#
# d-i preseed/late_command string \
# mkdir -p /target/home/ansible/.ssh && \
# echo "ssh-ed25519 A...YOUR.KEY...Z" >> /target/home/ansible/.ssh/authorized_keys ; \
# in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
# in-target chmod -R og= /home/ansible/.ssh/ ; \
# if [ -n "$playbook" ] ; then \
# mkdir -v /target/dev/shm ; \
# in-target mount -v -t tmpfs tmpfs /dev/shm ; \
# echo "$vaultpw" > /target/dev/shm/vaultpw ; \
# in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
# --vault-password-file /dev/shm/vaultpw \
# -i localhost, --url=git://ansible.example.org/.git -C YOUR_BRANCH $playbook ; \
# fi
#
---
- name: Apply common configuration to the machines
hosts: all # desktop:laptop
remote_user: ansible
become: true
pre_tasks:
# - name: Ask for global-admin AD password
# ansible.builtin.pause:
# prompt: "Enter global-admin AD password. Leave empty to skip domain join"
# echo: false
# register: adpw
# no_log: true
# when: "ansible_cmdline.adpw is not defined"
# - name: Preseed apparmor
# ansible.builtin.debconf:
# name: apparmor
# question: apparmor/homedirs
# value: >-
# /srv/samba/schools/default-school/teachers/
# /srv/samba/schools/default-school/students/*/
# /srv/samba/schools/default-school/examusers/
# vtype: string
- name: Preseed unattended-upgrades
ansible.builtin.debconf:
name: unattended-upgrades
question: unattended-upgrades/enable_auto_updates
value: true
vtype: boolean
roles:
- lmn_network
- role: up2date_debian
tags: upgrade
# - lmn_sssd
# - lmn_mount
# - lmn_kde
# - role: lmn_vm
# when: vm_support
# - role: lmn_printer
# when: printservers is defined
# - kerberize
# - lmn_misc
# - role: lmn_localproxy
# when: localproxy
# - role: lmn_localhome
# when: localhome
# - role: lmn_localuser
# when: localuser
# - role: lmn_exam
# when: exam_mode
# - role: lmn_wlan
# when:
# - ansible_interfaces | select('search', 'wl.+') | first is defined
# - wlan != 'none'
tasks:
- name: Include custom roles
ansible.builtin.include_role:
name: "custom/{{ rolename }}"
loop: "{{ custom_roles }}"
loop_control:
loop_var: rolename
when: custom_roles is defined
- name: Final tasks
ansible.builtin.include_role:
name: "{{ role }}"
loop_control:
loop_var: role
loop:
- lmn_security
# - lmn_finish
# - lmn_tmpfixes
- name: Apply roles that must run serial
hosts: all
remote_user: ansible
become: true
serial: 1
ignore_unreachable: true
roles:
- role: lmn_vpn
when: vpn != "none"
Reference in a new issue View git blame Copy permalink