Split playbook into roles

The local.yml playbook was split into the following roles: - xfce-gui-minimal: Install and configure a minimal xfce gui + applications - mpstools: Install the mpstools (patch them if needed) and add the PATH - geany: Install geany and configure it to replace snavigator - dfn-ca-cert: Install the DFN CA certificate into the system and into firefox (this is needed to access certain h-da websites) - h-da_util: Install the hda-util.sh + desktop launchers for easy access to the university network - misc-applications: Install a bunch of small useful applications The default known_hosts was removed since it didn't seem to work reliably

Split playbook into roles
681e3835 · Daniel Müller · 5ce31e41 · 5ce31e41 · 681e3835 · 681e3835
Commit 681e3835 authored 4 years ago by Daniel Müller
--- a/files/conf/ssh/known_hosts
+++ b/files/conf/ssh/known_hosts
-userv.fbi.h-da.de ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLeL1r/jL1ndOGPIhovtNQnILXz5R2jOTPsE1eX+Oac+tBkxT0TCZ0s9cbeehaHwqO9bOorkBdfAahambcou7e4=
\ No newline at end of file
--- a/local.yml
+++ b/local.yml
 ---
 - hosts: localhost
-  pre_tasks:
+  vars:
+    vm_user: fs
+    patch_libncurses5_to_6: true
+    overwrite_config: false
+  pre_tasks:
  - name: Update packages
    become: true
    apt:
@@ -9,356 +14,15 @@
      update_cache: true
      force_apt_get: true
-  tasks:
+  roles:
+    - xfce-gui-minimal
-  - name: Install xfce desktop and associated programms
+    - mpstools
-    become: true
+    - dfn-ca-cert
-    apt:
+    - geany
-      name:
+    - h-da_util
-        - task-xfce-desktop
+    - misc-applications
-        - xfce4-terminal
-        - lightdm-gtk-greeter
-        - lightdm-gtk-greeter-settings
-        - xfce4-power-manager
-        - thunar-archive-plugin 
-        - thunar-gtkhash 
-        - xfce4-whiskermenu-plugin
-        - xfce4-clipman-plugin
-        - xfce4-places-plugin
-        - xfce4-taskmanager
-        - gnome-keyring
-        - gigolo
-        - xdg-user-dirs
-        - pulseaudio
-        - xfce4-pulseaudio-plugin
-        - pavucontrol
-        - dnsutils
-        - dbus-x11
-        - policykit-1
-      install_recommends: false
-      force_apt_get: true
-  - name: Install essential terminal programms
-    become: true
-    apt:
-      name:
-        - python3-pip
-        - unzip
-        - curl
-        - git
-        - make
-        - patchelf
-        - zerofree
-        - neofetch
-        - htop
-        - "linux-headers-{{ ansible_kernel }}"
-        - dkms
-      install_recommends: false
-      force_apt_get: true
-  - name: Install basic gui applications
-    become: true
-    apt:
-      name:
-        - firefox-esr # web browser
-        - zathura # pdf viewer
-        - gedit # text editor
-        - shotwell # image viewer
-      install_recommends: false
-      force_apt_get: true
-  - name: Install helper programms for university network access
-    become: true
-    apt:
-      name:
-        - openssh-client
-        - sshfs
-        - gvfs-fuse
-        - gvfs-backends
-        - rsync
-        - proxychains
-      install_recommends: false
-      force_apt_get: true
-  - name: Install sshuttle (used as lightweight vpn replacement)
-    become: true
-    pip:
-      executable: pip3
-      name: sshuttle
-  - name: Install geany
-    become: true
-    apt:
-      name:
-        - geany
-        - geany-plugin-autoclose
-        - geany-plugin-automark
-        - geany-plugin-overview
-        - geany-plugin-vc
-        - geany-plugin-git-changebar
-      state: present
-      install_recommends: false
-      force_apt_get: true
-  - name: Get current mpstools hash
-    set_fact:
-      mpstools_curr_hash: "{{ lookup('file', '/opt/mpstools/checksum', errors='ignore') }}"
-  - name: Get new mpstools hash
-    stat:
-      path: files/mpstools.tgz
-      checksum_algorithm: sha1
-      get_checksum: true
-    register: mpstools_new
-  - name: Install toolchain
-    become: true
-    unarchive:
-      owner: root
-      group: root
-      src: files/mpstools.tgz
-      dest: /opt
-      keep_newer: true
-    when: mpstools_curr_hash != mpstools_new.stat.checksum
-  # This has worked while testing but it is not a good way to solve the issue.
-  # It basically forces the executables to use the newer version of libncurses
-  - name: Patch arm debugger binaries to use libncurses.so.6
-    become: true
-    shell: "ldd {{ item }} | grep libncurses.so.5 && patchelf --replace-needed libncurses.so.5 libncurses.so.6 {{ item }}; exit 0"
-    with_items:
-      - /opt/mpstools/bin/arm-v4t-eabi-insight
-      - /opt/mpstools/bin/arm-v4t-eabi-gdbtui
-      - /opt/mpstools/bin/arm-v4t-eabi-gdb
-      - /opt/mpstools/bin/arm-elf-insight
-      - /opt/mpstools/bin/arm-elf-eabi-insight
-    when: mpstools_curr_hash != mpstools_new.stat.checksum
-  - name: Set toolchain checksum
-    become: true
-    copy:
-      owner: root
-      group: root
-      dest: /opt/mpstools/checksum
-      content: "{{ mpstools_new.stat.checksum }}"
-    when: mpstools_curr_hash != mpstools_new.stat.checksum
-  - name: Add toolchain to PATH (for bash only)
-    become: true
-    become_user: fs
-    lineinfile:
-      path: ~/.bashrc
-      line: '[[ "$PATH" =~ (^|:)"/opt/mpstools/bin"($|:) ]] || export PATH="/opt/mpstools/bin:$PATH"'
-      create: true
-  - name: Add toolchain to PATH (for whole xsession)
-    become: true
-    become_user: fs
-    lineinfile:
-      path: ~/.xsessionrc
-      line: 'export PATH="/opt/mpstools/bin:$PATH"'
-      create: true
-  - name: Install xfce themes
-    become: true
-    unarchive:
-      owner: root
-      group: root
-      src: files/themes/system/{{ item }}
-      dest: /usr/share/themes
-      keep_newer: true
-    with_items:
-      - Nordic.tar.xz
-      #- Nordic-bluish-accent.tar.xz
-      - Nordic-Polar.tar.xz
-  - name: Install xfce icons
-    become: true
-    unarchive:
-      owner: root
-      group: root
-      src: files/themes/icons/{{ item }}
-      dest: /usr/share/icons
-      keep_newer: true
-    with_items:
-      #- 01-Qogir.tar.xz
-      - 01-Tela.tar.xz
-      #- papirus-icon-theme-20201201.tar.xz
-  - name: Install xfce-terminal theme
-    become: true
-    copy:
-      owner: root
-      group: root
-      src: files/themes/xfce4-terminal/nord.theme
-      dest: /usr/share/xfce4/terminal/colorschemes
-  - name: Install gedit theme
-    become: true
-    copy:
-      owner: root
-      group: root
-      src: files/themes/gedit/nord.xml
-      dest: /usr/share/gtksourceview-3.0/styles/
-  - name: Install geany theme
-    become: true
-    copy:
-      owner: root
-      group: root
-      src: files/themes/geany/nord.conf
-      dest: /usr/share/geany/colorschemes/
-  - name: Configure autologin
-    become: true
-    copy:
-      owner: root
-      group: root
-      src: files/conf/lightdm-autologin.conf
-      dest: /usr/share/lightdm/lightdm.conf.d
-  - name: Configure login display
-    become: true
-    copy:
-      owner: root
-      group: root
-      src: files/conf/lightdm-gtk-greeter.conf
-      dest: /etc/lightdm
-  - name: Install preconfigured config
-    become: true
-    copy:
-      owner: fs
-      group: fs
-      src: files/conf/home-conf/{{ item }}
-      dest: /home/fs
-      force: false
-    with_items:
-      - .config
-      - .sn
-  - name: Check if user dirs exist
-    stat:
-      path: /home/fs/.config/user-dirs.dirs
-    register: user_dirs
-  - name: Create user dirs
-    become: true
-    become_user: fs
-    shell: xdg-user-dirs-update
-    when: not user_dirs.stat.exists
-  # This is a critical step to check for security issues. The installed ca
-  # comes from the DFN website: https://pki.pca.dfn.de/dfn-ca-global-g2/cgi-bin/pub/pki
-  # The cert should be doublechecked if any security concerns arise
-  - name: Install DFN Global CA Certificate
-    become: true
-    copy:
-      owner: root
-      group: root
-      src: files/conf/dfn-ca-global-g2.crt
-      dest: /usr/share/ca-certificates
-    register: cacert
-  - name: Update CA certificate
-    become: true
-    shell: update-ca-certificates
-    when: cacert.changed
-  - name: Install CA certificate into firefox
-    become: true
-    copy:
-      owner: root
-      group: root
-      src: files/conf/firefox/policies.json
-      dest: /usr/lib/firefox-esr/distribution
-  - name: Install proxychains config
-    become: true
-    copy:
-      owner: root
-      group: root
-      src: files/conf/proxychains.conf
-      dest: /etc/proxychains.conf
-  - name: Set GRUB timeout to 1s
-    become: true
-    lineinfile:
-      path: /etc/default/grub
-      regexp: "^GRUB_TIMEOUT=[0-9]*$"
-      line: "GRUB_TIMEOUT=1"
-    register: setgrubcfg
-  - name: Update GRUB if needed
-    become: true
-    shell: update-grub
-    when: setgrubcfg.changed
-  - name: Create user bin dir
-    become: true
-    become_user: fs
-    file:
-      path: /home/fs/bin
-      state: directory
-  - name: Install user hda-util script
-    become: true
-    copy:
-      owner: fs
-      group: fs
-      mode: 0775
-      src: files/bin/hda-util.sh
-      dest: /home/fs/bin
-  - name: Add user bin to PATH
-    become: true
-    become_user: fs
-    lineinfile:
-      path: ~/.bashrc
-      line: 'export PATH="/home/fs/bin:$PATH"'
-      create: true
-  - name: Find desktop directory
-    become: true
-    become_user: fs
-    shell: xdg-user-dir DESKTOP
-    register: user_desktop
-    changed_when: false
-  - name: Install desktop launchers
-    become: true
-    copy:
-      owner: fs
-      group: fs
-      mode: 0775
-      src: "{{ item }}"
-      dest: "{{ user_desktop.stdout }}"
-    with_fileglob:
-      - files/desktop/*.desktop
-  - name: Make sure .ssh directory exists
-    become: true
-    become_user: fs
-    file:
-      owner: fs
-      group: fs
-      mode: 0700
-      path: "/home/fs/.ssh"
-      state: directory
-#  - name: Preinstall known hosts file for userv.fbi.h-da.de
-#    become: true
-#    become_user: fs
-#    copy:
-#      owner: fs
-#      group: fs
-#      mode: 0644
-#      src: "files/conf/ssh/known_hosts"
-#      dest: "/home/fs/.ssh"
-#      force: false
 # before distributing VM:
 # - clean apt cache: apt clean
 # - delete apt lists: rm -r /var/lib/apt/lists/*
 # - zerofree from outside
\ No newline at end of file
--- a/files/conf/dfn-ca-global-g2.crt
+++ b/files/conf/dfn-ca-global-g2.crt
--- a/files/conf/firefox/policies.json
+++ b/files/conf/firefox/policies.json
--- a/roles/dfn-ca-cert/tasks/main.yml
+++ b/roles/dfn-ca-cert/tasks/main.yml
+---
+# roles/dfn-ca-cert
+# This is a critical step to check for security issues. The installed ca
+# comes from the DFN website: https://pki.pca.dfn.de/dfn-ca-global-g2/cgi-bin/pub/pki
+# The cert should be doublechecked if any security concerns arise
+- name: Install DFN Global CA Certificate
+  become: true
+  copy:
+    owner: root
+    group: root
+    src: dfn-ca-global-g2.crt
+    dest: /usr/share/ca-certificates
+  register: cacert
+- name: Update CA certificate
+  become: true
+  shell: update-ca-certificates
+  when: cacert.changed
+- name: Install CA certificate into firefox
+  become: true
+  copy:
+    owner: root
+    group: root
+    src: firefox/policies.json
+    dest: /usr/lib/firefox-esr/distribution
--- a/files/conf/home-conf/.config/geany/filedefs/filetypes.README
+++ b/files/conf/home-conf/.config/geany/filedefs/filetypes.README
--- a/files/conf/home-conf/.config/geany/filedefs/filetypes.asm
+++ b/files/conf/home-conf/.config/geany/filedefs/filetypes.asm
--- a/files/conf/home-conf/.config/geany/filedefs/filetypes.c
+++ b/files/conf/home-conf/.config/geany/filedefs/filetypes.c
--- a/files/conf/home-conf/.config/geany/geany.conf
+++ b/files/conf/home-conf/.config/geany/geany.conf
--- a/files/conf/home-conf/.config/geany/keybindings.conf
+++ b/files/conf/home-conf/.config/geany/keybindings.conf
--- a/files/conf/home-conf/.config/geany/plugins/VC/VC.conf
+++ b/files/conf/home-conf/.config/geany/plugins/VC/VC.conf
--- a/files/conf/home-conf/.config/geany/plugins/autoclose/autoclose.conf
+++ b/files/conf/home-conf/.config/geany/plugins/autoclose/autoclose.conf
--- a/files/conf/home-conf/.config/geany/plugins/filebrowser/filebrowser.conf
+++ b/files/conf/home-conf/.config/geany/plugins/filebrowser/filebrowser.conf
--- a/files/conf/home-conf/.config/geany/plugins/git-changebar/git-changebar.conf
+++ b/files/conf/home-conf/.config/geany/plugins/git-changebar/git-changebar.conf
--- a/files/conf/home-conf/.config/geany/plugins/overview/prefs.conf
+++ b/files/conf/home-conf/.config/geany/plugins/overview/prefs.conf
--- a/files/conf/home-conf/.config/geany/templates/templates.README
+++ b/files/conf/home-conf/.config/geany/templates/templates.README
--- a/files/conf/home-conf/.config/geany/ui_toolbar.xml
+++ b/files/conf/home-conf/.config/geany/ui_toolbar.xml
--- a/files/themes/geany/nord.conf
+++ b/files/themes/geany/nord.conf
--- a/roles/geany/tasks/apply_config_geany.yml
+++ b/roles/geany/tasks/apply_config_geany.yml
+---
+# roles/geany/apply_config_geany
+- fail:
+    msg: "Variable not defined: {{ item }}"
+  when: item not in vars
+  with_items:
+    - vm_user
+- name: Make sure user .config directory exists
+  become: true
+  become_user: "{{ vm_user }}"
+  file:
+    owner: "{{ vm_user }}"
+    group: "{{ vm_user }}"
+    path: /home/{{ vm_user }}/.config
+    state: directory
+- name: Install geany config
+  become: true
+  copy:
+    owner: "{{ vm_user }}"
+    group: "{{ vm_user }}"
+    src: config/geany
+    dest: "/home/{{ vm_user }}/.config"
+    force: "{{ overwrite_config | default(false) }}"
--- a/roles/geany/tasks/main.yml
+++ b/roles/geany/tasks/main.yml
+---
+# roles/geany
+- fail:
+    msg: "Variable not defined: {{ item }}"
+  when: item not in vars
+  with_items:
+    - vm_user
+- name: Install geany
+  become: true
+  apt:
+    name:
+      - geany
+      - geany-plugin-autoclose
+      - geany-plugin-automark
+      - geany-plugin-overview
+      - geany-plugin-vc
+      - geany-plugin-git-changebar
+    state: present
+    install_recommends: false
+    force_apt_get: true
+- name: Install geany theme
+  become: true
+  copy:
+    owner: root
+    group: root
+    src: themes/geany/nord.conf
+    dest: /usr/share/geany/colorschemes/
+- name: Apply config
+  import_tasks: apply_config_geany.yml