diff --git a/bootstrap-packages.sh b/bootstrap-packages.sh new file mode 100644 index 0000000..4b9c974 --- /dev/null +++ b/bootstrap-packages.sh @@ -0,0 +1,2 @@ +#!/bin/sh +sudo apt-get update && sudo apt-get install python python-apt aptitude diff --git a/install-office-terminal.yml b/install-office-terminal.yml new file mode 100644 index 0000000..63aaf38 --- /dev/null +++ b/install-office-terminal.yml @@ -0,0 +1,13 @@ +--- + - hosts: new-office + become: yes + become_method: sudo + roles: + - common + - core + - hardware + - devel + - generate-hosts + - auth + - nfs + - csc-packages diff --git a/roles/auth/files/krb5.conf b/roles/auth/files/krb5.conf new file mode 100644 index 0000000..d7cdbb2 --- /dev/null +++ b/roles/auth/files/krb5.conf @@ -0,0 +1,66 @@ +[libdefaults] + default_realm = CSCLUB.UWATERLOO.CA + forwardable = true + proxiable = true + dns_lookup_kdc = false + dns_lookup_realm = false + +[realms] + CSCLUB.UWATERLOO.CA = { + kdc = kdc1.csclub.uwaterloo.ca + kdc = kdc2.csclub.uwaterloo.ca + admin_server = kadmin.csclub.uwaterloo.ca + } + + STUDENT.CS.UWATERLOO.CA = { + kdc = eponina.student.cs.uwaterloo.ca:88 + kdc = canadenis.student.cs.uwaterloo.ca:88 + admin_server = canadenis.student.cs.uwaterloo.ca:464 + } + + CS.UWATERLOO.CA = { + kdc = intacta.cs.uwaterloo.ca:88 + kdc = serverus.cs.uwaterloo.ca:88 + admin_server = intacta.cs.uwaterloo.ca:464 + } + + ADS.UWATERLOO.CA = { + kdc = ads.uwaterloo.ca:88 + admin_server = ads.uwaterloo.ca:464 + default_domain = ads.uwaterloo.ca + } + + NEXUS.UWATERLOO.CA = { + kdc = nexus.uwaterloo.ca:88 + kdc = nexus.uwaterloo.ca + admin_server = nexus.uwaterloo.ca:464 + } + +[domain_realm] + .uwaterloo.ca = ADS.UWATERLOO.CA + uwaterloo.ca = ADS.UWATERLOO.CA + .csclub.uwaterloo.ca = CSCLUB.UWATERLOO.CA + csclub.uwaterloo.ca = CSCLUB.UWATERLOO.CA + .nexus.uwaterloo.ca = NEXUS.UWATERLOO.CA + nexus.uwaterloo.ca = NEXUS.UWATERLOO.CA + .cs.uwaterloo.ca = CS.UWATERLOO.CA + cs.uwaterloo.ca = CS.UWATERLOO.CA + .student.cs.uwaterloo.ca = STUDENT.CS.UWATERLOO.CA + student.cs.uwaterloo.ca = STUDENT.CS.UWATERLOO.CA + +[logging] + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmin.log + default = FILE:/var/log/krb5.log + + +#[dbmodules] +# openldap_ldapconf = { +# db_library = kldap +# ldap_kerberos_container_dn = "cn=kerberos,dc=csclub,dc=uwaterloo,dc=ca" +# ldap_kdc_dn = "cn=kerberos-kdc,dc=csclub,dc=uwaterloo,dc=ca" +# ldap_kadmind_dn = "cn=kerberos-admin,dc=csclub,dc=uwaterloo,dc=ca" +# ldap_service_password_file = /etc/krb5kdc/service.keyfile +# ldap_servers = ldapi:/// +# } + diff --git a/roles/auth/files/ldap.conf b/roles/auth/files/ldap.conf new file mode 100644 index 0000000..35c47f8 --- /dev/null +++ b/roles/auth/files/ldap.conf @@ -0,0 +1,16 @@ +# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ +# +# LDAP Defaults +# + +# See ldap.conf(5) for details +# This file should be world readable but not world writable. + +BASE dc=csclub, dc=uwaterloo, dc=ca +URI ldap://ldap1.csclub.uwaterloo.ca ldap://ldap2.csclub.uwaterloo.ca + +SIZELIMIT 0 + +TLS_CACERT /etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem +TLS_CACERTFILE /etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem + diff --git a/roles/auth/files/ssh_config b/roles/auth/files/ssh_config new file mode 100644 index 0000000..29c3e3a --- /dev/null +++ b/roles/auth/files/ssh_config @@ -0,0 +1,25 @@ +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +Host * + SendEnv LANG LC_* + GSSAPITrustDns yes + GSSAPIKeyExchange yes + + GSSAPIAuthentication yes + GSSAPIDelegateCredentials yes + UseRoaming no diff --git a/roles/auth/files/sshd_config b/roles/auth/files/sshd_config new file mode 100644 index 0000000..ac165f7 --- /dev/null +++ b/roles/auth/files/sshd_config @@ -0,0 +1,64 @@ +# Package generated configuration file +# See the sshd(8) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 + +# Use only protocol version 2 +Protocol 2 + +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_ed25519_key +HostKey /etc/ssh/ssh_host_rsa_key +KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com + +# Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication +UsePAM yes +StrictModes yes +PermitRootLogin yes +LoginGraceTime 120 +MaxStartups 25:30:100 + +# password authentication via PAM (single sign-on initial case) +PasswordAuthentication yes +PermitEmptyPasswords no + +# keyboard-interactive authentication (like password, works with +needchange) +ChallengeResponseAuthentication yes + +# kerberos (single sign-on already authenticated case) +GSSAPIAuthentication yes +GSSAPIKeyExchange yes +GSSAPICleanupCredentials yes + +# public key authentication with authorized_keys +PubkeyAuthentication yes + +# no single sign-on via hosts.equiv; we use kerberos +HostbasedAuthentication no +IgnoreRhosts yes + +# no builtin kerberos auth with password, we do the same via pam_krb5 +KerberosAuthentication no + +# allow X forwarding +X11Forwarding yes +X11DisplayOffset 10 + +# PAM prints these already +PrintMotd no +PrintLastLog no + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server diff --git a/roles/auth/files/sssd.conf b/roles/auth/files/sssd.conf new file mode 100644 index 0000000..d678275 --- /dev/null +++ b/roles/auth/files/sssd.conf @@ -0,0 +1,28 @@ +[sssd] +config_file_version = 2 +services = nss, pam, sudo +domains = csclub.uwaterloo.ca + +[domain/csclub.uwaterloo.ca] +cache_credentials = true +enumerate = true + +id_provider = ldap +auth_provider = krb5 +sudo_provider = ldap +entry_cache_timeout = 600 + +ldap_uri = ldaps://ldap1.csclub.uwaterloo.ca,ldaps://ldap2.csclub.uwaterloo.ca +ldap_tls_cacert = /etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem +ldap_tls_reqcert = demand +ldap_search_base = dc=csclub,dc=uwaterloo,dc=ca +ldap_schema = rfc2307bis +ldap_group_member = uniqueMember + +ldap_user_search_base = ou=People,dc=csclub,dc=uwaterloo,dc=ca +ldap_group_search_base = ou=Group,dc=csclub,dc=uwaterloo,dc=ca +ldap_sudo_search_base = ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca + +krb5_realm = CSCLUB.UWATERLOO.CA +krb5_server = kdc1.csclub.uwaterloo.ca,kdc2.csclub.uwaterloo.ca +krb5_kpasswd = kadmin.csclub.uwaterloo.ca diff --git a/roles/auth/tasks/main.yml b/roles/auth/tasks/main.yml new file mode 100644 index 0000000..7f7f0d0 --- /dev/null +++ b/roles/auth/tasks/main.yml @@ -0,0 +1,54 @@ +--- + +- name: install libpam-csc + apt: name=libpam-csc state=latest + +- name: install required aptitude packages + apt: name={{ item }} state=latest + with_items: + - krb5-user + - ldap-utils + - sssd + - sssd-tools + +- name: install ubuntu sss pam and nss + apt: name={{ item }} state=latest + when: ansible_distribution == 'Ubuntu' + with_items: + - libnss-sss + - libpam-sss + +- name: copy over configs + template: src={{ item.src }} dest={{ item.dest }} + with_items: + - { src: 'krb5.conf', dest: '/etc/krb5.conf' } + - { src: 'ldap.conf', dest: '/etc/ldap/ldap.conf' } + - { src: 'sssd.conf', dest: '/etc/sssd/sssd.conf' } + - { src: 'sshd_config', dest: '/etc/ssh/sshd_config' } + - { src: 'ssh_config', dest: '/etc/ssh/ssh_config' } + +- name: configure PAM for syscom machine + when: syscom + blockinfile: + dest: /etc/pam.d/common-account + block: | + # make sure user is up to date, except system accounts and syscom + account [success=2 default=ignore] pam_succeed_if.so quiet uid < 10000 + account [success=1 default=ignore] pam_succeed_if.so quiet user ingroup syscom + account required pam_deny.so + +- name: configure PAM for regular machine + when: not syscom + blockinfile: + dest: /etc/pam.d/common-account + block: | + # make sure user is up to date, except system accounts and syscom + account [success=2 default=ignore] pam_succeed_if.so quiet uid < 10000 + account [success=1 default=ignore] pam_succeed_if.so quiet user ingroup syscom + account required pam_csc.so + +- name: restart services + service: name={{ item }} state=restarted + with_items: + - sssd + - ssh \ No newline at end of file diff --git a/roles/common/tasks/etckeeper.yml b/roles/common/tasks/etckeeper.yml new file mode 100644 index 0000000..1ddba3e --- /dev/null +++ b/roles/common/tasks/etckeeper.yml @@ -0,0 +1,29 @@ +--- + +- name: Install git + apt: name=git state=latest + +- name: install etckeeper + apt: name=etckeeper state=present + register: etckeeper + +- name: update etckeeper VCS + lineinfile: dest=/etc/etckeeper/etckeeper.conf + state=present + backrefs=yes + regexp={{ item.regex }} + line={{ item.line }} + with_items: + - { regex: '^(VCS=.*)$', line: '#\1' } + - { regex: '^#(VCS=\"git\")$', line: '\1' } + when: etckeeper.changed == true + +- name: re-initialize etckeeper with git + command: "{{ item }}" + with_items: + - 'etckeeper uninit -f' + - 'etckeeper init' + - 'etckeeper commit "Initial commit"' + args: + chdir: /etc + when: etckeeper.changed == true diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..6aecb41 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,27 @@ +--- + +- name: Add debian.csclub.uwaterloo.ca GPG key + apt_key: url=http://debian.csclub.uwaterloo.ca/csclub.asc state=present + +- name: Add debian.csclub.uwaterloo.ca repository + apt_repository: repo="{{ item }}" state=present + with_items: + - "deb http://debian.csclub.uwaterloo.ca/ {{ ansible_distribution_release }} main" + - "deb-src http://debian.csclub.uwaterloo.ca/ {{ ansible_distribution_release }} main" + +- name: Update apt and packages (if just installed unlikely) + package: update_cache=yes upgrade=safe + +- name: ensure directories exist + file: path={{ item }} state=directory + with_items: + - /etc/opt/chrome/policies/managed/ + - /etc/firefox + +- name: copy chrome managed policy + copy: src={{ item.src }} dest={{ item.dest }} backup=no + with_items: + - { src: 'files/web-kerberos/chrome.json', dest: '/etc/opt/chrome/policies/managed/csc-kerberos.json' } + - { src: 'files/web-kerberos/firefox.js', dest: '/etc/firefox/syspref.js' } + +- include: etckeeper.yml diff --git a/roles/core/tasks/main.yml b/roles/core/tasks/main.yml new file mode 100644 index 0000000..df06976 --- /dev/null +++ b/roles/core/tasks/main.yml @@ -0,0 +1,120 @@ +--- + +- name: Install Shells + apt: name={{ item }} state=latest + with_items: + - bash + - zsh + - zsh-doc + - dash + - ksh + - tcsh + - csh + - rc + - bash-doc + - bash-completion + - bashdb + +- name: Install Editors + apt: name={{ item }} state=latest + with_items: + - vim-nox + - ed + - nano + +- name: Install words + apt: name={{ item }} state=latest + with_items: + - wamerican-insane + +- name: Install utils + apt: name={{ item }} state=latest + with_items: + - acl + - tmux + - screen + - less + - lsof + - bc + - dc + - psmisc + - procps + - htop + - schedtool + - pciutils + - rsync + +- name: Install compression + apt: name={{ item }} state=latest + with_items: + - bzip2 + - gzip + - pax + - lzma + - xz-utils + - cpio + +- name: Install ncurses + apt: name={{ item }} state=latest + with_items: + - ncurses-bin + - ncurses-term + +- name: Install network + apt: name={{ item }} state=latest + with_items: + - iputils-ping + - iputils-arping + - traceroute + - telnet + - iproute2 + - ethtool + - dnsutils + - whois + - wget + - curl + - netcat-traditional + - netcat-openbsd + - vlan + - bridge-utils + - tcpdump + - tshark + - ftp + - tftp + +- name: Install ntp + apt: name=ntp state=latest + +- name: Install debian package management + apt: name={{ item }} state=latest + with_items: + - aptitude + - dselect + +- name: Install gpg + apt: name=gnupg state=latest + +- name: Install fail2ban + apt: name=fail2ban state=latest + +- name: Install man pages + apt: name={{ item }} state=latest + with_items: + - manpages + - info + +- name: Install rsyslog + apt: name=rsyslog state=latest + +- name: Install molly-guard + apt: name=molly-guard state=latest + +- name: Install ssmtp + apt: name=ssmtp state=latest + +- name: Configure ssmtp + lineinfile: dest=/etc/ssmtp/ssmtp.conf + state=present + backrefs=yes + regexp='^#(FromLineOverride=YES)$' + line='\\1' \ No newline at end of file diff --git a/roles/csc-packages/tasks/main.yml b/roles/csc-packages/tasks/main.yml new file mode 100644 index 0000000..393f138 --- /dev/null +++ b/roles/csc-packages/tasks/main.yml @@ -0,0 +1,7 @@ +--- + +- name: Install CSC packages + apt: name={{ item }} state=latest + with_items: + - ceo-python + - library \ No newline at end of file diff --git a/roles/devel/tasks/main.yml b/roles/devel/tasks/main.yml new file mode 100644 index 0000000..77e057e --- /dev/null +++ b/roles/devel/tasks/main.yml @@ -0,0 +1,378 @@ +--- + +- name: Install build essentials + apt: name=build-essential state=latest + +- name: Install debian dev stuff + apt: name={{ item }} state=latest + with_items: + - dpkg-dev + - devscripts + - debootstrap + - dupload + - fakeroot + - debhelper + - dh-make + - dh-make-perl + - dh-buildinfo + - cdbs + - dpatch + - kernel-package + - lintian + - alien + - po-debconf + - pbuilder + - dpkg-repack + +- name: Install build helpers + apt: name={{ item }} state=latest + with_items: + - make + - make-doc + - autoconf + - autoconf-doc + - automake + - cmake + - ccache + - ant + - ant-optional + - scons + - qt5-qmake + - qt4-qmake + - autogen + - autotools-dev + - autoproject + - kbuild + +- name: Install OpenJDK + apt: name={{ item }} state=latest + with_items: + - openjdk-8-jdk + +- name: Install Debuggers + apt: name={{ item }} state=latest + with_items: + - strace + - gdb + - elfutils + - valgrind + - libc6-dbg + +- name: Install interpreters + apt: name={{ item }} state=latest + with_items: + - python3 + - python + - perl + - ruby + +- name: Install dev docs + apt: name={{ item }} state=latest + with_items: + - manpages-dev + - gcc-doc + - cpp-doc + - binutils-doc + - manpages-posix-dev + - glibc-doc + - glibc-doc-reference + - gdb-doc + - stl-manual + - perl-doc + +- name: Install x86 assembly tools + apt: name={{ item }} state=latest + with_items: + - bin86 + - nasm + - yasm + +- name: Install scanning and parsing utils + apt: name={{ item }} state=latest + with_items: + - flex + - flex-doc + - bison + - bison-doc + - ragel + - byacc + - re2c + +- name: Install VCS + apt: name={{ item }} state=latest + with_items: + - git + - git-email + - git-cvs + - git-svn + - git-arch + - git-doc + - git-buildpackage + - mercurial + - subversion + - subversion-tools + - darcs + - bzr + - bzrtools + - cvs + - cvsps + - wdiff + - colordiff + - patch + - patchutils + - quilt + - gitk + - git-gui + - diffutils + - tkdiff + +- name: Install mono + apt: name={{ item }} state=latest + with_items: + - mono-complete + - mono-devel + - mono-profiler + - mono-tools-devel + - mono-tools-gui + - mono-vbnc + +- name: Install haskell + apt: name={{ item }} state=latest + with_items: + - ghc + - ghc-doc + - haskell-platform + +- name: Install ocaml + apt: name={{ item }} state=latest + with_items: + - ocaml + - camlp4 + +- name: Install python and libs + apt: name={{ item }} state=latest + with_items: + - python3-virtualenv + - python3-pip + - python3-all-dev + - python-pip + - python-virtualenv + - drpython + - ipython + - pylint + - pychecker + - pyflakes + - python-all-dev + - python-m2crypto + - python-mysqldb + - python-imaging + - python-libxml2 + - python-libxslt1 + - python-numpy + - python-numpy-doc + - python-twisted + - python-openssl + - python-pexpect + - python-pyasn1 + - python-pysnmp4 + - python-sqlobject + - python-subversion + - python-urwid + - python-xmpp + - python-beautifulsoup + - python-chardet + - python-kerberos + - python-mako + - python-pyme + - python-rpm + - python-selinux + - python-setuptools + - python-simplejson + - python-sqlite + - python-sqlitecachec + - python-urlgrabber + - python-cups + - python-notify + - python-tk + - jython + - jython-doc + +- name: Install ruby + apt: name={{ item }} state=latest + with_items: + - ruby-dev + - rake + +- name: Install llvm + apt: name={{ item }} state=latest + with_items: + - clang + - llvm + - llvm-dev + +- name: Install scheme/racket + apt: name={{ item }} state=latest + with_items: + - racket + - racket-doc + - scheme2c + - guile-1.8 + - guile-1.8-dev + - tinyscheme + - chicken-bin + - mit-scheme-doc + - scheme9 + - stalin + +- name: Install tcl/tk + apt: name={{ item }} state=latest + with_items: + - tcl + - tcl-dev + - tcl8.5 + - tk + - tk-dev + +- name: Install lua + apt: name={{ item }} state=latest + with_items: + - lua5.3 + - liblua5.3-dev + +- name: Install misc scripting + apt: name={{ item }} state=latest + with_items: + - swig + - gawk + - mawk + - m4 + +- name: Install misc languages + apt: name={{ item }} state=latest + with_items: + - gfortran + - erlang + - erlang-dev + - beef + - intercal + - php-cli + - rhino + - sbcl + +- name: Install AVR tools + apt: name={{ item }} state=latest + with_items: + - gcc-avr + - binutils-avr + - gdb-avr + - avrdude + - avrdude-doc + - simulavr + - avarice + - avr-libc + - avra + - avrp + - uisp + - usbprog + +- name: Install misc libs + apt: name={{ item }} state=latest + with_items: + - libpam2-dev + - libpam0g-dev + - comerr-dev + - e2fslibs-dev + - libcap-dev + - libattr1-dev + - libacl1-dev + - libselinux1-dev + - libpcre3-dev + - libapt-pkg-dev + - linux-libc-dev + - libkrb5-dev + - libgnutls-dev + - libreadline-dev + - libncurses5-dev + - libncursesw5-dev + - libghc-mtl-dev + - libghc-mtl-prof + - libghc-mtl-doc + - libghc-network-dev + - libghc-parsec3-dev + - libboost-dev + - zlib1g-dev + - libbz2-dev + - libcurl4-gnutls-dev + - libexpat1-dev + - libglib2.0-dev + - libgmp3-dev + - libsasl2-dev + - libsctp-dev + - libsqlite3-dev + - libssl-dev + - libxml2-dev + - libxslt1-dev + - ss-dev + - mesa-common-dev + - uuid-dev + - libprotobuf-c-dev + - libprotobuf-dev + - libffi-dev + - libidl-dev + - libelf-dev + - libdw-dev + - libaudit-dev + - libgmp-dev + - libmpfr-dev + - libmpc-dev + - libfplll-dev + +- name: Install x11 libs + apt: name={{ item }} state=latest + with_items: + - xorg-dev + - libgtk2.0-dev + - libqt4-dev + - libsdl1.2-dev + - freeglut3-dev + - libgl1-mesa-dev + - libglu1-mesa-dev + - libghc-x11-dev + - libghc-x11-doc + - libghc-x11-prof + - libgtkmm-2.4-dev + - glade + - xutils-dev + +- name: Install IDEs + apt: name={{ item }} state=latest + with_items: + - eclipse + - monodevelop + +- name: Install cross toolchains + apt: name={{ item }} state=latest + with_items: + - gcc-5-arm-linux-gnueabi + - gcc-5-mips-linux-gnu + - gcc-5-mipsel-linux-gnu + - gcc-5-powerpc-linux-gnu + - gcc-5-sparc64-linux-gnu + - gcc-5-s390x-linux-gnu + +- name: Install misc dev tools + apt: name={{ item }} state=latest + with_items: + - gperf + - gettext + - check + - dejagnu + - doxygen + - exuberant-ctags + - indent + - cutils + - chrpath + - openmpi-bin + - openmpi-doc + - protobuf-compiler + - protobuf-c-compiler diff --git a/roles/generate-hosts/tasks/main.yml b/roles/generate-hosts/tasks/main.yml new file mode 100644 index 0000000..95a54ea --- /dev/null +++ b/roles/generate-hosts/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- name: update hosts + connection: local + become: no + git: repo=~git/public/hosts.git dest=generate-hosts + +- name: generate hosts file + connection: local + become: no + shell: generate-hosts/generate-hosts.py < generate-hosts/hosts.in > generate-hosts/hosts + +- name: copy hosts file + copy: src=generate-hosts/hosts dest=/etc/hosts backup=yes diff --git a/roles/hardware/tasks/main.yml b/roles/hardware/tasks/main.yml new file mode 100644 index 0000000..5e3993e --- /dev/null +++ b/roles/hardware/tasks/main.yml @@ -0,0 +1,18 @@ +--- + +- name: Install hardware probing tools + apt: name={{ item }} state=latest + with_items: + - lm-sensors + - smartmontools + - hwinfo + - lshw + - acpi + +- name: Install framebuffer stuff + apt: name={{ item }} state=latest + with_items: + - vbetool + - fbset + - read-edid + diff --git a/roles/nfs/tasks/main.yml b/roles/nfs/tasks/main.yml new file mode 100644 index 0000000..e8b0165 --- /dev/null +++ b/roles/nfs/tasks/main.yml @@ -0,0 +1,30 @@ +--- + +- name: Install nfs-common + apt: name=nfs-common state=latest + +- name: change NEED_GSSD to NEED_GSSD=1 + lineinfile: dest=/etc/default/nfs-common + state=present + backrefs=yes + regexp='^NEED_GSSD=$' + line='NEED_GSSD=1' + +- name: restart and enable rpc-gssd + service: name=rpc-gssd state=started enabled=yes + +- name: ensure mountpoints exist + file: path={{ item }} state=directory + with_items: + - /users + - /music + - /scratch + +- name: Add fstab entry for users + mount: src="aspartame:/users" name=/users fstype=nfs opts="bg,vers=3,sec=krb5,nosuid,nodev" dump=0 passno=0 state=mounted + +- name: Add fstab entry for music + mount: src="aspartame:/music" name=/music fstype=nfs opts="bg,vers=3,sec=sys,nolock,noatime,nosuid,nodev" dump=0 passno=0 state=mounted + +- name: Add fstab entry for scratch + mount: src="corn-syrup:/scratch" name=/scratch fstype=nfs opts="bg,vers=3,sec=sys,noatime,nosuid,nodev" dump=0 passno=0 state=mounted diff --git a/roles/ubuntu-desktops/tasks/main.yml b/roles/ubuntu-desktops/tasks/main.yml new file mode 100644 index 0000000..b2ec58b --- /dev/null +++ b/roles/ubuntu-desktops/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +- name: Install Ubuntu desktop metapackages + apt: name={{ item }} state=latest + with_items: + - ubuntu-desktop + - kubuntu-desktop + - edubuntu-desktop + - lubuntu-desktop + - mate-desktop-environment + - cinnamon-desktop-environment + - ubuntustudio-desktop + - xubuntu-desktop \ No newline at end of file