From 03c7ad542de5c80bb9411b559dec54e74195ee8c Mon Sep 17 00:00:00 2001 From: polz Date: Mon, 11 Sep 2023 23:51:34 +0200 Subject: [PATCH] Dodane / premaknjene datoteke po role-ih iz skupnih v linroom --- roles/DF-63530/meta/main.yml | 2 +- roles/RPOI-90066/meta/main.yml | 1 + roles/RZP-63523/meta/main.yml | 2 +- .../templates/mozilla-firefox-apt-preferences | 3 + .../mozilla-firefox-unattended-upgrades | 1 + roles/fri_base/files/99-wakeonlan.rules | 1 + roles/fri_base/tasks/main.yml | 8 +- roles/fri_base/templates/default_keyboard | 10 ++ roles/fri_base/templates/pamconfig_groups | 6 + roles/fri_base/templates/security_group.conf | 108 ++++++++++++++++++ roles/fri_base/templates/sssd.conf | 30 +++++ .../templates/systemd_group_override.conf | 2 + roles/linroom_ad/tasks/main.yml | 44 ++++++- .../templates/lightdm-10-hide-users.conf | 2 + roles/macroom/tasks/main.yml | 16 +++ roles/maven/tasks/main_win.yml | 3 + roles/nodejs/tasks/main_win.yml | 3 + roles/pandas/tasks/main_lin.yml | 4 + roles/sifive/tasks/main_win.yml | 4 + roles/vlc/tasks/main_lin.yml | 4 + roles/vscode/handlers/main.yml | 4 + roles/xcode/tasks/main.yml | 0 22 files changed, 248 insertions(+), 10 deletions(-) create mode 100644 roles/firefox/templates/mozilla-firefox-apt-preferences create mode 100644 roles/firefox/templates/mozilla-firefox-unattended-upgrades create mode 100644 roles/fri_base/files/99-wakeonlan.rules create mode 100644 roles/fri_base/templates/default_keyboard create mode 100644 roles/fri_base/templates/pamconfig_groups create mode 100644 roles/fri_base/templates/security_group.conf create mode 100644 roles/fri_base/templates/sssd.conf create mode 100644 roles/fri_base/templates/systemd_group_override.conf create mode 100644 roles/linroom_ad/templates/lightdm-10-hide-users.conf create mode 100644 roles/macroom/tasks/main.yml create mode 100644 roles/maven/tasks/main_win.yml create mode 100644 roles/nodejs/tasks/main_win.yml create mode 100644 roles/pandas/tasks/main_lin.yml create mode 100644 roles/sifive/tasks/main_win.yml create mode 100644 roles/vlc/tasks/main_lin.yml create mode 100644 roles/vscode/handlers/main.yml create mode 100644 roles/xcode/tasks/main.yml diff --git a/roles/DF-63530/meta/main.yml b/roles/DF-63530/meta/main.yml index c508bbf..63df613 100644 --- a/roles/DF-63530/meta/main.yml +++ b/roles/DF-63530/meta/main.yml @@ -2,5 +2,5 @@ # Aleks.Huc@fri.uni-lj.si, Gasper.FeleZorz@fri.uni-lj.si # Windows, GNU/Linux, GNS3, VirtualBox dependencies: - - role: GNS3 + - role: gns3 - role: virtualbox diff --git a/roles/RPOI-90066/meta/main.yml b/roles/RPOI-90066/meta/main.yml index c12471d..7b01660 100644 --- a/roles/RPOI-90066/meta/main.yml +++ b/roles/RPOI-90066/meta/main.yml @@ -4,4 +4,5 @@ # Računalniška podpora oblikovanju I (ALUO) # Matija.Marolt@fri.uni-lj.si # SolidWorks +dependencies: - role: solidworks diff --git a/roles/RZP-63523/meta/main.yml b/roles/RZP-63523/meta/main.yml index edd03e3..7a01705 100644 --- a/roles/RZP-63523/meta/main.yml +++ b/roles/RZP-63523/meta/main.yml @@ -4,5 +4,5 @@ dependencies: - role: git - role: audacity - - role: IDEA + - role: idea diff --git a/roles/firefox/templates/mozilla-firefox-apt-preferences b/roles/firefox/templates/mozilla-firefox-apt-preferences new file mode 100644 index 0000000..f854044 --- /dev/null +++ b/roles/firefox/templates/mozilla-firefox-apt-preferences @@ -0,0 +1,3 @@ +Package: * +Pin: release o=LP-PPA-mozillateam +Pin-Priority: 1001 diff --git a/roles/firefox/templates/mozilla-firefox-unattended-upgrades b/roles/firefox/templates/mozilla-firefox-unattended-upgrades new file mode 100644 index 0000000..358d833 --- /dev/null +++ b/roles/firefox/templates/mozilla-firefox-unattended-upgrades @@ -0,0 +1 @@ +Unattended-Upgrade::Allowed-Origins:: "LP-PPA-mozillateam:${distro_codename}"; diff --git a/roles/fri_base/files/99-wakeonlan.rules b/roles/fri_base/files/99-wakeonlan.rules new file mode 100644 index 0000000..d4729ac --- /dev/null +++ b/roles/fri_base/files/99-wakeonlan.rules @@ -0,0 +1 @@ +ACTION=="add", SUBSYSTEM=="net", NAME=="e*", RUN+="/usr/sbin/ethtool -s $name wol g" diff --git a/roles/fri_base/tasks/main.yml b/roles/fri_base/tasks/main.yml index 55203f6..1d2f17e 100644 --- a/roles/fri_base/tasks/main.yml +++ b/roles/fri_base/tasks/main.yml @@ -1,4 +1,4 @@ -- import_tasks: main_win.yml - when: ansible_connection == 'winrm' -- import_tasks: main_lin.yml - when: ansible_connection == 'ssh' +# - import_tasks: main_win.yml +# when: ansible_connection == 'winrm' +# - import_tasks: main_lin.yml +# when: ansible_connection == 'ssh' diff --git a/roles/fri_base/templates/default_keyboard b/roles/fri_base/templates/default_keyboard new file mode 100644 index 0000000..7477e81 --- /dev/null +++ b/roles/fri_base/templates/default_keyboard @@ -0,0 +1,10 @@ +# KEYBOARD CONFIGURATION FILE + +# Consult the keyboard(5) manual page. + +XKBMODEL="pc105" +XKBLAYOUT="si" +XKBVARIANT="" +XKBOPTIONS="" + +BACKSPACE="guess" diff --git a/roles/fri_base/templates/pamconfig_groups b/roles/fri_base/templates/pamconfig_groups new file mode 100644 index 0000000..ebde502 --- /dev/null +++ b/roles/fri_base/templates/pamconfig_groups @@ -0,0 +1,6 @@ +Name: Additional group management through /etc/security/groups.conf +Default: yes +Priority: 0 +Auth-Type: Additional +Auth-Final: + optional pam_group.so diff --git a/roles/fri_base/templates/security_group.conf b/roles/fri_base/templates/security_group.conf new file mode 100644 index 0000000..0568a16 --- /dev/null +++ b/roles/fri_base/templates/security_group.conf @@ -0,0 +1,108 @@ +# +# This is the configuration file for the pam_group module. +# + +# +# *** Please note that giving group membership on a session basis is +# *** NOT inherently secure. If a user can create an executable that +# *** is setgid a group that they are infrequently given membership +# *** of, they can basically obtain group membership any time they +# *** like. Example: games are allowed between the hours of 6pm and 6am +# *** user joe logs in at 7pm writes a small C-program toplay.c that +# *** invokes their favorite shell, compiles it and does +# *** "chgrp play toplay; chmod g+s toplay". They are basically able +# *** to play games any time... You have been warned. AGM +# + +*;*;*;Al0000-2400;{{ additional_groups|join(',') }} + +# +# The syntax of the lines is as follows: +# +# services;ttys;users;times;groups +# +# white space is ignored and lines maybe extended with '\\n' (escaped +# newlines). From reading these comments, it is clear that +# text following a '#' is ignored to the end of the line. +# +# the combination of individual users/terminals etc is a logic list +# namely individual tokens that are optionally prefixed with '!' (logical +# not) and separated with '&' (logical and) and '|' (logical or). +# +# services +# is a logic list of PAM service names that the rule applies to. +# +# ttys +# is a logic list of terminal names that this rule applies to. +# +# users +# is a logic list of users or a netgroup of users to whom this +# rule applies. +# +# NB. For these items the simple wildcard '*' may be used only once. +# With netgroups no wildcards or logic operators are allowed. +# +# times +# It is used to indicate "when" these groups are to be given to the +# user. The format here is a logic list of day/time-range +# entries the days are specified by a sequence of two character +# entries, MoTuSa for example is Monday Tuesday and Saturday. Note +# that repeated days are unset MoMo = no day, and MoWk = all weekdays +# bar Monday. The two character combinations accepted are +# +# Mo Tu We Th Fr Sa Su Wk Wd Al +# +# the last two being week-end days and all 7 days of the week +# respectively. As a final example, AlFr means all days except Friday. +# +# Each day/time-range can be prefixed with a '!' to indicate "anything +# but" +# +# The time-range part is two 24-hour times HHMM separated by a hyphen +# indicating the start and finish time (if the finish time is smaller +# than the start time it is deemed to apply on the following day). +# +# groups +# The (comma or space separated) list of groups that the user +# inherits membership of. These groups are added if the previous +# fields are satisfied by the user's request +# +# For a rule to be active, ALL of service+ttys+users must be satisfied +# by the applying process. +# + +# +# Note, to get this to work as it is currently typed you need +# +# 1. to run an application as root +# 2. add the following groups to the /etc/group file: +# floppy, play, sound +# + +# +# Here is a simple example: running 'xsh' on tty* (any ttyXXX device), +# the user 'us' is given access to the floppy (through membership of +# the floppy group) +# + +#xsh;tty*&!ttyp*;us;Al0000-2400;floppy + +# +# another example: running 'xsh' on tty* (any ttyXXX device), +# the user 'sword' is given access to games (through membership of +# the sound and play group) after work hours. +# + +#xsh; tty* ;sword;!Wk0900-1800;sound, play +#xsh; tty* ;*;Al0900-1800;floppy + +# +# yet another example: any member of the group 'admin' running +# 'xsh' on tty*, is granted access (at any time) to the group 'plugdev' +# + +#xsh; tty* ;%admin;Al0000-2400;plugdev + +# +# End of group.conf file +# diff --git a/roles/fri_base/templates/sssd.conf b/roles/fri_base/templates/sssd.conf new file mode 100644 index 0000000..cd745fa --- /dev/null +++ b/roles/fri_base/templates/sssd.conf @@ -0,0 +1,30 @@ +[sssd] +config_file_version = 2 +domains = fri1.uni-lj.si +enable_files_domain = False +services = nss, pam + +[nss] +filtered_groups = root +filtered_users = root +reconnection_retries = 3 + +[pam] +reconnection_retries = 3 + +[domain/fri1.uni-lj.si] +ad_domain = fri1.uni-lj.si +ad_server = dcv1fri1.fri1.uni-lj.si,dcv2fri1.fri1.uni-lj.si +ad_maximum_machine_account_password_age = 0 +ad_gpo_access_control = permissive +ad_enabled_domains = fri1.uni-lj.si, student.uni-lj.si, fkkt1.uni-lj.si, ef1.uni-lj.si, fe1.uni-lj.si, ff.uni-lj.si, fmf.uni-lj.si, fu.uni-lj.si, pef.uni-lj.si +krb5_realm = FRI1.UNI-LJ.SI +realmd_tags = manages-system joined-with-adcli +cache_credentials = True +id_provider = ad +krb5_store_password_if_offline = True +default_shell = /bin/bash +ldap_id_mapping = True +use_fully_qualified_names = True +fallback_homedir = /home/%u@%d +access_provider = ad diff --git a/roles/fri_base/templates/systemd_group_override.conf b/roles/fri_base/templates/systemd_group_override.conf new file mode 100644 index 0000000..f3d177b --- /dev/null +++ b/roles/fri_base/templates/systemd_group_override.conf @@ -0,0 +1,2 @@ +[Service] +SupplementaryGroups={{ additional_groups|join(' ') }} diff --git a/roles/linroom_ad/tasks/main.yml b/roles/linroom_ad/tasks/main.yml index 55203f6..bb9b362 100644 --- a/roles/linroom_ad/tasks/main.yml +++ b/roles/linroom_ad/tasks/main.yml @@ -1,4 +1,40 @@ -- import_tasks: main_win.yml - when: ansible_connection == 'winrm' -- import_tasks: main_lin.yml - when: ansible_connection == 'ssh' +- name: Install sssd + samba + keyutil + apt: + name: + - sssd + - sssd-ad + - realmd + - samba-common-bin + - smbclient + - cifs-utils + - smbclient + state: latest +- name: Install kerberos utils + apt: + name: + - keyutils + - krb5-user +- name: Install PAM modules + apt: + name: libpam-modules + state: latest +- name: Enable create homedir on login + command: pam-auth-update --enable mkhomedir + become: true +- name: Check whether we already joined + command: /bin/bash -c "/usr/sbin/realm list" + register: realm_list_results +- name: Join using realmd + expect: + command: realm join --user=ad.join@FRI1.UNI-LJ.SI --computer-ou=OU=Ucilnice FRI1.UNI-LJ.SI + responses: + (?i)Password: "{{ad_join_password}}" + ignore_errors: yes + when: realm_list_results.stdout == "" + +- name: Copy sssd config + template: + src: sssd.conf + dest: "/etc/sssd/sssd.conf" + owner: root + mode: 0600 diff --git a/roles/linroom_ad/templates/lightdm-10-hide-users.conf b/roles/linroom_ad/templates/lightdm-10-hide-users.conf new file mode 100644 index 0000000..bd04314 --- /dev/null +++ b/roles/linroom_ad/templates/lightdm-10-hide-users.conf @@ -0,0 +1,2 @@ +[Seat:*] +greeter-hide-users=true diff --git a/roles/macroom/tasks/main.yml b/roles/macroom/tasks/main.yml new file mode 100644 index 0000000..baa3222 --- /dev/null +++ b/roles/macroom/tasks/main.yml @@ -0,0 +1,16 @@ +- name: Download R + get_url: + url: https://cran.r-project.org/bin/macosx/base/R-4.2.1.pkg + dest: /tmp/R-4.2.1.pkg +- name: install R + shell: installer -pkg /tmp/R-4.2.1.pkg -target / +- name: Download RStudio + get_url: + url: https://download1.rstudio.org/desktop/macos/RStudio-2022.07.2-576.dmg + dest: /tmp/RStudio-2022.07.2-576.dmg +- name: mount RStudio .dmg + shell: hdiutil attach /tmp/RStudio-2022.07.2-576.dmg +- name: install RStudio + shell: cp -a /Volumes/RStudio-2022.07.2-576 /Volumes/Applications +- name: umount RStudio .dmg + shell: hdiutil detach /Volumes/RStudio-2022.07.2-576 diff --git a/roles/maven/tasks/main_win.yml b/roles/maven/tasks/main_win.yml new file mode 100644 index 0000000..975c0d7 --- /dev/null +++ b/roles/maven/tasks/main_win.yml @@ -0,0 +1,3 @@ +- name: Install maven + win_chocolatey: + name: maven diff --git a/roles/nodejs/tasks/main_win.yml b/roles/nodejs/tasks/main_win.yml new file mode 100644 index 0000000..eedccfa --- /dev/null +++ b/roles/nodejs/tasks/main_win.yml @@ -0,0 +1,3 @@ +- name: Install NodeJS + win_chocolatey: + name: nodejs diff --git a/roles/pandas/tasks/main_lin.yml b/roles/pandas/tasks/main_lin.yml new file mode 100644 index 0000000..794af91 --- /dev/null +++ b/roles/pandas/tasks/main_lin.yml @@ -0,0 +1,4 @@ +- name: Install pandas + apt: + name: python3-pandas + state: latest diff --git a/roles/sifive/tasks/main_win.yml b/roles/sifive/tasks/main_win.yml new file mode 100644 index 0000000..0a887bd --- /dev/null +++ b/roles/sifive/tasks/main_win.yml @@ -0,0 +1,4 @@ +# SiFive je bil nekoc prosto dostopen. +# Sedaj hocejo, da se registriras... da prides do kode +# Potem pa ti ne dajo izvorne kode. +# ucilnice_install/2022-23/ORS_VGRS_Bulic diff --git a/roles/vlc/tasks/main_lin.yml b/roles/vlc/tasks/main_lin.yml new file mode 100644 index 0000000..58c2b91 --- /dev/null +++ b/roles/vlc/tasks/main_lin.yml @@ -0,0 +1,4 @@ +- name: Install VLC + apt: + name: vlc + state: latest diff --git a/roles/vscode/handlers/main.yml b/roles/vscode/handlers/main.yml new file mode 100644 index 0000000..70c210e --- /dev/null +++ b/roles/vscode/handlers/main.yml @@ -0,0 +1,4 @@ +# Mark everything in bin/ directories executable. Some extensions do +# this on activation, but non-root users don’t have permission for it. +- name: fix VS code extensions + command: find /usr/share/code/resources/app -name bin -exec chmod -R +x '{}' ';' diff --git a/roles/xcode/tasks/main.yml b/roles/xcode/tasks/main.yml new file mode 100644 index 0000000..e69de29