foo.sh/ansible-desktop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move most of configurations to roles

Browse source
This commit is contained in:
Timo Makinen 2021-06-25 15:57:27 +00:00
parent 25fb532e90
commit cc04ed028d
3 changed files with 13 additions and 154 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "roles"]
path = roles
url = https://git.foo.sh/ansible-software.git

163
deploy.yml
View file

@ -6,6 +6,15 @@
become: true become: true
become_method: sudo become_method: sudo
roles:
- cups
- git
- google-chrome
- kerberos
- ldap
- mutt
- spotify
tasks: tasks:
- name: "remove unneeded packages" - name: "remove unneeded packages"
package: package:
@ -27,157 +36,3 @@
path: /etc/default/grub path: /etc/default/grub
regexp: "^GRUB_TIMEOUT=" regexp: "^GRUB_TIMEOUT="
state: absent state: absent
- name: "enable google chrome repository"
yum_repository:
name: google-chrome
baseurl: http://dl.google.com/linux/chrome/rpm/stable/x86_64
description: Google Chrome
gpgcheck: true
gpgkey: https://dl.google.com/linux/linux_signing_key.pub
enabled: true
- name: "install google chrome"
package:
name: google-chrome
state: present
- name: "create google chrome policy directories"
file:
path: "{{ item }}"
state: directory
mode: 0755
owner: root
group: root
with_items:
- /etc/opt/chrome/policies/managed
- /etc/opt/chrome/policies/recommended
- name: "install google chrome managed settings"
copy:
dest: /etc/opt/chrome/policies/managed/defaults.json
content: |
{
"HomepageLocation": "https://www.foo.sh",
"PasswordManagerEnabled": false,
}
mode: 0644
owner: root
group: root
- name: "install google chrome recommended settings"
copy:
dest: /etc/opt/chrome/policies/recommended/defaults.json
content: |
{
"RestoreOnStartup": 1,
"ImportHistory": false
}
mode: 0644
owner: root
group: root
- name: "enable spotify repository"
yum_repository:
name: spotify
baseurl: https://negativo17.org/repos/spotify/fedora-$releasever/x86_64/
description: Spotify
gpgcheck: true
gpgkey: https://negativo17.org/repos/RPM-GPG-KEY-slaanesh
enabled: true
- name: "install spotify"
package:
name: spotify
state: present
- name: "install generic tools"
package:
name: "{{ item }}"
state: present
with_items:
- dia
- elinks
- geteltorito
- gimp
- krb5-workstation
- mutt
- openldap-clients
- setroubleshoot
- thunderbird
- name: "install extra packages for development"
package:
name: "{{ item }}"
state: present
with_items:
- black
- emacs
- htop
- iftop
- iotop
- python3-ansible-lint
- ShellCheck
- strace
- yamllint
- vim-enhanced
- wireshark
- name: "install virtualization packages"
package:
name: "{{ item }}"
state: present
with_items:
- libvirt
- podman
- virt-install
- virt-manager
- name: configure libvirtd socket permissions
lineinfile:
path: /etc/libvirt/libvirtd.conf
regexp: "^#?unix_sock_group = .*"
line: 'unix_sock_group = "wheel"'
- name: enable libvirtd service
service:
name: libvirtd
enabled: true
state: started
- name: "configure mutt"
copy:
dest: /etc/Muttrc.local
content: |
set use_8bitmime
set hostname=foo.sh
set imap_authenticators="gssapi:plain"
set spoolfile=imaps://${USER}@mail.foo.sh/INBOX
set folder=imaps://${USER}@mail.foo.sh
mode: 0644
owner: root
group: root
- name: "configure ldap client"
copy:
dest: /etc/openldap/ldap.conf
content: |
BASE dc=foo,dc=sh
URI ldaps://ldap.foo.sh
mode: 0644
owner: root
group: root
- name: "configure kerberos client"
copy:
dest: /etc/krb5.conf.d/foo.sh.conf
content: |
[libdefaults]
default_realm = FOO.SH
[domain_realm]
foo.sh = FOO.SH
.foo.sh = FOO.SH
[realms]
FOO.SH = {
kdc = https://id.foo.sh/KdcProxy
}
mode: 0644
owner: root
group: root

1
roles Submodule

@ -0,0 +1 @@
Subproject commit fd3743f293783c9ec17fae7fd18d58b988b6fe9f