thinlinc_server: Change role name

roles/thinlinc_server/files/40-thinlinc-no-auth-dialogs.rules

@@ -0,0 +1,21 @@
+polkit.addRule(function(action, subject) {
+   if (action.id == "org.freedesktop.color-manager.create-device" ||
+        action.id == "org.freedesktop.color-manager.create-profile" ||
+        action.id == "org.freedesktop.color-manager.delete-device" ||
+        action.id == "org.freedesktop.color-manager.delete-profile" ||
+        action.id == "org.freedesktop.color-manager.modify-device" ||
+        action.id == "org.freedesktop.color-manager.modify-profile") {
+	if (!subject.local) {
+		return polkit.Result.NO;
+	}
+   }
+});
+
+polkit.addRule(function(action, subject) {
+   if (action.id == "org.freedesktop.packagekit.system-network-proxy-configure" ||
+       action.id == "org.freedesktop.packagekit.system-sources-refresh") {
+	if (!subject.local) {
+		return polkit.Result.NO;
+	}
+   }
+});

roles/thinlinc_server/files/tl-setup.local.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+cat <<EOF > /root/tl-setup.answer
+install-pygtk=yes
+email-address=adm@foo.sh
+setup-selinux=yes
+setup-nearest=no
+server-type=master
+setup-firewall=no
+install-python-ldap=no
+setup-apparmor=no
+missing-answer=ask
+install-nfs=no
+setup-thinlocal=no
+install-sshd=no
+tlwebadm-password=$(dd if=/dev/urandom count=1 2> /dev/null | base64 | tail -n 1 | cut -c 1-20)
+accept-eula=yes
+migrate-conf=old
+install-required-libs=yes
+EOF
+
+/opt/thinlinc/sbin/tl-setup -a /root/tl-setup.answer

roles/thinlinc_server/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: restart tlwebaccess
+  service:
+    name: tlwebaccess
+    state: restarted
+
+- name: restart vsmagent
+  service:
+    name: vsmagent
+    state: restarted

roles/thinlinc_server/tasks/main.yml

@@ -0,0 +1,121 @@
+---
+- name: install prequisites
+  package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
+    - gtk3
+    - python3
+    - python3-gobject
+
+- name: install thinlinc repository
+  yum_repository:
+    name: thinlinc
+    baseurl: "https://mirrors.foo.sh/thinlinc/{{ ansible_architecture }}"
+    description: Cendio Thinlinc
+    gpgcheck: false
+    enabled: true
+
+- name: install packages
+  package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
+    - thinlinc-tladm
+    - thinlinc-tlmisc
+    - thinlinc-tlmisc-libs
+    - thinlinc-tlprinter
+    - thinlinc-vnc-server
+    - thinlinc-vsm
+    - thinlinc-webaccess
+
+- name: run thinlinc setup
+  script:
+    cmd: tl-setup.local.sh
+    creates: /var/log/tlsetup.log
+
+- name: disable polkit auth dialogs during login
+  copy:
+    dest: /etc/polkit-1/rules.d/40-thinlinc-no-auth-dialogs.rules
+    src: 40-thinlinc-no-auth-dialogs.rules
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: use gnome desktop automatically
+  lineinfile:
+    path: /opt/thinlinc/etc/conf.d/profiles.hconf
+    regexp: "^order=.*"
+    line: order=gnome
+
+- name: disable introduction message
+  lineinfile:
+    path: /opt/thinlinc/etc/conf.d/profiles.hconf
+    regexp: "^show_intro=.*"
+    line: show_intro=false
+
+- name: configure vsmagent hostname
+  lineinfile:
+    path: /opt/thinlinc/etc/conf.d/vsmagent.hconf
+    regexp: "^agent_hostname=.*"
+    line: "agent_hostname={{ inventory_hostname }}"
+  notify: restart vsmagent
+
+- name: copy private key
+  copy:
+    dest: /opt/thinlinc/etc/tlwebaccess/server.key
+    src: "{{ item }}"
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"
+  with_first_found:
+    - "/srv/letsencrypt/live/{{ inventory_hostname }}/privkey.pem"
+    - "/srv/ca/certs/hosts/{{ inventory_hostname }}.key"
+  tags: certificates
+  notify: restart tlwebaccess
+
+- name: copy certificate
+  copy:
+    dest: /opt/thinlinc/etc/tlwebaccess/server.crt
+    src: "{{ item }}"
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+    validate: /usr/bin/openssl x509 -in %s -noout
+  with_first_found:
+    - "/srv/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem"
+    - "/srv/ca/private/{{ inventory_hostname }}.crt"
+  tags: certificates
+  notify: restart tlwebaccess
+
+- name: configure webaccess port
+  lineinfile:
+    path: /opt/thinlinc/etc/conf.d/webaccess.hconf
+    regexp: "^listen_port=.*"
+    line: "listen_port=443"
+  notify: restart tlwebaccess
+
+- name: configure webaccess url
+  lineinfile:
+    path: /opt/thinlinc/etc/conf.d/webaccess.hconf
+    regexp: "^login_page=.*"
+    line: "login_page=https://{{ inventory_hostname }}/"
+  notify: restart tlwebaccess
+
+- name: configure webaccess tls settings
+  lineinfile:
+    path: /opt/thinlinc/etc/conf.d/webaccess.hconf
+    regexp: "^gnutls_priority=.*"
+    line: "gnutls_priority=SECURE256"
+  notify: restart tlwebaccess
+
+- name: start thinlinc services
+  service:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+  with_items:
+    - tlwebaccess
+    - tlwebadm.service
+    - vsmagent
+    - vsmserver