108 lines
2.8 KiB
YAML
108 lines
2.8 KiB
YAML
---
|
|
- name: Install prequisites
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- gtk3
|
|
- librsvg2
|
|
- polkit
|
|
- python3
|
|
- python3-gobject
|
|
|
|
- name: Install ThinLinc repository
|
|
ansible.builtin.yum_repository:
|
|
name: thinlinc
|
|
baseurl: "https://mirrors.foo.sh/thinlinc/{{ ansible_architecture }}"
|
|
description: Cendio ThinLinc
|
|
gpgcheck: false
|
|
enabled: true
|
|
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: "thinlinc-server"
|
|
state: installed
|
|
|
|
- name: Run ThinLinc setup
|
|
ansible.builtin.script:
|
|
cmd: tl-setup.local.sh
|
|
creates: /var/log/tlsetup.log
|
|
|
|
- name: Disable polkit auth dialogs during login
|
|
ansible.builtin.copy:
|
|
dest: /etc/polkit-1/rules.d/40-thinlinc-no-auth-dialogs.rules
|
|
src: 40-thinlinc-no-auth-dialogs.rules
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Use GNOME desktop automatically
|
|
ansible.builtin.lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/profiles.hconf
|
|
regexp: "^order=.*"
|
|
line: order=gnome
|
|
|
|
- name: Disable introduction message
|
|
ansible.builtin.lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/profiles.hconf
|
|
regexp: "^show_intro=.*"
|
|
line: show_intro=false
|
|
|
|
- name: Copy private key
|
|
ansible.builtin.copy:
|
|
dest: /opt/thinlinc/etc/tlwebaccess/server.key
|
|
src: "{{ item }}"
|
|
mode: "0600"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
with_first_found:
|
|
- "/srv/letsencrypt/live/{{ inventory_hostname }}/privkey.pem"
|
|
- "/srv/ca/certs/hosts/{{ inventory_hostname }}.key"
|
|
tags: certificates
|
|
notify: Restart tlwebaccess
|
|
|
|
- name: Copy certificate
|
|
ansible.builtin.copy:
|
|
dest: /opt/thinlinc/etc/tlwebaccess/server.crt
|
|
src: "{{ item }}"
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
validate: /usr/bin/openssl x509 -in %s -noout
|
|
with_first_found:
|
|
- "/srv/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem"
|
|
- "/srv/ca/private/{{ inventory_hostname }}.crt"
|
|
tags: certificates
|
|
notify: Restart tlwebaccess
|
|
|
|
- name: Configure webaccess port
|
|
ansible.builtin.lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/webaccess.hconf
|
|
regexp: "^listen_port=.*"
|
|
line: "listen_port=443"
|
|
notify: Restart tlwebaccess
|
|
|
|
- name: Configure webaccess url
|
|
ansible.builtin.lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/webaccess.hconf
|
|
regexp: "^login_page=.*"
|
|
line: "login_page=https://{{ inventory_hostname }}/"
|
|
notify: Restart tlwebaccess
|
|
|
|
- name: Configure webaccess tls settings
|
|
ansible.builtin.lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/webaccess.hconf
|
|
regexp: "^gnutls_priority=.*"
|
|
line: "gnutls_priority=SECURE256"
|
|
notify: Restart tlwebaccess
|
|
|
|
- name: Enable services
|
|
ansible.builtin.service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: true
|
|
with_items:
|
|
- tlwebaccess
|
|
- tlwebadm.service
|
|
- vsmagent
|
|
- vsmserver
|