121 lines
3 KiB
YAML
121 lines
3 KiB
YAML
---
|
|
- name: install prequisites
|
|
package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- gtk3
|
|
- python3
|
|
- python3-gobject
|
|
|
|
- name: install thinlinc repository
|
|
yum_repository:
|
|
name: thinlinc
|
|
baseurl: "https://mirrors.foo.sh/thinlinc/{{ ansible_architecture }}"
|
|
description: Cendio Thinlinc
|
|
gpgcheck: false
|
|
enabled: true
|
|
|
|
- name: install packages
|
|
package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- thinlinc-tladm
|
|
- thinlinc-tlmisc
|
|
- thinlinc-tlmisc-libs
|
|
- thinlinc-tlprinter
|
|
- thinlinc-vnc-server
|
|
- thinlinc-vsm
|
|
- thinlinc-webaccess
|
|
|
|
- name: run thinlinc setup
|
|
script:
|
|
cmd: tl-setup.local.sh
|
|
creates: /var/log/tlsetup.log
|
|
|
|
- name: disable polkit auth dialogs during login
|
|
copy:
|
|
dest: /etc/polkit-1/rules.d/40-thinlinc-no-auth-dialogs.rules
|
|
src: 40-thinlinc-no-auth-dialogs.rules
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: use gnome desktop automatically
|
|
lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/profiles.hconf
|
|
regexp: "^order=.*"
|
|
line: order=gnome
|
|
|
|
- name: disable introduction message
|
|
lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/profiles.hconf
|
|
regexp: "^show_intro=.*"
|
|
line: show_intro=false
|
|
|
|
- name: configure vsmagent hostname
|
|
lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/vsmagent.hconf
|
|
regexp: "^agent_hostname=.*"
|
|
line: "agent_hostname={{ inventory_hostname }}"
|
|
notify: restart vsmagent
|
|
|
|
- name: copy private key
|
|
copy:
|
|
dest: /opt/thinlinc/etc/tlwebaccess/server.key
|
|
src: "{{ item }}"
|
|
mode: 0600
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
with_first_found:
|
|
- "/srv/letsencrypt/live/{{ inventory_hostname }}/privkey.pem"
|
|
- "/srv/ca/certs/hosts/{{ inventory_hostname }}.key"
|
|
tags: certificates
|
|
notify: restart tlwebaccess
|
|
|
|
- name: copy certificate
|
|
copy:
|
|
dest: /opt/thinlinc/etc/tlwebaccess/server.crt
|
|
src: "{{ item }}"
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
validate: /usr/bin/openssl x509 -in %s -noout
|
|
with_first_found:
|
|
- "/srv/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem"
|
|
- "/srv/ca/private/{{ inventory_hostname }}.crt"
|
|
tags: certificates
|
|
notify: restart tlwebaccess
|
|
|
|
- name: configure webaccess port
|
|
lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/webaccess.hconf
|
|
regexp: "^listen_port=.*"
|
|
line: "listen_port=443"
|
|
notify: restart tlwebaccess
|
|
|
|
- name: configure webaccess url
|
|
lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/webaccess.hconf
|
|
regexp: "^login_page=.*"
|
|
line: "login_page=https://{{ inventory_hostname }}/"
|
|
notify: restart tlwebaccess
|
|
|
|
- name: configure webaccess tls settings
|
|
lineinfile:
|
|
path: /opt/thinlinc/etc/conf.d/webaccess.hconf
|
|
regexp: "^gnutls_priority=.*"
|
|
line: "gnutls_priority=SECURE256"
|
|
notify: restart tlwebaccess
|
|
|
|
- name: start thinlinc services
|
|
service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: true
|
|
with_items:
|
|
- tlwebaccess
|
|
- tlwebadm.service
|
|
- vsmagent
|
|
- vsmserver
|