diff options
| -rw-r--r-- | chaos-at-home/ch-equinox-ws.yml | 10 | ||||
| -rw-r--r-- | chaos-at-home/host_vars/ch-equinox-ws.yml | 12 | ||||
| -rw-r--r-- | inventory/group_vars/chaos-at-home/network.yml | 4 | ||||
| -rw-r--r-- | inventory/host_vars/ch-equinox-ws.yml | 27 | ||||
| -rw-r--r-- | inventory/hosts.ini | 1 | ||||
| -rw-r--r-- | roles/base/defaults/main.yml | 1 | ||||
| -rw-r--r-- | roles/installer/debian/preseed/templates/preseed_xubuntu-eoan-desktop-with-raid.cfg.j2 | 2 | ||||
| -rw-r--r-- | roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 | 163 | ||||
| -rw-r--r-- | roles/ubuntu-ws/tasks/main.yml | 9 |
9 files changed, 222 insertions, 7 deletions
diff --git a/chaos-at-home/ch-equinox-ws.yml b/chaos-at-home/ch-equinox-ws.yml new file mode 100644 index 00000000..d78d571c --- /dev/null +++ b/chaos-at-home/ch-equinox-ws.yml @@ -0,0 +1,10 @@ +--- +- name: Basic Setup + hosts: ch-equinox-ws + roles: + - role: base + - role: sshd + - role: zsh + - role: admin-user + - role: apt-repo/spreadspace + - role: ubuntu-ws diff --git a/chaos-at-home/host_vars/ch-equinox-ws.yml b/chaos-at-home/host_vars/ch-equinox-ws.yml new file mode 100644 index 00000000..fdb660c3 --- /dev/null +++ b/chaos-at-home/host_vars/ch-equinox-ws.yml @@ -0,0 +1,12 @@ +$ANSIBLE_VAULT;1.2;AES256;chaos-at-home +62376663333564613431623464386632636431383133656365366338383536323066313066653965 +3835363337653164326166616337393564323665316264630a656630663837663363383631653433 +39373466643033623635636335666331383165393834623630623164313961366432346133376634 +3933653365616364660a646132313535626363393665333634313166386162616638663563653237 +62383537386430613039623566323336393235343366653864363237613865343939353930353264 +35323436613661636434333564666230653231393335386335313264303066383361663266623038 +64363139393837663964643730333363623032336230623638396237323337646536363162633561 +39383133383263343739353835623433613233653535336635353361643139366534626637626136 +38383365313232326334353932616434356233343138396634363636643431376232633862363061 +39373361363034386238623664653038353431646331386163363264346438363239396461323864 +646532306363326633383931666365623838 diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index 28a29081..8585bfd5 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -5,11 +5,13 @@ network_zones: prefix: 192.168.28.0/24 gateway: 192.168.28.254 dns: - - 192.168.28.254 +# - 192.168.28.254 + - 9.9.9.9 dhcp: start: 100 limit: 199 offsets: + ch-equinox-ws: 1 ch-auth: 88 ch-prometheus: 99 ch-prometheus-old: 250 diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml new file mode 100644 index 00000000..dd16fe21 --- /dev/null +++ b/inventory/host_vars/ch-equinox-ws.yml @@ -0,0 +1,27 @@ +--- +preseed_template_name: "xubuntu-focal-desktop" + +install: + efi: true + disks: + primary: /dev/disk/by-id/nvme-Samsung_SSD_970_PRO_1TB_S462NF0MA04112K + +network: + nameservers: "{{ network_zones.lan.dns }}" + domain: "{{ host_domain }}" + primary: + interface: enp8s0 + ip: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}" + gateway: "{{ network_zones.lan.gateway }}" + + +base_modules_blacklist: "{{ base_modules_blacklist_none }}" + +admin_user_host: +- "{{ equinox_user }}" + +ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" + +ubuntu_ws_root_fs_size: 30G +ubuntu_ws_home_fs_size: 200G diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 6f3e4475..24f2c438 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -12,6 +12,7 @@ host_domain=chaos-at-home.org env_group=chaos-at-home [chaos-at-home] +ch-equinox-ws host_name=equinox-ws ch-atlas host_name=atlas ch-pan host_name=pan ch-mimas host_name=mimas diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml index 77e4effa..c4b0d42c 100644 --- a/roles/base/defaults/main.yml +++ b/roles/base/defaults/main.yml @@ -27,6 +27,7 @@ base_modules_blacklist_: base_modules_blacklist_full: "{{ base_modules_blacklist_ | list }}" base_modules_blacklist_all_but_sound: "{{ base_modules_blacklist_ | difference(['sound']) | list }}" +base_modules_blacklist_none: [] base_modules_blacklist: "{{ base_modules_blacklist_full }}" base_packages_extra_host: [] diff --git a/roles/installer/debian/preseed/templates/preseed_xubuntu-eoan-desktop-with-raid.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_xubuntu-eoan-desktop-with-raid.cfg.j2 index b0d5a18d..044bf07f 100644 --- a/roles/installer/debian/preseed/templates/preseed_xubuntu-eoan-desktop-with-raid.cfg.j2 +++ b/roles/installer/debian/preseed/templates/preseed_xubuntu-eoan-desktop-with-raid.cfg.j2 @@ -97,7 +97,7 @@ d-i partman-auto/expert_recipe string \ options/nodev{ nodev } options/noatime{ noatime } \ options/noexec{ noexec } \ . \ - 20480 10000 20480 ext4 \ + 20480 10000 40960 ext4 \ $defaultignore{ } $lvmok{ } \ in_vg{ {{ hostvars[install_hostname].host_name }} } \ method{ format } format{ } \ diff --git a/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 new file mode 100644 index 00000000..3750e052 --- /dev/null +++ b/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 @@ -0,0 +1,163 @@ +######################################################################### +# spreadspace preseed file for Ubuntu focal based Workstations +######################################################################### + +d-i debian-installer/language string en +d-i debian-installer/country string AT +d-i debian-installer/locale string de_AT.UTF-8 +d-i localechooser/preferred-locale string de_AT.UTF-8 +d-i localechooser/supported-locales multiselect de_DE.UTF-8, en_US.UTF-8 +d-i keyboard-configuration/xkb-keymap select de +## TODO: this still doesn't work properly... +d-i keyboard-configuration/layout select German (Austria) +d-i keyboard-configuration/layoutcode string at +d-i keyboard-configuration/layoutcode string nodeadkeys +d-i console-setup/ask_detect boolean false + +d-i hw-detect/load_firmware boolean false + +{% if preseed_no_netplan %} +d-i netcfg/do_not_use_netplan boolean true +{% endif %} +d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }} +{% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %} +d-i netcfg/disable_dhcp boolean false +d-i netcfg/disable_autoconfig boolean false +{% else %} +d-i netcfg/disable_dhcp boolean true +d-i netcfg/disable_autoconfig boolean true +d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.ip }} +d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.mask }} +d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }} +d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }} +d-i netcfg/confirm_static boolean true +{% endif %} + +d-i netcfg/hostname string {{ hostvars[install_hostname].host_name }} +d-i netcfg/get_hostname string {{ hostvars[install_hostname].host_name }} +d-i netcfg/domain string {{ hostvars[install_hostname].network_cooked.domain }} +d-i netcfg/get_domain string {{ hostvars[install_hostname].network_cooked.domain }} +d-i netcfg/wireless_wep string + + +d-i mirror/country string manual +d-i mirror/http/hostname string {{ apt_repo_providers[(hostvars[install_hostname].apt_repo_provider | default('default'))].ubuntu }} +d-i mirror/http/directory string /ubuntu +d-i mirror/http/proxy string + + +d-i passwd/make-user boolean false +d-i passwd/root-login boolean true +d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand +d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand + + +d-i clock-setup/utc boolean true +d-i time/zone string Europe/Vienna +d-i clock-setup/ntp boolean false + + +d-i partman/early_command string \ + debconf-set partman-auto/disk "$(readlink -f {{ hostvars[install_hostname].install_cooked.disks.primary }})"; \ + debconf-set grub-installer/bootdev "$(readlink -f {{ hostvars[install_hostname].install_cooked.disks.primary }})"; \ + umount -l /media || true + +d-i grub-installer/choose_bootdev string manual +d-i grub-installer/bootdev seen true + +d-i partman-auto/method string lvm +d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto-lvm/new_vg_name string {{ hostvars[install_hostname].host_name }} +d-i partman-auto-lvm/guided_size string max + +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true + +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +{% if (hostvars[install_hostname].install_cooked.efi | default(false)) %} +d-i partman-efi/non_efi_system boolean true +d-i partman/choose_label string gpt +d-i partman/default_label string gpt +{% endif %} +d-i partman-auto/expert_recipe string \ + boot-root :: \ +{% if (hostvars[install_hostname].install_cooked.efi | default(false)) %} + 100 100 128 fat16 \ + $defaultignore{ } $primary{ } $bootable{ } \ + method{ efi } format{ } \ + . \ +{% endif %} + 1000 10000 -1 ext4 \ + $defaultignore{ } $primary{ } $bootable{ } \ + method{ lvm } vg_name{ {{ hostvars[install_hostname].host_name }} } \ + . \ + 15360 10000 20480 ext4 \ + $lvmok{ } in_vg{ {{ hostvars[install_hostname].host_name }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . \ + 768 10000 768 ext4 \ + $lvmok{ } in_vg{ {{ hostvars[install_hostname].host_name }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var/log } \ + options/nodev{ nodev } options/noatime{ noatime } \ + options/noexec{ noexec } \ + . \ + 20480 10000 40960 ext4 \ + $lvmok{ } in_vg{ {{ hostvars[install_hostname].host_name }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /home } \ + . \ + 16 20000 -1 ext4 \ + $lvmok{ } in_vg{ {{ hostvars[install_hostname].host_name }} } \ + lv_name{ dummy } \ + . + +d-i partman-auto-lvm/no_boot boolean true +d-i partman-basicfilesystems/no_swap true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + + +d-i base-installer/install-recommends boolean false +d-i apt-setup/security_host string {{ apt_repo_providers[(hostvars[install_hostname].apt_repo_provider | default('default'))].ubuntu }} + +tasksel tasksel/first multiselect xubuntu-desktop +d-i pkgsel/include string openssh-server python python-apt ifupdown +d-i pkgsel/upgrade select safe-upgrade +popularity-contest popularity-contest/participate boolean false +d-i pkgsel/update-policy select none + +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +d-i finish-install/reboot_in_progress note + + +d-i preseed/late_command string \ + lvremove -f {{ hostvars[install_hostname].host_name }}/dummy; \ + in-target bash -c "swapoff -a; sed -e '/^\/swapfile/d' -i /etc/fstab; rm -f /swapfile"; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ +{% if preseed_no_netplan %} + in-target bash -c "apt-get purge -y -q netplan.io && apt-get autoremove -y -q && rm -rf /etc/netplan"; \ +{% endif %} + in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ +{% if preseed_force_net_ifnames_policy is defined %} + mkdir -p /target/etc/systemd/network; \ + in-target bash -c "echo '[Link]' > /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "echo 'NamePolicy={{ preseed_force_net_ifnames_policy }}' >> /etc/systemd/network/90-namepolicy.link"; \ + in-target bash -c "update-initramfs -u"; \ +{% endif %} + in-target bash -c "passwd -d root && passwd -l root"; \ +{% if hostvars[install_hostname].ansible_port is defined %} + in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[install_hostname].ansible_port }}/' -i /etc/ssh/sshd_config"; \ +{% endif %} + mkdir -p -m 0700 /target/root/.ssh; \ + cp /authorized_keys /target/root/.ssh/ diff --git a/roles/ubuntu-ws/tasks/main.yml b/roles/ubuntu-ws/tasks/main.yml index 66efb6a5..30b77816 100644 --- a/roles/ubuntu-ws/tasks/main.yml +++ b/roles/ubuntu-ws/tasks/main.yml @@ -70,11 +70,10 @@ autoremove: yes purge: yes -## TODO: check if we still need to remove this? -# - name: remove netplan config for network-manager -# file: -# name: /etc/netplan/01-network-manager-all.yaml -# state: absent +- name: remove netplan config for network-manager + file: + name: /etc/netplan/01-network-manager-all.yaml + state: absent - name: install extra packages apt: |