8 files changed, 132 insertions, 0 deletions

diff --git a/chaos-at-home/ch-equinox-ws.yml b/chaos-at-home/ch-equinox-ws.yml
index 5f92a171..74410228 100644
--- a/chaos-at-home/ch-equinox-ws.yml
+++ b/chaos-at-home/ch-equinox-ws.yml
@@ -25,3 +25,11 @@
       path: /etc/default/keyboard
       regexp: '#?\s*XKBOPTIONS='
       line: 'XKBOPTIONS="caps:none"'
+
+  - name: mount fileserver volumes
+    mount:
+      src: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus']) | ipaddr('address') }}:/"
+      path: /srv/files
+      fstype: nfs4
+      opts: nodev,x-systemd.automount,nofail
+      state: mounted
diff --git a/chaos-at-home/ch-mc.yml b/chaos-at-home/ch-mc.yml
new file mode 100644
index 00000000..6f683d93
--- /dev/null
+++ b/chaos-at-home/ch-mc.yml
@@ -0,0 +1,21 @@
+---
+- name: Basic Setup
+  hosts: ch-mc
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: network/wakeonlan
+  - role: apt-repo/kodi
+  - role: ws/base
+  - role: ws/users
+  post_tasks:
+  - name: mount fileserver volumes
+    mount:
+      src: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus']) | ipaddr('address') }}:/"
+      path: /srv/files
+      fstype: nfs4
+      opts: nodev,x-systemd.automount,nofail,ro
+      state: mounted
diff --git a/inventory/host_vars/ch-mc.yml b/inventory/host_vars/ch-mc.yml
new file mode 100644
index 00000000..a91639d1
--- /dev/null
+++ b/inventory/host_vars/ch-mc.yml
@@ -0,0 +1,65 @@
+---
+preseed_language: de
+preseed_country: AT
+preseed_locales:
+  - de_AT.UTF-8
+  - de_DE.UTF-8
+  - en_US.UTF-8
+
+preseed_no_splash: no
+preseed_install_tasks:
+  - xubuntu-desktop
+
+
+install:
+  efi: no
+  disks:
+    primary: "/dev/disk/by-id/ata-OCZ-VERTEX2_OCZ-B7P98I86F4PC14I7"
+  system_lvm:
+    volumes:
+    - name: root
+      size: 20G
+      filesystem: ext4
+      mountpoint: /
+    - name: var+log
+      size: 768M
+      filesystem: ext4
+      mountpoint: /var/log
+      mount_options:
+      - noatime
+      - nodev
+      - noexec
+
+network:
+  nameservers: "{{ network_zones.lan.dns }}"
+  domain: "{{ host_domain }}"
+  primary: &_network_primary_
+    name: eno1
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
+
+
+base_modules_blacklist: "{{ base_modules_blacklist_none }}"
+
+apt_repo_components:
+  - main
+  - restricted
+  - universe
+  - multiverse
+
+
+ws_base_extra_packages:
+  - nfs-common
+  # needs apt-repo/kodi
+  - kodi
+  - kodi-inputstream-rtmp
+  - kodi-inputstream-adaptive
+
+ws_base_lightdm_defaults:
+  autologin-user: equinox
+  autologin-user-timeout: 0
+
+ws_users:
+  - equinox
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index f7160fb3..1e052e8f 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -31,6 +31,7 @@ ch-testvm-prometheus host_name=testvm-prometheus
 ch-iot host_name=iot
 ch-vpn host_name=vpn
 ch-epimetheus host_name=epimetheus
+ch-mc host_name=mc
 ch-atlas host_name=atlas
 ch-pan host_name=pan
 ch-keyserver host_name=keyserver
diff --git a/roles/apt-repo/kodi/files/repo.gpg b/roles/apt-repo/kodi/files/repo.gpg
new file mode 100644
index 00000000..7b2188fd
--- /dev/null
+++ b/roles/apt-repo/kodi/files/repo.gpg
diff --git a/roles/apt-repo/kodi/tasks/main.yml b/roles/apt-repo/kodi/tasks/main.yml
new file mode 100644
index 00000000..30bd07b5
--- /dev/null
+++ b/roles/apt-repo/kodi/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: add repository key
+  copy:
+    src: repo.gpg
+    dest: /etc/apt/trusted.gpg.d/kodi.gpg
+  register: apt_repo_kodi_key
+
+- name: add repository entry
+  copy:
+    content: |
+      deb http://ppa.launchpad.net/team-xbmc/ppa/ubuntu {{ ansible_distribution_release }} main
+    dest: /etc/apt/sources.list.d/kodi.list
+  register: apt_repo_kodi_sources
+
+- name: update apt cache
+  when: apt_repo_kodi_key is changed or
+        apt_repo_kodi_sources is changed
+  command: apt-get update
+  args:
+    warn: false
diff --git a/roles/ws/users/defaults/main.yml b/roles/ws/users/defaults/main.yml
new file mode 100644
index 00000000..2e82bf88
--- /dev/null
+++ b/roles/ws/users/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+ws_users_default_shell: /bin/zsh
diff --git a/roles/ws/users/tasks/main.yml b/roles/ws/users/tasks/main.yml
new file mode 100644
index 00000000..23d9eb73
--- /dev/null
+++ b/roles/ws/users/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: add workstation users
+  loop: "{{ ws_users }}"
+  user:
+    name: "{{ item }}"
+    state: present
+    password: "{{ hostvars[inventory_hostname]['vault_user_password_'+item] }}" ## TODO: find nicer way to do this
+    shell: "{{ users[item].shell | default(ws_users_default_shell) }}"
+
+- name: install ssh keys for workstation users
+  loop: "{{ ws_users }}"
+  authorized_key:
+    user: "{{ item }}"
+    key: "{{ users[item].ssh | join('\n') }}"
+    exclusive: yes