-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsetup.yml
193 lines (177 loc) · 7.18 KB
/
setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
---
- name: Create /usr/share/codam/web-greeter directory
tags: [codam.webgreeter, codam.webgreeter.setup]
become: true
file:
path: /usr/share/codam/web-greeter
state: directory
owner: root
group: root
mode: '0755'
# Step below should be handled by the 42.common role, otherwise you'd have to fork this role only to change the logo.
# This would be inconvenient. Since every campus already uses 42.common, it's better to handle this in that role.
# Place the files needed in your campus_files folder in the root of your ansiblecluster repository.
# Of course in the path usr/share/codam/web-greeter, not in usr/share/42 that likely already exists.
# The codam-web-greeter will still work without these files, they are not required.
# Most campuses already have their logo embedded in their login screen, so this is just a nice-to-have.
# Using this over the embedded logo makes the logo move when required by the login screen UI, instead of being stuck in place.
- name: Copy greeter logo and user images
tags: [never, codam.webgreeter.cplogo]
become: true
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0644'
with_items:
- { src: usr/share/codam/web-greeter/logo.png, dest: /usr/share/codam/web-greeter/logo.png }
- { src: usr/share/codam/web-greeter/user.png, dest: /usr/share/codam/web-greeter/user.png }
- name: Link wallpaper
tags: [codam.webgreeter, codam.webgreeter.setup]
become: true
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: link
with_items:
- { src: "{{ login_wallpaper_path }}", dest: /usr/share/codam/web-greeter/login-screen.png } # file extension doesn't matter, the greeter will display it anyway
- name: Copy web-greeter config
tags: [codam.webgreeter, codam.webgreeter.setup]
become: true
copy:
src: etc/lightdm/web-greeter.yml
dest: /etc/lightdm/web-greeter.yml
owner: root
group: root
mode: '0644'
- name: Configure lightdm
tags: [codam.webgreeter, codam.webgreeter.setup]
become: true
lineinfile:
path: /etc/lightdm/lightdm.conf
line: "{{ item }}"
insertafter: "[SeatDefaults]"
regexp: '^#?{{ item.split("=")[0] }}=' # regexp with optional comment start and up to the = sign to replace the value
state: present
with_items:
- 'greeter-session=nody-greeter'
- 'user-session=ubuntu' # because codam-web-greeter does not support selecting a user session
- 'allow-guest=false'
- 'allow-user-switching=true'
- 'greeter-hide-users=true'
- 'greeter-show-manual-login=true'
- name: Delete display-setup hook script
tags: [never, codam.webgreeter.revertdisplaysetup] # this task is only needed when you want to revert the display-setup hook changes made by version v1.2.0 - v1.2.1
become: true
file:
path: /usr/share/42/scripts/hook-display-setup.sh
state: absent
- name: Disable display-setup hook in lightdm
tags: [never, codam.webgreeter.revertdisplaysetup] # this task is only needed when you want to revert the display-setup hook changes made by version v1.2.0 - v1.2.1
become: true
lineinfile:
path: /etc/lightdm/lightdm.conf
state: absent
insertbefore: 'session-setup-script='
regexp: '^display-setup-script='
- name: Copy greeter-setup hook script
tags: [codam.webgreeter, codam.webgreeter.setup, hooks.d]
become: true
template:
src: usr/share/42/scripts/hook-greeter-setup.sh.j2
dest: /usr/share/42/scripts/hook-greeter-setup.sh
owner: root
group: root
mode: '0500'
- name: Enable greeter-setup hook in lightdm
tags: [codam.webgreeter, codam.webgreeter.setup, hooks.d]
become: true
lineinfile:
path: /etc/lightdm/lightdm.conf
line: greeter-setup-script=/usr/share/42/scripts/hook-greeter-setup.sh
insertbefore: 'session-setup-script='
state: present
regexp: '^#?greeter-setup-script='
- name: Add user uncaching to logout hooks
tags: [codam.webgreeter, codam.webgreeter.setup, hooks.d]
become: true
copy:
src: usr/share/42/scripts/hooks.d/logout.d/10-dbus.sh
dest: /usr/share/42/scripts/hooks.d/logout.d/10-dbus.sh
owner: root
group: root
mode: '0500'
- name: Find the hook-logout script used in hooks.d/logout.d (ending in hook-logout.sh)
tags: [codam.webgreeter, codam.webgreeter.setup, hooks.d]
shell: "find /usr/share/42/scripts/hooks.d/logout.d -name '*hook-logout.sh'"
register: hook_logout_script
failed_when: hook_logout_script.stdout == ""
- name: Prevent hook-logout from running on login from the greeter
tags: [codam.webgreeter, codam.webgreeter.setup, hooks.d]
become: true
blockinfile:
path: "{{ hook_logout_script.stdout }}"
backup: false # otherwise it might get executed by ft-init!
insertafter: 'env'
block: |
# Delete any lock_time files in /tmp (used by codam-web-greeter to know when the screen was locked
# and when to automatically log out the user)
/usr/bin/rm -f /tmp/codam_web_greeter_lock_timestamp_*
# Check if the hook was called from a greeter exiting or a student session exiting
# Display :0 is used for the first greeter and gets reused for the student session.
# Display :1 is used for the second login (user switching, in fact the Codam lock screen).
# We do not allow switching users, so for :1 there is no user session
# to clean up for. Instead, the hook was called to clean up the greeter.
# No cleaning needs to be done for the greeter. So, we simply exit.
# Source: https://www.freedesktop.org/wiki/Software/LightDM/CommonConfiguration/
if [ "$DISPLAY" != ":0" ]; then
echo "Catched greeter logout event, exiting"
exit 0
fi
- name: Allow rebooting from greeter
tags: [codam.webgreeter, codam.webgreeter.setup]
become: true
blockinfile:
path: /etc/polkit-1/localauthority/20-org.d/org.freedesktop.login1.pkla
insertafter: EOF
block: |
[42 Enable reboot by default for lightdm user]
Identity=unix-user:lightdm
Action=org.freedesktop.login1.reboot;org.freedesktop.login1.reboot-multiple-sessions;org.freedesktop.login1.reboot-ignore-inhibit;
ResultAny=yes
ResultInactive=yes
ResultActive=yes
- name: Ignore power, suspend and hibernate keys
tags: [codam.webgreeter, codam.webgreeter.setup]
become: true
lineinfile:
path: /etc/systemd/logind.conf
line: "{{ item }}"
regexp: '^#?{{ item.split("=")[0] }}=' # regexp with optional comment start and up to the = sign to replace the value
state: present
with_items:
- 'HandlePowerKey=ignore'
- 'HandleSuspendKey=ignore'
- 'HandleHibernateKey=ignore'
register: logind_ignore_power_keys
- name: Check if no user is currently logged in
tags: [codam.webgreeter, codam.webgreeter.setup]
shell: "who | grep -v {{ ansible_user }}"
register: logged_in_users
failed_when: false
changed_when: false
- name: Restart logind
tags: [codam.webgreeter, codam.webgreeter.setup]
become: true
service:
name: systemd-logind
state: restarted
when: logged_in_users.stdout == "" and logind_ignore_power_keys.changed
- name: Restart lightdm
tags: [codam.webgreeter, codam.webgreeter.setup]
become: true
service:
name: lightdm
state: restarted
when: logged_in_users.stdout == ""