Verified Commit 86d81e46 authored by Todor Kondic's avatar Todor Kondic
Browse files

Working setup

parent edd90686
......@@ -2,4 +2,4 @@
ansible-playbook -i hosts.txt main.yml\
--vault-password-file meta/zubizareta\
-u root -t $1
-u root "$@"
# /etc/fuse.conf - Configuration file for Filesystem in Userspace (FUSE)
# Set the maximum number of FUSE mounts allowed to non-root users.
# The default is 1000.
#mount_max = 1000
# Allow non-root users to specify the allow_other or allow_root mount options.
user_allow_other
......@@ -4,7 +4,7 @@
[daemon]
# Uncomment the line below to force the login screen to use Xorg
#WaylandEnable=false
WaylandEnable=false
# Enabling automatic login
# AutomaticLoginEnable = true
......@@ -20,9 +20,12 @@
AllowRemoteRoot=true
DisallowTCP=false
[xdmcp]
DisplaysPerHost=15
Enable=true
MaxSessions=30
MaxPending=15
[chooser]
......@@ -30,5 +33,5 @@ MaxSessions=30
# Uncomment the line below to turn on debugging
# More verbose logs
# Additionally lets the X server dump core if it crashes
#Enable=true
Enable=true
......@@ -5,9 +5,8 @@ type = unlisted
port = 5950
socket_type = stream
protocol = tcp
group = tty
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -fp /usr/share/X11/fonts/misc -securitytypes=X509None -X509Key=/etc/custom-vnc/key.vnc.pem -X509Cert=/etc/custom-vnc/cert.vnc.pem
server_args = -inetd -once -query localhost -fp /usr/share/X11/fonts/misc -securitytypes=X509None -X509Key=/etc/custom-vnc/key.vnc.pem -X509Cert=/etc/custom-vnc/cert.vnc.pem
}
service vncserver{{ item.login }}
{
disable = no
type = unlisted
port = {{ item.port }}
socket_type = stream
protocol = tcp
wait = yes
user = {{ item.login }}
server = /usr/bin/Xvnc
server_args = -inetd -once -query localhost -fp /usr/share/X11/fonts/misc -securitytypes=X509None -X509Key=/etc/custom-vnc/key.vnc.pem -X509Cert=/etc/custom-vnc/cert.vnc.pem
}
service vncserver{{ item.login }}
{
disable = no
type = unlisted
port = {{ item.vncport }}
socket_type = stream
protocol = tcp
wait = yes
user = {{ item.login }}
server = /usr/bin/Xvnc
server_args = -inetd -once -query localhost -fp /usr/share/X11/fonts/misc -securitytypes=X509None -X509Key=/etc/custom-vnc/key.vnc.pem -X509Cert=/etc/custom-vnc/cert.vnc.pem
}
......@@ -26,9 +26,14 @@ if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
GUIX_PROFILE="$HOME/.config/guix/current"
. "$GUIX_PROFILE/etc/profile"
if [ -e "$GUIX_PROFILE/etc/profile" ]; then
source "$GUIX_PROFILE/etc/profile"
export GUIX_PROFILE
export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
export PATH="$HOME/.guix-profile/bin:$PATH"
fi
export GUIX_PROFILE
export PATH="$HOME/.guix-profile/bin:$PATH"
export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
[planb]
alien-one ansible_host=188.166.115.156
#alien-two ansible_host=128.199.51.27
[planb:vars]
ansible_python_interpreter=/usr/bin/python3
......
......@@ -12,6 +12,9 @@
- name: Set hostname.
ansible.builtin.hostname:
name: "{{ inventory_hostname }}"
tags: hostname
- include: tasks/users.yml
tags: users
- name: Copy profiles.
tags: profile
copy:
......@@ -22,15 +25,18 @@
- include: tasks/apt.yml
- include: tasks/users.yml
tags: users
tags: apt
- include: tasks/ufw.yml
tags: ufw
- include: tasks/vnc.yml
tags: vnc
- include: tasks/spaces.yml
tags: spaces
- include: tasks/guix.yml
tags: guix
- include: tasks/visual-appeal.yml
tags: visual
- include: tasks/guix.yml
tags: guix
- include: tasks/emacs.yml
tags: emacs
- include: tasks/r-setup.yml
......
......@@ -13,8 +13,9 @@
- name: Run the guix install script.
command:
cmd: /etc/installguix.sh
shell: yes | /etc/installguix.sh
args:
warn: no
creates: /var/guix/profiles/per-user/root/current-guix/bin/guix
- name: Create .config/guix.
......@@ -22,8 +23,10 @@
path: "/home/{{ item['login'] }}/.config/guix"
state: directory
recurse: yes
force: no
become_user: "{{ item['login'] }}"
loop: "{{ users }}"
ignore_errors: yes
- name: Copy channels.
......
- name: Upload the access token
copy:
content: "{{ accesstokens['spaces'] }}"
dest: /home/ecitk/.passwd-s3fs
dest: /etc/passwd-s3fs
mode: 0600
owner: ecitk
owner: root
- name: Adapt /etc/fuser.conf
copy:
src: files/etc/fuse.conf
dest: /etc/fuse.conf
mode: 0644
- name: Make the mount point.
file:
path: /mnt/exchange
state: directory
owner: ecitk
owner: root
group: scratch
mode: 0770
ignore_errors: yes
- name: Mount Spaces URL.
command: >
s3fs planb /mnt/exchange
-o passwd_file=/home/ecitk/.passwd-s3fs
-o passwd_file=/etc/passwd-s3fs
-o url=https://ams3.digitaloceanspaces.com/
-o use_path_request_style
-o use_wtf8
-o enable_content_md5
-o allow_other
-o mp_umask=0007
-o umask=0007
become_user: ecitk
ignore_errors: yes
......@@ -36,6 +36,21 @@
when: item.sshkey
loop: "{{ users }}"
- name: Does .config exist?
ansible.builtin.shell:
cmd: "[ -e \"$HOME\"/.config ] && echo yes || echo no"
register: isconfig
- name: Create .config.
file:
path: "/home/{{ item.login }}/.config"
state: directory
recurse: yes
owner: "{{ item.login }}"
mode: 0750
loop: "{{ users }}"
when: not isconfig.stdout | bool
- name: Create local bin.
file:
path: "/home/{{ item.login }}/.local/bin"
......@@ -44,3 +59,22 @@
owner: "{{ item.login }}"
mode: 0750
loop: "{{ users }}"
- name: Create Desktop.
file:
path: "/home/{{ item.login }}/Desktop"
state: directory
recurse: no
owner: "{{ item.login }}"
mode: 0711
loop: "{{ users }}"
- name: Create scratch
file:
path: "/mnt/scratch/{{ item.login }}"
state: directory
recurse: yes
owner: "{{ item.login }}"
group: scratch
mode: 0710
loop: "{{ users }}"
- name: Copy gdm3 config files.
ansible.builtin.copy:
src: /files/etc/gdm3/custom.conf
src: files/etc/gdm3/custom.conf
dest: /etc/gdm3/custom.conf
owner: root
group: root
mode: '0644'
notify:
- Restart gdm.
- name: Copy xinetd config files.
ansible.builtin.copy:
src: /files/etc/xinetd.d/vncserver
src: files/etc/xinetd.d/vncserver
dest: /etc/xinetd.d/vncserver
owner: root
group: root
mode: '0644'
notify:
- Restart xinetd.
notify:
- Restart xinetd.
# - name: Create wait-based vnc services.
# ansible.builtin.template:
# src: files/etc/xinetd.d/vnctmpl
# dest: /etc/xinetd.d/vncserver{{ item.login }}
# loop: "{{ users }}"
# notify:
# - Restart xinetd.
......
$ANSIBLE_VAULT;1.1;AES256
30333733393662313736616332346333653462356333393834303232643034383337333963643837
6534343731313033663436353232616134333839383562370a623030303534656463363630383562
30313237333531323561376631376330613730336262643562393533393761396330343064313132
3263393730336531640a383135306261663738636666626562623161393133386163313836663664
66353630386636383333613062316633383536386363613230383564383362346361653034333830
66336137326430653463343362666565323661353434353735336461363230303664306463656638
36383963393434363835333133363234303934313539396435333664343165343135623731313630
32626331636337663539663935643833383133666638663264303138303930383232336163303830
37643864363931636333323266663836363164643031333564326163653034643264303636386662
63353337336461636638623139373336353136343231383830336234396436313538623533353339
31336465653932343531326563643164333837633066326161306662363333663462333766353430
62353431366263336362
64623337656162663336636639633530383834386464393531313239383166323264353134316164
6462363564363836396533343365356334323733623234310a613866323262663930616537623035
66313135336137393933376531303035356535343832656439616665376230613261383364313466
3937613262356633620a383537313366386663326237643338663639646264623532346431303661
34653163356233623239653561616532363136623735303161353732363039666561643261376162
62656464383532376566643637653562386337373765346466646265636266313739636266613861
33306263623335613832393361343432373433303935346630393165376231613462346637323164
38313836346336323530303262623266356230346132303563363866356532336335356138343566
39373161353464353334336435373838303731333466633364626466616538313833326266636663
61393537303135363237306435663836316662363433633530613936393730633034313333333766
66303532666238316237356565313638393036343932323563383839363562356362396439306532
62353431663538333361323935393863356463396537313661653530353032643435666366653434
34633166663134353432313630393764666464366165373566316633303830613463363434623964
35393766313931326365666634643163323164663263386531366130346663643332616565333066
31623264666530303662666638303130376466646361663465366338643162396438653938396535
31626137336462353561386131646162333065646630343732393932626561626161323538383130
36626338626330333731353638373761626332383665353936666263313062343366616564343063
32636365343562313433346137643131326265396632383936356432343636356363386430313436
31346137646264333564313630323037356462313832653133353031653134353232623363363331
37623734393261306237643632613938393439313866326566353661363661303034656265616634
61393836666666663434643930343066313761646336303065393465613732666132643734396466
63623963343835393864396363656166323166353663313639373238616166333338366136343464
39646139393237643761633336353862306162663732376366633335336263623735346130646562
36643038386563393134313162363131633836313063366537346462366535326262353863663065
66393562633661373030376139656331393466623365333933333031663933663866313135346362
31623236363832373133336665326336646332653762373961333538313038626462666238333063
33653230326266623433313335623364656266626562366237376533633135633438383761313431
64633065343431396535646638616139663333343337353532653264323932626132636333643237
3566
users:
- login: ecitk
displ: 1
sudo: yes
name: Todor
name: ecitk
sshkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvodoKak1YZDw/psy6XYT/dFKvZkeIwwFexwQPVtH36tOpexVFXLQ0fYpSzQiQdejnCzLlaMFUAQCqotKObp7ByKlEHsacxUtq4XxddufX67XV3jQuvitr51x9JDxaa0XpG0uZpN4uYNV9ievWiF2ZTBxS6+SZM7eKuLjhJPafwltWzZxGiBjm1/HP7IExSpGhgvdaoEspozNBWrm9ILGF1s957jsiq/+5cbXyY3Z37Js2ByyA1eM9Zmhai/5dzhwzqQuOvGVFHSNmJEjL+ZmQtpLqaq5o8YvSUu/jL7ZMe58Ppx3sbuCW0bGJ4NwJi1yankKEdotPiu1rjrfcN2hSg8rTLx+qJ3i7vBH3jgyS54K4Jfob1lbEwpE2OeBwiY9mcJbuMOsj7MS9vYzrVYACymbS+cLprEm5Wr7Rdy5jx23p1YMHFqmFUWZFs1Esa0wOGPwnaDUxTQWk3HtA8nah8p92F55yqPfGNL3eH8h0tPMsQDBms0jxQak10lvQa5Skdd5Jte8JHg6H0jbTuFZoXrIynqUxttdKCHPYcRt/YsFB5iXT1JqCe0ftVTYYb9/2rNJHQnTQ5zfaGXuCoT6aJmR7bWy7jhsGlxuDyON1bVTw8Sq0DGXZPmAwhZAqGwnhs0YDYH+VTtZA1fgY5EXQmafC8UPYExY9WKeNgCo22w== user@machine"
- login: ecies
sudo: no
displ: 2
sshkey: no
name: Emma
name: ecies
- login: eciae
sudo: no
sshkey: no
name: eciae
- login: ecihmt
sudo: no
sshkey: no
name: ecihmt
- login: sundasarshad
sudo: no
sshkey: no
name: sundasarshad
- login: anaghagaikwad
sudo: no
sshkey: no
name: anaghagaikwad
- login: haileeherbst
sudo: no
sshkey: no
name: haileeherbst
- login: jimmyji
sudo: no
sshkey: no
name: jimmyji
- login: mariabaraona
sudo: no
sshkey: no
name: mariabaraona
- login: dinashaaban
sudo: no
sshkey: no
name: dinashaaban
- login: danielagutierrez
sudo: no
sshkey: no
name: danielagutierrez
- login: nizeng
sudo: no
sshkey: no
name: nizeng
- login: danielguignard
sudo: no
sshkey: no
name: danielguignard
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment