ansibleit

@@ -2,4 +2,4 @@
 
 ansible-playbook -i hosts.txt main.yml\
  --vault-password-file meta/zubizareta\
- -u root -t $1
+ -u root "$@"

files/etc/fuse.conf

+# /etc/fuse.conf - Configuration file for Filesystem in Userspace (FUSE)
+
+# Set the maximum number of FUSE mounts allowed to non-root users.
+# The default is 1000.
+#mount_max = 1000
+
+# Allow non-root users to specify the allow_other or allow_root mount options.
+user_allow_other

files/etc/gdm3/custom.conf

@@ -4,7 +4,7 @@
 
 [daemon]
 # Uncomment the line below to force the login screen to use Xorg
-#WaylandEnable=false
+WaylandEnable=false
 
 # Enabling automatic login
 #  AutomaticLoginEnable = true
@@ -20,9 +20,12 @@
 AllowRemoteRoot=true
 DisallowTCP=false
 
+
 [xdmcp]
+DisplaysPerHost=15
 Enable=true
 MaxSessions=30
+MaxPending=15
 
 [chooser]
 
@@ -30,5 +33,5 @@ MaxSessions=30
 # Uncomment the line below to turn on debugging
 # More verbose logs
 # Additionally lets the X server dump core if it crashes
-#Enable=true
+Enable=true
 

files/etc/xinetd.d/vncserver

@@ -5,9 +5,8 @@ type = unlisted
 port = 5950
 socket_type = stream
 protocol = tcp
-group = tty
 wait = no
 user = nobody
 server = /usr/bin/Xvnc
-server_args = -inetd -query localhost -once -fp /usr/share/X11/fonts/misc -securitytypes=X509None -X509Key=/etc/custom-vnc/key.vnc.pem -X509Cert=/etc/custom-vnc/cert.vnc.pem
+server_args = -inetd -once -query localhost  -fp /usr/share/X11/fonts/misc -securitytypes=X509None -X509Key=/etc/custom-vnc/key.vnc.pem -X509Cert=/etc/custom-vnc/cert.vnc.pem
 }

files/etc/xinetd.d/vncserver.template

+service vncserver{{ item.login }}
+{
+disable = no
+type = unlisted
+port = {{ item.port }}
+socket_type = stream
+protocol = tcp
+wait = yes
+user = {{ item.login }}
+server = /usr/bin/Xvnc
+server_args = -inetd -once -query localhost  -fp /usr/share/X11/fonts/misc -securitytypes=X509None -X509Key=/etc/custom-vnc/key.vnc.pem -X509Cert=/etc/custom-vnc/cert.vnc.pem
+}

files/etc/xinetd.d/vnctmpl

+service vncserver{{ item.login }}
+{
+disable = no
+type = unlisted
+port = {{ item.vncport }}
+socket_type = stream
+protocol = tcp
+wait = yes
+user = {{ item.login }}
+server = /usr/bin/Xvnc
+server_args = -inetd -once -query localhost  -fp /usr/share/X11/fonts/misc -securitytypes=X509None -X509Key=/etc/custom-vnc/key.vnc.pem -X509Cert=/etc/custom-vnc/cert.vnc.pem
+}

files/home/user/.profile

@@ -26,9 +26,14 @@ if [ -d "$HOME/.local/bin" ] ; then
     PATH="$HOME/.local/bin:$PATH"
 fi
 GUIX_PROFILE="$HOME/.config/guix/current"
-. "$GUIX_PROFILE/etc/profile"
+if [ -e "$GUIX_PROFILE/etc/profile" ]; then
+    source "$GUIX_PROFILE/etc/profile"
+    export GUIX_PROFILE
+    export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
+    export PATH="$HOME/.guix-profile/bin:$PATH"
+fi
+
+
+
 
-export GUIX_PROFILE
-export PATH="$HOME/.guix-profile/bin:$PATH"
-export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
      

hosts.txt

 [planb]
 alien-one ansible_host=188.166.115.156
+#alien-two ansible_host=128.199.51.27
 
 [planb:vars]
 ansible_python_interpreter=/usr/bin/python3

main.yml

@@ -12,6 +12,9 @@
     - name: Set hostname.
       ansible.builtin.hostname:
         name: "{{ inventory_hostname }}"
+      tags: hostname
+    - include: tasks/users.yml
+      tags: users
     - name: Copy profiles.
       tags: profile
       copy:
@@ -22,15 +25,18 @@
 
 
     - include: tasks/apt.yml
-    - include: tasks/users.yml
-      tags: users
+      tags: apt
     - include: tasks/ufw.yml
+      tags: ufw
+    - include: tasks/vnc.yml
+      tags: vnc
     - include: tasks/spaces.yml
       tags: spaces
-    - include: tasks/guix.yml
-      tags: guix
     - include: tasks/visual-appeal.yml
       tags: visual
+    - include: tasks/guix.yml
+      tags: guix
+
     - include: tasks/emacs.yml
       tags: emacs
     - include: tasks/r-setup.yml

tasks/guix.yml

@@ -13,8 +13,9 @@
 
 
 - name: Run the guix install script.
-  command:
-    cmd: /etc/installguix.sh
+  shell: yes | /etc/installguix.sh
+  args:
+    warn: no
     creates: /var/guix/profiles/per-user/root/current-guix/bin/guix
 
 - name: Create .config/guix.
@@ -22,8 +23,10 @@
     path: "/home/{{ item['login'] }}/.config/guix"
     state: directory
     recurse: yes
+    force: no
   become_user: "{{ item['login'] }}"
   loop: "{{ users }}"
+  ignore_errors: yes
     
 
 - name: Copy channels.

tasks/spaces.yml

 - name: Upload the access token
   copy:
     content: "{{ accesstokens['spaces'] }}"
-    dest: /home/ecitk/.passwd-s3fs
+    dest: /etc/passwd-s3fs
     mode: 0600
-    owner: ecitk
+    owner: root
 
+- name: Adapt /etc/fuser.conf
+  copy:
+    src: files/etc/fuse.conf
+    dest: /etc/fuse.conf
+    mode: 0644
 - name: Make the mount point.
   file:
     path: /mnt/exchange
     state: directory
-    owner: ecitk
+    owner: root
     group: scratch
     mode: 0770
+  ignore_errors: yes
 
 - name: Mount Spaces URL.
   command: >
     s3fs planb /mnt/exchange
-    -o passwd_file=/home/ecitk/.passwd-s3fs
+    -o passwd_file=/etc/passwd-s3fs
     -o url=https://ams3.digitaloceanspaces.com/
     -o use_path_request_style
     -o use_wtf8
     -o enable_content_md5
     -o allow_other
-    -o mp_umask=0007
-    -o umask=0007
-  become_user: ecitk
+  ignore_errors: yes
 

tasks/users.yml

@@ -36,6 +36,21 @@
   when: item.sshkey
   loop: "{{ users }}"
 
+- name: Does .config exist?
+  ansible.builtin.shell:
+    cmd: "[ -e \"$HOME\"/.config ] && echo yes || echo no"
+  register: isconfig
+  
+- name: Create .config.
+  file:
+    path: "/home/{{ item.login }}/.config"
+    state: directory
+    recurse: yes
+    owner: "{{ item.login }}"
+    mode: 0750
+  loop: "{{ users }}"
+  when: not isconfig.stdout | bool
+  
 - name: Create local bin.
   file:
     path: "/home/{{ item.login }}/.local/bin"
@@ -44,3 +59,22 @@
     owner: "{{ item.login }}"
     mode: 0750
   loop: "{{ users }}"
+
+- name: Create Desktop.
+  file:
+    path: "/home/{{ item.login }}/Desktop"
+    state: directory
+    recurse: no
+    owner: "{{ item.login }}"
+    mode: 0711
+  loop: "{{ users }}"
+
+- name: Create scratch
+  file:
+    path: "/mnt/scratch/{{ item.login }}"
+    state: directory
+    recurse: yes
+    owner: "{{ item.login }}"
+    group: scratch
+    mode: 0710
+  loop: "{{ users }}"

tasks/vnc.yml

 - name: Copy gdm3 config files.
   ansible.builtin.copy:
-    src: /files/etc/gdm3/custom.conf
+    src: files/etc/gdm3/custom.conf
     dest: /etc/gdm3/custom.conf
     owner: root
     group: root
     mode: '0644'
+  notify:
+    - Restart gdm.
     
 - name: Copy xinetd config files.
   ansible.builtin.copy:
-    src: /files/etc/xinetd.d/vncserver
+    src: files/etc/xinetd.d/vncserver
     dest: /etc/xinetd.d/vncserver
     owner: root
     group: root
     mode: '0644'
-    notify:
-      - Restart xinetd.
+  notify:
+    - Restart xinetd.
+
+
+# - name: Create wait-based vnc services.
+#   ansible.builtin.template:
+#     src: files/etc/xinetd.d/vnctmpl
+#     dest: /etc/xinetd.d/vncserver{{ item.login }}
+#   loop: "{{ users }}"
+#   notify:
+#     - Restart xinetd.
 
 
 

vars/passwords.yml

 $ANSIBLE_VAULT;1.1;AES256
-30333733393662313736616332346333653462356333393834303232643034383337333963643837
-6534343731313033663436353232616134333839383562370a623030303534656463363630383562
-30313237333531323561376631376330613730336262643562393533393761396330343064313132
-3263393730336531640a383135306261663738636666626562623161393133386163313836663664
-66353630386636383333613062316633383536386363613230383564383362346361653034333830
-66336137326430653463343362666565323661353434353735336461363230303664306463656638
-36383963393434363835333133363234303934313539396435333664343165343135623731313630
-32626331636337663539663935643833383133666638663264303138303930383232336163303830
-37643864363931636333323266663836363164643031333564326163653034643264303636386662
-63353337336461636638623139373336353136343231383830336234396436313538623533353339
-31336465653932343531326563643164333837633066326161306662363333663462333766353430
-62353431366263336362
+64623337656162663336636639633530383834386464393531313239383166323264353134316164
+6462363564363836396533343365356334323733623234310a613866323262663930616537623035
+66313135336137393933376531303035356535343832656439616665376230613261383364313466
+3937613262356633620a383537313366386663326237643338663639646264623532346431303661
+34653163356233623239653561616532363136623735303161353732363039666561643261376162
+62656464383532376566643637653562386337373765346466646265636266313739636266613861
+33306263623335613832393361343432373433303935346630393165376231613462346637323164
+38313836346336323530303262623266356230346132303563363866356532336335356138343566
+39373161353464353334336435373838303731333466633364626466616538313833326266636663
+61393537303135363237306435663836316662363433633530613936393730633034313333333766
+66303532666238316237356565313638393036343932323563383839363562356362396439306532
+62353431663538333361323935393863356463396537313661653530353032643435666366653434
+34633166663134353432313630393764666464366165373566316633303830613463363434623964
+35393766313931326365666634643163323164663263386531366130346663643332616565333066
+31623264666530303662666638303130376466646361663465366338643162396438653938396535
+31626137336462353561386131646162333065646630343732393932626561626161323538383130
+36626338626330333731353638373761626332383665353936666263313062343366616564343063
+32636365343562313433346137643131326265396632383936356432343636356363386430313436
+31346137646264333564313630323037356462313832653133353031653134353232623363363331
+37623734393261306237643632613938393439313866326566353661363661303034656265616634
+61393836666666663434643930343066313761646336303065393465613732666132643734396466
+63623963343835393864396363656166323166353663313639373238616166333338366136343464
+39646139393237643761633336353862306162663732376366633335336263623735346130646562
+36643038386563393134313162363131633836313063366537346462366535326262353863663065
+66393562633661373030376139656331393466623365333933333031663933663866313135346362
+31623236363832373133336665326336646332653762373961333538313038626462666238333063
+33653230326266623433313335623364656266626562366237376533633135633438383761313431
+64633065343431396535646638616139663333343337353532653264323932626132636333643237
+3566

vars/users.yml

 users:
   - login: ecitk
-    displ: 1
     sudo: yes
-    name: Todor
+    name: ecitk
     sshkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvodoKak1YZDw/psy6XYT/dFKvZkeIwwFexwQPVtH36tOpexVFXLQ0fYpSzQiQdejnCzLlaMFUAQCqotKObp7ByKlEHsacxUtq4XxddufX67XV3jQuvitr51x9JDxaa0XpG0uZpN4uYNV9ievWiF2ZTBxS6+SZM7eKuLjhJPafwltWzZxGiBjm1/HP7IExSpGhgvdaoEspozNBWrm9ILGF1s957jsiq/+5cbXyY3Z37Js2ByyA1eM9Zmhai/5dzhwzqQuOvGVFHSNmJEjL+ZmQtpLqaq5o8YvSUu/jL7ZMe58Ppx3sbuCW0bGJ4NwJi1yankKEdotPiu1rjrfcN2hSg8rTLx+qJ3i7vBH3jgyS54K4Jfob1lbEwpE2OeBwiY9mcJbuMOsj7MS9vYzrVYACymbS+cLprEm5Wr7Rdy5jx23p1YMHFqmFUWZFs1Esa0wOGPwnaDUxTQWk3HtA8nah8p92F55yqPfGNL3eH8h0tPMsQDBms0jxQak10lvQa5Skdd5Jte8JHg6H0jbTuFZoXrIynqUxttdKCHPYcRt/YsFB5iXT1JqCe0ftVTYYb9/2rNJHQnTQ5zfaGXuCoT6aJmR7bWy7jhsGlxuDyON1bVTw8Sq0DGXZPmAwhZAqGwnhs0YDYH+VTtZA1fgY5EXQmafC8UPYExY9WKeNgCo22w== user@machine"
   - login: ecies
     sudo: no
-    displ: 2
     sshkey: no
-    name: Emma
-
+    name: ecies
+  - login: eciae
+    sudo: no
+    sshkey: no
+    name: eciae
+  - login: ecihmt
+    sudo: no
+    sshkey: no
+    name: ecihmt
+  - login: sundasarshad
+    sudo: no
+    sshkey: no
+    name: sundasarshad
+  - login: anaghagaikwad
+    sudo: no
+    sshkey: no
+    name: anaghagaikwad
+  - login: haileeherbst
+    sudo: no
+    sshkey: no
+    name: haileeherbst
+  - login: jimmyji
+    sudo: no
+    sshkey: no
+    name: jimmyji
+  - login: mariabaraona
+    sudo: no
+    sshkey: no
+    name: mariabaraona
+  - login: dinashaaban
+    sudo: no
+    sshkey: no
+    name: dinashaaban
+  - login: danielagutierrez
+    sudo: no
+    sshkey: no
+    name: danielagutierrez
+  - login: nizeng
+    sudo: no
+    sshkey: no
+    name: nizeng
+  - login: danielguignard
+    sudo: no
+    sshkey: no
+    name: danielguignard