diff --git a/.gitignore b/.gitignore index 08f9909..27de7b0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ /**/ansible/**/*.retry +/**/ansible/inventories/test/ bin images tmp diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 30c3e66..b6a2991 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -28,7 +28,7 @@ dockerimage: tags: - fablab -squashfs: +.squashfs_template: &squashfs_template stage: build script: - make images/debian-stretch.squashfs @@ -41,3 +41,17 @@ squashfs: expire_in: 2 weeks tags: - fablab + +squashfs_featurebranch: + <<: *squashfs_template + variables: + COMPRESSION_LEVEL: 5 + except: + - master + +squashfs_master: + <<: *squashfs_template + variables: + COMPRESSION_LEVEL: 7 + only: + - master diff --git a/Makefile b/Makefile index f7d042d..9fdab82 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,11 @@ DOCKER_IMAGE ?= labsync-builder CWD=$(abspath $(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST)))))) +COMPRESSION_LEVEL ?= 5 + +ANSIBLE_LIMIT ?= qemumachine +ANSIBLE_TAGS ?= + qemu_ifname_br = brlabsync qemu_ifname_tap = taplabsync qemu_hostname = qemumachine @@ -18,7 +23,7 @@ qemu_target ?= debian-stretch qemu_kernel = $(qemu_target).linux qemu_torrent = $(qemu_target).torrent qemu_initramfs = $(shell \ -if [ -e $(qemu_target).initramfs.dev ] && [ `date -r $(qemu_target).initramfs.dev +%s` -gt `date -r $(qemu_target).initramfs +%s` ]; then \ +if [ -e images/$(qemu_target).initramfs.dev ] && [ `date -r images/$(qemu_target).initramfs.dev +%s` -gt `date -r images/$(qemu_target).initramfs +%s` ]; then \ echo "$(qemu_target).initramfs.dev"; \ else \ echo "$(qemu_target).initramfs"; \ @@ -36,7 +41,7 @@ clean: .PHONY: dockerimg dockerimg: - docker build -t "$(DOCKER_IMAGE)" --build-arg "PACKER_VERSION=$(PACKER_VERSION)" docker + docker build --pull -t "$(DOCKER_IMAGE)" --cache-from "$(DOCKER_IMAGE)" --build-arg "PACKER_VERSION=$(PACKER_VERSION)" docker images: [ ! -d "$@" ] && mkdir "$@" @@ -50,8 +55,10 @@ images/debian-stretch.squashfs: images -v "${PWD}/images:/images" \ -e "user=`id -u`" \ -e "group=`id -g`" \ + -e "IMAGES=${PWD}/images" \ -e "ANNOUNCE=$(ANNOUNCE)" \ -e "WEBSEED=$(WEBSEED)" \ + -e "COMPRESSION_LEVEL=$(COMPRESSION_LEVEL)" \ $(ci_environment) \ "$(DOCKER_IMAGE)" \ debian-stretch @@ -68,6 +75,25 @@ images/debian-stretch.torrent: images "$(DOCKER_IMAGE)" \ debian-stretch +.PHONY: ansible +ansible: + docker run \ + --rm \ + -v "${PWD}/packer/ansible:/ansible" \ + -e "user=`id -u`" \ + -e "group=`id -g`" \ + -e "ANNOUNCE=$(ANNOUNCE)" \ + -e "WEBSEED=$(WEBSEED)" \ + -e "TASK=ansible" \ + -v "${SSH_AUTH_SOCK}:/var/run/ssh_auth_sock" \ + -e "SSH_AUTH_SOCK=/var/run/ssh_auth_sock" \ + "$(DOCKER_IMAGE)" \ + -i inventories \ + $(if $(ANSIBLE_TAGS),-t $(ANSIBLE_TAGS),) \ + -l $(ANSIBLE_LIMIT) \ + --ssh-extra-args="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" \ + playbook.yml + # updates the initramfs # only used for development images/debian-stretch.initramfs.dev: tmp/initramfs-extracted/debian-stretch packer/initramfs/labsync @@ -84,7 +110,7 @@ tmp/initramfs-extracted/debian-stretch: images/debian-stretch.initramfs touch tmp/initramfs-extracted/debian-stretch $(qemu_disk): tmp - qemu-img create "$@" 4G + qemu-img create "$@" 20G tmp/netboot.tar.gz: tmp wget -c -O "$@" https://cdn-aws.deb.debian.org/debian/dists/stretch/main/installer-amd64/current/images/netboot/netboot.tar.gz @@ -122,7 +148,9 @@ qemu-network: /sys/devices/virtual/net/$(qemu_ifname_br)/brif/$(qemu_ifname_tap fi sudo ip link set $(qemu_ifname_tap) up sudo ip link set $(qemu_ifname_br) up - sudo iptables -t nat -A POSTROUTING -s $(qemu_network)/$(qemu_netmask) ! -o $(qemu_ifname_br) -j MASQUERADE + if ! sudo iptables -t nat -L POSTROUTING | grep -q "$(qemu_network)/$(qemu_netmask)"; then \ + sudo iptables -t nat -A POSTROUTING -s $(qemu_network)/$(qemu_netmask) ! -o $(qemu_ifname_br) -j MASQUERADE; \ + fi .PHONY: qemu qemu: qemu-network $(qemu_disk) docker-services @@ -130,7 +158,7 @@ qemu: qemu-network $(qemu_disk) docker-services -kernel "images/$(qemu_kernel)" \ -initrd "images/$(qemu_initramfs)" \ -drive format=raw,file="$(qemu_disk)" \ - -append "boot=labsync labsync_disk=/dev/sda labsync_partsize_boot=512 labsync_torrent=http://10.2.2.1/$(qemu_torrent) quiet vga=792 ip=$(qemu_vm_ip):::255.255.255.0:$(qemu_hostname):ens3:off labsync_wait=pause" \ + -append "boot=labsync labsync_disk=sda labsync_partsize_boot=512 labsync_torrent=http://10.2.2.1/$(qemu_torrent) quiet vga=792 ip=$(qemu_vm_ip):::255.255.255.0:$(qemu_hostname):ens3:off labsync_wait=pause" \ -enable-kvm \ -m 1G \ -net nic \ diff --git a/README.md b/README.md new file mode 100644 index 0000000..5ee1ab4 --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +## Testing + +### ansible + +root: `packer/ansible` + +`ansible-playbook -i inventories/qemu playbook.yml [-t TAG]` diff --git a/docker/Dockerfile b/docker/Dockerfile index 5ad9c17..51f3419 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,11 +1,25 @@ -FROM docker:dind +FROM docker RUN apk add --no-cache \ - ansible \ - mktorrent \ - openssh-client \ - rsync \ - squashfs-tools + ca-certificates \ + libffi \ + mktorrent \ + openssh-client \ + openssl \ + python2 \ + rsync \ + squashfs-tools \ + && apk add --no-cache --virtual .build-deps \ + gcc \ + libffi-dev \ + make \ + musl-dev \ + openssl-dev \ + py2-pip \ + python-dev \ + && pip install --upgrade pip \ + && pip install ansible==2.4.3.0 \ + && apk del .build-deps ARG PACKER_VERSION diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 50c592e..4d44b05 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -37,36 +37,10 @@ make_torrent() { } run_packer() { - packer build "$PACKER_JSON" - - mkdir -p build/rootfs - tar xf build/rootfs.tar -C build/rootfs - - mv build/rootfs/artifacts/initramfs "/images/$INITRAMFS_FILE" - mv build/rootfs/artifacts/linux "/images/$LINUX_FILE" - - rm -rf build/rootfs/artifacts - - rm -- \ - build/rootfs/.dockerenv \ - build/rootfs/initrd.* \ - build/rootfs/vmlinuz* - - if [ -e "/images/$SQUASHFS_FILE" ]; then - rm "/images/$SQUASHFS_FILE" - fi - - mksquashfs build/rootfs "/images/$SQUASHFS_FILE" \ - -comp lzo \ - -Xcompression-level 9 - - rm -rf build + packer build "$NAME.json" if [ "$user" != "" ] && [ "$group" != "" ]; then - chown $user:$group \ - "/images/$INITRAMFS_FILE" \ - "/images/$LINUX_FILE" \ - "/images/$SQUASHFS_FILE" + chown $user:$group "/images/${NAME}."* fi } @@ -77,10 +51,7 @@ if [ "$NAME" = "" ]; then exit 1 fi -export PACKER_JSON="$NAME.json" -export INITRAMFS_FILE="$NAME.initramfs" -export LINUX_FILE="$NAME.linux" -export SQUASHFS_FILE="$NAME.squashfs" +export NAME if [ -z "$TASK" ] || [ "$TASK" == "packer" ]; then run_packer @@ -88,4 +59,8 @@ fi if [ -z "$TASK" ] || [ "$TASK" == "torrent" ]; then make_torrent "$NAME.squashfs" fi +if [ "$TASK" == "ansible" ]; then + cd /ansible + /usr/bin/ansible-playbook "$@" +fi diff --git a/packer/ansible/inventories/qemu b/packer/ansible/inventories/qemu index 90ce6ad..6868c76 100644 --- a/packer/ansible/inventories/qemu +++ b/packer/ansible/inventories/qemu @@ -1,3 +1,2 @@ [default] -qemumachine ansible_host=10.2.2.10 -spielkiste ansible_host=10.105.255.154 +qemumachine ansible_host=10.2.2.10 ansible_user=root diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml index 0fed1d3..6d73054 100644 --- a/packer/ansible/playbook.yml +++ b/packer/ansible/playbook.yml @@ -2,18 +2,66 @@ - hosts: default any_errors_fatal: yes roles: + - role: packages + tags: + - packages - role: superuser tags: - superuser - role: auth tags: - auth - - role: base - tags: - - base - - role: packages - tags: - - packages - role: labsync tags: - labsync + - role: windowmanager + tags: + - windowmanager + - role: l10n + tags: + - l10n + - role: inkscape + tags: + - inkscape + - role: fablab + tags: + - fablab + - role: hardware + tags: + - hardware + - role: docker + tags: + - docker + vars: + auth: + sudo: + group: fablab + l10n: + keyboard: + layout: de + variant: + model: pc105 + options: "" + locale: + generate: + - en_US.UTF-8 UTF-8 + - de_DE.UTF-8 UTF-8 + default: de_DE.UTF-8 + tasksel: + - english + - german + fablab: + arduino: + version: 1.8.5 + visicut: + url: "https://github.com/t-oster/VisiCut/releases/download/1.7_310/visicut_1.7-310-gcf8c087-1_all.deb" + cura: + version: 3.2.1 + debian_sections: + - main + - contrib + - non-free + debian_mirror: http://ftp.de.debian.org/debian + hardware: + firmware: + - firmware-amd-graphics diff --git a/packer/ansible/roles/auth/files/sudoers b/packer/ansible/roles/auth/files/sudoers new file mode 100644 index 0000000..7ea5db9 --- /dev/null +++ b/packer/ansible/roles/auth/files/sudoers @@ -0,0 +1,7 @@ +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +root ALL=(ALL:ALL) ALL + +%fablab ALL=(ALL:ALL) ALL diff --git a/packer/ansible/roles/auth/tasks/main.yml b/packer/ansible/roles/auth/tasks/main.yml index 06ece31..e13fe8d 100644 --- a/packer/ansible/roles/auth/tasks/main.yml +++ b/packer/ansible/roles/auth/tasks/main.yml @@ -1,2 +1,3 @@ --- - import_tasks: debug.yml +- import_tasks: sudo.yml diff --git a/packer/ansible/roles/auth/tasks/sudo.yml b/packer/ansible/roles/auth/tasks/sudo.yml new file mode 100644 index 0000000..a2784a1 --- /dev/null +++ b/packer/ansible/roles/auth/tasks/sudo.yml @@ -0,0 +1,13 @@ +--- +- name: install sudo + package: + name: sudo + state: present + +- name: configure sudoers + copy: + src: sudoers + dest: "/etc/sudoers" + owner: root + group: root + mode: '0440' diff --git a/packer/ansible/roles/base/tasks/filesystem.yml b/packer/ansible/roles/base/tasks/filesystem.yml deleted file mode 100644 index 6498277..0000000 --- a/packer/ansible/roles/base/tasks/filesystem.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: configure fstab - template: - src: fstab.j2 - dest: /etc/fstab diff --git a/packer/ansible/roles/base/tasks/main.yml b/packer/ansible/roles/base/tasks/main.yml deleted file mode 100644 index 6492ecd..0000000 --- a/packer/ansible/roles/base/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- import_tasks: filesystem.yml diff --git a/packer/ansible/roles/base/templates/fstab.j2 b/packer/ansible/roles/base/templates/fstab.j2 deleted file mode 100644 index 08ccc0b..0000000 --- a/packer/ansible/roles/base/templates/fstab.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# device mountpoint type options dump pass -/dev/sda1 / ext4 defaults 0 0 diff --git a/packer/ansible/roles/docker/files/docker.asc b/packer/ansible/roles/docker/files/docker.asc new file mode 100644 index 0000000..ee7872e --- /dev/null +++ b/packer/ansible/roles/docker/files/docker.asc @@ -0,0 +1,62 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth +lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh +38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq +L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7 +UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N +cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht +ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo +vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD +G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ +XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj +q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB +tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 +BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO +v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd +tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk +jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m +6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P +XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc +FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8 +g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm +ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh +9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5 +G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW +FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB +EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF +M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx +Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu +w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk +z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8 +eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb +VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa +1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X +zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ +pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7 +ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ +BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY +1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp +YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI +mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES +KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7 +JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ +cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0 +6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5 +U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z +VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f +irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk +SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz +QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W +9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw +24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe +dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y +Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR +H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh +/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ +M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S +xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O +jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG +YT90qFF93M3v01BbxP+EIY2/9tiIPbrd +=0YYh +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packer/ansible/roles/docker/tasks/main.yml b/packer/ansible/roles/docker/tasks/main.yml new file mode 100644 index 0000000..460e943 --- /dev/null +++ b/packer/ansible/roles/docker/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- import_tasks: packages.yml + tags: + - docker:packages diff --git a/packer/ansible/roles/docker/tasks/packages.yml b/packer/ansible/roles/docker/tasks/packages.yml new file mode 100644 index 0000000..fc43430 --- /dev/null +++ b/packer/ansible/roles/docker/tasks/packages.yml @@ -0,0 +1,24 @@ +--- +- name: install dependencies + apt: + name: "{{ item }}" + state: present + with_items: + - apt-transport-https + - ca-certificates + +- name: Add apt key + apt_key: + data: "{{ lookup('file', 'docker.asc') }}" + state: present + +- name: Add repository + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" + filename: docker + state: present + +- name: install docker-ce + apt: + name: "docker-ce" + state: present diff --git a/packer/ansible/roles/fablab/files/cura.desktop b/packer/ansible/roles/fablab/files/cura.desktop new file mode 100644 index 0000000..0c5e228 --- /dev/null +++ b/packer/ansible/roles/fablab/files/cura.desktop @@ -0,0 +1,9 @@ +[Desktop Entry] +Name=Cura +GenericName=Cura +Comment=3D slicer +Exec=/opt/cura.AppImage +Icon=/opt/cura.png +Terminal=false +Type=Application +Categories=Graphics diff --git a/packer/ansible/roles/fablab/files/cura.png b/packer/ansible/roles/fablab/files/cura.png new file mode 100644 index 0000000..8fd6f41 Binary files /dev/null and b/packer/ansible/roles/fablab/files/cura.png differ diff --git a/packer/ansible/roles/fablab/tasks/arduino.yml b/packer/ansible/roles/fablab/tasks/arduino.yml new file mode 100644 index 0000000..8a9a3b1 --- /dev/null +++ b/packer/ansible/roles/fablab/tasks/arduino.yml @@ -0,0 +1,14 @@ +--- +- import_tasks: java.yml + +- name: download and extract arduino + unarchive: + src: "https://downloads.arduino.cc/arduino-{{ fablab.arduino.version }}-linux64.tar.xz" + dest: /opt/ + remote_src: yes + +- name: add arduino to applications menu + template: + src: arduino.desktop.j2 + dest: /usr/share/applications/arduino.dekstop + diff --git a/packer/ansible/roles/fablab/tasks/cad.yml b/packer/ansible/roles/fablab/tasks/cad.yml new file mode 100644 index 0000000..10eb857 --- /dev/null +++ b/packer/ansible/roles/fablab/tasks/cad.yml @@ -0,0 +1,21 @@ +--- +- name: install freecad + apt: + name: freecad + state: present + tags: + - fablab:cad:freecad + +- name: install openscad + apt: + name: openscad + state: present + tags: + - fablab:cad:openscad + +- name: install meshlab + apt: + name: meshlab + state: present + tags: + - fablab:cad:meshlab diff --git a/packer/ansible/roles/fablab/tasks/cura.yml b/packer/ansible/roles/fablab/tasks/cura.yml new file mode 100644 index 0000000..ef680b3 --- /dev/null +++ b/packer/ansible/roles/fablab/tasks/cura.yml @@ -0,0 +1,16 @@ +--- +- name: install cura + get_url: + url: "http://software.ultimaker.com/current/Cura-{{ fablab.cura.version }}.AppImage" + dest: /opt/cura.AppImage + mode: 775 + +- name: get cura icon + copy: + src: cura.png + dest: /opt/cura.png + +- name: install cura dekstop file + copy: + src: cura.desktop + dest: /usr/share/applications/cura.desktop diff --git a/packer/ansible/roles/fablab/tasks/fritzing.yml b/packer/ansible/roles/fablab/tasks/fritzing.yml new file mode 100644 index 0000000..6480442 --- /dev/null +++ b/packer/ansible/roles/fablab/tasks/fritzing.yml @@ -0,0 +1,5 @@ +--- +- name: install fritzing + apt: + name: fritzing + state: present diff --git a/packer/ansible/roles/fablab/tasks/java.yml b/packer/ansible/roles/fablab/tasks/java.yml new file mode 100644 index 0000000..4d012b7 --- /dev/null +++ b/packer/ansible/roles/fablab/tasks/java.yml @@ -0,0 +1,5 @@ +--- +- name: install java + apt: + name: default-jre + state: present diff --git a/packer/ansible/roles/fablab/tasks/kicad.yml b/packer/ansible/roles/fablab/tasks/kicad.yml new file mode 100644 index 0000000..509c22b --- /dev/null +++ b/packer/ansible/roles/fablab/tasks/kicad.yml @@ -0,0 +1,5 @@ +--- +- name: install kicad + apt: + name: kicad + state: present diff --git a/packer/ansible/roles/fablab/tasks/main.yml b/packer/ansible/roles/fablab/tasks/main.yml new file mode 100644 index 0000000..928e0e8 --- /dev/null +++ b/packer/ansible/roles/fablab/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- import_tasks: arduino.yml + tags: + - fablab:arduino +- import_tasks: cad.yml + tags: + - fablab:cad +- import_tasks: cura.yml + tags: + - fablab:cura +- import_tasks: fritzing.yml + tags: + - fablab:fritzing +- import_tasks: kicad.yml + tags: + - fablab:kicad +- import_tasks: visicut.yml + tags: + - fablab:visicut diff --git a/packer/ansible/roles/fablab/tasks/visicut.yml b/packer/ansible/roles/fablab/tasks/visicut.yml new file mode 100644 index 0000000..bd1b254 --- /dev/null +++ b/packer/ansible/roles/fablab/tasks/visicut.yml @@ -0,0 +1,7 @@ +--- +- import_tasks: java.yml + +- name: install visicut + apt: + deb: "{{ fablab.visicut.url }}" + state: present diff --git a/packer/ansible/roles/fablab/templates/arduino.desktop.j2 b/packer/ansible/roles/fablab/templates/arduino.desktop.j2 new file mode 100644 index 0000000..d8bda0e --- /dev/null +++ b/packer/ansible/roles/fablab/templates/arduino.desktop.j2 @@ -0,0 +1,10 @@ +[Desktop Entry] +Type=Application +Name=Arduino IDE +GenericName=Create physical computing projects +Exec=/opt/arduino-{{ fablab.arduino.version }}/arduino +Icon=/opt/arduino-{{ fablab.arduino.version }}/lib/icons/128x128/apps/arduino.png +Terminal=false +Categories=Development;Engineering;Electronics; +MimeType=text/x-arduino +Keywords=embedded electronics;electronics;avr;microcontroller; diff --git a/packer/ansible/roles/hardware/tasks/firmware.yml b/packer/ansible/roles/hardware/tasks/firmware.yml new file mode 100644 index 0000000..63a2fda --- /dev/null +++ b/packer/ansible/roles/hardware/tasks/firmware.yml @@ -0,0 +1,6 @@ +--- +- name: install firmware + apt: + name: "{{ item }}" + state: present + with_items: "{{ hardware.firmware }}" diff --git a/packer/ansible/roles/hardware/tasks/main.yml b/packer/ansible/roles/hardware/tasks/main.yml new file mode 100644 index 0000000..e269158 --- /dev/null +++ b/packer/ansible/roles/hardware/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- import_tasks: firmware.yml diff --git a/packer/ansible/roles/inkscape/tasks/base.yml b/packer/ansible/roles/inkscape/tasks/base.yml new file mode 100644 index 0000000..f583472 --- /dev/null +++ b/packer/ansible/roles/inkscape/tasks/base.yml @@ -0,0 +1,5 @@ +--- +- name: install inkscape + apt: + name: "inkscape" + state: present diff --git a/packer/ansible/roles/inkscape/tasks/main.yml b/packer/ansible/roles/inkscape/tasks/main.yml new file mode 100644 index 0000000..a9374b6 --- /dev/null +++ b/packer/ansible/roles/inkscape/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- import_tasks: base.yml diff --git a/packer/ansible/roles/l10n/handlers/main.yml b/packer/ansible/roles/l10n/handlers/main.yml new file mode 100644 index 0000000..bfccb59 --- /dev/null +++ b/packer/ansible/roles/l10n/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: generate locales + command: locale-gen + diff --git a/packer/ansible/roles/l10n/tasks/keyboard-configuration.yml b/packer/ansible/roles/l10n/tasks/keyboard-configuration.yml new file mode 100644 index 0000000..baed682 --- /dev/null +++ b/packer/ansible/roles/l10n/tasks/keyboard-configuration.yml @@ -0,0 +1,5 @@ +--- +- name: configure keyboard + template: + src: keyboard.j2 + dest: /etc/default/keyboard diff --git a/packer/ansible/roles/l10n/tasks/locale.yml b/packer/ansible/roles/l10n/tasks/locale.yml new file mode 100644 index 0000000..0ded02f --- /dev/null +++ b/packer/ansible/roles/l10n/tasks/locale.yml @@ -0,0 +1,17 @@ +--- +- name: install locales + apt: + name: locales + state: present + +- name: configure locales to be generated + template: + src: locale.gen.j2 + dest: /etc/locale.gen + notify: generate locales + +- name: set default locale + lineinfile: + path: /etc/default/locale + regexp: "^LANG=" + line: "LANG={{ l10n.locale.default }}" diff --git a/packer/ansible/roles/l10n/tasks/main.yml b/packer/ansible/roles/l10n/tasks/main.yml new file mode 100644 index 0000000..00a1d55 --- /dev/null +++ b/packer/ansible/roles/l10n/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- import_tasks: keyboard-configuration.yml +- import_tasks: locale.yml diff --git a/packer/ansible/roles/l10n/templates/keyboard.j2 b/packer/ansible/roles/l10n/templates/keyboard.j2 new file mode 100644 index 0000000..8365e49 --- /dev/null +++ b/packer/ansible/roles/l10n/templates/keyboard.j2 @@ -0,0 +1,6 @@ +XKBMODEL="{{ l10n.keyboard.model }}" +XKBLAYOUT="{{ l10n.keyboard.layout }}" +XKBVARIANT="{{ l10n.keyboard.variant }}" +XKBOPTIONS="{{ l10n.keyboard.options }}" + +BACKSPACE="guess" diff --git a/packer/ansible/roles/l10n/templates/locale.gen.j2 b/packer/ansible/roles/l10n/templates/locale.gen.j2 new file mode 100644 index 0000000..1c39bf7 --- /dev/null +++ b/packer/ansible/roles/l10n/templates/locale.gen.j2 @@ -0,0 +1,3 @@ +{% for locale in l10n.locale.generate %} +{{ locale }} +{% endfor %} diff --git a/packer/ansible/roles/labsync/files/labsync-install-localboot.sh b/packer/ansible/roles/labsync/files/labsync-install-localboot.sh index 6e89372..e496484 100755 --- a/packer/ansible/roles/labsync/files/labsync-install-localboot.sh +++ b/packer/ansible/roles/labsync/files/labsync-install-localboot.sh @@ -1,14 +1,16 @@ #!/bin/sh -boot_partition='/dev/sda1' +boot_partition="/dev/${LABSYNC_DISK}1" localboot="$(sed -n 's/^.*labsync_localboot=\([^ ]*\).*$/\1/p' /proc/cmdline)" if [ -z "$localboot" ]; then umount "$boot_partition" || true - echo "$boot_partition /boot ext2 defaults 0 0" > /etc/fstab + if ! grep -q ' /boot ' /etc/fstab; then + echo "$boot_partition /boot ext2 defaults 0 0" >> /etc/fstab + fi mke2fs -t ext2 -F "$boot_partition" mount /boot rsync -av /usr/local/boot/ /boot/ - grub-install /dev/sda + grub-install /dev/$LABSYNC_DISK sed -i 's/^\(GRUB_DEVICE=\).*$/\1""/' /usr/sbin/grub-mkconfig #sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT=\).*$/\1'"'quiet boot=labsync labsync_localboot=\"$LABSYNC\"'/" /etc/default/grub sed -i 's/^\(GRUB_CMDLINE_LINUX=\).*$/\1'"'boot=labsync labsync_localboot=\"$LABSYNC\"'/" /etc/default/grub diff --git a/packer/ansible/roles/network-manager/tasks/main.yml b/packer/ansible/roles/network-manager/tasks/main.yml new file mode 100644 index 0000000..d7ced84 --- /dev/null +++ b/packer/ansible/roles/network-manager/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: install network-manager + apt: + name: "{{ item }}" + state: present + with_items: + - network-manager + - network-manager-gnome diff --git a/packer/ansible/roles/packages/defaults/main.yml b/packer/ansible/roles/packages/defaults/main.yml new file mode 100644 index 0000000..766cd0c --- /dev/null +++ b/packer/ansible/roles/packages/defaults/main.yml @@ -0,0 +1,4 @@ +debian_mirror: http://deb.debian.org/debian +debian_mirror_security: http://security.debian.org/ +debian_sections: + - main diff --git a/packer/ansible/roles/packages/tasks/debian.yml b/packer/ansible/roles/packages/tasks/debian.yml index d36310e..25a41a6 100644 --- a/packer/ansible/roles/packages/tasks/debian.yml +++ b/packer/ansible/roles/packages/tasks/debian.yml @@ -10,3 +10,8 @@ - htop - systemd-sysv - vim-nox + - pciutils + - usbutils + - strace + - net-tools + - lshw diff --git a/packer/ansible/roles/packages/tasks/main.yml b/packer/ansible/roles/packages/tasks/main.yml index c01e82f..721c6b9 100644 --- a/packer/ansible/roles/packages/tasks/main.yml +++ b/packer/ansible/roles/packages/tasks/main.yml @@ -1,2 +1,3 @@ --- +- import_tasks: sources.yml - import_tasks: debian.yml diff --git a/packer/ansible/roles/packages/tasks/sources.yml b/packer/ansible/roles/packages/tasks/sources.yml new file mode 100644 index 0000000..d6befbc --- /dev/null +++ b/packer/ansible/roles/packages/tasks/sources.yml @@ -0,0 +1,30 @@ +--- +- name: install python-apt + apt: + name: "python-apt" + state: present + +- name: clear sources.list + copy: + content: "" + dest: /etc/apt/sources.list + +- name: configure main repo + apt_repository: + filename: "{{ ansible_distribution_release }}" + repo: "deb {{ debian_mirror }} {{ ansible_distribution_release }} {{ debian_sections | join(' ') }}" + state: present + +- name: configure updates repo + apt_repository: + filename: "{{ ansible_distribution_release }}-updates" + repo: "deb {{ mirror }} {{ ansible_distribution_release }}-updates {{ debian_sections | join(' ') }}" + state: present + vars: + mirror: "{{ debian_mirror_updates | default(debian_mirror) }}" + +- name: configure security updates repo + apt_repository: + filename: "{{ ansible_distribution_release }}-security" + repo: "deb {{ debian_mirror_security }} {{ ansible_distribution_release }}/updates {{ debian_sections | join(' ') }}" + state: present diff --git a/packer/ansible/roles/readme_roles.md b/packer/ansible/roles/readme_roles.md new file mode 100644 index 0000000..51348af --- /dev/null +++ b/packer/ansible/roles/readme_roles.md @@ -0,0 +1,3 @@ + * alle „maker-tools“ in fablab + * großer Kram in eigene role + + inkscape diff --git a/packer/ansible/roles/windowmanager/files/autostart b/packer/ansible/roles/windowmanager/files/autostart new file mode 100755 index 0000000..c8083e3 --- /dev/null +++ b/packer/ansible/roles/windowmanager/files/autostart @@ -0,0 +1,17 @@ +#!/bin/bash +# set background image +gsettings set org.mate.background picture-filename '/etc/lightdm/bg.jpg' + +# set fonts +#gsettings set org.mate.interface monospace-font-name 'Monospace 10' +gsettings set org.mate.interface font-name 'Roboto 10' +gsettings set org.mate.interface document-font-name 'Roboto 10' + +if echo $USER | grep -E 'guest-*'; then + gsettings set org.mate.screensaver lock-enabled false + zenity \ + --title="Willkomen im FabLab Bad Windsheim" \ + --info \ + --width=500 \ + --text='Hallo!\n\nDu hast Dich mit einem Gast-Account angemeldet. Alle Daten werden nach der Anmeldung gelöscht. Wenn Du Deine Daten dauerhaft speichern möchtest, lege Dir bitte einene Account an!' +fi diff --git a/packer/ansible/roles/windowmanager/files/autostart.desktop b/packer/ansible/roles/windowmanager/files/autostart.desktop new file mode 100644 index 0000000..dc04f14 --- /dev/null +++ b/packer/ansible/roles/windowmanager/files/autostart.desktop @@ -0,0 +1,5 @@ +[Desktop Entry] +Name=Autostart +Type=Application +NoDisplay=true +Exec=/usr/local/bin/autostart diff --git a/packer/ansible/roles/windowmanager/files/bg.jpg b/packer/ansible/roles/windowmanager/files/bg.jpg new file mode 100644 index 0000000..45272f8 Binary files /dev/null and b/packer/ansible/roles/windowmanager/files/bg.jpg differ diff --git a/packer/ansible/roles/windowmanager/files/guest-account.sh b/packer/ansible/roles/windowmanager/files/guest-account.sh new file mode 100644 index 0000000..38c2cc7 --- /dev/null +++ b/packer/ansible/roles/windowmanager/files/guest-account.sh @@ -0,0 +1,232 @@ +#!/bin/sh -e +# (C) 2008 Canonical Ltd. +# Author: Martin Pitt +# License: GPL v2 or later +# modified by David D Lowe and Thomas Detoux +# +# Setup user and temporary home directory for guest session. +# If this succeeds, this script needs to print the username as the last line to +# stdout. + +# github.com/CanonicalLtd/lightdm +# debian/guest-account.sh + +export TEXTDOMAINDIR=/usr/share/locale-langpack +export TEXTDOMAIN=lightdm + +# set the system wide locale for gettext calls +if [ -f /etc/default/locale ]; then + . /etc/default/locale + LANGUAGE= + export LANG LANGUAGE +fi + +is_system_user () +{ + UID_MIN=$(cat /etc/login.defs | grep UID_MIN | awk '{print $2}') + SYS_UID_MIN=$(cat /etc/login.defs | grep SYS_UID_MIN | awk '{print $2}') + SYS_UID_MAX=$(cat /etc/login.defs | grep SYS_UID_MAX | awk '{print $2}') + + SYS_UID_MIN=${SYS_UID_MIN:-101} + SYS_UID_MAX=${SYS_UID_MAX:-$(( UID_MIN - 1 ))} + + [ ${1} -ge ${SYS_UID_MIN} ] && [ ${1} -le ${SYS_UID_MAX} ] +} + +add_account () +{ + temp_home=$(mktemp -td guest-XXXXXX) + GUEST_HOME=$(echo ${temp_home} | tr '[:upper:]' '[:lower:]') + GUEST_USER=${GUEST_HOME#/tmp/} + if [ "${GUEST_HOME}" != "${temp_home}" ]; then + mkdir -m 700 "${GUEST_HOME}" || { + echo "Failed to create ${GUEST_USER}'s home directory (${GUEST_HOME})" + exit 1 + } + rmdir "${temp_home}" + fi + + # if ${GUEST_USER} already exists, it must be a locked system account with no existing + # home directory + if PWSTAT=$(passwd -S ${GUEST_USER}) 2>/dev/null; then + if [ $(echo ${PWSTAT} | cut -f2 -d' ') != L ]; then + echo "User account ${GUEST_USER} already exists and is not locked" + exit 1 + fi + + PWENT=$(getent passwd ${GUEST_USER}) || { + echo "getent passwd ${GUEST_USER} failed" + exit 1 + } + + GUEST_UID=$(echo ${PWENT} | cut -f3 -d:) + + if ! is_system_user ${GUEST_UID}; then + echo "Account ${GUEST_USER} is not a system user" + exit 1 + fi + + GUEST_HOME=$(echo ${PWENT} | cut -f6 -d:) + + if [ ${GUEST_HOME} != / ] && [ ${GUEST_HOME#/tmp} = ${GUEST_HOME} ] && [ -d ${GUEST_HOME} ]; then + echo "Home directory of ${GUEST_USER} already exists" + exit 1 + fi + else + # does not exist, so create it + useradd --system --home-dir ${GUEST_HOME} --comment $(gettext "Guest") --user-group --shell /bin/bash ${GUEST_USER} || { + rm -rf ${GUEST_HOME} + exit 1 + } + fi + + dist_gs=/usr/share/lightdm/guest-session + site_gs=/etc/guest-session + + # create temporary home directory + mount -t tmpfs -o mode=700,uid=${GUEST_USER} none ${GUEST_HOME} || { + rm -rf ${GUEST_HOME} + exit 1 + } + + if [ -d ${site_gs}/skel ] && [ "$(ls -A ${site_gs}/skel)" ]; then + # Only perform union-mounting if BindFS is available + if [ -x /usr/bin/bindfs ]; then + bindfs_mount=true + + # Try OverlayFS first + if modinfo -n overlay >/dev/null 2>&1; then + mkdir ${GUEST_HOME}/upper ${GUEST_HOME}/work + chown ${GUEST_USER}:${GUEST_USER} ${GUEST_HOME}/upper ${GUEST_HOME}/work + + mount -t overlay -o lowerdir=${dist_gs}/skel:${site_gs}/skel,upperdir=${GUEST_HOME}/upper,workdir=${GUEST_HOME}/work overlay ${GUEST_HOME} || { + umount ${GUEST_HOME} + rm -rf ${GUEST_HOME} + exit 1 + } + # If OverlayFS is not available, try AuFS + elif [ -x /sbin/mount.aufs ]; then + mount -t aufs -o br=${GUEST_HOME}:${dist_gs}/skel:${site_gs}/skel none ${GUEST_HOME} || { + umount ${GUEST_HOME} + rm -rf ${GUEST_HOME} + exit 1 + } + # If none of them is available, fall back to copy over + else + cp -rT ${site_gs}/skel/ ${GUEST_HOME} + cp -rT ${dist_gs}/skel/ ${GUEST_HOME} + chown -R ${GUEST_USER}:${GUEST_USER} ${GUEST_HOME} + bindfs_mount=false + fi + + if ${bindfs_mount}; then + # Wrap ${GUEST_HOME} in a BindFS mount, so that + # ${GUEST_USER} will be seen as the owner of ${GUEST_HOME}'s contents. + bindfs -u ${GUEST_USER} -g ${GUEST_USER} ${GUEST_HOME} ${GUEST_HOME} || { + umount ${GUEST_HOME} # union mount + umount ${GUEST_HOME} # tmpfs mount + rm -rf ${GUEST_HOME} + exit 1 + } + fi + # If BindFS is not available, just fall back to copy over + else + cp -rT ${site_gs}/skel/ ${GUEST_HOME} + cp -rT ${dist_gs}/skel/ ${GUEST_HOME} + chown -R ${GUEST_USER}:${GUEST_USER} ${GUEST_HOME} + fi + else + cp -rT /etc/skel/ ${GUEST_HOME} + cp -rT ${dist_gs}/skel/ ${GUEST_HOME} + chown -R ${GUEST_USER}:${GUEST_USER} ${GUEST_HOME} + fi + + # setup session + su ${GUEST_USER} -c "env HOME=${GUEST_HOME} site_gs=${site_gs} ${dist_gs}/setup.sh" + + # set possible local guest session preferences + source_local_prefs() { + local USER=${GUEST_USER} + local HOME=${GUEST_HOME} + . ${site_gs}/prefs.sh + chown -R ${USER}:${USER} ${HOME} + } + if [ -f ${site_gs}/prefs.sh ]; then + source_local_prefs + fi + + echo ${GUEST_USER} +} + +remove_account () +{ + GUEST_USER=${1} + + PWENT=$(getent passwd ${GUEST_USER}) || { + echo "Error: invalid user ${GUEST_USER}" + exit 1 + } + + GUEST_UID=$(echo ${PWENT} | cut -f3 -d:) + + if ! is_system_user ${GUEST_UID}; then + echo "Error: user ${GUEST_USER} is not a system user." + exit 1 + fi + + GUEST_HOME=$(echo ${PWENT} | cut -f6 -d:) + + # kill all remaining processes + if [ -x /bin/loginctl ] || [ -x /usr/bin/loginctl ]; then + loginctl --signal=9 kill-user ${GUEST_USER} >/dev/null || true + else + while ps h -u ${GUEST_USER} >/dev/null + do + killall -9 -u ${GUEST_USER} || true + sleep 0.2; + done + fi + + if [ ${GUEST_HOME} = ${GUEST_HOME#/tmp/} ]; then + echo "Warning: home directory ${GUEST_HOME} is not in /tmp/. It won't be removed." + else + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # BindFS mount + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # union mount + umount ${GUEST_HOME} || umount -l ${GUEST_HOME} || true # tmpfs mount + rm -rf ${GUEST_HOME} + fi + + # remove leftovers in /tmp + find /tmp -mindepth 1 -maxdepth 1 -uid ${GUEST_UID} -print0 | xargs -0 rm -rf || true + + # remove possible {/run,}/media/guest-XXXXXX folder + for media_dir in /run/media/${GUEST_USER} /media/${GUEST_USER}; do + if [ -d ${media_dir} ]; then + for dir in $(find ${media_dir} -mindepth 1 -maxdepth 1); do + umount ${dir} || true + done + + rmdir ${media_dir} || true + fi + done + + userdel --force ${GUEST_USER} +} + +case ${1} in + add) + add_account + ;; + remove) + if [ -z ${2} ] ; then + echo "Usage: ${0} remove [account]" + exit 1 + fi + + remove_account ${2} + ;; + *) + echo "Usage: ${0} add" + echo " ${0} remove [account]" + exit 1 +esac diff --git a/packer/ansible/roles/windowmanager/files/guest-session-setup.sh b/packer/ansible/roles/windowmanager/files/guest-session-setup.sh new file mode 100644 index 0000000..5e4f963 --- /dev/null +++ b/packer/ansible/roles/windowmanager/files/guest-session-setup.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +# github.com/CanonicalLtd/lightdm +# debian/guest-session-setup.sh + +HOME=${HOME:-$(getent passwd $(whoami) | cut -f6 -d:)} + +# disable some services that are unnecessary for the guest session +services="jockey-kde.desktop jockey-gtk.desktop update-notifier.desktop user-dirs-update-gtk.desktop" + +for service in ${services}; do + if [ -e /etc/xdg/autostart/${service} ]; then + [ -f ${HOME}/.config/autostart/${service} ] || cp /etc/xdg/autostart/${service} ${HOME}/.config/autostart + echo "X-GNOME-Autostart-enabled=false" >> ${HOME}/.config/autostart/${service} + fi +done + +# disable Unity shortcut hint +[ -d ${HOME}/.cache/unity ] || mkdir -p ${HOME}/.cache/unity +touch ${HOME}/.cache/unity/first_run.stamp + +[ -d ${HOME}/.kde/share/config ] || mkdir -p ${HOME}/.kde/share/config +echo "[Basic Settings]" >> ${HOME}/.kde/share/config/nepomukserverrc +echo "Start Nepomuk=false" >> ${HOME}/.kde/share/config/nepomukserverrc + +echo "[Event]" >> ${HOME}/.kde/share/config/notificationhelper +echo "hideHookNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper +echo "hideInstallNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper +echo "hideRestartNotifier=true" >> ${HOME}/.kde/share/config/notificationhelper + +# Load restricted session +#dmrc='[Desktop]\nSession=guest-restricted' +#/bin/echo -e ${dmrc} > ${HOME}/.dmrc + +# delay the launch of info dialog +echo "export DIALOG_SLEEP=4" >> ${HOME}/.profile diff --git a/packer/ansible/roles/windowmanager/tasks/awesome.yml b/packer/ansible/roles/windowmanager/tasks/awesome.yml new file mode 100644 index 0000000..007852d --- /dev/null +++ b/packer/ansible/roles/windowmanager/tasks/awesome.yml @@ -0,0 +1,5 @@ +--- +- name: install awesome + apt: + name: "awesome" + state: present diff --git a/packer/ansible/roles/windowmanager/tasks/lightdm.yml b/packer/ansible/roles/windowmanager/tasks/lightdm.yml new file mode 100644 index 0000000..7393fc1 --- /dev/null +++ b/packer/ansible/roles/windowmanager/tasks/lightdm.yml @@ -0,0 +1,70 @@ +--- +- name: install lightdm + apt: + name: "{{ item }}" + state: present + with_items: + - lightdm + - lightdm-gtk-greeter + - fonts-roboto + +- name: get background image for lightdm + copy: + src: bg.jpg + dest: /etc/lightdm/bg.jpg + +- name: configure lightdm-gtk-greeter + ini_file: + path: /etc/lightdm/lightdm-gtk-greeter.conf + section: greeter + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: background + value: /etc/lightdm/bg.jpg + - option: font-name + value: Roboto + - option: hide-user-image + value: "true" + - option: panel-position + value: bottom + - option: clock-format + value: "%A, %d.%m.%Y %H:%M:%S" + +- name: genereate guest-session directory + file: + path: /usr/share/lightdm/guest-session + state: directory + +- name: link guest-session configs + file: + src: /etc/skel + dest: /usr/share/lightdm/guest-session/skel + state: link + +- name: copy guest-account scripts + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "0755" + with_items: + - src: guest-session-setup.sh + dest: /usr/share/lightdm/guest-session/setup.sh + - src: guest-account.sh + dest: /usr/local/sbin/guest-account + +- name: configure lightdm + ini_file: + path: /etc/lightdm/lightdm.conf + section: "Seat:*" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: allow-guest + value: "true" + - option: greeter-allow-guest + value: "true" + - option: user-session + value: MATE + - option: guest-session + value: MATE diff --git a/packer/ansible/roles/windowmanager/tasks/main.yml b/packer/ansible/roles/windowmanager/tasks/main.yml new file mode 100644 index 0000000..be2cb0a --- /dev/null +++ b/packer/ansible/roles/windowmanager/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- import_tasks: lightdm.yml + tags: + - windowmanager:lightdm +- import_tasks: awesome.yml + tags: + - windowmanager:awesome +- import_tasks: mate.yml + tags: + - windowmanager:mate diff --git a/packer/ansible/roles/windowmanager/tasks/mate.yml b/packer/ansible/roles/windowmanager/tasks/mate.yml new file mode 100644 index 0000000..b7c1918 --- /dev/null +++ b/packer/ansible/roles/windowmanager/tasks/mate.yml @@ -0,0 +1,21 @@ +--- +- name: install mate + apt: + name: "task-mate-desktop" + state: present + +- name: copy autostart script + copy: + src: autostart + dest: /usr/local/bin/autostart + mode: "0775" + +- name: create autostart directory + file: + path: /etc/skel/.config/autostart/ + state: directory + +- name: copy autostart desktop file + copy: + src: autostart.desktop + dest: /etc/skel/.config/autostart/autostart.desktop diff --git a/packer/debian-stretch.json b/packer/debian-stretch.json index 06df95d..2587fa6 100644 --- a/packer/debian-stretch.json +++ b/packer/debian-stretch.json @@ -1,5 +1,11 @@ { "variables": { + "name": "{{env `NAME`}}", + "squashfs_file": "{{env `NAME`}}.squashfs", + "initramfs_file": "{{env `NAME`}}.initramfs", + "linux_file": "{{env `NAME`}}.linux", + "compression_level": "{{env `COMPRESSION_LEVEL`}}", + "images": "{{env `IMAGES`}}", "ci_job_id": "{{env `CI_JOB_ID`}}", "ci_commit_sha": "{{env `CI_COMMIT_SHA`}}", "ci_commit_tag": "{{env `CI_COMMIT_TAG`}}", @@ -16,7 +22,15 @@ { "type": "docker", "image": "debian:stretch", - "export_path": "build/rootfs.tar" + "discard": true, + "run_command": [ + "-d", + "-i", + "-t", + "-v", "{{user `images`}}:/tmp/images", + "{{.Image}}", + "/bin/bash" + ] } ], "provisioners": [ @@ -59,9 +73,8 @@ "echo 'RESUME=none' > /etc/initramfs-tools/conf.d/resume", "mkdir /usr/local/boot", "apt-get -f -y install aria2 linux-image-amd64 lvm2", - "mkdir /artifacts", - "cp $(find /boot/ -name 'initrd.img-*' | sort -V | tail -n 1) /artifacts/initramfs", - "cp $(find /boot/ -name 'vmlinuz-*' | sort -V | tail -n 1) /artifacts/linux" + "cp $(find /boot/ -name 'initrd.img-*' | sort -V | tail -n 1) '/tmp/images/{{user `initramfs_file`}}'", + "cp $(find /boot/ -name 'vmlinuz-*' | sort -V | tail -n 1) '/tmp/images/{{user `linux_file`}}'" ] }, { @@ -76,6 +89,31 @@ { "type": "shell", "inline": [ "rm /boot && mkdir /boot" ] + }, + { + "type": "shell", + "inline": [ + "set -x", + "apt-get -y install squashfs-tools", + "dpkg -L squashfs-tools liblzo2-2 | while read f; do [ -f \"$f\" ] && echo \"$f\"; done > /tmp/ignore_files", + "echo '/etc/resolv.conf' >> /tmp/ignore_files", + "echo '/etc/hostname' >> /tmp/ignore_files", + "echo '/etc/hosts' >> /tmp/ignore_files", + "mkdir -p /tmp/extra/tmp /tmp/extra/proc /tmp/extra/sys /tmp/extra/etc" + ] + }, + { + "type": "file", + "source": "hosts", + "destination": "/tmp/extra/etc/hosts" + }, + { + "type": "shell", + "inline": [ + "if [ -e '/tmp/images/{{user `squashfs_file`}}' ]; then rm '/tmp/images/{{user `squashfs_file`}}'; fi", + "squashfs_content=\"$(find / -mindepth 1 -maxdepth 1 | grep -vE '^/(proc|sys|tmp|[.]dockerenv|packer-files)$')\"", + "mksquashfs $squashfs_content /tmp/extra/* '/tmp/images/{{user `squashfs_file`}}' -comp lzo -Xcompression-level {{user `compression_level`}} -ef /tmp/ignore_files" + ] } ] } diff --git a/packer/hosts b/packer/hosts new file mode 100644 index 0000000..37435a4 --- /dev/null +++ b/packer/hosts @@ -0,0 +1,6 @@ +127.0.0.1 localhost +127.0.1.1 @@HOSTNAME@@ + +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/packer/initramfs/labsync b/packer/initramfs/labsync index 0aada90..d603a9d 100755 --- a/packer/initramfs/labsync +++ b/packer/initramfs/labsync @@ -1,10 +1,10 @@ #!/bin/sh labsync_set_environment() { - if grep -q "^${1}=" /root/etc/environment; then - sed -i "s/^\(${1}\)=.*$/\1='${2}'/" /root/etc/environment + if grep -q "^${1}=" /${rootmnt}/etc/environment; then + sed -i "s/^\(${1}\)=.*$/\1='${2}'/" /${rootmnt}/etc/environment else - echo "${1}='${2}'" >> /root/etc/environment + echo "${1}='${2}'" >> /${rootmnt}/etc/environment fi } @@ -95,38 +95,36 @@ labsync_mount_root() { lv_name_overlay="ovly-$torrent_name" labsync_info "Updating partitions" - size_disk=$(blockdev --getsz ${labsync_disk}) + size_disk=$(blockdev --getsz /dev/${labsync_disk}) size_part_1=$((labsync_partsize_boot * 1024 * 1024 / 512)) size_part_2=$(((size_disk - labsync_partsize_boot) * 1024 * 1024 / 512)) start_part_2=$((size_part_1 + 2048)) dmsetup ls --tree - lvm vgs -o NAME --noheadings | while read vg; do - if [ "$vg" != "$vg_name" ]; then - lvm vgchange -an "$vg" - find /dev -mindepth 1 -maxdepth 1 -name "$vg" -exec dmsetup remove '{}' \; + lvm pvs -o PV_NAME,VG_NAME --noheadings | while read pv vg; do + if echo "$pv" | grep -q "^/dev/${labsync_disk}"; then + lvm vgchange -a n "$vg" + lvm vgexport $vg fi done dmsetup ls --tree - sfdisk --force -q ${labsync_disk} << PARTTABLE + sfdisk --force -q /dev/${labsync_disk} << PARTTABLE label: dos label-id: 0xdeadbeef -device: ${labsync_disk} +device: /dev/${labsync_disk} unit: sectors -${labsync_disk}1 : start= 2048, size= $size_part_1, type=83 -${labsync_disk}2 : start=$start_part_2, size= $size_part_2, type=8e +/dev/${labsync_disk}1 : start= 2048, size= $size_part_1, type=83 +/dev/${labsync_disk}2 : start=$start_part_2, size= $size_part_2, type=8e PARTTABLE - while ! blockdev --rereadpt /dev/sda; do - sleep 1 - done + lvm vgimport -a labsync_info "Doing lvm stuff" - pv_device="${labsync_disk}2" + pv_device="/dev/${labsync_disk}2" lvm pvcreate -t "$pv_device" pvstatus=$? @@ -141,8 +139,10 @@ PARTTABLE lvm vgcreate "$vg_name" "$pv_device" fi + lvm lvchange -ay vglab + labsync_create_or_resize_lv "$vg_name" "$lv_name_sqashfs" $((image_size_bytes * 2)) $image_size_bytes - labsync_create_or_resize_lv "$vg_name" "$lv_name_overlay" $((500 * 1024 * 1024)) + labsync_create_or_resize_lv "$vg_name" "$lv_name_overlay" $((10000 * 1024 * 1024)) #lvm vgchange -ay "$vg_name" #lvm lvscan -a --ignorelockingfailure @@ -175,18 +175,25 @@ PARTTABLE labsync_info "Mounting squashfs and overlay" modprobe overlay - mkdir -p /root - mkdir /ro_root /rw_root - mount -t squashfs "$(realpath "$lv_path_squashfs")" /ro_root - mount -t ext4 "$lv_path_overlay" /rw_root - mkdir -p /rw_root/upper /rw_root/work - mount -t overlay overlay -o lowerdir=/ro_root,upperdir=/rw_root/upper,workdir=/rw_root/work /root + mkdir -p /rom /overlay + mount -t squashfs "$(realpath "$lv_path_squashfs")" /rom + mount -t ext4 "$lv_path_overlay" /overlay + mkdir -p /overlay/upper /overlay/work + mount -t overlay overlay -o lowerdir=/rom,upperdir=/overlay/upper,workdir=/overlay/work ${rootmnt} + mkdir -p ${rootmnt}/overlay ${rootmnt}/rom + mount -n -o move /overlay ${rootmnt}/overlay + mount -n -o move /rom ${rootmnt}/rom + + hostname=$(ip -o link show | sed -ne 's#^.*link/ether \([0-9a-f:]*\).*$#\1#p' | sed -ne '1{s/://g;p}') + echo $hostname > ${rootmnt}/etc/hostname + sed -i "s/@@HOSTNAME@@/$hostname/" ${rootmnt}/etc/hosts if [ -z "$labsync_localboot" ]; then labsync_set_environment LABSYNC "$torrent_name" labsync_set_environment LABSYNC_TORRENT "${labsync_torrent}" labsync_set_environment LABSYNC_SQUASHFS_FILE "$squashfs_file" labsync_set_environment LABSYNC_SQUASHFS_LV "$lv_path_squashfs" + labsync_set_environment LABSYNC_DISK "$labsync_disk" fi case "$labsync_wait" in diff --git a/txt.cfg b/txt.cfg index b1119e0..98ca8e5 100644 --- a/txt.cfg +++ b/txt.cfg @@ -1,7 +1,7 @@ label labsync menu label ^labsync kernel images/debian-stretch.linux - append initrd=images/debian-stretch.initramfs.dev boot=labsync labsync_disk=/dev/sda labsync_partsize_boot=512 labsync_torrent=http://10.2.2.1/debian-stretch.torrent quiet vga=792 ip=10.2.2.10:::255.255.255.0:qemu-host:ens3:off labsync_wait=pause + append initrd=images/debian-stretch.initramfs.dev boot=labsync labsync_disk=sda labsync_partsize_boot=512 labsync_torrent=http://10.2.2.1/debian-stretch.torrent quiet vga=792 ip=10.2.2.10:::255.255.255.0:qemu-host:ens3:off labsync_wait=pause label install menu label ^Install