From e380b618f5910ebe6205a13a487cd9cc19501061 Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:46 +0200 Subject: [PATCH] [roles/client/kiosk_mode] borgcube like kiosk mode --- .../client/kiosk_mode/files/default/kiosk.sh | 14 ++ .../kiosk_mode/files/default/kiosk.tar.bz2 | Bin 0 -> 116 bytes .../kiosk_mode/files/default/lightdm.conf | 170 ++++++++++++++++++ roles/client/kiosk_mode/tasks/main.yml | 108 +++++++++++ 4 files changed, 292 insertions(+) create mode 100644 roles/client/kiosk_mode/files/default/kiosk.sh create mode 100644 roles/client/kiosk_mode/files/default/kiosk.tar.bz2 create mode 100644 roles/client/kiosk_mode/files/default/lightdm.conf create mode 100644 roles/client/kiosk_mode/tasks/main.yml diff --git a/roles/client/kiosk_mode/files/default/kiosk.sh b/roles/client/kiosk_mode/files/default/kiosk.sh new file mode 100644 index 0000000..acc03fe --- /dev/null +++ b/roles/client/kiosk_mode/files/default/kiosk.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +if [ "${USER}" == "kiosk" ] ; then + rsync -rlpgoDHvP --delete /etc/kiosk/ /home/kiosk --exclude ".gvfs" --exclude ".irssi" + chown -R kiosk:kiosk /home/kiosk + chmod 770 /home/kiosk +fi diff --git a/roles/client/kiosk_mode/files/default/kiosk.tar.bz2 b/roles/client/kiosk_mode/files/default/kiosk.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..d4a16d7ae2a5ebf4e3b986c19968799122561325 GIT binary patch literal 116 zcmZ>Y%CIzaj8qGbG+D;=je()Gy5T?rgMtIYzXk?@1j~60j2sFKrM&*ZDqq^#8ot`H zO!U{t$Y78@XV1wxp+#wn%FYLiRT^*ps>@Z0I#k$kV^v|Pi200INgavKu8nf+n@T=@ UDE08;uZ_5c6? literal 0 HcmV?d00001 diff --git a/roles/client/kiosk_mode/files/default/lightdm.conf b/roles/client/kiosk_mode/files/default/lightdm.conf new file mode 100644 index 0000000..466de48 --- /dev/null +++ b/roles/client/kiosk_mode/files/default/lightdm.conf @@ -0,0 +1,170 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +# +# General configuration +# +# start-default-seat = True to always start one seat if none are defined in the configuration +# greeter-user = User to run greeter as +# minimum-display-number = Minimum display number to use for X servers +# minimum-vt = First VT to run displays on +# lock-memory = True to prevent memory from being paged to disk +# user-authority-in-system-dir = True if session authority should be in the system location +# guest-account-script = Script to be run to setup guest account +# logind-load-seats = True to automatically set up multi-seat configuration from logind +# logind-check-graphical = True to on start seats that are marked as graphical by logind +# log-directory = Directory to log information to +# run-directory = Directory to put running state in +# cache-directory = Directory to cache to +# sessions-directory = Directory to find sessions +# remote-sessions-directory = Directory to find remote sessions +# greeters-directory = Directory to find greeters +# +[LightDM] +#start-default-seat=true +#greeter-user=lightdm +#minimum-display-number=0 +#minimum-vt=7 +#lock-memory=true +#user-authority-in-system-dir=false +#guest-account-script=guest-account +#logind-load-seats=false +#logind-check-graphical=false +#log-directory=/var/log/lightdm +#run-directory=/var/run/lightdm +#cache-directory=/var/cache/lightdm +#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions +#remote-sessions-directory=/usr/share/lightdm/remote-sessions +#greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters + +# +# Seat defaults +# +# type = Seat type (xlocal, xremote) +# xdg-seat = Seat name to set pam_systemd XDG_SEAT variable and name to pass to X server +# pam-service = PAM service to use for login +# pam-autologin-service = PAM service to use for autologin +# pam-greeter-service = PAM service to use for greeters +# xserver-command = X server command to run (can also contain arguments e.g. X -special-option) +# xserver-layout = Layout to pass to X server +# xserver-config = Config file to pass to X server +# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server +# xserver-share = True if the X server is shared for both greeter and session +# xserver-hostname = Hostname of X server (only for type=xremote) +# xserver-display-number = Display number of X server (only for type=xremote) +# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true) +# xdmcp-port = XDMCP UDP/IP port to communicate on +# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf) +# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option) +# unity-compositor-timeout = Number of seconds to wait for compositor to start +# greeter-session = Session to load for greeter +# greeter-hide-users = True to hide the user list +# greeter-allow-guest = True if the greeter should show a guest login option +# greeter-show-manual-login = True if the greeter should offer a manual login option +# greeter-show-remote-login = True if the greeter should offer a remote login option +# user-session = Session to load for users +# allow-user-switching = True if allowed to switch users +# allow-guest = True if guest login is allowed +# guest-session = Session to load for guests (overrides user-session) +# session-wrapper = Wrapper script to run session with +# greeter-wrapper = Wrapper script to run greeter with +# guest-wrapper = Wrapper script to run guest sessions with +# display-setup-script = Script to run when starting a greeter session (runs as root) +# display-stopped-script = Script to run after stopping the display server (runs as root) +# greeter-setup-script = Script to run when starting a greeter (runs as root) +# session-setup-script = Script to run when starting a user session (runs as root) +# session-cleanup-script = Script to run when quitting a user session (runs as root) +# autologin-guest = True to log in as guest by default +# autologin-user = User to log in with by default (overrides autologin-guest) +# autologin-user-timeout = Number of seconds to wait before loading default user +# autologin-session = Session to load for automatic login (overrides user-session) +# autologin-in-background = True if autologin session should not be immediately activated +# exit-on-failure = True if the daemon should exit if this seat fails +# +[SeatDefaults] +#type=xlocal +#xdg-seat=seat0 +#pam-service=lightdm +#pam-autologin-service=lightdm-autologin +#pam-greeter-service=lightdm-greeter +#xserver-command=X +#xserver-layout= +#xserver-config= +#xserver-allow-tcp=false +#xserver-share=true +#xserver-hostname= +#xserver-display-number= +#xdmcp-manager= +#xdmcp-port=177 +#xdmcp-key= +#unity-compositor-command=unity-system-compositor +#unity-compositor-timeout=60 +#greeter-session=example-gtk-gnome +greeter-hide-users=false +#greeter-allow-guest=true +#greeter-show-manual-login=false +#greeter-show-remote-login=true +#user-session=default +#allow-user-switching=true +#allow-guest=true +#guest-session= +#session-wrapper=lightdm-session +#greeter-wrapper= +#guest-wrapper= +#display-setup-script= +#display-stopped-script= +#greeter-setup-script= +session-setup-script=/etc/kiosk.sh +session-cleanup-script=/etc/kiosk.sh +#autologin-guest=false +autologin-user=kiosk +autologin-user-timeout=0 +autologin-in-background=false +#autologin-session=UNIMPLEMENTED +#exit-on-failure=false + +# +# Seat configuration +# +# Each seat must start with "Seat:". +# Uses settings from [SeatDefaults], any of these can be overriden by setting them in this section. +# +#[Seat:0] + +# +# XDMCP Server configuration +# +# enabled = True if XDMCP connections should be allowed +# port = UDP/IP port to listen for connections on +# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf) +# +# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively +# it can be a word and the first 7 characters are used as the key. +# +[XDMCPServer] +#enabled=false +#port=177 +#key= + +# +# VNC Server configuration +# +# enabled = True if VNC connections should be allowed +# command = Command to run Xvnc server with +# port = TCP/IP port to listen for connections on +# width = Width of display to use +# height = Height of display to use +# depth = Color depth of display to use +# +[VNCServer] +#enabled=false +#command=Xvnc +#port=5900 +#width=1024 +#height=768 +#depth=8 diff --git a/roles/client/kiosk_mode/tasks/main.yml b/roles/client/kiosk_mode/tasks/main.yml new file mode 100644 index 0000000..98c5f5f --- /dev/null +++ b/roles/client/kiosk_mode/tasks/main.yml @@ -0,0 +1,108 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: create kiosk user + user: + name: "kiosk" + home: "/home/kiosk" +# shell: "/bin/bash" + createhome: no + state: present + + +- name: create kiosk user's homedir + file: + path: "/home/kiosk" + state: directory + mode: 0770 + owner: "kiosk" + group: "kiosk" + + +- name: copy lightdm.conf config + copy: + src: "{{item}}" + dest: "/etc/lightdm/lightdm.conf" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/lightdm.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/lightdm.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/lightdm.conf" + - "default/lightdm.conf" + + +- name: copy kiosk.sh + copy: + src: "{{item}}" + dest: "/etc/kiosk.sh" + mode: 0755 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/kiosk.sh" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/kiosk.sh" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/kiosk.sh" + - "default/kiosk.sh" + + +- name: copy kiosk.tar.bz2 + copy: + src: "{{item}}" + dest: "/etc/kiosk.tar.bz2" + mode: 0600 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/kiosk.tar.bz2" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/kiosk.tar.bz2" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/kiosk.tar.bz2" + - "default/kiosk.tar.bz2" + register: copy + + +- name: delete kiosk-skel-dir + file: + path: "/etc/kiosk" + state: absent + when: copy.changed + + +- name: set up new kiosk-skel-dir + file: + path: "/etc/kiosk" + state: directory + mode: 0700 + owner: "kiosk" + group: "kiosk" + when: copy.changed + + +- name: extract kiosk-skel-dir + unarchive: + src: "/etc/kiosk.tar.bz2" + dest: "/etc/kiosk" + remote_src: yes + mode: "u=rwX,g=rX,o-rwx" + owner: "kiosk" + group: "kiosk" + extra_opts: + - '--strip-components=1' + - '--show-stored-names' + when: copy.changed + + +- name: set up persistent kiosk storage + file: + path: "/var/kiosk" + state: directory + mode: 0775 + owner: "kiosk" + group: "kiosk" + +#TODO: deny crontab + at -- 2.43.0