-lots of changes for debian 12 and desktop

-trying to fix vnc - has to be manually started on user desktop now

README.md

@@ -75,15 +75,24 @@ The Goal is to evenually be able to be a turnkey solution to spin up a "real" ne
   * Add Fail2Ban to block ssh attempts
 ## Getting Started
 
-* Boot NOOBS and select the Raspbian Lite option:
+* Download the Raspbery Pi Disk Imager from https://www.raspberrypi.com/software
+* Place the SD card in your PC, launch Raspberry Pi Imager
+ * Choose OS - select the default (Raspberry Pi OS(32-bit))
+ * Choose storage - select your SD card
+ * Click the gear in the lower right corner to configure
+ * Set hostname - 'raspberry' will work as the ansible script will configure this later
+ * Enable SSH - this is important, select "Uer password authentication"
+   * Select "Set username and password'
+   * enter the username and password you would like to use
+* optionally set locale
+* Place the card into a Pi and boot up with monitor and keyboard connected
 * On each Pi
+  * log in with the username and password you used in the Imager utility
   * Configure network
-    * The Raspberr Pi is configured for DHCP by default  If your uCPE does not provide DHCP addresses, you will need to configure a staitc IP address by following the instructions at this site https://www.raspberrypi.org/documentation/configuration/tcpip/README.md
-  * log in as 'pi' with the password 'raspberry'
-  * execute _**sudo update-rc.d ssh enable**_
-  * execute _**sudo invoke-rc.d ssh start**_
-  * execute _**sudo apt update -y**_
+    * The Raspberry Pi is configured for DHCP by default  If your uCPE does not provide DHCP addresses, you will need to configure a staitc IP address by following the instructions at this site https://www.raspberrypi.com/documentation/computers/configuration.html#static-ip-addresses
 * Designate one of the Pi's to be the "main" device and do the following
+  * log in via SSH or via local keyboard and mouse
+  * if local, open a command prompt
   * execute _**sudo apt install -y ansible sshpass git**_
   * get a copy of repo (requies github account, comcast VPN access, and configured git credentials)
   * execute _**cd dsfin-ansible**_

hosts

@@ -41,6 +41,9 @@ wes-host3
 [public]
 # not currently used
 #
+[lubuntu]
+# install lubuntu-desktop
+#
 [nrpe]
 # install and configure nagios nrpe server
 #

main.yaml

@@ -34,6 +34,7 @@
   roles:
           - common
           - fail2ban
+          - vnc7
 - hosts: public
   roles:
           - public
@@ -45,7 +46,6 @@
           - smbclient
 - hosts: pi
   roles:
-          - vnc
           - domainname
           - pi
             #  vars_prompt:
@@ -91,3 +91,8 @@
 - hosts: firefox
   roles:
           - firefox
+
+- hosts: lubuntu
+  roles:
+          - lubuntu
+

roles/common/files/autologin.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty --autologin '{{ def_username }}' --noclear %I \$TERM

roles/common/tasks/main.yaml

@@ -2,6 +2,13 @@
 - name: Include OS-specific variables
   include_vars: "os_{{ ansible_lsb.id }}_{{ ansible_lsb.major_release }}.yml"
 
+- name: update apt cache
+  ansible.builtin.apt:
+    update_cache: yes
+  become: yes
+  when:
+    - ansible_pkg_mgr == "apt"
+
 - name: Create directories
   file:
           path: "{{ item }}"
@@ -64,6 +71,7 @@
           hour: "0"
           weekday: "*"
           job: "/home/{{ def_username }}/scripts/proc_check.sh"
+
 - name: sddm autologin
   become: yes
   template:
@@ -71,6 +79,22 @@
     dest: /etc/sddm.conf
     owner: root
 
+- name: create lxqt config dir
+  file:
+    path: "/home/{{ def_username }}/.config/lxqt"
+    state: directory
+    owner: "{{ def_username }}"
+    group: "{{ def_username }}"
+  become: yes
+
+- name: lxqt window manager
+  template:
+    src: "{{ role_path }}/templates/session.conf.j2"
+    dest: "/home/{{ def_username }}/.config/lxqt/session.conf"
+    owner: "{{ def_username }}"
+    group: "{{ def_username }}"
+  become: yes
+
 - name: pi
   become: yes
   user:
@@ -92,9 +116,23 @@
 - name: screensaver
   ansible.builtin.copy:
     src: "{{ role_path }}/files/lxqt-powermanagement.conf"
-    dest: "/home/{{ def_username }}/.config/lxqt"
+    dest: "/home/{{ def_username }}/.config/lxqt/"
     owner: "{{ def_username }}"
     group: "{{ def_username }}"
   tags: powermanagement
 
+- name: allow users to read kernel ring buffer
+  ansible.posix.sysctl:
+    name: kernel.dmesg_restrict
+    value: '0'
+    sysctl_set: yes
+    state: present
+    reload: yes
+  become: yes
+
+
+- name: force systemd reload
+  become: true
+  systemd:
+    daemon_reload: yes
 

roles/common/templates/session.conf.j2

@@ -0,0 +1,3 @@
+[General]
+__userfile__=true
+window_manager=xfwm4

roles/common/vars/os_Debian_10.yml

@@ -7,3 +7,20 @@ dependency_packages:
   - screen
   - cockpit-storaged
   - cockpit
+  - sddm
+  - lxqt
+  - build-essential
+  - iperf3
+  - cadaver
+  - expect
+  - iperf
+  - libpcap0.8
+  - libsctp1
+  - libsctp-dev
+  - libssl-dev
+  - libpcap-dev
+  - libncurses-dev
+  - ncurses-dev
+  - chromium
+  - mtr
+  - screen

roles/common/vars/os_Debian_12.yml

@@ -0,0 +1,26 @@
+---
+dependency_packages:
+  - vim
+  - mc
+  - aptitude
+  - mtr
+  - screen
+  - cockpit-storaged
+  - cockpit
+  - sddm
+  - lxqt
+  - build-essential
+  - iperf3
+  - cadaver
+  - expect
+  - iperf
+  - libpcap0.8
+  - libsctp1
+  - libsctp-dev
+  - libssl-dev
+  - libpcap-dev
+  - libncurses-dev
+  - ncurses-dev
+  - chromium
+  - mtr
+  - screen

roles/common/vars/os_Raspbian_11.yml

@@ -16,11 +16,8 @@ dependency_packages:
   - smbclient
   - ncurses-dev
   - build-essential
-  - lightdm
-  - lxde
   - realvnc-vnc-server
   - aptitude
   - chromium-browser
-  - raspberrypi-ui-mods
   - mtr
   - screen

roles/common/vars/os_Ubuntu_22.yml

@@ -12,3 +12,5 @@ dependency_packages:
   - libpcap-dev
   - libsctp-dev
   - chromium-browser
+  - lxqt
+  - sddm

roles/facebook/files/facebook.sh

@@ -22,5 +22,6 @@ else
 	/usr/bin/killall chrom
 	#/usr/bin/killall firefox
         rm /home/{{ def_username }}/.config/chromium/BrowserMetrics/*
+	rm /home/{{ def_username }}/snap/chromium/common/chromium/BrowserMetrics/*
 fi
 

roles/lubuntu/files/_xscreensaver

@@ -0,0 +1 @@
+mode:	off

roles/lubuntu/files/nm-tray.conf

@@ -0,0 +1 @@
+connectionsEditor=nm-connection-editor

roles/lubuntu/tasks/main.yaml

@@ -1,4 +1,6 @@
 ---
+- name: Include role variables
+  include_vars: "vars.yaml"
 
 - name: install required packages
   become: true
@@ -7,6 +9,12 @@
     state: present
     install_recommends: no
 
+- name: install dependencies for desktop environment
+  become: true
+  package:
+    name: "{{ support_packages }}"
+    state: present
+      
 - name: sddm autologin
   become: yes
   template:
@@ -14,12 +22,49 @@
     dest: /etc/sddm.conf
     owner: root
 
+- name: create screensaver directory
+  ansible.builtin.file:
+    path: "/home/{{ def_username }}/.config/lxqt"
+    state: directory
+    owner: "{{ def_username }}"
+    group: "{{ def_username }}"
+  
 - name: screensaver
   ansible.builtin.copy:
     src: "{{ role_path }}/files/lxqt-powermanagement.conf"
-    dest: "/home/{{ def_username }}/.config/lxqt"
+    dest: "/home/{{ def_username }}/.config/lxqt/"
     owner: "{{ def_username }}"
     group: "{{ def_username }}"
   tags: powermanagement
 
+- name: "Check if listed package is installed"
+  become: true
+  package:
+    name: "{{ item }}"
+    state: present
+  check_mode: true
+  loop: "{{ package_names }}"
+  register: network_manager
+
+- name: change netplan network renderer
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/netplan/00-installer-config.yaml
+    state: present
+    line: "  renderer: NetworkManager"
+    insertafter: "  version: 2"
+  when: network_manager is succeeded
+
+- name: disable screensaver 3
+  ansible.builtin.copy:
+    dest: "/home/{{ def_username }}/.xscreensaver"
+    src: "{{ role_path }}/files/_xscreensaver"
+    owner: "{{ def_username }}"
+    group: "{{ def_username }}"
+
+- name: configure nm-tray
+  become: true
+  ansible.builtin.copy:
+    dest: "/usr/share/nm-tray/"
+    src: "{{ role_path }}/files/nm-tray.conf"
 

roles/lubuntu/vars/vars.yaml

@@ -0,0 +1,5 @@
+---
+package_names:
+  - network-manager
+support_packages:
+  - network-manager-gnome

roles/pi/tasks/main.yaml

@@ -24,28 +24,6 @@
     - { regexp: '#framebuffer_width=1280', line: 'framebuffer_width=1280' }
     - { regexp: '#framebuffer_height=720', line: 'framebuffer_height=1024' }
   become: true
-- name: enable autologin symlink
-  become: true
-  file:
-          src: /lib/systemd/system/getty@.service
-          dest: /etc/systemd/system/getty.target.wants/getty@tty1.service
-          owner: root
-          group: root
-          state: link
-- name: autologin systemd
-  become: true
-  copy:
-          src: "{{ role_path }}/files/autologin.conf"
-          dest: "/etc/systemd/system/getty@tty1.service.d/autologin.conf"
-          owner: root
-          group: root
-- name: autologin replacement
-  become: true
-  #  command: '/bin/sed /etc/lightdm/lightdm.conf -i -e "s/^\(#\|\)autologin-user=.*/autologin-user={{ def_username }}/"'
-  lineinfile:
-          path: /etc/lightdm/lightdm.conf
-          regexp: '^#autologin-user='
-          line: 'autologin-user={{ def_username }}'
 - name: force systemd reload
   become: true
   systemd:

roles/salesforce/files/salesforce.sh

@@ -21,5 +21,6 @@ else
 	/usr/bin/killall chrome
 	#/usr/bin/killall firefox
 	rm /home/{{ def_username }}/.config/chromium/BrowserMetrics/*
+	rm /home/{{ def_username }}/snap/chromium/common/chromium/BrowserMetrics/*
 fi
 

roles/tcgui/tasks/main.yaml

@@ -10,7 +10,7 @@
   when: tcgui_installed.stat.exists == false
 - name: check if tcgui systemd installed
   stat:
-          path: /etc/systemc/system/tcgui.service
+          path: /etc/systemd/system/tcgui.service
   register: tcgui_systemd_installed
 - name: install tcgui systemd
   become: yes

roles/vnc/tasks/main.yaml

@@ -20,4 +20,7 @@
   #    path: /home/'{{ def_username }}'/.xsession
   #    line: "lxsession -s Lubuntu -e LXDE"
   #    create: yes
+- name: set vnc password
+  become: true
+  ansible.builtin.shell: echo "raspberry" | /usr/bin/vncpasswd -legacy -file /root/.vnc/config.d/vncserver-x11
 

roles/vnc7/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/vnc7/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for vnc7

roles/vnc7/files/vncserver@:0.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Remote desktop service (VNC)
+After=multi-user.target network.target
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/x11vnc -display :0
+
+[Install]
+WantedBy=multi-user.target

roles/vnc7/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for vnc7

roles/vnc7/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

roles/vnc7/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+# tasks file for vnc7
+- name: "Installing the vnc package"
+  apt: pkg={{ item }} state=present
+  with_items:
+    - x11vnc
+    - xorg
+  become: true
+
+- name: "Copying the vnc configuration file"
+  copy: src={{ role_path }}/files/vncserver@:0.service dest=/etc/systemd/system/vncserver@:0.service owner=root group=root mode=0644
+  become: true
+
+- name: "Start & enable the vncserver"
+  systemd:
+    state: started
+    daemon_reload: yes
+    name: vncserver@:0
+    enabled: true
+  become: true
+

roles/vnc7/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

roles/vnc7/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - vnc7

roles/vnc7/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for vnc7

roles/youtube/files/youtube.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # play random youtube videos for up to 15 minutes
-#if pgrep -f chromium-browser >/dev/null
-if pgrep -f firefox >/dev/null
+if pgrep -f chromium-browser >/dev/null
+#if pgrep -f firefox >/dev/null
 then
 	exit 0
 else

test.yaml

@@ -1,7 +1,30 @@
 ---
 - hosts: all
-  tasks:
-    - name: print debug message
-      debug:
-          msg: "{{ ansible_lsb.id }}_{{ ansible_lsb.major_release }}"
+  vars_prompt:
+    - name: def_user
+      prompt: Enter username to use (ie. pi)
+      private: no
+    - name: def_pass
+      prompt: Enter password to use
+      private: yes
+      encrypt: sha512_crypt
+      confirm: yes
+      unsafe: yes
+      salt_size: 7
+
+  tasks:
+  - set_fact: def_username={{ def_user }}
+    no_log: true
+  - set_fact: def_password={{ def_pass }}
+    no_log:
+
+  - name:
+    ansible.posix.authorized_key:
+      user: "{{ def_username }}"
+      state: present
+      key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+
+- hosts: pi
+  roles:
+          - vnc
 

vnc7.yaml

@@ -0,0 +1,4 @@
+---
+- hosts: all
+  roles:
+    - vnc7