WIP

fai.yml

@@ -1,85 +0,0 @@
-- hosts: all
-  become: yes
-  vars:
-    use_ipxe: true
-    fai_menu: true
-    ensure_fai_setup_run: false
-    dhcp_interface: eth1
-    wan_interface: eth0
-    server_name: faiserver
-    server_ip: 192.168.33.1
-    server_net: 192.168.33
-    server_netbits: 24
-    server_netmask: 255.255.255.0
-    domain_name: lan
-    linux_version: 4.19.0-10
-  tasks:
-    - name: fai package selection
-      copy:
-        content: |
-          PACKAGES install
-          linuxmint-keyring
-          mintdesktop
-        dest: /srv/fai/config/package_config/MINT
-        mode: 0644
-        owner: root
-        group: root
-
-    - name: fai deb conf
-      copy:
-        content: |
-          exim4-config exim4/dc_eximconfig_configtype select local delivery only; not on a network
-          locales locales/default_environment_locale select de_DE.UTF-8 en_US.UTF-8
-          locales locales/locales_to_be_generated multiselect de_DE.UTF-8 en_US.UTF-8 UTF-8
-          keyboard-configuration  keyboard-configuration/modelcode        string pc105
-          keyboard-configuration  keyboard-configuration/xkb-keymap       select de
-          keyboard-configuration  keyboard-configuration/variant  select USA
-          keyboard-configuration  keyboard-configuration/model    select Generic 105-key (Intl) PC
-          keyboard-configuration  keyboard-configuration/layoutcode       string 
-          keyboard-configuration  keyboard-configuration/optionscode      string ctrl:nocaps,terminate:ctrl_alt_bksp
-        dest: /srv/fai/config/debconf/DESKTOP
-        mode: 0644
-        owner: root
-        group: root
-
-    - name: fai set host class
-      copy:
-        content: |
-          #! /bin/bash
-          echo "DEBIAN GERMAN DESKTOP"
-        dest: /srv/fai/config/class/50-host-classes
-        mode: 0755
-        owner: root
-        group: root
-
-    - name: fai desk config
-      copy:
-        content: |
-          # example of new config file for setup-storage
-          #
-          # <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
-
-          disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid
-
-          primary /      2G-50G   ext4  rw,noatime,errors=remount-ro
-          logical swap   200-10G  swap  sw
-          logical /home  100-     ext4  rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"
-        dest: /srv/fai/config/disk_config/DESKTOP
-
-    - name: fai vars
-      copy:
-        content: |
-          FAI_ALLOW_UNSIGNED=0
-          UTC=yes
-          TIMEZONE=Europe/Berlin
-          # pw is "fai"
-          ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
-          # errors in tasks greater than this value will cause the installation to stop
-          STOP_ON_ERROR=700
-          # set parameter for install_packages(8)
-          MAXPACKAGES=800
-        dest: /srv/fai/config/class/DESKTOP.var
-        mode: 0644
-        owner: root
-        group: root
-

roles/fai/defaults/main.yml

@@ -12,4 +12,4 @@ server_net: 192.168.33
 server_netmask: 255.255.255.0
 domain_name: lan
 linux_version: 4.19.0-10
-use_apt_cache: false
+use_apt_cache: true

roles/fai/files/profiles/class/85-efi-classes

@@ -16,4 +16,6 @@ elif ifclass XENIAL; then
     echo XENIAL_EFI
 elif ifclass UBUNTU; then
     echo UBUNTU_EFI
+elif ifclass HW4F_DESKTOP; then
+    echo HW4F_DESKTOP_EFI
 fi

roles/fai/files/profiles/class/HW4F_DESKTOP.var

@@ -6,9 +6,10 @@ TIMEZONE=Europe/Berlin
 STOP_ON_ERROR=700
 MAXPACKAGES=800
 
-# set root password
-ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
+KEYMAP=de-latin1-nodeadkeys
 
 # start user and password
 username=demo
 USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
+
+SUPRESS_GNOME_INITIAL_SCREEN=1

roles/fai/files/profiles/class/menu.profile

@@ -1,10 +1,16 @@
-Default: Ubuntu Desktop
+Default: HW4F Desktop
 
-Name: Ubuntu Desktop
-Description: Ubuntu Deskop
-Short: Ubuntu Desktop 
-Long: Ubuntu 20.04 LTS (Focal Fossa)
-Classes: INSTALL UBUNTU UBUNTU_DESKTOP
+Name: HW4F Desktop
+Description: Desktop installtion for Hardware for future
+Short: HW4F
+Long: Ubuntu 20.04 LTS (Focal Fossa) Desktop installtion
+Classes: INSTALL HW4F_DESKTOP UBUNTU HW4F_DESKTOP_LAST
+
+Name: Secure erase SSD
+Description: Run a secure erase for SSD
+Short: Secure erase
+Long: Run a secure erase on SSD
+Classes: SECURE_ERASE 
 
 Name: Ubuntu
 Description: Ubuntu

roles/fai/files/profiles/debconf/HW4F_DESKTOP

@@ -0,0 +1,36 @@
+locales		locales/default_environment_locale select de_DE.UTF-8
+locales		locales/locales_to_be_generated multiselect de_DE.UTF-8 UTF-8
+
+xserver-xorg	xserver-xorg/config/inputdevice/keyboard/layout	string	de
+xserver-xorg	xserver-xorg/config/inputdevice/keyboard/model	string	pc105
+xserver-xorg	xserver-xorg/config/inputdevice/keyboard/options	string	lv3:ralt_switch
+xserver-xorg    xserver-xorg/autodetect_monitor         boolean false
+xserver-xorg    xserver-xorg/autodetect_keyboard        boolean true
+xserver-xorg    xserver-xorg/autodetect_mouse           boolean true
+xserver-xorg    xserver-xorg/autodetect_video_card      boolean true
+
+console-setup	console-setup/variant	select	Germany
+console-setup	console-setup/charmap	select	UTF-8
+console-setup	console-setup/layoutcode	string	de
+console-setup	console-setup/compose	select	No compose key
+console-setup	console-setup/fontsize-text	select	16
+console-setup	console-setup/optionscode	string	lv3:ralt_switch
+console-setup	console-setup/layout	select	Germany
+console-setup	console-setup/detected	note	
+console-setup	console-setup/variantcode	string	
+console-setup	console-setup/codesetcode	string	Lat15
+console-setup	console-setup/modelcode	string	pc105
+console-setup	console-setup/ask_detect	boolean	false
+console-setup	console-setup/altgr	select	Right Alt
+console-setup	console-setup/ttys	string	/dev/tty[1-6]
+console-setup	console-setup/model	select	Generic 105-key (Intl) PC
+console-setup	console-setup/fontsize-fb	select	16
+console-setup	console-setup/switch	select	No temporary switch
+console-setup	console-setup/codeset	select	# Latin1 and Latin5 - western Europe and Turkic languages
+console-setup	console-setup/toggle	select	No toggling
+console-setup	console-setup/fontface	select	VGA
+console-setup	console-setup/fontsize	string	16
+
+tzdata	tzdata/Zones/Etc	select  UTC
+tzdata  tzdata/Zones/Europe select  Berlin
+tzdata  tzdata/Areas        select  Europe

roles/fai/files/profiles/files/etc/apt/apt.conf.d/00-proxy/HW4F_DESKTOP

@@ -0,0 +1 @@
+Acquire::http::Proxy "http://faiserver:3142";

roles/fai/files/profiles/files/etc/default/console-setup/HW4F_DESKTOP

@@ -0,0 +1,49 @@
+# A configuration file for setupcon
+
+# Change to "yes" and setupcon will explain what is being doing
+VERBOSE_OUTPUT=no
+
+# Setup these consoles.  Most people do not need to change this.
+ACTIVE_CONSOLES="/dev/tty[1-6]"
+
+# Put here your encoding.  Valid charmaps are: UTF-8 ARMSCII-8 CP1251
+# CP1255 CP1256 GEORGIAN-ACADEMY GEORGIAN-PS IBM1133 ISIRI-3342
+# ISO-8859-1 ISO-8859-2 ISO-8859-3 ISO-8859-4 ISO-8859-5 ISO-8859-6
+# ISO-8859-7 ISO-8859-8 ISO-8859-9 ISO-8859-10 ISO-8859-11 ISO-8859-13
+# ISO-8859-14 ISO-8859-15 ISO-8859-16 KOI8-R KOI8-U TIS-620 VISCII
+CHARMAP="UTF-8"
+
+# The codeset determines which symbols are supported by the font.
+# Valid codesets are: Arabic Armenian CyrAsia CyrKoi CyrSlav Ethiopian
+# Georgian Greek Hebrew Lao Lat15 Lat2 Lat38 Lat7 Thai Uni1 Uni2 Uni3
+# Vietnamese.  Read README.fonts for explanation.
+CODESET="Lat15"
+
+# Valid font faces are: VGA (sizes 8, 14 and 16), Terminus (sizes
+# 12x6, 14, 16, 20x10, 24x12, 28x14 and 32x16), TerminusBold (sizes
+# 14, 16, 20x10, 24x12, 28x14 and 32x16), TerminusBoldVGA (sizes 14
+# and 16), Fixed (sizes 13, 14, 15, 16 and 18), Goha (sizes 12, 14 and
+# 16), GohaClassic (sizes 12, 14 and 16).
+FONTFACE="VGA"
+FONTSIZE="16"
+
+# You can also directly specify nonstandard font and ACM to load:
+# FONT=/usr/local/share/funnyfonts/sarge16.psf
+# ACM=/usr/local/share/consoletrans/my_special_encoding.acm
+
+# The following variables describe your keyboard and can have the same
+# values as the XkbModel, XkbLayout, XkbVariant and XkbOptions options
+# in /etc/X11/xorg.conf.
+XKBMODEL="pc105"
+XKBLAYOUT="de"
+XKBVARIANT=""
+XKBOPTIONS=""
+
+
+# Do not update the following md5 sum if you change
+# /etc/console-setup/boottime.kmap.gz and Debconf will not overwrite
+# your custom keymap.  Do not update it even if you want to make
+# Debconf overwrite it.  Instead simply specify the empty string as
+# a md5 sum.
+
+BOOTTIME_KMAP_MD5=""

roles/fai/files/profiles/files/etc/default/locale/HW4F_DESKTOP

@@ -0,0 +1 @@
+LANG="de_DE.UTF-8"

roles/fai/files/profiles/files/etc/netplan/01-network-manager-all.yaml/UBUNTU_DESKTOP

@@ -1,4 +0,0 @@
-# NetworkManager should manage all NICs
-network:
-  version: 2
-  renderer: NetworkManager

roles/fai/files/profiles/package_config/HW4F_DESKTOP

@@ -1,10 +1,14 @@
-PACKAGES install-norec
+PACKAGES install
 ubuntu-desktop
-
-PACKAGES install-norec GERMAN
+language-pack-de
 language-pack-gnome-de
+thunderbird
 thunderbird-locale-de
+firefox
 firefox-locale-de
+libreoffice
 libreoffice-l10n-de
 libreoffice-help-de
-gimp-help-de
+ubuntu-software
+ubuntu-snappy
+snapd

roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/00-remove-proxy

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+$ROOTCMD rm -f /etc/apt/apt.conf.d/00-proxy

roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/01-network

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# allow configure NICs globally over network manager
+#$ROOTCMD touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
+# enable resolved
+$ROOTCMD systemctl enable systemd-resolved
+
+$ROOTCMD tee /etc/netplan/01-network-manager-all.yaml <<EOF
+# NetworkManager should configure all network devices
+network:
+  version: 2
+  renderer: NetworkManager
+EOF

roles/fai/files/profiles/scripts/HW4F_DESKTOP_LAST/50-post-install

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+#$ROOTCMD apt update -y
+#$ROOTCMD apt upgrade -y
+
+if [ "xSUPRESS_GNOME_INITIAL_SCREEN" = "x1" ] ; then
+    $ROOTCMD tee /home/demo/.config/gnome-initial-setup-done <<EOF
+yes
+EOF
+
+    $ROOTCMD chown -Rc demo:demo /home/demo
+
+fi

roles/fai/files/profiles/scripts/SECURE_ERASE/01-run

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+IFS=$'\n'
+DEVS_PATH=(`lsblk -n -S -o PATH`)
+DEVS_DESC=(`lsblk -n -S -o MODEL`)
+
+DEVS=(0 '' 0 '')
+
+ITEMS="dialog --clear --title 'Secure erase disk' --menu 'Select:' 0 0 0"
+for (( i=0; i<${#DEVS_PATH[@]}; i++ )) ; do
+    DEVS+=($i $DEVS_DESC[$i])
+done
+
+echo ${DEVS[@]}

roles/fai/files/profiles/scripts/UBUNTU/99-network

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-# allow configure NICs globally over network manager
-$ROOTCMD touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
-# enable resolved
-$ROOTCMD systemctl enable systemd-resolved

roles/fai/tasks/apt-cacher-ng.yml

@@ -1,5 +1,40 @@
-- apt:
+- name: install apt cacher
+  package:
     name: apt-cacher-ng
     state: present
 
-- 
+- name: configure apt cacher
+  copy:
+    content: |
+      CacheDir: /var/cache/apt-cacher-ng
+      LogDir: /var/log/apt-cacher-ng
+      SupportDir: /usr/lib/apt-cacher-ng
+      Port: 3142
+
+      Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives
+      Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives
+      Remap-secdeb: security.debian.org ; security.debian.org deb.debian.org/debian-security
+
+      ReportPage: acng-report.html
+
+      ExThreshold: 4
+
+      ReuseConnections: 1
+      PipelineDepth: 1
+    dest: /etc/apt-cacher-ng/acng.conf
+    owner: root
+    group: root
+    mode: 0644
+  register: apt_cacher_config
+
+- name: ensure service is started and enabled
+  systemd:
+    name: apt-cacher-ng
+    enabled: yes
+    state: started
+
+- name: reload apt cacher if reconfigured
+  systemd:
+    name: apt-cacher-ng
+    state: restarted
+  when: apt_cacher_config.changed

roles/fai/tasks/fai-configure.yml

@@ -11,9 +11,6 @@
 
       # fai automated install 
       deb http://fai-project.org/download buster koeln
-
-      # linux mint
-      deb http://packages.linuxmint.com main upstream import backport romeo
   tags:
     - fai
     - apt

roles/fai/tasks/fai-profile.yml

@@ -1,3 +1,11 @@
+- name: create fai dir
+  file:
+    name: /srv/fai/config
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
 - name: copy profile
   synchronize:
     src: profiles/

roles/fai/tasks/fai-root.yml

@@ -28,7 +28,7 @@
   register: squash_img
 
 - name: generate squashfs
-  shell: fai-cd -M -S /srv/tftp/fai/squash.img
+  shell: fai-cd -f -M -S /srv/tftp/fai/squash.img
   when: "not squash_img.stat.exists or ensure_fai_setup_run"
   tags:
     - fai

roles/fai/tasks/isc-dhcp-server.yml

@@ -51,7 +51,7 @@
     mode: 0644
     owner: root
     group: root
-    validate: dhcpd -t -cf %s
+    #    validate: dhcpd -t -cf %s
   register: dhcpd_config
   tags:
     - dhcp

roles/fai/tasks/main.yml

@@ -1,12 +1,11 @@
 ---
 # tasks file for fai
+- include: routing.yml
 - include: time-server.yml
 - include: isc-dhcp-server.yml
 - include: nginx.yml
 - include: unbound.yml
-- include: routing.yml
 - include: apt-cacher-ng.yml
-  when: use_apt_cache
 - include: fai-prepare.yml
 - include: fai-install.yml
 - include: fai-configure.yml

roles/fai/tasks/routing.yml

@@ -1,3 +1,12 @@
+- name: delete nm dhcp setting
+  shell: "nmcli connection delete FAI || true" 
+
+- name: configure dhcp nic
+  shell: "nmcli connection add type ethernet ifname {{ dhcp_interface }} con-name FAI autoconnect yes save yes ip4 {{ server_ip }}/{{ server_netbits }} || true" 
+
+- name: ensure dhcp nic is up
+  shell: nmcli connection up FAI
+
 - name: ensure iptabes is installed
   apt:
     name: iptables

setup.yml

@@ -1,5 +1,4 @@
 - hosts: all
-  become: yes
   vars:
     ensure_fai_setup_run: false
     dhcp_interface: eth1