diff options
Diffstat (limited to 'roles/linux_laptop/tasks')
| -rw-r--r-- | roles/linux_laptop/tasks/freeipa.yml | 33 | ||||
| -rw-r--r-- | roles/linux_laptop/tasks/main.yml | 58 |
2 files changed, 91 insertions, 0 deletions
diff --git a/roles/linux_laptop/tasks/freeipa.yml b/roles/linux_laptop/tasks/freeipa.yml new file mode 100644 index 0000000..3c39bbf --- /dev/null +++ b/roles/linux_laptop/tasks/freeipa.yml @@ -0,0 +1,33 @@ +- name: create linux-laptops hostgroup + ipahostgroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ linux_laptop_hbac_hostgroup}}' + description: Linux Laptops + host: "{{ groups[linux_laptop_hbac_hostgroup] | map('regex_replace', '$', '.' ~ ansible_domain) }}" + state: present + run_once: yes + +- name: create linux laptop access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ linux_laptop_access_group }}' + nonposix: yes + state: present + run_once: yes + +- name: create HBAC rule for gdm + ipahbacrule: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: allow_gdm_on_linux_laptops + description: Allow login to GDM on linux laptops + hostgroup: + - '{{ linux_laptop_hbac_hostgroup }}' + group: + - '{{ linux_laptop_access_group }}' + hbacsvc: + - gdm + - gdm-password + run_once: yes diff --git a/roles/linux_laptop/tasks/main.yml b/roles/linux_laptop/tasks/main.yml new file mode 100644 index 0000000..93f0862 --- /dev/null +++ b/roles/linux_laptop/tasks/main.yml @@ -0,0 +1,58 @@ +- import_tasks: freeipa.yml + +- name: request TLS certificate for wifi + include_role: + name: getcert_request + vars: + certificate_service: host + certificate_sans: ['{{ ansible_fqdn }}'] + certificate_path: '{{ linux_laptop_wifi_certificate_path }}' + certificate_key_path: '{{ linux_laptop_wifi_certificate_key_path }}' + certificate_key_passphrase: '{{ linux_laptop_wifi_certificate_key_passphrase }}' + +- name: get connection uuid + shell: nmcli --get-values connection.uuid connection show {{ linux_laptop_wifi_ssid }} || uuidgen + register: linux_laptop_wifi_networkmanager_uuid + changed_when: no + +- name: generate wifi network script + template: + src: etc/sysconfig/network-scripts/ifcfg-ssid.j2 + dest: /etc/sysconfig/network-scripts/ifcfg-{{ linux_laptop_wifi_ssid }} + register: linux_laptop_wifi_config + +- name: generate wifi keys file + template: + src: etc/sysconfig/network-scripts/keys-ssid.j2 + dest: /etc/sysconfig/network-scripts/keys-{{ linux_laptop_wifi_ssid }} + mode: 0600 + +- name: warn that wifi settings are not applied automatically + debug: + msg: >- + NOTE: WiFi has been configured in NetworkManager, but changes have not been + applied. Either restart NetworkManager or reboot the host. + when: linux_laptop_wifi_config.changed + +- name: disable nmi watchdog + sysctl: + name: kernel.nmi_watchdog + value: 0 + +- name: bump vm.dirty_writeback_centisecs + sysctl: + name: vm.dirty_writeback_centisecs + value: '{{ linux_laptop_dirty_writeback_centisecs }}' + +- name: enable wifi powersaving + copy: + content: | + options iwlwifi power_save=1 uapsd_disable=0 + options iwlmvm power_scheme=3 + dest: /etc/modprobe.d/iwlwifi.conf + +- name: enable audio powersaving + copy: + content: | + options snd_hda_intel power_save=1 + dest: /etc/modprobe.d/snd_hda_intel.conf |