XRDP Application Host #51
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
root_keys_host:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMJDyq3veSnK+6hSw+Ml6lvTQTPC6vRFqtDXvPBnOtId8F9+/N0ADcPa5UTesnTkQgSAY7WpSoN5D6clYzdcPR55e5WZwZfMSkX14D7v7mrGxUcE4HshTorfEYv5XBd11Tvu0ruMdxlFQ+VFHkZIF305xgyx32INA3zUfnhzHJlKEdIAy8iSbERUV+X5kB59aep6xSpitCHJtsTT5Ky+EsvAhndKB5hDBuwVVr0+Sg5PypeTQ4zzWFyR6DFBEvyEj6bs/pQff9WxSRIXEuLffXOXdRLGHWqX7PfhWcH9WNH55WT7ZKCMGVuG4kYLkZ633c296ISg9q0eNKn99oHuwvzVg/wV3wndHINE+iUKKJjaRUpDUwd9DftFqMbFGATpf8en6KPs/7bgZUGACIfDO6Uy59V75cntiMFZc+BnnpV2qLVBFFD5ClRBCRdqH5D0px+jpuQFo9EUhggL4jzlj9wQf26zv0E4zSGTqbM1jfO3zcXlxSjg3H3Og2GAO5fCQiodpsqkW9Hby/p4s5l+P97tlVlgapnZlSA/1em4lmYshmRk/9scN8PMSXfW9uhncv9qXqp0ypEqEuNfj5u/1Eu8zmayIA9V23xyPn92LMT6MP2BB1kC7jeAXfXHdKBhTYW6bLQJKMs9nypH6RODK1fb9JlIrB61ZDJ9L5K++o2Q== noby"
|
|
@ -0,0 +1,19 @@
|
|||
xrdp_apphost
|
||||
============
|
||||
|
||||
Manual installation steps
|
||||
-------------------------
|
||||
|
||||
After the role has applied several manual installation steps have to be applied
|
||||
by a admin user.
|
||||
|
||||
* Estlcam
|
||||
* Login as tsadmin user and execute the following commands
|
||||
$ sudo -u estlcam --preserve-env=DISPLAY /bin/bash
|
||||
$ cd ~
|
||||
$ export WINEPREFIX=~/.wine32
|
||||
$ export WINEARCH=win32
|
||||
$ wineboot
|
||||
$ winetricks dotnet40 gdiplus d3dx9_36
|
||||
$ wget http://www.estlcam.de/downloads/Estlcam_32_11244.exe
|
||||
$ wine Estlcam_32_11243.exe
|
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
|
||||
xrdp_maxsessions: 10
|
||||
xrdp_killdisconnected: true
|
||||
xrdp_policy: UBDC
|
||||
xrdp_ls_title: Binary Kitchen Application Server
|
||||
xrdp_ls_top_window_bg_color: 003377
|
||||
xrdp_ls_bg_color: dedede
|
||||
xrdp_ls_width: 350
|
||||
xrdp_ls_height: 430
|
||||
xrdp_ls_logo_filename: KitchenLogo.bmp
|
||||
xrdp_ls_logo_x_pos: 55
|
||||
xrdp_ls_logo_y_pos: 50
|
||||
xrdp_ls_label_x_pos: 30
|
||||
xrdp_ls_label_width: 65
|
||||
xrdp_ls_input_x_pos: 110
|
||||
xrdp_ls_input_width: 210
|
||||
xrdp_ls_input_y_pos: 220
|
||||
xrdp_ls_btn_ok_x_pos: 142
|
||||
xrdp_ls_btn_ok_y_pos: 370
|
||||
xrdp_ls_btn_cancel_x_pos: 237
|
||||
xrdp_ls_btn_cancel_y_pos: 370
|
||||
|
||||
info_folder_name: "___Files\ older\ than\ 30\ days\ will\ be\ automatically\ deleted"
|
||||
|
||||
xrdp_applications:
|
||||
LightBurn:
|
||||
user: lightburn
|
||||
group: lightburn
|
||||
pass: "{{ vault_xrdp_apphost_lightburn_pass }}"
|
||||
salt: "{{ vault_xrdp_apphost_lightburn_salt }}"
|
||||
git_config_folder: /home/lightburn/.config/LightBurn/
|
||||
|
||||
checksum: sha256:f96af6b316f495091c94d40cb1d808f0fb8643fa41a1b04da5ad57499b4a8cdc
|
||||
version: 1.1.04
|
||||
|
||||
Estlcam:
|
||||
user: estlcam
|
||||
group: estlcam
|
||||
pass: "{{ vault_xrdp_apphost_estlcam_pass }}"
|
||||
salt: "{{ vault_xrdp_apphost_estlcam_salt }}"
|
||||
git_config_folder: /home/estlcam/.wine32/drive_c/ProgramData/Estlcam/
|
||||
|
||||
Slicer:
|
||||
user: slicer
|
||||
group: slicer
|
||||
pass: "{{ vault_xrdp_apphost_slicer_pass }}"
|
||||
salt: "{{ vault_xrdp_apphost_slicer_salt }}"
|
||||
git_config_folder: /home/slicer/.config/PrusaSlicer/
|
||||
|
||||
checksum: sha256:b36f49a577ab88d568d8165a94ac62e9eb6d9b4dcc46516a82e1a6131fdcea6e
|
||||
version_base: 2.4.2
|
||||
version: 2.4.2+linux-x64-GTK3-202204251120
|
||||
|
||||
lightburn_url: https://github.com/LightBurnSoftware/deployment/releases/download/{{ xrdp_applications.LightBurn.version }}/LightBurn-Linux64-v{{ xrdp_applications.LightBurn.version }}.run
|
||||
lightburn_target: /home/{{ xrdp_applications.LightBurn.user }}/LightBurn-Linux64-v{{ xrdp_applications.LightBurn.version }}.run
|
||||
|
||||
slicer_url: https://github.com/prusa3d/PrusaSlicer/releases/download/version_{{ xrdp_applications.Slicer.version_base }}/PrusaSlicer-{{ xrdp_applications.Slicer.version }}.AppImage
|
||||
slicer_target: /home/{{ xrdp_applications.Slicer.user }}/PrusaSlicer-{{ xrdp_applications.Slicer.version }}.AppImage
|
||||
|
||||
tsadmin_user: tsadmin
|
||||
tsadmin_group: tsadmin
|
||||
tsadmin_pass: "{{ vault_xrdp_apphost_tsadmin_pass }}"
|
||||
tsadmin_salt: "{{ vault_xrdp_apphost_tsadmin_salt }}"
|
Binary file not shown.
After Width: | Height: | Size: 99 KiB |
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Restart xrdp
|
||||
service: name=xrdp state=restarted
|
||||
|
||||
- name: Install LightBurn
|
||||
shell: "{{ lightburn_target }}"
|
||||
become: yes
|
||||
become_user: "{{ xrdp_applications.LightBurn.user }}"
|
||||
|
||||
- name: Reload smbd
|
||||
service: name=smbd state=reloaded
|
|
@ -0,0 +1,104 @@
|
|||
---
|
||||
|
||||
- name: Install global dependencies
|
||||
apt:
|
||||
name:
|
||||
- git
|
||||
|
||||
- name: Create Application groups
|
||||
group: name={{ item.value.group }}
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create Application users
|
||||
user: name={{ item.value.user }} password={{ item.value.pass | password_hash('sha512', item.value.salt) }} home=/home/{{ item.value.user }} group={{ item.value.group }}
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create Application .xsession
|
||||
template: src={{ item.value.user }}_xsession.j2 dest=/home/{{ item.value.user }}/.xsession
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create Application data directories
|
||||
file: path=/home/{{ item.value.user }}/data state=directory mode=0755 owner={{ item.value.user }} group={{ item.value.group }}
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create info directory
|
||||
file:
|
||||
path: "/home/{{ item.value.user }}/data/{{ info_folder_name }}"
|
||||
state: directory
|
||||
mode: 0444
|
||||
owner: root
|
||||
group: root
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create file cleanup cron
|
||||
cron:
|
||||
name: "Delete files older than 30 days"
|
||||
minute: "0"
|
||||
hour: "5"
|
||||
job: "find /home/{{ item.value.user }}/data -type f -mtime +30 ! -name \"{{ info_folder_name }}\" -delete"
|
||||
user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create directory cleanup cron
|
||||
cron:
|
||||
name: "Delete empty directories"
|
||||
minute: "1"
|
||||
hour: "5"
|
||||
job: "find /home/{{ item.value.user }}/data -type d -empty ! -name \"{{ info_folder_name }}\" -delete"
|
||||
user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create config directory
|
||||
file:
|
||||
path: "{{ item.value.git_config_folder }}"
|
||||
state: directory
|
||||
become: yes
|
||||
become_user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create git repo for configs
|
||||
command: git init {{ item.value.git_config_folder }}
|
||||
become: yes
|
||||
become_user: "{{ item.value.user }}"
|
||||
args:
|
||||
creates: "{{ item.value.git_config_folder }}/.git"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Setup git user names
|
||||
git_config:
|
||||
name: user.name
|
||||
scope: global
|
||||
value: "{{ item.value.user }}"
|
||||
become: yes
|
||||
become_user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Setup git E-Mail
|
||||
git_config:
|
||||
name: user.email
|
||||
scope: global
|
||||
value: "{{ item.value.user }}@{{ inventory_hostname }}"
|
||||
become: yes
|
||||
become_user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create config git commit cron
|
||||
cron:
|
||||
name: "Add and commit all changes"
|
||||
minute: "5"
|
||||
hour: "5"
|
||||
job: "cd {{ item.value.git_config_folder }} && git add -A && git commit -m 'Commit via cronjob'"
|
||||
user: "{{ item.value.user }}"
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
- name: Enable contrib repositories
|
||||
apt_repository:
|
||||
repo: deb http://deb.debian.org/debian {{ ansible_distribution_release }} contrib
|
||||
|
||||
- name: Add i386 Architecture
|
||||
command: dpkg --add-architecture i386
|
||||
args:
|
||||
creates: /var/lib/dpkg/arch
|
||||
when: ansible_architecture != 'i386'
|
||||
register: archrc
|
||||
|
||||
- name: Update APT Cache for i386
|
||||
apt:
|
||||
update_cache: true
|
||||
when: archrc is defined and archrc.changed
|
||||
|
||||
- name: Install Estlcam dependencies
|
||||
apt:
|
||||
name:
|
||||
- winetricks
|
||||
- wine32
|
||||
- xfwm4
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Install LightBurn dependencies
|
||||
apt:
|
||||
name:
|
||||
- libpulse-mainloop-glib0
|
||||
- libnss3
|
||||
- libxkbcommon-x11-0
|
||||
|
||||
- name: Download LightBurn binary
|
||||
get_url: url={{ lightburn_url }} dest={{ lightburn_target }} checksum={{ xrdp_applications.LightBurn.checksum }} mode=0755
|
||||
notify: Install LightBurn
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
|
||||
- name: Set Default umask for Users
|
||||
lineinfile:
|
||||
dest: '/etc/login.defs'
|
||||
regexp: "UMASK"
|
||||
line: "UMASK 027"
|
||||
state: present
|
||||
|
||||
- include: xrdp.yml
|
||||
- include: app_common.yml
|
||||
- include: samba.yml
|
||||
|
||||
- include: lightburn.yml
|
||||
- include: estlcam.yml
|
||||
- include: slicer.yml
|
||||
|
||||
- name: Create tsadmin group
|
||||
group: name={{ tsadmin_group }}
|
||||
|
||||
- name: Create tsadmin_user
|
||||
user: name={{ tsadmin_user }} password={{ tsadmin_pass | password_hash('sha512', tsadmin_salt) }} home=/home/{{ tsadmin_user }} group={{ tsadmin_group }}
|
||||
|
||||
- name: Allow 'tsadmin_user' group to have passwordless sudo to other users
|
||||
lineinfile:
|
||||
dest: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'
|
||||
line: '{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'
|
||||
validate: visudo -cf %s
|
||||
with_dict:
|
||||
- "{{ xrdp_applications }}"
|
||||
|
||||
- name: Create tsadmin_user .xsession
|
||||
template: src=tsadmin_xsession.j2 dest=/home/{{ tsadmin_user }}/.xsession
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Install samba
|
||||
apt:
|
||||
name:
|
||||
- samba
|
||||
|
||||
- name: Configure samba
|
||||
template:
|
||||
src: smb.conf.j2
|
||||
dest: /etc/samba/smb.conf
|
||||
notify: Reload smbd
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
- name: Install Slic3r dependencies
|
||||
apt:
|
||||
name:
|
||||
- libgtk2.0-0
|
||||
|
||||
- name: Download Slic3r binary
|
||||
get_url: url={{ slicer_url }} dest={{ slicer_target }} checksum={{ xrdp_applications.Slicer.checksum }} mode=0755
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
|
||||
- name: Install main dependencies
|
||||
apt:
|
||||
name:
|
||||
- xrdp
|
||||
- libasound2
|
||||
- matchbox-window-manager
|
||||
|
||||
- name: Configure xrdp.ini
|
||||
template: src=xrdp.ini.j2 dest=/etc/xrdp/xrdp.ini
|
||||
notify: Restart xrdp
|
||||
|
||||
- name: Configure sesman.ini
|
||||
template: src=sesman.ini.j2 dest=/etc/xrdp/sesman.ini
|
||||
notify: Restart xrdp
|
||||
|
||||
- name: Create xrdp directory
|
||||
file: path=/usr/local/share/xrdp/ state=directory mode=0755 owner=root group=root
|
||||
|
||||
- name: Copy Binary Kitchen Logo
|
||||
copy: src={{ xrdp_ls_logo_filename }} dest=/usr/local/share/xrdp/{{ xrdp_ls_logo_filename }}
|
||||
notify: Restart xrdp
|
|
@ -0,0 +1,5 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
export WINEPREFIX=~/.wine32
|
||||
xfwm4 &
|
||||
exec wine "/home/{{ xrdp_applications.Estlcam.user }}/.wine32/drive_c/Program Files/Estlcam11/Estlcam.exe"
|
|
@ -0,0 +1,4 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
matchbox-window-manager &
|
||||
exec /home/{{ xrdp_applications.LightBurn.user }}/.local/share/LightBurn/LightBurn
|
|
@ -0,0 +1,115 @@
|
|||
{{ ansible_managed | comment(decoration = '; ') }}
|
||||
|
||||
;; See `man 5 sesman.ini` for details
|
||||
|
||||
[Globals]
|
||||
ListenAddress=127.0.0.1
|
||||
ListenPort=3350
|
||||
EnableUserWindowManager=true
|
||||
; Give in relative path to user's home directory
|
||||
UserWindowManager=startwm.sh
|
||||
; Give in full path or relative path to /etc/xrdp
|
||||
DefaultWindowManager=startwm.sh
|
||||
; Give in full path or relative path to /etc/xrdp
|
||||
ReconnectScript=reconnectwm.sh
|
||||
|
||||
[Security]
|
||||
AllowRootLogin=true
|
||||
MaxLoginRetry=4
|
||||
TerminalServerUsers=tsusers
|
||||
TerminalServerAdmins=tsadmins
|
||||
; When AlwaysGroupCheck=false access will be permitted
|
||||
; if the group TerminalServerUsers is not defined.
|
||||
AlwaysGroupCheck=false
|
||||
; When RestrictOutboundClipboard=true clipboard from the
|
||||
; server is not pushed to the client.
|
||||
RestrictOutboundClipboard=false
|
||||
|
||||
[Sessions]
|
||||
;; X11DisplayOffset - x11 display number offset
|
||||
; Type: integer
|
||||
; Default: 10
|
||||
X11DisplayOffset=10
|
||||
|
||||
;; MaxSessions - maximum number of connections to an xrdp server
|
||||
; Type: integer
|
||||
; Default: 0
|
||||
MaxSessions={{ xrdp_maxsessions }}
|
||||
|
||||
;; KillDisconnected - kill disconnected sessions
|
||||
; Type: boolean
|
||||
; Default: false
|
||||
; if 1, true, or yes, kill session after 60 seconds
|
||||
KillDisconnected={{ xrdp_killdisconnected }}
|
||||
|
||||
;; DisconnectedTimeLimit - when to kill idle sessions
|
||||
; Type: integer
|
||||
; Default: 0
|
||||
; if not zero, the seconds before a disconnected session is killed
|
||||
; min 60 seconds
|
||||
DisconnectedTimeLimit=0
|
||||
|
||||
;; IdleTimeLimit (specify in second) - wait before disconnect idle sessions
|
||||
; Type: integer
|
||||
; Default: 0
|
||||
; Set to 0 to disable idle disconnection.
|
||||
IdleTimeLimit=0
|
||||
|
||||
;; Policy - session allocation policy
|
||||
; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
|
||||
; Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize>
|
||||
; "UBD" session per <User,BitPerPixel,DisplaySize>
|
||||
; "UBI" session per <User,BitPerPixel,IPAddr>
|
||||
; "UBC" session per <User,BitPerPixel,Connection>
|
||||
; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
|
||||
; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
|
||||
Policy={{ xrdp_policy }}
|
||||
|
||||
[Logging]
|
||||
LogFile=xrdp-sesman.log
|
||||
LogLevel=DEBUG
|
||||
EnableSyslog=1
|
||||
SyslogLevel=DEBUG
|
||||
|
||||
;
|
||||
; Session definitions - startup command-line parameters for each session type
|
||||
;
|
||||
|
||||
[Xorg]
|
||||
; Specify the path of non-suid Xorg executable. It might differ depending
|
||||
; on your distribution and version. The typical path is shown as follows:
|
||||
;
|
||||
; Fedora 26 or later : param=/usr/libexec/Xorg
|
||||
; Debian 9 or later : param=/usr/lib/xorg/Xorg
|
||||
; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg
|
||||
; Arch Linux : param=/usr/lib/xorg-server/Xorg
|
||||
; CentOS 7 : param=/usr/bin/Xorg or param=Xorg
|
||||
;
|
||||
param=/usr/lib/xorg/Xorg
|
||||
; Leave the rest paramaters as-is unless you understand what will happen.
|
||||
param=-config
|
||||
param=xrdp/xorg.conf
|
||||
param=-noreset
|
||||
param=-nolisten
|
||||
param=tcp
|
||||
param=-logfile
|
||||
param=.xorgxrdp.%s.log
|
||||
|
||||
[Xvnc]
|
||||
param=Xvnc
|
||||
param=-bs
|
||||
param=-nolisten
|
||||
param=tcp
|
||||
param=-localhost
|
||||
param=-dpi
|
||||
param=96
|
||||
|
||||
[Chansrv]
|
||||
; drive redirection, defaults to xrdp_client if not set
|
||||
FuseMountName=thinclient_drives
|
||||
; this value allows only the user to acess their own mapped drives.
|
||||
; Make this more permissive (e.g. 022) if required.
|
||||
FileUmask=077
|
||||
|
||||
[SessionVariables]
|
||||
PULSE_SCRIPT=/etc/xrdp/pulse/default.pa
|
|
@ -0,0 +1,4 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
matchbox-window-manager &
|
||||
exec /home/{{ xrdp_applications.Slicer.user }}/PrusaSlicer-{{ xrdp_applications.Slicer.version }}.AppImage
|
|
@ -0,0 +1,252 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
#
|
||||
# Sample configuration file for the Samba suite for Debian GNU/Linux.
|
||||
#
|
||||
#
|
||||
# This is the main Samba configuration file. You should read the
|
||||
# smb.conf(5) manual page in order to understand the options listed
|
||||
# here. Samba has a huge number of configurable options most of which
|
||||
# are not shown in this example
|
||||
#
|
||||
# Some options that are often worth tuning have been included as
|
||||
# commented-out examples in this file.
|
||||
# - When such options are commented with ";", the proposed setting
|
||||
# differs from the default Samba behaviour
|
||||
# - When commented with "#", the proposed setting is the default
|
||||
# behaviour of Samba but the option is considered important
|
||||
# enough to be mentioned here
|
||||
#
|
||||
# NOTE: Whenever you modify this file you should run the command
|
||||
# "testparm" to check that you have not made any basic syntactic
|
||||
# errors.
|
||||
|
||||
#======================= Global Settings =======================
|
||||
|
||||
[global]
|
||||
|
||||
## Browsing/Identification ###
|
||||
|
||||
# Change this to the workgroup/NT-domain name your Samba server will part of
|
||||
workgroup = WORKGROUP
|
||||
|
||||
#### Networking ####
|
||||
|
||||
# The specific set of interfaces / networks to bind to
|
||||
# This can be either the interface name or an IP address/netmask;
|
||||
# interface names are normally preferred
|
||||
; interfaces = 127.0.0.0/8 eth0
|
||||
|
||||
# Only bind to the named interfaces and/or networks; you must use the
|
||||
# 'interfaces' option above to use this.
|
||||
# It is recommended that you enable this feature if your Samba machine is
|
||||
# not protected by a firewall or is a firewall itself. However, this
|
||||
# option cannot handle dynamic or non-broadcast interfaces correctly.
|
||||
; bind interfaces only = yes
|
||||
|
||||
|
||||
|
||||
#### Debugging/Accounting ####
|
||||
|
||||
# This tells Samba to use a separate log file for each machine
|
||||
# that connects
|
||||
log file = /var/log/samba/log.%m
|
||||
|
||||
# Cap the size of the individual log files (in KiB).
|
||||
max log size = 1000
|
||||
|
||||
# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
|
||||
# Append syslog@1 if you want important messages to be sent to syslog too.
|
||||
logging = file
|
||||
|
||||
# Do something sensible when Samba crashes: mail the admin a backtrace
|
||||
panic action = /usr/share/samba/panic-action %d
|
||||
|
||||
|
||||
####### Authentication #######
|
||||
|
||||
# Server role. Defines in which mode Samba will operate. Possible
|
||||
# values are "standalone server", "member server", "classic primary
|
||||
# domain controller", "classic backup domain controller", "active
|
||||
# directory domain controller".
|
||||
#
|
||||
# Most people will want "standalone server" or "member server".
|
||||
# Running as "active directory domain controller" will require first
|
||||
# running "samba-tool domain provision" to wipe databases and create a
|
||||
# new domain.
|
||||
server role = standalone server
|
||||
|
||||
obey pam restrictions = yes
|
||||
|
||||
# This boolean parameter controls whether Samba attempts to sync the Unix
|
||||
# password with the SMB password when the encrypted SMB password in the
|
||||
# passdb is changed.
|
||||
unix password sync = yes
|
||||
|
||||
# For Unix password sync to work on a Debian GNU/Linux system, the following
|
||||
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
|
||||
# sending the correct chat script for the passwd program in Debian Sarge).
|
||||
passwd program = /usr/bin/passwd %u
|
||||
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
|
||||
|
||||
# This boolean controls whether PAM will be used for password changes
|
||||
# when requested by an SMB client instead of the program listed in
|
||||
# 'passwd program'. The default is 'no'.
|
||||
pam password change = yes
|
||||
|
||||
# This option controls how unsuccessful authentication attempts are mapped
|
||||
# to anonymous connections
|
||||
map to guest = bad user
|
||||
|
||||
########## Domains ###########
|
||||
|
||||
#
|
||||
# The following settings only takes effect if 'server role = classic
|
||||
# primary domain controller', 'server role = classic backup domain controller'
|
||||
# or 'domain logons' is set
|
||||
#
|
||||
|
||||
# It specifies the location of the user's
|
||||
# profile directory from the client point of view) The following
|
||||
# required a [profiles] share to be setup on the samba server (see
|
||||
# below)
|
||||
; logon path = \\%N\profiles\%U
|
||||
# Another common choice is storing the profile in the user's home directory
|
||||
# (this is Samba's default)
|
||||
# logon path = \\%N\%U\profile
|
||||
|
||||
# The following setting only takes effect if 'domain logons' is set
|
||||
# It specifies the location of a user's home directory (from the client
|
||||
# point of view)
|
||||
; logon drive = H:
|
||||
# logon home = \\%N\%U
|
||||
|
||||
# The following setting only takes effect if 'domain logons' is set
|
||||
# It specifies the script to run during logon. The script must be stored
|
||||
# in the [netlogon] share
|
||||
# NOTE: Must be store in 'DOS' file format convention
|
||||
; logon script = logon.cmd
|
||||
|
||||
# This allows Unix users to be created on the domain controller via the SAMR
|
||||
# RPC pipe. The example command creates a user account with a disabled Unix
|
||||
# password; please adapt to your needs
|
||||
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
|
||||
|
||||
# This allows machine accounts to be created on the domain controller via the
|
||||
# SAMR RPC pipe.
|
||||
# The following assumes a "machines" group exists on the system
|
||||
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
|
||||
|
||||
# This allows Unix groups to be created on the domain controller via the SAMR
|
||||
# RPC pipe.
|
||||
; add group script = /usr/sbin/addgroup --force-badname %g
|
||||
|
||||
############ Misc ############
|
||||
|
||||
# Using the following line enables you to customise your configuration
|
||||
# on a per machine basis. The %m gets replaced with the netbios name
|
||||
# of the machine that is connecting
|
||||
; include = /home/samba/etc/smb.conf.%m
|
||||
|
||||
# Some defaults for winbind (make sure you're not using the ranges
|
||||
# for something else.)
|
||||
; idmap config * : backend = tdb
|
||||
; idmap config * : range = 3000-7999
|
||||
; idmap config YOURDOMAINHERE : backend = tdb
|
||||
; idmap config YOURDOMAINHERE : range = 100000-999999
|
||||
; template shell = /bin/bash
|
||||
|
||||
# Setup usershare options to enable non-root users to share folders
|
||||
# with the net usershare command.
|
||||
|
||||
# Maximum number of usershare. 0 means that usershare is disabled.
|
||||
# usershare max shares = 100
|
||||
|
||||
# Allow users who've been granted usershare privileges to create
|
||||
# public shares, not just authenticated ones
|
||||
usershare allow guests = yes
|
||||
|
||||
#======================= Share Definitions =======================
|
||||
|
||||
;[homes]
|
||||
; comment = Home Directories
|
||||
; browseable = no
|
||||
|
||||
# By default, the home directories are exported read-only. Change the
|
||||
# next parameter to 'no' if you want to be able to write to them.
|
||||
; read only = yes
|
||||
|
||||
# File creation mask is set to 0700 for security reasons. If you want to
|
||||
# create files with group=rw permissions, set next parameter to 0775.
|
||||
; create mask = 0700
|
||||
|
||||
# Directory creation mask is set to 0700 for security reasons. If you want to
|
||||
# create dirs. with group=rw permissions, set next parameter to 0775.
|
||||
; directory mask = 0700
|
||||
|
||||
# By default, \\server\username shares can be connected to by anyone
|
||||
# with access to the samba server.
|
||||
# The following parameter makes sure that only "username" can connect
|
||||
# to \\server\username
|
||||
# This might need tweaking when using external authentication schemes
|
||||
; valid users = %S
|
||||
|
||||
# Un-comment the following and create the netlogon directory for Domain Logons
|
||||
# (you need to configure Samba to act as a domain controller too.)
|
||||
;[netlogon]
|
||||
; comment = Network Logon Service
|
||||
; path = /home/samba/netlogon
|
||||
; guest ok = yes
|
||||
; read only = yes
|
||||
|
||||
# Un-comment the following and create the profiles directory to store
|
||||
# users profiles (see the "logon path" option above)
|
||||
# (you need to configure Samba to act as a domain controller too.)
|
||||
# The path below should be writable by all users so that their
|
||||
# profile directory may be created the first time they log on
|
||||
;[profiles]
|
||||
; comment = Users profiles
|
||||
; path = /home/samba/profiles
|
||||
; guest ok = no
|
||||
; browseable = no
|
||||
; create mask = 0600
|
||||
; directory mask = 0700
|
||||
|
||||
;[printers]
|
||||
; comment = All Printers
|
||||
; browseable = no
|
||||
; path = /var/spool/samba
|
||||
; printable = yes
|
||||
; guest ok = no
|
||||
; read only = yes
|
||||
; create mask = 0700
|
||||
|
||||
# Windows clients look for this share name as a source of downloadable
|
||||
# printer drivers
|
||||
;[print$]
|
||||
; comment = Printer Drivers
|
||||
; path = /var/lib/samba/printers
|
||||
; browseable = yes
|
||||
; read only = yes
|
||||
; guest ok = no
|
||||
# Uncomment to allow remote administration of Windows print drivers.
|
||||
# You may need to replace 'lpadmin' with the name of the group your
|
||||
# admin users are members of.
|
||||
# Please note that you also need to set appropriate Unix permissions
|
||||
# to the drivers directory for these users to have write rights in it
|
||||
; write list = root, @lpadmin
|
||||
|
||||
{% for app, config in xrdp_applications.items() %}
|
||||
# {{ app}} share
|
||||
[{{ app | lower }}]
|
||||
comment = {{ app }} data folder
|
||||
path = /home/{{ config.user }}/data
|
||||
browseable = yes
|
||||
read only = no
|
||||
guest ok = yes
|
||||
create mask = 0600
|
||||
directory mask = 0700
|
||||
force user = {{ config.user }}
|
||||
hide dot files = yes
|
||||
|
||||
{% endfor %}
|
|
@ -0,0 +1,7 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for app, config in xrdp_applications.items() %}
|
||||
xhost si:localuser:{{ config.user }}
|
||||
{% endfor %}
|
||||
xfwm4 &
|
||||
exec xterm
|
|
@ -0,0 +1,241 @@
|
|||
{{ ansible_managed | comment(decoration = '; ') }}
|
||||
|
||||
[Globals]
|
||||
; xrdp.ini file version number
|
||||
ini_version=1
|
||||
|
||||
; fork a new process for each incoming connection
|
||||
fork=true
|
||||
|
||||
; ports to listen on, number alone means listen on all interfaces
|
||||
; 0.0.0.0 or :: if ipv6 is configured
|
||||
; space between multiple occurrences
|
||||
;
|
||||
; Examples:
|
||||
; port=3389
|
||||
; port=unix://./tmp/xrdp.socket
|
||||
; port=tcp://.:3389 127.0.0.1:3389
|
||||
; port=tcp://:3389 *:3389
|
||||
; port=tcp://<any ipv4 format addr>:3389 192.168.1.1:3389
|
||||
; port=tcp6://.:3389 ::1:3389
|
||||
; port=tcp6://:3389 *:3389
|
||||
; port=tcp6://{<any ipv6 format addr>}:3389 {FC00:0:0:0:0:0:0:1}:3389
|
||||
; port=vsock://<cid>:<port>
|
||||
port=3389
|
||||
|
||||
; 'port' above should be connected to with vsock instead of tcp
|
||||
; use this only with number alone in port above
|
||||
; prefer use vsock://<cid>:<port> above
|
||||
use_vsock=false
|
||||
|
||||
; regulate if the listening socket use socket option tcp_nodelay
|
||||
; no buffering will be performed in the TCP stack
|
||||
tcp_nodelay=true
|
||||
|
||||
; regulate if the listening socket use socket option keepalive
|
||||
; if the network connection disappear without close messages the connection will be closed
|
||||
tcp_keepalive=true
|
||||
|
||||
; set tcp send/recv buffer (for experts)
|
||||
#tcp_send_buffer_bytes=32768
|
||||
#tcp_recv_buffer_bytes=32768
|
||||
|
||||
; security layer can be 'tls', 'rdp' or 'negotiate'
|
||||
; for client compatible layer
|
||||
security_layer=negotiate
|
||||
|
||||
; minimum security level allowed for client for classic RDP encryption
|
||||
; use tls_ciphers to configure TLS encryption
|
||||
; can be 'none', 'low', 'medium', 'high', 'fips'
|
||||
crypt_level=high
|
||||
|
||||
; X.509 certificate and private key
|
||||
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
|
||||
; note this needs the user xrdp to be a member of the ssl-cert group, do with e.g.
|
||||
;$ sudo adduser xrdp ssl-cert
|
||||
certificate=
|
||||
key_file=
|
||||
|
||||
; set SSL protocols
|
||||
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
|
||||
ssl_protocols=TLSv1.2, TLSv1.3
|
||||
; set TLS cipher suites
|
||||
#tls_ciphers=HIGH
|
||||
|
||||
; Section name to use for automatic login if the client sends username
|
||||
; and password. If empty, the domain name sent by the client is used.
|
||||
; If empty and no domain name is given, the first suitable section in
|
||||
; this file will be used.
|
||||
autorun=
|
||||
|
||||
allow_channels=true
|
||||
allow_multimon=true
|
||||
bitmap_cache=true
|
||||
bitmap_compression=true
|
||||
bulk_compression=true
|
||||
#hidelogwindow=true
|
||||
max_bpp=32
|
||||
new_cursors=true
|
||||
; fastpath - can be 'input', 'output', 'both', 'none'
|
||||
use_fastpath=both
|
||||
; when true, userid/password *must* be passed on cmd line
|
||||
#require_credentials=true
|
||||
; You can set the PAM error text in a gateway setup (MAX 256 chars)
|
||||
#pamerrortxt=change your password according to policy at http://url
|
||||
|
||||
;
|
||||
; colors used by windows in RGB format
|
||||
;
|
||||
blue=009cb5
|
||||
grey=dedede
|
||||
#black=000000
|
||||
#dark_grey=808080
|
||||
#blue=08246b
|
||||
#dark_blue=08246b
|
||||
#white=ffffff
|
||||
#red=ff0000
|
||||
#green=00ff00
|
||||
#background=626c72
|
||||
|
||||
;
|
||||
; configure login screen
|
||||
;
|
||||
|
||||
; Login Screen Window Title
|
||||
ls_title={{ xrdp_ls_title }}
|
||||
|
||||
; top level window background color in RGB format
|
||||
ls_top_window_bg_color={{ xrdp_ls_top_window_bg_color }}
|
||||
|
||||
; width and height of login screen
|
||||
ls_width={{ xrdp_ls_width }}
|
||||
ls_height={{ xrdp_ls_height }}
|
||||
|
||||
; login screen background color in RGB format
|
||||
ls_bg_color={{ xrdp_ls_bg_color }}
|
||||
|
||||
; optional background image filename (bmp format).
|
||||
#ls_background_image=
|
||||
|
||||
; logo
|
||||
; full path to bmp-file or file in shared folder
|
||||
ls_logo_filename=/usr/local/share/xrdp/{{ xrdp_ls_logo_filename }}
|
||||
ls_logo_x_pos={{ xrdp_ls_logo_x_pos }}
|
||||
ls_logo_y_pos={{ xrdp_ls_logo_y_pos }}
|
||||
|
||||
; for positioning labels such as username, password etc
|
||||
ls_label_x_pos={{ xrdp_ls_label_x_pos }}
|
||||
ls_label_width={{ xrdp_ls_label_width }}
|
||||
|
||||
; for positioning text and combo boxes next to above labels
|
||||
ls_input_x_pos={{ xrdp_ls_input_x_pos }}
|
||||
ls_input_width={{ xrdp_ls_input_width }}
|
||||
|
||||
; y pos for first label and combo box
|
||||
ls_input_y_pos={{ xrdp_ls_input_y_pos }}
|
||||
|
||||
; OK button
|
||||
ls_btn_ok_x_pos={{ xrdp_ls_btn_ok_x_pos }}
|
||||
ls_btn_ok_y_pos={{ xrdp_ls_btn_ok_y_pos }}
|
||||
ls_btn_ok_width=85
|
||||
ls_btn_ok_height=30
|
||||
|
||||
; Cancel button
|
||||
ls_btn_cancel_x_pos={{ xrdp_ls_btn_cancel_x_pos }}
|
||||
ls_btn_cancel_y_pos={{ xrdp_ls_btn_cancel_y_pos }}
|
||||
ls_btn_cancel_width=85
|
||||
ls_btn_cancel_height=30
|
||||
|
||||
[Logging]
|
||||
LogFile=xrdp.log
|
||||
LogLevel=DEBUG
|
||||
EnableSyslog=true
|
||||
SyslogLevel=DEBUG
|
||||
; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
|
||||
|
||||
[Channels]
|
||||
; Channel names not listed here will be blocked by XRDP.
|
||||
; You can block any channel by setting its value to false.
|
||||
; IMPORTANT! All channels are not supported in all use
|
||||
; cases even if you set all values to true.
|
||||
; You can override these settings on each session type
|
||||
; These settings are only used if allow_channels=true
|
||||
rdpdr=true
|
||||
rdpsnd=true
|
||||
drdynvc=true
|
||||
cliprdr=true
|
||||
rail=true
|
||||
xrdpvr=true
|
||||
tcutils=true
|
||||
|
||||
; for debugging xrdp, in section xrdp1, change port=-1 to this:
|
||||
#port=/tmp/.xrdp/xrdp_display_10
|
||||
|
||||
; for debugging xrdp, add following line to section xrdp1
|
||||
#chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210
|
||||
|
||||
|
||||
;
|
||||
; Session types
|
||||
;
|
||||
|
||||
; Some session types such as Xorg, X11rdp and Xvnc start a display server.
|
||||
; Startup command-line parameters for the display server are configured
|
||||
; in sesman.ini. See and configure also sesman.ini.
|
||||
{% for app, config in xrdp_applications.items() %}
|
||||
[{{ app }}]
|
||||
name={{ app }}
|
||||
lib=libxup.so
|
||||
username={{ config.user }}
|
||||
password={{ config.pass }}
|
||||
ip=127.0.0.1
|
||||
port=-1
|
||||
code=20
|
||||
|
||||
{% endfor %}
|
||||
[Xorg]
|
||||
name=Xorg
|
||||
lib=libxup.so
|
||||
username=ask
|
||||
password=ask
|
||||
ip=127.0.0.1
|
||||
port=-1
|
||||
code=20
|
||||
|
||||
#[Xvnc]
|
||||
#name=Xvnc
|
||||
#lib=libvnc.so
|
||||
#username=ask
|
||||
#password=ask
|
||||
#ip=127.0.0.1
|
||||
#port=-1
|
||||
##xserverbpp=24
|
||||
##delay_ms=2000
|
||||
|
||||
#[vnc-any]
|
||||
#name=vnc-any
|
||||
#lib=libvnc.so
|
||||
#ip=ask
|
||||
#port=ask5900
|
||||
#username=na
|
||||
#password=ask
|
||||
##pamusername=asksame
|
||||
##pampassword=asksame
|
||||
##pamsessionmng=127.0.0.1
|
||||
##delay_ms=2000
|
||||
|
||||
#[neutrinordp-any]
|
||||
#name=neutrinordp-any
|
||||
#lib=libxrdpneutrinordp.so
|
||||
#ip=ask
|
||||
#port=ask3389
|
||||
#username=ask
|
||||
#password=ask
|
||||
|
||||
; You can override the common channel settings for each session type
|
||||
#channel.rdpdr=true
|
||||
#channel.rdpsnd=true
|
||||
#channel.drdynvc=true
|
||||
#channel.cliprdr=true
|
||||
#channel.rail=true
|
||||
#channel.xrdpvr=true
|
Loading…
Reference in New Issue