infra/roles/xrdp_apphost/tasks/main.yml

---

- name: Set Default umask for Users
  lineinfile:
    dest: '/etc/login.defs'
    regexp: "UMASK"
    line: "UMASK 027"
    state: present

- include: xrdp.yml
- include: app_common.yml
- include: samba.yml

- include: lightburn.yml
- include: estlcam.yml
- include: slicer.yml

- name: Create tsadmin group
  group: name={{ tsadmin_group }}

- name: Create tsadmin_user
  user: name={{ tsadmin_user }} password={{ tsadmin_pass | password_hash('sha512', tsadmin_salt) }} home=/home/{{ tsadmin_user }} group={{ tsadmin_group }}

- name: Allow 'tsadmin_user' group to have passwordless sudo to other users
  lineinfile:
    dest: /etc/sudoers
    state: present
    regexp: '^{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'
    line: '{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'
    validate: visudo -cf %s
  with_dict:
  - "{{ xrdp_applications }}"

- name: Create tsadmin_user .xsession
  template: src=tsadmin_xsession.j2 dest=/home/{{ tsadmin_user }}/.xsession
xrdp_apphost: new role 2021-11-03 13:37:46 +01:00			`---`

xrdp_apphost: Secure home directories Remove all permissions for other users from home directries 2022-01-08 03:52:25 +01:00			`- name: Set Default umask for Users`
			`lineinfile:`
			`dest: '/etc/login.defs'`
			`regexp: "UMASK"`
			`line: "UMASK 027"`
			`state: present`

xrdp_apphost: Split role into different files 2022-01-08 03:04:42 +01:00			`- include: xrdp.yml`
xrdp_apphost: Consolidate common application tasks This commit consolidates common tasks like user creation which is needed by all applications into a single file. 2022-01-09 19:11:56 +01:00			`- include: app_common.yml`
			`- include: samba.yml`

xrdp_apphost: Split role into different files 2022-01-08 03:04:42 +01:00			`- include: lightburn.yml`
			`- include: estlcam.yml`
xrdp_apphost: Add configuration for Slic3r 2022-01-08 03:39:36 +01:00			`- include: slicer.yml`
xrdp_apphost: Add tsadmin user This user is able to e.g. run graphical installers for estlcam 2021-11-04 20:12:24 +01:00
			`- name: Create tsadmin group`
			`group: name={{ tsadmin_group }}`

			`- name: Create tsadmin_user`
			`user: name={{ tsadmin_user }} password={{ tsadmin_pass \| password_hash('sha512', tsadmin_salt) }} home=/home/{{ tsadmin_user }} group={{ tsadmin_group }}`

			`- name: Allow 'tsadmin_user' group to have passwordless sudo to other users`
			`lineinfile:`
			`dest: /etc/sudoers`
			`state: present`
xrdp_apphost: Moved configuration to dictionary This allows config and user generation using loops 2022-01-09 18:19:16 +01:00			`regexp: '^{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'`
			`line: '{{ tsadmin_user }} ALL=({{ item.value.user }}) NOPASSWD: ALL'`
xrdp_apphost: Add tsadmin user This user is able to e.g. run graphical installers for estlcam 2021-11-04 20:12:24 +01:00			`validate: visudo -cf %s`
xrdp_apphost: Moved configuration to dictionary This allows config and user generation using loops 2022-01-09 18:19:16 +01:00			`with_dict:`
			`- "{{ xrdp_applications }}"`
xrdp_apphost: Add tsadmin user This user is able to e.g. run graphical installers for estlcam 2021-11-04 20:12:24 +01:00
			`- name: Create tsadmin_user .xsession`
			`template: src=tsadmin_xsession.j2 dest=/home/{{ tsadmin_user }}/.xsession`