xrdp_apphost: Add tsadmin user

This user is able to e.g. run graphical installers for estlcam
2021-11-04 20:12:24 +01:00 · 2021-11-04 20:12:24 +01:00 · bd96df2eb0
commit bd96df2eb0
parent 3c09971484
4 changed files with 32 additions and 7 deletions
--- a/roles/xrdp_apphost/README.md
+++ b/roles/xrdp_apphost/README.md
@ -8,11 +8,7 @@ After the role has applied several manual installation steps have to be applied
 by a admin user.

 * Estlcam
-    * Create a .xsession file for the admin user with the following content:
-        xfwm4 &
-        exec xterm
-    * Login as admin user and execute the following commands
-        $ xhost si:localuser:estlcam
+    * Login as tsadmin user and execute the following commands
        $ sudo -u estlcam --preserve-env=DISPLAY /bin/bash
        $ cd ~
        $ export WINEPREFIX=~/.wine32
@ -21,4 +17,3 @@ by a admin user.
        $ winetricks dotnet40 gdiplus d3dx9_36
        $ wget http://www.estlcam.de/downloads/Estlcam_32_11243.exe
        $ wine Estlcam_32_11243.exe
-        $ echo "Hide tooltips=no" >> ~/.wine32/drive_c/ProgramData/Estlcam/V11/Settings\ Estlcam.txt
--- a/roles/xrdp_apphost/defaults/main.yml
+++ b/roles/xrdp_apphost/defaults/main.yml
@ -35,3 +35,8 @@ estlcam_user: estlcam
 estlcam_group: estlcam
 estlcam_pass: fckgw01estlcam
 estlcam_salt: $1$SomeSalt$
+
+tsadmin_user: tsadmin
+tsadmin_group: tsadmin
+tsadmin_pass: fckgw01tsadmin
+tsadmin_salt: $1$SomeSalt$
--- a/roles/xrdp_apphost/tasks/main.yml
+++ b/roles/xrdp_apphost/tasks/main.yml
@ -91,4 +91,25 @@
  template: src=estlcam_xsession.j2 dest=/home/{{ estlcam_user }}/.xsession

 - name: Create Estlcam data directory
-  file: path=/home/{{ estlcam_user }}/data state=directory mode=0755 owner={{ estlcam_user }} group={{ estlcam_group }}
+  file: path=/home/{{ estlcam_user }}/data state=directory mode=0755 owner={{ estlcam_user }} group={{ estlcam_group }}
+
+
+- name: Create tsadmin group
+  group: name={{ tsadmin_group }}
+
+- name: Create tsadmin_user
+  user: name={{ tsadmin_user }} password={{ tsadmin_pass | password_hash('sha512', tsadmin_salt) }} home=/home/{{ tsadmin_user }} group={{ tsadmin_group }}
+
+- name: Allow 'tsadmin_user' group to have passwordless sudo to other users
+  lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: '^{{ tsadmin_user }} ALL=({{ item }}) NOPASSWD: ALL'
+    line: '{{ tsadmin_user }} ALL=({{ item }}) NOPASSWD: ALL'
+    validate: visudo -cf %s
+  with_items:
+  - "{{ estlcam_user }}"
+  - "{{ lightburn_user }}"
+
+- name: Create tsadmin_user .xsession
+  template: src=tsadmin_xsession.j2 dest=/home/{{ tsadmin_user }}/.xsession
--- a/roles/xrdp_apphost/templates/tsadmin_xsession.j2
+++ b/roles/xrdp_apphost/templates/tsadmin_xsession.j2
@ -0,0 +1,4 @@
+xhost si:localuser:{{ lightburn_user }}
+xhost si:localuser:{{ estlcam_user }}
+xfwm4 &
+exec xterm