external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #59 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2018-02-21 20:33:29 -05:00 committed by GitHub
commit 6fd889c8f6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 311 additions and 200 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/0-init/tasks/hostname.yml
View file

@ -14,8 +14,8 @@
- name: Configure short hostname in /etc/hosts
lineinfile:
dest: /etc/hosts
regexp: "^127\.0\.0\.1"
line: "127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}"
regexp: '^127\.0\.0\.1'
line: '127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}'
owner: root
group: root
mode: 0644

10
roles/1-prep/tasks/main.yml
View file

@ -3,7 +3,7 @@
- name: ...IS BEGINNING ============================================
command: echo
- name: Get the uuidgen program
- name: Install uuidgen program (debuntu)
package:
name: uuid-runtime
state: present
@ -54,7 +54,7 @@
dest: /etc/chrony.conf
src: chrony.conf.j2
- name: Disable AppArmor -- on by default in Ubuntu
- name: Disable AppArmor -- override OS default (ubuntu)
service:
name: apparmor
enabled: False
@ -62,19 +62,19 @@
when: is_ubuntu
ignore_errors: true
- name: Disable SELinux on next boot
- name: Disable SELinux on next boot (OS's other than debuntu)
selinux:
state: disabled
register: selinux_disabled
when: not is_debuntu
- name: Disable SELinux for this session (if needed)
- name: Disable SELinux for this session (OS's other than debuntu, if needed)
command: setenforce Permissive
when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
## DISCOVER PLATFORMS ######
# Put conditional actions for hardware platforms here
- include_tasks: raspberry_pi_2.yml
- include_tasks: raspberry_pi.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for Intel's NUC6 builtin WiFi is present

62
roles/1-prep/tasks/raspberry_pi.yml Normal file
View file

@ -0,0 +1,62 @@
# Setup specific to the Raspberry Pi
- name: Add a udev rule to transfer hwclock to system clock at dev creation
template:
src: 92-rtc-i2c.rules
dest: /etc/udev/rules.d/92-rtc-i2c.rules
owner: root
group: root
mode: 0644
when: rtc_id is defined and rtc_id != "none"
# RTC requires a change to the device tree (and reboot)
- name: Check for needing to enable i2c rtc device in config.txt
lineinfile:
dest: /boot/config.txt
line: "dtoverlay=i2c-rtc,{{ rtc_id }}=on"
state: present
register: rpiconfig
when: rtc_id != "none"
- name: Add a udev rule to transfer hwclock to system clock at dev creation
template:
src: 92-rtc-i2c.rules
dest: /etc/udev/rules.d/92-rtc-i2c.rules
owner: root
group: root
mode: 0644
when: rtc_id != "none"
- name: Pre-install packages
package:
name: "{{ item }}"
state: latest
with_items:
- ntp
- name: Increase the swap file size, as kalite pip download fails (debuntu)
lineinfile:
regexp: "^CONF_SWAPSIZE"
line: CONF_SWAPSIZE=500
dest: /etc/dphys-swapfile
when: is_debuntu
- name: Restart the swap service (debuntu)
command: /etc/init.d/dphys-swapfile restart
when: is_debuntu
- name: Add RPi rootfs resizing service
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/iiab-rpi-max-rootfs.sh', mode: '0755'}
- { src: 'iiab-rpi-root-resize.service', dest: '/etc/systemd/system/iiab-rpi-root-resize.service', mode: '0644'}
- name: Enable rootfs resizing service
service:
name: iiab-rpi-root-resize
enabled: yes

57
roles/1-prep/tasks/raspberry_pi_2.yml
View file

@ -1,57 +0,0 @@
# Setup specific to the Raspberry Pi
#
- name: Add a udev rule to transfer hwclock to system clock at dev creation
template: src=92-rtc-i2c.rules
dest=/etc/udev/rules.d/92-rtc-i2c.rules
owner=root
group=root
mode=0644
when: rtc_id is defined and rtc_id != "none"
#
# RTC requires a change to the device tree (and reboot)
- name: Check for needing to enable i2c rtc device in config.txt
lineinfile: dest=/boot/config.txt
line="dtoverlay=i2c-rtc,{{ rtc_id }}=on"
state=present
register: rpiconfig
when: rtc_id != "none"
- name: Add a udev rule to transfer hwclock to system clock at dev creation
template: src=92-rtc-i2c.rules
dest=/etc/udev/rules.d/92-rtc-i2c.rules
owner=root
group=root
mode=0644
when: rtc_id != "none"
- name: Pre-install packages
package: name={{ item }}
state=latest
with_items:
- ntp
- name: Increase the swap file size (kalite pip download fails)
lineinfile: regexp="^CONF_SWAPSIZE"
line=CONF_SWAPSIZE=500
dest=/etc/dphys-swapfile
when: is_debuntu
- name: Restart the swap service
command: /etc/init.d/dphys-swapfile restart
when: is_debuntu
- name: Add RPi rootfs resizing service
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode={{ item.mode }}
with_items:
- { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/iiab-rpi-max-rootfs.sh', mode: '0755'}
- { src: 'iiab-rpi-root-resize.service', dest: '/etc/systemd/system/iiab-rpi-root-resize.service', mode: '0644'}
- name: Enable rootfs resizing service
service: name=iiab-rpi-root-resize
enabled=yes

61
roles/2-common/tasks/iptables.yml
View file

@ -1,55 +1,64 @@
- name: Disable firewalld service
service: name=firewalld
enabled=no
- name: Disable firewalld service (OS's other than debuntu)
service:
name: firewalld
enabled: no
when: not is_debuntu
- name: Use larger hammer to disable firewalld (2 symbolic links involved)
- name: Use larger hammer to disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
shell: "systemctl disable firewalld.service"
when: not is_debuntu
- name: Mask firewalld service
- name: Mask firewalld service (OS's other than debuntu)
shell: 'systemctl mask firewalld'
ignore_errors: yes
when: not installing and not is_debuntu
- name: Stop firewalld service
service: name=firewalld
state=stopped
- name: Stop firewalld service (OS's other than debuntu)
service:
name: firewalld
state: stopped
ignore_errors: yes
when: not installing and not is_debuntu
- name: Remove iptables.service file from /etc
file: path=/etc/systemd/system/iptables.service
state=absent
file:
path: /etc/systemd/system/iptables.service
state: absent
- name: Remove iptables-xs.service file from /etc
file: path=/etc/systemd/system/iptables-xs.service
state=absent
file:
path: /etc/systemd/system/iptables-xs.service
state: absent
- name: Install iptables service package
package: name=iptables-persistent
state=present
- name: Install iptables service package (debuntu)
package:
name: iptables-persistent
state: present
when: is_debuntu
tags:
- download
- name: Install iptables service package
package: name=iptables-services
state=present
- name: Install iptables service package (OS's other than debuntu)
package:
name: iptables-services
state: present
when: not is_debuntu
tags:
- download
- name: Install iptables services
template: src={{ item.0 }}
dest={{ item.1 }}
owner='root'
group='root'
mode={{ item.2 }}
template:
src: "{{ item.0 }}"
dest: "{{ item.1 }}"
owner: root
group: root
mode: "{{ item.2 }}"
with_items:
- { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
- name: Install Debian config
template: src=iptables dest=/etc/network/if-pre-up.d/iptables
mode=0755
- name: Install Debian config (debuntu)
template:
src: iptables
dest: /etc/network/if-pre-up.d/iptables
mode: 0755
when: is_debuntu

80
roles/2-common/tasks/main.yml
View file

@ -20,24 +20,65 @@
- include_tasks: iptables.yml
- sysctl: name=net.ipv4.ip_forward value=1 state=present
- sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present
- sysctl: name=net.ipv4.conf.default.accept_source_route value=0 state=present
- sysctl: name=kernel.sysrq value=1 state=present
- sysctl: name=kernel.core_uses_pid value=1 state=present
- sysctl: name=net.ipv4.tcp_syncookies value=1 state=present
- sysctl: name=kernel.shmmax value=268435456 state=present
- sysctl:
name: net.ipv4.ip_forward
value: 1
state: present
- sysctl:
name: net.ipv4.conf.default.rp_filter
value: 1
state: present
- sysctl:
name: net.ipv4.conf.default.accept_source_route
value: 0
state: present
- sysctl:
name: kernel.sysrq
value: 1
state: present
- sysctl:
name: kernel.core_uses_pid
value: 1
state: present
- sysctl:
name: net.ipv4.tcp_syncookies
value: 1
state: present
- sysctl:
name: kernel.shmmax
value: 268435456
state: present
# IPv6 disabled
- sysctl: name=net.ipv6.conf.all.disable_ipv6 value=1 state=present
- sysctl: name=net.ipv6.conf.default.disable_ipv6 value=1 state=present
- sysctl: name=net.ipv6.conf.lo.disable_ipv6 value=1 state=present
- sysctl:
name: net.ipv6.conf.all.disable_ipv6
value: 1
state: present
- sysctl:
name: net.ipv6.conf.default.disable_ipv6
value: 1
state: present
- sysctl:
name: net.ipv6.conf.lo.disable_ipv6
value: 1
state: present
- name: Install custom profile file
template: dest=/etc/profile.d/zzz_iiab.sh
src=zzz_iiab.sh
owner=root
mode=0644
backup=no
template:
dest: /etc/profile.d/zzz_iiab.sh
src: zzz_iiab.sh
owner: root
mode: 0644
backup: no
- include_tasks: net_mods.yml
when: not is_debuntu and not is_F18
@ -47,7 +88,8 @@
- include_tasks: iiab-startup.yml
- name: Recording STAGE 2 HAS COMPLETED ==========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=2'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^STAGE=*'
line: 'STAGE=2'
state: present

30
roles/2-common/tasks/net_mods.yml
View file

@ -1,32 +1,36 @@
- name: Disable systemd-networkd.service
service: name=systemd-networkd.service
enabled=no
- name: Disable systemd-networkd.service (OS's other than centos)
service:
name: systemd-networkd.service
enabled: no
when: not is_centos
- name: Mask systemd-networkd.service
- name: Mask systemd-networkd.service (OS's other than centos)
shell: 'systemctl mask systemd-networkd'
when: not is_centos
- name: Disable systemd-hostnamed.service
service: name=systemd-hostnamed.service
enabled=no
service:
name: systemd-hostnamed.service
enabled: no
- name: Disable dbus-org.freedesktop.hostname1.service
service: name=dbus-org.freedesktop.hostname1
enabled=no
service:
name: dbus-org.freedesktop.hostname1
enabled: no
- name: Mask dbus-org.freedesktop.hostname1.service
shell: 'systemctl mask dbus-org.freedesktop.hostname1'
- name: Disable network.service
service: name=network
enabled=no
service:
name: network
enabled: no
- name: Mask network.service
shell: 'systemctl mask network.service'
# Network Manager starts this if needed
- name: Disable wpa_supplicant
service: name=wpa_supplicant
enabled=no
service:
name: wpa_supplicant
enabled: no

42
roles/2-common/tasks/prep.yml
View file

@ -1,29 +1,33 @@
- name: Install iiab-extra repos
template: backup=no
dest=/etc/yum.repos.d/iiab-extra.repo
src=iiab-extra.repo
owner=root
group=root
mode=0666
template:
backup: no
dest: /etc/yum.repos.d/iiab-extra.repo
src: iiab-extra.repo
owner: root
group: root
mode: 0666
- name: Install iiab-testing repos
template: backup=no
dest=/etc/yum.repos.d/iiab-testing.repo
src=iiab-testing.repo
owner=root
group=root
mode=0666
template:
backup: no
dest: /etc/yum.repos.d/iiab-testing.repo
src: iiab-testing.repo
owner: root
group: root
mode: 0666
- name: Get the createrepo program
package: name=createrepo
state=present
package:
name: createrepo
state: present
- name: Install local repo file
template: dest=/etc/yum.repos.d/iiab-local.repo
src=local.repo
owner=root
group=root
mode=0644
template:
dest: /etc/yum.repos.d/iiab-local.repo
src: local.repo
owner: root
group: root
mode: 0644
- name: Create local repo
shell: createrepo {{ yum_packages_dir }}

29
roles/2-common/tasks/udev.yml
View file

@ -1,21 +1,24 @@
- name: Does systemd-udevd.service exist
stat: path="{{ systemd_location }}/systemd-udevd.service"
stat:
path: "{{ systemd_location }}/systemd-udevd.service"
register: udev_unit
- name: Copy udevd service to /etc/systemd/system to modify
copy: src={{ systemd_location }}/systemd-udevd.service
dest=/etc/systemd/system/systemd-udevd.service
owner=root
group=root
mode=0644
copy:
src: "{{ systemd_location }}/systemd-udevd.service"
dest: /etc/systemd/system/systemd-udevd.service
owner: root
group: root
mode: 0644
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
- name: Change MountFlags from slave to shared
lineinfile: backup=no
dest=/etc/systemd/system/systemd-udevd.service
regexp='^MountFlags'
line='MountFlags=shared'
state=present
lineinfile:
backup: no
dest: /etc/systemd/system/systemd-udevd.service
regexp: '^MountFlags'
line: 'MountFlags=shared'
state: present
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
# ubuntu 16.04 comes with ansible 2.0.0.2 -- no systemd module
@ -28,7 +31,9 @@
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
- name: Reload systemd-udevd so it has rootfs open read-write
template: src=udev-reload.service dest=/etc/systemd/system/
template:
src: udev-reload.service
dest: /etc/systemd/system/
- name: Enable the reload service
shell: systemctl enable udev-reload.service

14
roles/3-base-server/tasks/main.yml
View file

@ -22,12 +22,14 @@
tags: base, mysql
- name: Restart httpd
service: name={{ apache_service }}
state=restarted
service:
name: "{{ apache_service }}"
state: restarted
when: not installing
- name: Recording STAGE 3 HAS COMPLETED =====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=3'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^STAGE=*'
line: 'STAGE=3'
state: present

4
roles/4-server-options/README.rst
View file

@ -2,8 +2,8 @@
4-server-options README
=======================
Whereas the roles/tasks in 3-base-server are required, this 4th stage includes more optional roles/tasks for core server infra.
Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /opt/iiab/iiab/vars/local_vars.yml
It includes some networking fundamentals, before they're configured later on.
This includes some networking fundamentals, before they're configured later on.
As in the case of 2-common, 3-base-server and 5-xo-services: this stage installs core server infra, that is not user-facing.

17
roles/4-server-options/tasks/main.yml
View file

@ -3,6 +3,7 @@
- name: ...IS BEGINNING ==================================
command: echo
# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ?
- name: SSHD
include_role:
name: sshd
@ -41,6 +42,7 @@
# # has no "when: XXXXX_install" flag
# tags: base, network
# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ?
- name: HOMEPAGE
include_role:
name: homepage
@ -77,16 +79,19 @@
when: usb_lib_install
tags: usb-lib
# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ?
- name: Create a Python interface to iiab.env
template: src=roles/1-prep/templates/iiab_env.py.j2
dest=/etc/iiab/iiab_env.py
template:
src: roles/1-prep/templates/iiab_env.py.j2
dest: /etc/iiab/iiab_env.py
- name: Generate the offline documents
command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs
- name: Recording STAGE 4 HAS COMPLETED ==================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=4'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^STAGE=*'
line: 'STAGE=4'
state: present

2
roles/5-xo-services/README.rst
View file

@ -2,6 +2,6 @@
5-xo-services README
====================
This 5th stage provides services for One Laptop Per Child's XO laptops.
This 5th stage provides underlying services for One Laptop Per Child's XO laptops.
As in the case of 2-common, 3-base-server and 4-server-options: this stage installs core server infra, that is not user-facing.

9
roles/5-xo-services/tasks/main.yml
View file

@ -22,7 +22,8 @@
tags: olpc, idmgr
- name: Recording STAGE 5 HAS COMPLETED =====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=5'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^STAGE=*'
line: 'STAGE=5'
state: present

4
roles/6-generic-apps/README.rst
View file

@ -2,8 +2,8 @@
6-generic-apps README
=====================
This 6th stage is for apps of a more generic or collaborative nature, as opposed to educational or managerial apps in later stages.
This 6th stage is for server apps of a more generic, personal or collaborative nature -- as opposed to larger educational or LMS apps (Learning Management Systems) in 7-edu-apps.
Chat, Wiki and CMS's (Content Management Systems) can go here.
Chat, Wiki, blogging and CMS's (Content Management Systems) can go here.
As in the case of 7-edu-apps, 8-mgmt-tools and 9-local-addons: this stage installs user-facing server apps.

9
roles/6-generic-apps/tasks/main.yml
View file

@ -40,7 +40,8 @@
tags: wordpress
- name: Recording STAGE 6 HAS COMPLETED ====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=6'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^STAGE=*'
line: 'STAGE=6'
state: present

4
roles/7-edu-apps/README.rst
View file

@ -2,6 +2,8 @@
7-edu-apps README
=================
This 7th stage is for Educational Apps and Learning Content, including LMS's (Learning Management Systems).
This 7th stage is for larger Educational Apps and Learning Content, including LMS's (Learning Management Systems).
As opposed to the prior stage (6-generic-apps) which is for smaller server apps that are more generic, personal or collaborative.
As in the case of 6-generic-apps, 8-mgmt-tools and 9-local-addons: this stage installs user-facing server apps.

9
roles/7-edu-apps/tasks/main.yml
View file

@ -40,7 +40,8 @@
tags: sugarizer
- name: Recording STAGE 7 HAS COMPLETED ========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=7'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^STAGE=*'
line: 'STAGE=7'
state: present

4
roles/8-mgmt-tools/README.rst
View file

@ -2,6 +2,6 @@
8-mgmt-tools README
===================
This 8th stage provides managerial tools to Administer and Monitor the server -- and for Assessing its use and effectiveness.
This 8th stage installs management tools to Administer and Monitor the server -- and for Assessing its use and effectiveness.
As in the case of 6-generic-apps, 7-edu-apps and 9-local-addons: this stage installs user-facing server apps.
As in the case of 6-generic-apps, 7-edu-apps and 9-local-addons: this stage installs user-facing (or operator-facing, in this case) server apps.

9
roles/8-mgmt-tools/tasks/main.yml
View file

@ -52,7 +52,8 @@
tags: xovis
- name: Recording STAGE 8 HAS COMPLETED ======================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=8'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^STAGE=*'
line: 'STAGE=8'
state: present

8
roles/9-local-addons/README.rst
View file

@ -2,19 +2,19 @@
9-local-addons README
=====================
This 9th stage is a placeholder for roles/tasks/server apps that are locally developed -- or of an experimental nature.
This 9th stage is a placeholder for server apps (roles, tasks or otherwise) that are locally developed -- or of an experimental nature.
As in the case of 6-generic-apps, 7-edu-apps, and 8-mgmt-tools: this stage is intended to install user-facing server apps.
As in the case of 6-generic-apps, 7-edu-apps, and 8-mgmt-tools: this stage is intended to install user-facing or operator-facing server apps.
Development
-----------
Consider creating your own Ansible role to add essential functionality to Internet-in-a-Box. You can copy any role you find within /opt/iiab/iiab/roles, and building from there!
Consider creating your own Ansible role to add essential functionality to Internet-in-a-Box. You can copy any role you find within /opt/iiab/iiab/roles, and build from there!
Packaging
---------
Add your role into the main.yml file in the tasks directory of the 9-local-addons role.
Add your Ansible role into /opt/iiab/iiab/roles/9-local-addons/tasks/main.yml
It will then get installed as part of the next Ansible run (e.g. "cd /opt/iiab/iiab" and then "./iiab-install --reinstall").

9
roles/9-local-addons/tasks/main.yml
View file

@ -10,7 +10,8 @@
tags: calibre
- name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=9'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^STAGE=*'
line: 'STAGE=9'
state: present

2
roles/network/tasks/computed_network.yml
View file

@ -46,7 +46,7 @@
wan_netmask: "{{ gui_static_wan_netmask }}"
wan_gateway: "{{ gui_static_wan_gateway }}"
wan_nameserver: "{{ gui_static_wan_nameserver }}"
when: gui_static_wan and user_wan_iface != "auto"
when: gui_static_wan or user_wan_iface != "auto"
# we need to have an interface name for ifcfg-WAN to be able to change gateway
# the DEVICE from the gui. Thanks to George for proving my point about knowing

2
roles/usb-lib/README.rst
View file

@ -20,8 +20,6 @@ Automount is handled by usbmount, and scripts in this role look in the root of t
USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at /etc/usbmount/usbmount.conf
WARNING: even if you manually add "exfat ntfs fuseblk" within the above line, problems remain automounting exFAT and NTFS filesystems using usbmount, as of February 2018. It's recommended you stick to FAT32 and ext4 filesystems for now.
There is also a patch for problems with automount on Fedora 21+
Please Note that as of the 4.1.8-200.fc22.x86_64 not all USB drives will mount even with this patch.

14
roles/usb-lib/tasks/main.yml
View file

@ -15,6 +15,20 @@
mode: 0751
when: usb_lib_enabled
- name: Install udev to systemd link -> usbmount
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: 'usbmount@.service.j2' , dest: '/etc/systemd/system/usbmount@.service' }
- { src: 'usbmount.rules.j2' , dest: '/etc/udev/rules.d/usbmount.rules' }
- name: Enable exfat and ntfs
lineinfile:
regexp: '^FILESYSTEMS.*'
line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
dest: /etc/usbmount/usbmount.conf
- name: Copy umount file to usbmount when enabled
template:
src: umount.d/70-usb-library

5
roles/usb-lib/templates/usbmount.rules.j2 Normal file
View file

@ -0,0 +1,5 @@
KERNEL=="sd*", DRIVERS=="sbp2", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c"
KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c"
KERNEL=="ub*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c"
KERNEL=="sd*", ACTION=="remove", RUN+="/usr/share/usbmount/usbmount remove"

11
roles/usb-lib/templates/usbmount@.service.j2 Normal file
View file

@ -0,0 +1,11 @@
[Unit]
BindTo=%i.device
After=%i.device
[Service]
Type=oneshot
TimeoutStartSec=0
Environment=DEVNAME=%I
ExecStart=/usr/share/usbmount/usbmount add
RemainAfterExit=yes