Experiments part 19
authorAndreas Schiermeier <andreas@schiermeier.name>
Sun, 13 Dec 2015 02:57:59 +0000 (03:57 +0100)
committerAndreas Schiermeier <andreas@schiermeier.name>
Sun, 13 Dec 2015 02:57:59 +0000 (03:57 +0100)
modules/desktop/files/etc/default/nodm [deleted file]
modules/desktop/files/etc/skel/.bashrc [new file with mode: 0644]
modules/desktop/files/etc/systemd/system/guestx11.service [new file with mode: 0644]
modules/desktop/files/usr/local/sbin/x11login [new file with mode: 0644]
modules/desktop/manifests/init.pp
modules/system/files/etc/security/pam_mount.conf.xml

diff --git a/modules/desktop/files/etc/default/nodm b/modules/desktop/files/etc/default/nodm
deleted file mode 100644 (file)
index f746406..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-# nodm configuration
-
-# Set NODM_ENABLED to something different than 'false' to enable nodm
-NODM_ENABLED=true
-
-# User to autologin for
-NODM_USER=guest
-
-# First vt to try when looking for free VTs
-NODM_FIRST_VT=7
-
-# X session
-NODM_XSESSION=/etc/X11/Xsession
-
-# Options for the X server
-NODM_X_OPTIONS='-nolisten tcp'
-
-# If an X session will run for less than this time in seconds, nodm will wait an
-# increasing bit of time before restarting the session.
-NODM_MIN_SESSION_TIME=60
-
diff --git a/modules/desktop/files/etc/skel/.bashrc b/modules/desktop/files/etc/skel/.bashrc
new file mode 100644 (file)
index 0000000..d09b64f
--- /dev/null
@@ -0,0 +1,119 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+case $- in
+    *i*) ;;
+      *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+       # We have color support; assume it's compliant with Ecma-48
+       # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+       # a case would tend to support setf rather than setaf.)
+       color_prompt=yes
+    else
+       color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# colored GCC warnings and errors
+#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
+
+# some more ls aliases
+#alias ll='ls -l'
+#alias la='ls -A'
+#alias l='ls -CF'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi
+
+if [[ ${START_X11} == 1 ]]; then
+    unset START_X11
+    exec startx
+fi
+
diff --git a/modules/desktop/files/etc/systemd/system/guestx11.service b/modules/desktop/files/etc/systemd/system/guestx11.service
new file mode 100644 (file)
index 0000000..59f5d87
--- /dev/null
@@ -0,0 +1,10 @@
+[Unit]
+After=systemd-user-sessions.service
+[Service]
+ExecStart=/sbin/agetty --autologin guest --login-program=/usr/local/sbin/x11login --noclear tty8 38400
+Restart=always
+[Install]
+WantedBy=multi-user.target
+
diff --git a/modules/desktop/files/usr/local/sbin/x11login b/modules/desktop/files/usr/local/sbin/x11login
new file mode 100644 (file)
index 0000000..1bdae08
--- /dev/null
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /bin/login "${@}" START_X11=1
index 841d764..d5f98d0 100644 (file)
@@ -1,12 +1,35 @@
 class desktop {
 
-       package { 'nodm':
-               ensure => installed,
+       file { '/etc/skel/Desktop':
+               ensure => directory,
        }
 
        package { 'lxde':
                ensure => installed,
-               require => Package['nodm'],
+       }
+
+       file { '/etc/skel/Desktop/lxde-logout.desktop':
+               source => '/usr/share/applications/lxde-logout.desktop',
+               require => [
+                       Package['lxde'],
+                       File['/etc/skel/Desktop'],
+               ],
+       }
+
+       file { '/etc/skel/Desktop/leafpad.desktop':
+               source => '/usr/share/applications/leafpad.desktop',
+               require => [
+                       Package['lxde'],
+                       File['/etc/skel/Desktop'],
+               ],
+       }
+
+       file { '/etc/skel/Desktop/galculator.desktop':
+               source => '/usr/share/applications/galculator.desktop',
+               require => [
+                       Package['lxde'],
+                       File['/etc/skel/Desktop'],
+               ],
        }
 
        package { 'lightdm':
@@ -23,27 +46,29 @@ class desktop {
                ensure => installed,
        }
 
+       file { '/etc/skel/Desktop/iceweasel.desktop':
+               source => '/usr/share/applications/iceweasel.desktop',
+               require => [
+                       Package['iceweasel'],
+                       File['/etc/skel/Desktop'],
+               ],
+       }
+
        group { 'guest':
                ensure => 'present'
        }
 
        user { 'guest':
-               ensure => 'present',
-               home => '/run/user/1001',
+               uid => 5000,
+               home => '/run/user/5000',
                # password: guest
                password => '$6$pheeghohphaikuka$lJodCaTfZG4IhXw9.htxDsMDAiQrhOsXyJR.nvCdWc2EHgmstkTrpn/8LWi83e9Ac.WFDfzmQ1phpDII/npl/0',
-               managehome => true,
+               managehome => false,
                gid => 'guest',
+               groups => [ 'plugdev' ],
                shell => '/bin/bash',
                require => Group['guest'],
-       }
-
-       file { '/etc/default/nodm':
-               source => 'puppet:///modules/desktop/etc/default/nodm',
-               require => [
-                               Package['nodm'],
-                               User['guest'],
-                               ],
+               ensure => 'present',
        }
 
        $packages_i386 = [
@@ -66,23 +91,22 @@ class desktop {
 
        package { $packages_i386:
                ensure => installed,
-               subscribe => Exec['add-architecture-i386'],
+               require => Exec['add-architecture-i386'],
        }
 
        exec { 'download-skype':
                command => '/usr/bin/wget -qO/var/cache/.skype-install.deb.part http://www.skype.com/go/getskype-linux-deb && /bin/mv /var/cache/.skype-install.deb.part /var/cache/skype-install.deb',
                creates => '/var/cache/skype-install.deb',
-               notify => Package['skype'],
        }
 
        package { 'skype':
                provider => dpkg,
                ensure => latest,
                source => '/var/cache/skype-install.deb',
-       }
-
-       file { '/etc/skel/Desktop':
-               ensure => directory,
+               require => [
+                       Exec['download-skype'],
+                       Package['libc6:i386'],
+                       ],      
        }
 
        file { '/etc/skel/Desktop/skype.desktop':
@@ -93,5 +117,42 @@ class desktop {
                ],
        }
 
+       exec { 'enable-guestx11':
+               command => '/bin/systemctl enable guestx11.service'
+               refreshonly => true,
+       }
+               
+       exec { 'start-guestx11':
+               command => '/bin/systemctl start guestx11.service'
+               refreshonly => true,
+       }
+
+       file { '/usr/local/sbin/x11login':
+               source => 'puppet:///modules/desktop/usr/local/sbin/x11login',
+               mode => 'a=rx',
+               ensure => file,
+       }
+
+       file { '/etc/skel/.bashrc':
+               source => 'puppet:///modules/desktop/etc/skel/.bashrc',
+               mode => 'a=r',
+               ensure => file,
+       }
+
+       file { '/etc/systemd/system/guestx11.service':
+               source => 'puppet:///modules/desktop/etc/systemd/system/guestx11.service',
+               mode => 'a=rx',
+               require => [
+                               Package['lxde'],
+                               File['/etc/skel/Desktop'],
+                               File['/usr/local/sbin/x11login'],
+                               File['/etc/skel/.bashrc'],
+                       ],
+               notify => [
+                               Exec['enable-guestx11'],
+                               Exec['start-guestx11'],
+                       ],
+               ensure => file,
+       }
 
 }
index 281b596..9c57f27 100644 (file)
@@ -14,8 +14,8 @@
 
                <!-- Volume definitions -->
 
-<volume user="guest" fstype="tmpfs" mountpoint="/tmp/tmpfs-%(USER)" options="size=10M,uid=%(USER),mode=0700" />
-<volume user="guest" fstype="unionfs" mountpoint="/home/guest" options="dirs=/tmp/tmpfs-%(USER):/etc/skel=ro:/home/guest=ro" />
+<volume user="guest" fstype="tmpfs" mountpoint="/tmp/tmpfs-%(USER)" options="size=64M,uid=%(USER),mode=0700,users" />
+<volume user="guest" fstype="aufs" mountpoint="/home/guest" options="br=/tmp/tmpfs-guest=rw:/etc/skel=ro,users" />
 
                <!-- pam_mount parameters: General tunables -->
 
@@ -32,9 +32,9 @@
 <mntoptions allow="*" />
 <mntoptions deny="*" />
 -->
-<mntoptions require="nosuid,nodev" />
+<mntoptions require="nodev" />
 
-<logout wait="0" hup="0" term="0" kill="0" />
+<logout wait="2000" hup="0" term="1" kill="1" />
 
 
                <!-- pam_mount parameters: Volume-related -->