#!/bin/bash
# {{ ansible_managed }}
-# Script post d-i d'auto-configuration des postes ubuntu
+# Script post d-i d'auto-configuration des postes debian
#
### variables ###
LDAP_BASE="{{ ldap_dc }}"
MIN_UID="1000"
-### Packages config ###
-PACKAGES_TO_ADD="openssh-server \
-vim-nox x11vnc curl \
-libnss-ldapd nslcd nss-updatedb libpam-ccreds sudo-ldap \
-nfs-common \
-cairo-dock \
-xfce4 xfce4-goodies xfce4-power-manager-plugins \
-gnome-icon-theme-full shimmer-themes shimmer-wallpapers \
-compizconfig-settings-manager fonts-dejavu-extra \
-default-jre icedtea-plugin flashplugin-installer \
-gcompris gcompris-sound-fr geogebra kdeedu \
-vlc tuxpaint tuxmath tuxtype audacity playonlinux \
-myspell-fr-gut kde-l10n-fr"
-
-PACKAGES_TO_DEL="\
-unity-webapps-common \
-empathy"
-
-DEBCONF_PRESEED="
-libnss-ldapd libnss-ldapd/nsswitch multiselect
-nslcd nslcd/ldap-uris string ${LDAP_URI}
-nslcd nslcd/ldap-uris seen true
-nslcd nslcd/ldap-base string ${LDAP_BASE}
-nslcd nslcd/ldap-base seen true
-"
-
-# Packages stuff
-/bin/echo "${DEBCONF_PRESEED}" | /usr/bin/debconf-set-selections
-
# Useless packages sources
/bin/sed -i 's/^deb-src/#deb-src/g' /etc/apt/sources.list
-# apply all package stuff
-/usr/bin/apt-get update && \
-/usr/bin/apt-get -y install ${PACKAGES_TO_ADD}
-/usr/bin/apt-get -y purge ${PACKAGES_TO_DEL}
-/usr/bin/apt-get -y autoremove
-/usr/bin/apt-get -y dist-upgrade
-/usr/bin/apt-get -y autoclean
-
-### Wine / Atoumath
-mkdir /usr/local/share/icons
-chmod 755 /usr/local/share/icons
-
-### Files copy ###
-# TFTP or HTTP?
-/usr/bin/curl -s http://${HOST}/autoconfig_files.tgz | /bin/tar zxf - -C /
-
-### Fix perms ###
-/bin/chmod 644 -R /etc/pam.d/common-* /etc/nsswitch.conf /etc/xdg/autostart/nautilus-bookmarks.desktop
-/bin/chmod 755 -R /etc/cron.daily/update-nss-db /etc/skel/.config /usr/local/bin/nautilus_bookmarks.sh
-
### NFS stuff ###
# Création des points de montage et ajout dans fstab
if [ ! -d /mnt/users ];
EOF
fi
-# show
-#/sbin/showmount -e ${HOST} > /root/nfs_export_${HOST}.log
-
+##############################################################
+# pam
+##############################################################
+#echo " auth [success=4 default=ignore] pam_unix.so nullok_secure
+#auth [authinfo_unavail=ignore success=3 default=ignore] pam_ldap.so use_first_pass
+#auth [success=2 default=ignore] pam_ccreds.so minimum_uid=2000 action=validate use_first_pass
+#auth [default=ignore] pam_ccreds.so minimum_uid=2000 action=update
+#auth requisite pam_deny.so
+#auth required pam_permit.so
+#auth optional pam_ccreds.so minimum_uid=2000 action=store
+#"> /etc/pam.d/common-auth
+
+echo 'auth sufficient pam_unix.so
+auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so use_first_pass
+auth [default=done] pam_ccreds.so action=validate use_first_pass
+auth [default=done] pam_ccreds.so action=store
+auth [default=bad] pam_ccreds.so action=update' > /etc/pam.d/common-auth
+
+echo "account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
+account [success=1 authinfo_unavail=1 default=ignore] pam_ldap.so
+account requisite pam_deny.so
+account required pam_permit.so
+" > /etc/pam.d/common-account
+
+echo "password [success=2 default=ignore] pam_unix.so obscure sha512
+password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
+password requisite pam_deny.so
+password required pam_permit.so
+password optional pam_gnome_keyring.so
+" > /etc/pam.d/common-password
+
+echo "session [success=ok default=ignore] pam_ldap.so minimum_uid=1000
+session required pam_mkhomedir.so skel=/etc/skel umask=0022
+session optional pam_systemd.so
+" > /etc/pam.d/common-session
+
+echo "# /etc/nsswitch.conf
+passwd: compat ldap [NOTFOUND=return] db
+group: compat ldap [NOTFOUND=return] db
+shadow: compat ldap
+
+hosts: files mdns4_minimal [NOTFOUND=return] dns
+networks: files
+
+protocols: db files
+services: db files
+ethers: db files
+rpc: db files
+
+netgroup: nis
+sudoers: files ldap
+" > /etc/nsswitch.conf
+
+echo "#!/bin/sh
+/usr/sbin/nss_updatedb ldap
+" > /etc/cron.daily/update-nss-db
+/bin/chmod 755 -R /etc/cron.daily/update-nss-db
+
+##############################################################
+# automatic update of package
+##############################################################
+echo 'APT::Periodic::Enable "1";
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::Unattended-Upgrade "1";
+APT::Periodic::AutocleanInterval "21";
+APT::Periodic::Verbose "2";' >> /etc/apt/apt.conf.d/02periodic
+
+##############################################################
+# backport et pinning
+##############################################################
+echo "Package: libreoffice*
+Pin: release a=jessie-backports
+Pin-Priority: 999
+" >> /etc/apt/preferences.d/libreoffice
+# pour la version 5 de libreoffice
+apt-get -y -t jessie-backports install libreoffice libreoffice-l10n-fr
+
+##############################################################
+# ajout dans /etc/profile.d
+##############################################################
+echo "if [ ! -L ~/groups ]
+then
+ln -fs /mnt/groups groups
+fi
+if [ ! -L ~/users ]
+then
+ln -fs /mnt/users users
+fi
+" >> /etc/profile.d/add_link.sh
+
+echo "MY_PROXY_URL="http://10.20.0.1:3128/"
+HTTP_PROXY=$MY_PROXY_URL
+HTTPS_PROXY=$MY_PROXY_URL
+FTP_PROXY=$MY_PROXY_URL
+http_proxy=$MY_PROXY_URL
+https_proxy=$MY_PROXY_URL
+ftp_proxy=$MY_PROXY_URL
+export HTTP_PROXY HTTPS_PROXY FTP_PROXY http_proxy https_proxy ftp_proxy
+" >> /etc/profile.d/proxy.sh
+
+###############################################################
+## modif de pam pour le cache du mot de passe
+#############################################################"
### X11 VNC ###
x11vnc -storepasswd "GrEcole" /etc/x11vnc.pass
cat << EOF >> /etc/init/x11vnc.conf
### SSH root access ###
/bin/sed -i '/PermitRootLogin/s/without-password/yes/' /etc/ssh/sshd_config
-### Polices ###
-# Microsoft
-/usr/bin/wget -q http://${HOST}/msttcorefonts-offline_1.0-0ubuntu1.deb -P /tmp/
-/usr/bin/wget -nd -r --no-parent http://${HOST}/fonts/ -P /usr/share/fonts/
-
-### docs ###
-/usr/bin/wget -q http://${HOST}/doc-postes-linux.pdf -P /home/
-
-### fonds d'ecran ###
-# on les recupere sur le serveur
-for bgf in cyan fraise glacier vert-eau violet;
-do
- /usr/bin/wget -q http://${HOST}/${bgf}.jpg -P /usr/share/backgrounds/
-done
+#################################################
+### ajout de skel
+###################################"
+### Files copy ###
+# TFTP or HTTP?
+/usr/bin/curl -s http://${HOST}/autoconfig_files.tgz | /bin/tar zxf - -C /
-### Cleaning ###
-/usr/bin/dpkg -i /tmp/*.deb
+#################################################
+### sudo-ldap
+############################################
+echo "BASE $LDAP_BASE
+URI $LDAP_URI
+TLS_CACERT /etc/ssl/certs/ca-certificates.crt
+sudoers_base ou=SUDOers,$LDAP_BASE
+timelimit 15
+ bind_timelimit 15
+ bind_policy soft
+" > /etc/sudo-ldap.conf
+
+echo "[Configuration]
+AdminIdentities=unix-group:sudo;unix-group:admin;unix-group:direction
+" > /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf