ansible/playbook.yml

---

- hosts: all
  become: yes
  become_user: root
  become_method: sudo
  vars:
    - specchio_database_password:           "ALSOCHANGEME"
    - specchio_webapp_database_password:    '{{ specchio_database_password }}'
    - specchio_client_admin_password:       '{{ specchio_database_password }}'

  pre_tasks:

    - import_tasks: ca_injection.yml

    - name: Set hostname
      hostname:
        name: specchio
        
    - name: Generate /etc/hosts file
      copy:
        src: hosts
        dest: /etc/hosts     
        owner: root
        group: root
        mode: 0644
        
    - name: Disable SELinux
      selinux:
        state: disabled

    - name: Update yum packages
      yum:
        name: '*'
        state: latest
        update_cache: yes

    - name: Install epel-release
      package:
        name: epel-release
        state: latest

    - name: Install yum-cron
      package:
        name: yum-cron
        state: latest

    - name: Enable automatic updates through yum-cron
      service:
        name: yum-cron
        state: started
        enabled: yes

    - name: Add SPECCHIO group
      group:
        name: specchio
        state: present

    - name: Add SPECCHIO user
      user:
        name: specchio
        comment: SPECCHIO Spectral Information System
        home: /home/specchio
        group: specchio
        groups: wheel  # Add specchio user to sudo group
      ignore_errors: yes

    - name: Install GNOME desktop environment packages
      yum:
        name: "@^gnome-desktop-environment"
        state: latest

    - name: Install GNOME display manager package
      package:
        name: gdm
        state: latest

    - name: Set default target to "graphical"
      shell: systemctl set-default graphical.target

    - name: Change size of nautilus icons
      shell: dbus-launch gsettings set org.gnome.nautilus.icon-view default-zoom-level 'small'

    # Needed to remove the redirection (see https://serverfault.com/questions/1121140/i-cannot-download-mysql-connectorj-with-ansible-anymore?newreg=dc7103cad2fc46a9ac05db7931a339c6)
    - name: Install MySQL repository (for MySQL workbench)
      yum:
        name: "https://repo.mysql.com//mysql80-community-release-el7-2.noarch.rpm"
        state: present

    - name: Install MySQL workbench
      package:
        name: mysql-workbench
        state: latest

    - name: Install debugging and developments utils
      package:
        name: "{{ item }}"
        state: latest
      loop:
        - vim
        - curl
        - git

    # This is an ugly hack to autotrust the SPECCHIO desktop link.
    # https://askubuntu.com/questions/1070057/trust-desktop-icons-without-clicking-them-manually-in-ubuntu-18-04-gnome-3
    - name: Autotrust SPECCHIO desktop link on login
      blockinfile:
        path: "{{specchio_client_user_home_directory}}/.bash_profile"
        block: |
          if [ -z "$SSH_CLIENT" ] || [ -z "$SSH_TTY" ]; then
              declare -a LINKS=(
                  "/home/specchio/Desktop/SPECCHIO Java Client.desktop"
                  "/home/specchio/Desktop/SPECCHIO Backup Tool.desktop"
                  "/home/specchio/Desktop/SPECCHIO Update Tool.desktop"
              )

              TRIGGER_RELOAD=0

              for LINK in "${LINKS[@]}"; do
                  if [[ -f "${LINK}" && $(gio info "${LINK}" | grep "metadata::trusted") == "" ]]; then
                      echo "Trust ${LINK}"
                      gio set "${LINK}" "metadata::trusted" yes
                      TRIGGER_RELOAD=1
                  fi
              done

              if [[ $TRIGGER_RELOAD -eq 1 ]]; then
                    pkill nautilus
              fi
          fi

  roles:
    - role: specchio_update_tool
    - role: specchio_backup_tool
    - role: specchio_client
    - role: specchio_webapp
  
  post_tasks:
    - name: Cleanup sensitive files
      file:
        name: "{{ item }}"
        state: absent
      loop:
        - /tmp/specchio_ca.p12
        - /tmp/specchio_ca.crt