Customization

The role ufrmath.computer_labs.setup_custom is used just after the installation of Ubuntu with Debian preseed to configure and customize the computers.

Initial setup

Perform initial setup just after installation is finished with Debian preseed. Configure SSH key, protect admin account, and update hostname.

  1. Protect admin home and add SSH key id_key.pub to the hosts;
  2. Configure sudo without password for user admin;
  3. Define hostname as defined in Ansible hosts file.
  4. Add ntp server from ntp_server;
  5. Disable crash reports;
  6. Configure firewall with ufw to disable all incoming except ssh.

Regenerate machine-id

Under some circumstances (custom ubuntu image, Debian preseed, same install time?), the machine-id for different machines are the same, which might trouble the DHCP server. This role generate a new random machine-id using systemd-machine-id-setup and correct the link /etc/machine-id.

If /etc/machine-id is not a link to /var/lib/dbus/machine-id:

  1. Restore the link;
  2. Delete /etc/machine-id;
  3. Regenerate machine-id with systemd-machine-id-setup.

Switch from NetworkManager to networkd

Switch using netplan from NetworkManager to networkd (using DHCP).

  1. Add netplan to use networkd;
  2. Remove default NetworkManager netplan;
  3. Disable NetworkManager;
  4. Apply new netplan and reboot if required.

Configure proxy

Add proxy to environment variables and apt config.

  1. Add proxy to /etc/environment if proxy_env is defined;
  2. Remove proxy set by Debian preseed in /etc/apt.conf;
  3. Add proxy for apt if proxy_env is defined.

Customize

  1. Switch to standard gdm theme;
  2. Add SU logo to gdm login;
  3. Add custom dconf values, mainly:
    • favorite apps
    • colors
    • custom text in gdm login
    • logout on inactive
    • proxy settings
  4. Hack to propagate dconf proxy settings to environments variables;
  5. Custom xdg directory (remove Pictures, Templates, Videos,…);
  6. Remove popping-up applications (gnome initial setup, reports and Deja Dup, LTS new release);
  7. Set admin user as system account (useful only when gdm list users);
  8. Allow ssh login only from user admin;
  9. Configure firewall with ufw to disable all incoming except ssh;
  10. Disable grub recovery and wayland;
  11. Automatic power off on idle through logind;
  12. Keep authenticated users for at least one year.

Custom repository

Add custom repository to apt sources.

  1. Add tp-server to /etc/hosts with ip ip_server;
  2. Setup custom apt repository with direct connection (no proxy).
Next

Last updated on 1 May 2023