StephenBrown2/playbook.yml

## playbook.yml
---
- hosts: all
  vars_prompt:
    - name: user_name
      prompt: "What is your real name?"
      private: no
    - name: user_phone
      prompt: "What is your Rackspace phone number?"
      private: no
    - name: default_dc
      prompt: "Default datacenter (dfw1, ord1, iad3, lon3, lon5, hkg1, syd2)"
      private: no
    - name: sso_user
      prompt: "Rackspace SSO"
      private: no
    - name: int_user
      prompt: "Intensive SSO"
      private: no
    - name: local_pass
      prompt: "Local user password"
      private: yes
      encrypt: "sha512_crypt"
      confirm: yes
      salt_size: 7

  vars:
  - default_region: "{{ default_dc[:-1] }}"
  - do_upgrade: false

  tasks:
  - name: Use Ubuntu codename if we are on Linux Mint
    command: awk -F= '/UBUNTU_CODENAME/{print $2}' /etc/os-release
    register: ubuntu_codename
    when: ansible_lsb.id == 'LinuxMint'

  - set_fact:
      ansible_lsb:
        codename: "{{ ubuntu_codename.stdout }}"
        description: "{{ ansible_lsb.description }}"
        id: "{{ ansible_lsb.id }}"
        major_release: "{{ ansible_lsb.major_release }}"
        release: "{{ ansible_lsb.release }}"
    when: ansible_lsb.id == 'LinuxMint'

  - name: Ensure aptitude is installed
    apt:
      name: aptitude
      state: present

  - name: Ensure flatpak is installed
    apt:
      name: flatpak
      state: present
    register: flatpak_installed
    ignore_errors: yes

  - name: Configure flathub repo
    command: "flatpak remote-add --if-not-exists flathub https://flathub.org/repo/"
    register: flathub_configured
    when: flatpak_installed|succeeded

  - name: Remove ansible source lists
    shell: rm -rf /etc/apt/sources.list.d/*ansible*

  - name: Add ansible PPA
    apt_repository:
      repo: 'ppa:ansible/ansible'
      codename: "{{ ansible_lsb.codename }}"
      state: present

  - name: Add remmina-next PPA
    apt_repository:
      repo: 'ppa:remmina-ppa-team/remmina-next'
      codename: "{{ ansible_lsb.codename }}"
      state: present

  - name: Add Rackspace IAW apt repository
    apt_repository:
      repo: deb [trusted=yes] https://iaw.rax.io/apt stable main
      filename: rackspace
      state: present

  - name: Install rs-linux-support-tools
    apt:
      update_cache: yes
      allow_unauthenticated: yes
      name: "{{ item }}"
      state: latest
    with_items:
      - rs-linux-support-tools
      - authnet
      - expect
      - python3-hammertime
      - raxcfg
      - rdpwin
      - sshuttle
      - storagetools

  - name: Install freerdp and remmina
    apt:
      name: "{{ item }}"
      state: latest
    with_items:
      - freerdp # freerdp2 for ubuntu >= 17.04
      - remmina
      - remmina-plugin-rdp

  - name: Ensure Vidyo is not installed
    apt:
      name: vidyodesktop
      state: absent

  - name: Check if Zoom is installed
    apt:
      name: zoom
    register: zoom_installed
    ignore_errors: yes
  - name: Install Zoom .deb package from zoom.us
    apt:
      deb: https://zoom.us/client/latest/zoom_amd64.deb
    when: zoom_installed.changed or zoom_installed|failed
    register: zoom_remote
  - name: Fix Zoom dependencies
    command: apt-get -fy install
    when: zoom_remote.changed

  - name: Install Slack flatpak
    command: flatpak install -y flathub com.slack.Slack
    when: flathub_configured|succeeded

  - name: Add user
    user:
      name: "{{ sso_user }}"
      generate_ssh_key: yes
      ssh_key_bits: 2048
      password: "{{ local_pass }}"
      comment: "{{ user_name}},,{{ user_phone }},,"

  - name: Get user passwd info
    getent:
      database: passwd
      key: "{{ sso_user }}"
      split: ':'
    register: user_passwd

  - name: Add admin group
    group:
      name: admin

  - name: Add user to admin group
    user:
      name: "{{ sso_user }}"
      groups: admin
      append: yes

  - name: Stop mintwelcome screen from popping up
    file:
      path: "{{ item.key }}"
      state: "{{ item.value }}"
      owner: "{{ sso_user }}"
      group: "{{ sso_user }}"
      mode: "u=rwX,g=rwX,o=rX"
    with_dict:
      /home/{{ sso_user }}/.linuxmint/mintwelcome: directory
      /home/{{ sso_user }}/.linuxmint/mintwelcome/norun.flag: touch
    when: ansible_lsb.id == 'LinuxMint'

  - name: Set raxcfg config details
    ini_file:
      path: /home/{{ sso_user }}/.config/rackspace/raxcfg.ini
      section: raxcommon
      option: "{{ item.key }}"
      value: "{{ item.value }}"
      mode: "u=rw,g=r,o=r"
    with_dict:
      rax_sso: "{{ sso_user }}"
      rax_int_sso: "{{ int_user }}"
      rax_default_dc: "{{ default_dc }}"
      rax_default_region: "{{ default_region }}"
      rax_default_sshcfg: /home/{{ sso_user }}/.ssh/config
      rax_default_sshkey: /home/{{ sso_user }}/.ssh/id_rsa
      rax_default_sshpub: /home/{{ sso_user }}/.ssh/id_rsa.pub
      rax_cloud_apikey: ""
      rax_cloud_ddi: ""
      rax_cloud_password: ""
      rax_cloud_username: ""
      rax_ssh_args: ""
  - name: Fix ownership
    file:
      path: /home/{{ sso_user }}/.config
      owner: "{{ sso_user }}"
      group: "{{ sso_user }}"
      recurse: true
      state: directory
      mode: "u=rwX,g=rX,o=rX"
  - name: Generate other raxcfg config files (sh, json, yaml)
    command: /usr/bin/generate_raxcfg.py --inifile /home/{{ sso_user }}/.config/rackspace/raxcfg.ini --skip-prompts
    become: true
    become_user: "{{ sso_user }}"

  - name: Get ssltool-cli
    get_url:
      url: https://ssltool.rackspace.com/cli/ssltool-cli
      dest: /usr/local/bin/ssltool-cli
      mode: "u=rwx,g=rx,o=rx"

  - name: Acquire RS SSL certificates
    shell: echo 'yes' | /usr/local/bin/ssltool-cli rscerts

  - name: Install rscerts in system share
    command: /usr/sbin/update-ca-certificates

  - name: Install libnss3-tools
    apt:
      name: libnss3-tools

  - name: Register Firefox profile path
    find:
      file_type: directory
      patterns: '*.default'
      paths: /home/demo1234/.mozilla/firefox
    register: firefox_profiles

  - name: Install rscerts in Firefox profile certdb
    shell: certutil -A -n {{ item.key | quote }} -t 'CT,c,c' -i '/usr/local/share/ca-certificates/{{ item.value }}' -d {{ firefox_profiles.files[0].path | quote }}
    with_dict:
      "Rackspace Root CA 1": 'rs_root_ca_1.crt'
      "Rackspace Issuing CA 1": 'rs_issuing_ca_1.crt'
      "Rackspace CA Level 1": 'rs_ca_level1.crt'
      "ORD1CA01": 'ord1_rs_ca_01.crt'
      "LON3CA01": 'lon3_rs_ca_01.crt'
      "Rackspace Internal Root CA": 'rs_internal_ca.crt'

  - name: Touch Firefox prefs
    file:
      path: "{{ firefox_profiles.files[0].path | quote }}/prefs.js"
      mode: "u=rw,g=rw,o=rw"
      state: touch

  - name: Set Firefox homepage(s)
    lineinfile:
      path: "{{ firefox_profiles.files[0].path | quote }}/prefs.js"
      regexp: '\"browser\.startup\.homepage\"'
      line: 'user_pref("browser.startup.homepage", "https://fission.rax.io/|https://ssltool.rackspace.com/|https://core.rackspace.com");'

  - name: Acquire nuclear agent
    get_url:
      url: https://fission.rax.io/GoNuclearAgent/go-nuclear-agent-current-linux-amd64
      dest: /usr/local/bin/go-nuclear-agent-current-linux-amd64
      mode: "u=rwx,g=rx,o=rx"

  - name: Set up systemd service
    copy:
      dest: /etc/systemd/system/go-nuclear-agent.service
      content: |
        [Unit]
        Description=Local Agent for Fission/ControlRod

        [Service]
        KillMode=process
        ExecStart=/usr/local/bin/go-nuclear-agent-current-linux-amd64
        WorkingDirectory=/home/{{ sso_user }}/
        Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
        Environment="DISPLAY=:0"
        Environment="XAUTHORITY=/home/{{ sso_user }}/.Xauthority"

        # Note: user units follow default.target only
        [Install]
        WantedBy=default.target

  - name: Enable nuclear agent service
    service:
      name: go-nuclear-agent.service
      enabled: yes
      state: started

  - name: Grab Violentmonkey
    get_url:
      url: https://addons.mozilla.org/firefox/downloads/file/797312/violentmonkey-2.8.22-an+fx.xpi
      dest: /home/demo1234/.mozilla/extensions/{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi
      owner: "{{ sso_user }}"
      group: "{{ sso_user }}"

  - name: Copy Firefox profile to new user
    synchronize:
      src: /home/demo1234/.mozilla/
      dest: /home/{{ sso_user }}/.mozilla/
      delete: yes
      recursive: yes
    delegate_to: "{{ inventory_hostname }}"

  - name: Change ownership of Firefox profile
    file:
      path: /home/{{ sso_user }}/.mozilla
      state: directory
      owner: "{{ sso_user }}"
      group: "{{ sso_user }}"
      recurse: yes

  - name: Copy userscripts.zip to new user home dir
    synchronize:
      src: /home/demo1234/userscripts.zip
      dest: /home/{{ sso_user }}/userscripts.zip
    delegate_to: "{{ inventory_hostname }}"

  - name: Change ownership of userscripts.zip
    file:
      path: /home/{{ sso_user }}/userscripts.zip
      owner: "{{ sso_user }}"
      group: "{{ sso_user }}"
    delegate_to: "{{ inventory_hostname }}"

  - name: Set SSH Config
    copy:
      dest: /home/{{ sso_user }}/.ssh/config
      content: |
        # RSA Logins: helpful links that match your preferred HostName below.
        # You will need to make sure you are authenticated to the endpoint
        # in your datacenter, otherwise you won't be able to connect.
        #  https://rax.io/auth-dfw1
        #  https://rax.io/auth-hkg1
        #  https://rax.io/auth-iad3
        #  https://rax.io/auth-lon3
        #  https://rax.io/auth-lon5
        #  https://rax.io/auth-ord1
        #  https://rax.io/auth-syd2

        # Common settings for all connections
        ForwardAgent yes
        ForwardX11Trusted yes
        GSSAPIAuthentication no
        HashKnownHosts yes
        IdentitiesOnly yes
        IdentityFile ~/.ssh/id_rsa
        ServerAliveInterval 300
        StrictHostKeyChecking no
        TCPKeepAlive yes
        VerifyHostKeyDNS no
        VisualHostKey yes

        Host cbast.{{ default_dc }}.corp.rackspace.net cbast bast bastion
            HostName cbast.{{ default_dc }}.corp.rackspace.net
            ProxyCommand none
            User {{ sso_user }}
            ControlMaster auto
            ControlPath ~/.ssh/master-%r@%h:%p
            #
            # Most techs run a terminal permanently open to the bastion
            # which serves as the MUX socket; if you do not do this,
            # uncomment the below to have the first MUX created tossed
            # into the background instead (man ssh -> "-O ctl_cmd")
            ControlPersist 10h

        Host *
            ProxyCommand ssh -A cbast.{{ default_dc }}.corp.rackspace.net 'nc %h %p'
      owner: "{{ sso_user }}"
      group: "{{ sso_user }}"
      mode: "u=rw,g=,o="
  - name: Slurp SSH Public key
    slurp:
      src: "/home/{{ sso_user }}/.ssh/id_rsa.pub"
    register: ssh_pubkey

  - name: Disable demo user in greeter
    ini_file:
      path:  /etc/lightdm/users.conf
      section: UserList
      option: hidden-users
      value: nobody nobody4 noaccess demo1234
  - name: Disable Guest session in greeter
    ini_file:
      path: /etc/lightdm/lightdm.conf.d/70-linuxmint.conf
      section: SeatDefaults
      option: allow-guest
      value: false

  - name: Update all packages to the latest version
    apt:
      upgrade: yes
    when: do_upgrade

  - name: Please add the following key to your rackerapp profile
    debug:
      msg: "{{ ssh_pubkey['content'] | b64decode | trim }}"
  - name: Instructions for adding SSH key in RackerApp
    debug:
      msg: "Go to: rackerapp.rackspace.com -> My Profile -> Edit Your Information [Top Right] -> Key goes in Balabit SSH Public Key."

  - name: To set up user scripts
    debug:
      msg: >
        Once Violentmonkey is installed, open the preferences here:
          moz-extension://19c8293d-28c4-482c-9c05-59de9f36678e/options/index.html#?t=Settings
          and import the userscripts.zip included in your home directory.
	---
	- hosts: all
	vars_prompt:
	- name: user_name
	prompt: "What is your real name?"
	private: no
	- name: user_phone
	prompt: "What is your Rackspace phone number?"
	private: no
	- name: default_dc
	prompt: "Default datacenter (dfw1, ord1, iad3, lon3, lon5, hkg1, syd2)"
	private: no
	- name: sso_user
	prompt: "Rackspace SSO"
	private: no
	- name: int_user
	prompt: "Intensive SSO"
	private: no
	- name: local_pass
	prompt: "Local user password"
	private: yes
	encrypt: "sha512_crypt"
	confirm: yes
	salt_size: 7

	vars:
	- default_region: "{{ default_dc[:-1] }}"
	- do_upgrade: false

	tasks:
	- name: Use Ubuntu codename if we are on Linux Mint
	command: awk -F= '/UBUNTU_CODENAME/{print $2}' /etc/os-release
	register: ubuntu_codename
	when: ansible_lsb.id == 'LinuxMint'

	- set_fact:
	ansible_lsb:
	codename: "{{ ubuntu_codename.stdout }}"
	description: "{{ ansible_lsb.description }}"
	id: "{{ ansible_lsb.id }}"
	major_release: "{{ ansible_lsb.major_release }}"
	release: "{{ ansible_lsb.release }}"
	when: ansible_lsb.id == 'LinuxMint'

	- name: Ensure aptitude is installed
	apt:
	name: aptitude
	state: present

	- name: Ensure flatpak is installed
	apt:
	name: flatpak
	state: present
	register: flatpak_installed
	ignore_errors: yes

	- name: Configure flathub repo
	command: "flatpak remote-add --if-not-exists flathub https://flathub.org/repo/"
	register: flathub_configured
	when: flatpak_installed\|succeeded

	- name: Remove ansible source lists
	shell: rm -rf /etc/apt/sources.list.d/ansible

	- name: Add ansible PPA
	apt_repository:
	repo: 'ppa:ansible/ansible'
	codename: "{{ ansible_lsb.codename }}"
	state: present

	- name: Add remmina-next PPA
	apt_repository:
	repo: 'ppa:remmina-ppa-team/remmina-next'
	codename: "{{ ansible_lsb.codename }}"
	state: present

	- name: Add Rackspace IAW apt repository
	apt_repository:
	repo: deb [trusted=yes] https://iaw.rax.io/apt stable main
	filename: rackspace
	state: present

	- name: Install rs-linux-support-tools
	apt:
	update_cache: yes
	allow_unauthenticated: yes
	name: "{{ item }}"
	state: latest
	with_items:
	- rs-linux-support-tools
	- authnet
	- expect
	- python3-hammertime
	- raxcfg
	- rdpwin
	- sshuttle
	- storagetools

	- name: Install freerdp and remmina
	apt:
	name: "{{ item }}"
	state: latest
	with_items:
	- freerdp # freerdp2 for ubuntu >= 17.04
	- remmina
	- remmina-plugin-rdp

	- name: Ensure Vidyo is not installed
	apt:
	name: vidyodesktop
	state: absent

	- name: Check if Zoom is installed
	apt:
	name: zoom
	register: zoom_installed
	ignore_errors: yes
	- name: Install Zoom .deb package from zoom.us
	apt:
	deb: https://zoom.us/client/latest/zoom_amd64.deb
	when: zoom_installed.changed or zoom_installed\|failed
	register: zoom_remote
	- name: Fix Zoom dependencies
	command: apt-get -fy install
	when: zoom_remote.changed

	- name: Install Slack flatpak
	command: flatpak install -y flathub com.slack.Slack
	when: flathub_configured\|succeeded

	- name: Add user
	user:
	name: "{{ sso_user }}"
	generate_ssh_key: yes
	ssh_key_bits: 2048
	password: "{{ local_pass }}"
	comment: "{{ user_name}},,{{ user_phone }},,"

	- name: Get user passwd info
	getent:
	database: passwd
	key: "{{ sso_user }}"
	split: ':'
	register: user_passwd

	- name: Add admin group
	group:
	name: admin

	- name: Add user to admin group
	user:
	name: "{{ sso_user }}"
	groups: admin
	append: yes

	- name: Stop mintwelcome screen from popping up
	file:
	path: "{{ item.key }}"
	state: "{{ item.value }}"
	owner: "{{ sso_user }}"
	group: "{{ sso_user }}"
	mode: "u=rwX,g=rwX,o=rX"
	with_dict:
	/home/{{ sso_user }}/.linuxmint/mintwelcome: directory
	/home/{{ sso_user }}/.linuxmint/mintwelcome/norun.flag: touch
	when: ansible_lsb.id == 'LinuxMint'

	- name: Set raxcfg config details
	ini_file:
	path: /home/{{ sso_user }}/.config/rackspace/raxcfg.ini
	section: raxcommon
	option: "{{ item.key }}"
	value: "{{ item.value }}"
	mode: "u=rw,g=r,o=r"
	with_dict:
	rax_sso: "{{ sso_user }}"
	rax_int_sso: "{{ int_user }}"
	rax_default_dc: "{{ default_dc }}"
	rax_default_region: "{{ default_region }}"
	rax_default_sshcfg: /home/{{ sso_user }}/.ssh/config
	rax_default_sshkey: /home/{{ sso_user }}/.ssh/id_rsa
	rax_default_sshpub: /home/{{ sso_user }}/.ssh/id_rsa.pub
	rax_cloud_apikey: ""
	rax_cloud_ddi: ""
	rax_cloud_password: ""
	rax_cloud_username: ""
	rax_ssh_args: ""
	- name: Fix ownership
	file:
	path: /home/{{ sso_user }}/.config
	owner: "{{ sso_user }}"
	group: "{{ sso_user }}"
	recurse: true
	state: directory
	mode: "u=rwX,g=rX,o=rX"
	- name: Generate other raxcfg config files (sh, json, yaml)
	command: /usr/bin/generate_raxcfg.py --inifile /home/{{ sso_user }}/.config/rackspace/raxcfg.ini --skip-prompts
	become: true
	become_user: "{{ sso_user }}"

	- name: Get ssltool-cli
	get_url:
	url: https://ssltool.rackspace.com/cli/ssltool-cli
	dest: /usr/local/bin/ssltool-cli
	mode: "u=rwx,g=rx,o=rx"

	- name: Acquire RS SSL certificates
	shell: echo 'yes' \| /usr/local/bin/ssltool-cli rscerts

	- name: Install rscerts in system share
	command: /usr/sbin/update-ca-certificates

	- name: Install libnss3-tools
	apt:
	name: libnss3-tools

	- name: Register Firefox profile path
	find:
	file_type: directory
	patterns: '*.default'
	paths: /home/demo1234/.mozilla/firefox
	register: firefox_profiles

	- name: Install rscerts in Firefox profile certdb
	shell: certutil -A -n {{ item.key \| quote }} -t 'CT,c,c' -i '/usr/local/share/ca-certificates/{{ item.value }}' -d {{ firefox_profiles.files[0].path \| quote }}
	with_dict:
	"Rackspace Root CA 1": 'rs_root_ca_1.crt'
	"Rackspace Issuing CA 1": 'rs_issuing_ca_1.crt'
	"Rackspace CA Level 1": 'rs_ca_level1.crt'
	"ORD1CA01": 'ord1_rs_ca_01.crt'
	"LON3CA01": 'lon3_rs_ca_01.crt'
	"Rackspace Internal Root CA": 'rs_internal_ca.crt'

	- name: Touch Firefox prefs
	file:
	path: "{{ firefox_profiles.files[0].path \| quote }}/prefs.js"
	mode: "u=rw,g=rw,o=rw"
	state: touch

	- name: Set Firefox homepage(s)
	lineinfile:
	path: "{{ firefox_profiles.files[0].path \| quote }}/prefs.js"
	regexp: '\"browser\.startup\.homepage\"'
	line: 'user_pref("browser.startup.homepage", "https://fission.rax.io/\|https://ssltool.rackspace.com/\|https://core.rackspace.com");'

	- name: Acquire nuclear agent
	get_url:
	url: https://fission.rax.io/GoNuclearAgent/go-nuclear-agent-current-linux-amd64
	dest: /usr/local/bin/go-nuclear-agent-current-linux-amd64
	mode: "u=rwx,g=rx,o=rx"

	- name: Set up systemd service
	copy:
	dest: /etc/systemd/system/go-nuclear-agent.service
	content: \|
	[Unit]
	Description=Local Agent for Fission/ControlRod

	[Service]
	KillMode=process
	ExecStart=/usr/local/bin/go-nuclear-agent-current-linux-amd64
	WorkingDirectory=/home/{{ sso_user }}/
	Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
	Environment="DISPLAY=:0"
	Environment="XAUTHORITY=/home/{{ sso_user }}/.Xauthority"

	# Note: user units follow default.target only
	[Install]
	WantedBy=default.target

	- name: Enable nuclear agent service
	service:
	name: go-nuclear-agent.service
	enabled: yes
	state: started

	- name: Grab Violentmonkey
	get_url:
	url: https://addons.mozilla.org/firefox/downloads/file/797312/violentmonkey-2.8.22-an+fx.xpi
	dest: /home/demo1234/.mozilla/extensions/{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi
	owner: "{{ sso_user }}"
	group: "{{ sso_user }}"

	- name: Copy Firefox profile to new user
	synchronize:
	src: /home/demo1234/.mozilla/
	dest: /home/{{ sso_user }}/.mozilla/
	delete: yes
	recursive: yes
	delegate_to: "{{ inventory_hostname }}"

	- name: Change ownership of Firefox profile
	file:
	path: /home/{{ sso_user }}/.mozilla
	state: directory
	owner: "{{ sso_user }}"
	group: "{{ sso_user }}"
	recurse: yes

	- name: Copy userscripts.zip to new user home dir
	synchronize:
	src: /home/demo1234/userscripts.zip
	dest: /home/{{ sso_user }}/userscripts.zip
	delegate_to: "{{ inventory_hostname }}"

	- name: Change ownership of userscripts.zip
	file:
	path: /home/{{ sso_user }}/userscripts.zip
	owner: "{{ sso_user }}"
	group: "{{ sso_user }}"
	delegate_to: "{{ inventory_hostname }}"

	- name: Set SSH Config
	copy:
	dest: /home/{{ sso_user }}/.ssh/config
	content: \|
	# RSA Logins: helpful links that match your preferred HostName below.
	# You will need to make sure you are authenticated to the endpoint
	# in your datacenter, otherwise you won't be able to connect.
	# https://rax.io/auth-dfw1
	# https://rax.io/auth-hkg1
	# https://rax.io/auth-iad3
	# https://rax.io/auth-lon3
	# https://rax.io/auth-lon5
	# https://rax.io/auth-ord1
	# https://rax.io/auth-syd2

	# Common settings for all connections
	ForwardAgent yes
	ForwardX11Trusted yes
	GSSAPIAuthentication no
	HashKnownHosts yes
	IdentitiesOnly yes
	IdentityFile ~/.ssh/id_rsa
	ServerAliveInterval 300
	StrictHostKeyChecking no
	TCPKeepAlive yes
	VerifyHostKeyDNS no
	VisualHostKey yes

	Host cbast.{{ default_dc }}.corp.rackspace.net cbast bast bastion
	HostName cbast.{{ default_dc }}.corp.rackspace.net
	ProxyCommand none
	User {{ sso_user }}
	ControlMaster auto
	ControlPath ~/.ssh/master-%r@%h:%p
	#
	# Most techs run a terminal permanently open to the bastion
	# which serves as the MUX socket; if you do not do this,
	# uncomment the below to have the first MUX created tossed
	# into the background instead (man ssh -> "-O ctl_cmd")
	ControlPersist 10h

	Host *
	ProxyCommand ssh -A cbast.{{ default_dc }}.corp.rackspace.net 'nc %h %p'
	owner: "{{ sso_user }}"
	group: "{{ sso_user }}"
	mode: "u=rw,g=,o="
	- name: Slurp SSH Public key
	slurp:
	src: "/home/{{ sso_user }}/.ssh/id_rsa.pub"
	register: ssh_pubkey

	- name: Disable demo user in greeter
	ini_file:
	path: /etc/lightdm/users.conf
	section: UserList
	option: hidden-users
	value: nobody nobody4 noaccess demo1234
	- name: Disable Guest session in greeter
	ini_file:
	path: /etc/lightdm/lightdm.conf.d/70-linuxmint.conf
	section: SeatDefaults
	option: allow-guest
	value: false

	- name: Update all packages to the latest version
	apt:
	upgrade: yes
	when: do_upgrade

	- name: Please add the following key to your rackerapp profile
	debug:
	msg: "{{ ssh_pubkey['content'] \| b64decode \| trim }}"
	- name: Instructions for adding SSH key in RackerApp
	debug:
	msg: "Go to: rackerapp.rackspace.com -> My Profile -> Edit Your Information [Top Right] -> Key goes in Balabit SSH Public Key."

	- name: To set up user scripts
	debug:
	msg: >
	Once Violentmonkey is installed, open the preferences here:
	moz-extension://19c8293d-28c4-482c-9c05-59de9f36678e/options/index.html#?t=Settings
	and import the userscripts.zip included in your home directory.