- name: Perform system upgrades apt: update_cache: true upgrade: dist environment: http_proxy: "{{ proxy.http_proxy }}" HTTP_PROXY: "{{ proxy.http_proxy }}" https_proxy: "{{ proxy.https_proxy }}" HTTPS_PROXY: "{{ proxy.https_proxy }}" no_proxy: "{{ proxy.no_proxy }}" NO_PROXY: "{{ proxy.no_proxy }}" - name: Install Cage window manager and Midori browser apt: update_cache: yes name: - cage - xwayland - gtk3-nocsd - midori - chromium-browser environment: http_proxy: "{{ proxy.http_proxy }}" HTTP_PROXY: "{{ proxy.http_proxy }}" https_proxy: "{{ proxy.https_proxy }}" HTTPS_PROXY: "{{ proxy.https_proxy }}" no_proxy: "{{ proxy.no_proxy }}" NO_PROXY: "{{ proxy.no_proxy }}" - name: Configure proxy blockinfile: path: /etc/environment block: | http_proxy="{{ proxy.http_proxy }}" HTTP_PROXY="{{ proxy.http_proxy }}" https_proxy="{{ proxy.https_proxy }}" HTTPS_PROXY="{{ proxy.https_proxy }}" no_proxy="{{ proxy.no_proxy }}" NO_PROXY="{{ proxy.no_proxy }}" notify: Reboot - name: Enable autologin command: raspi-config nonint do_boot_behaviour B2 - name: Install kiosk script template: src: kiosk.sh.j2 dest: /etc/profile.d/kiosk.sh notify: Reboot # This help prevent sd card corruption over time - name: Enable overlayfs command: raspi-config nonint do_overlayfs 0 when: lockdown notify: Reboot - name: Turn off ssh server service: name: ssh enabled: false when: lockdown notify: Reboot