ai-workspace-infra/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(xfce): refactor XFCE role into install and config tasks, and fix session setup

Browse Source 
- Split XFCE minimal role into install.yml and config.yml for better modularity.
- Restore .xsession setup with NO_BROWSER=true and exec startxfce4.
- Add support for managing user groups and shell.
- Ensure XRDP services are active and enabled on jp-xhttp-contabo.svc.plus.
This commit is contained in:
Haitao Pan 2026-04-20 10:53:35 +08:00
parent f20980bdc0
commit acfe7f564d
4 changed files with 68 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
roles/vhosts/xfce_xrdp_minimal/defaults/main.yml
View File

@ -18,5 +18,6 @@ xfce_rdp_port: 3389
xfce_disable_compositor: true
xfce_disable_animations: true
xfce_manage_user: false
xfce_user_groups: []
xfce_user_shell: /bin/bash
xfce_user_password_plaintext: ""

63
roles/vhosts/xfce_xrdp_minimal/tasks/config.yml Normal file
View File

@ -0,0 +1,63 @@
---
- name: Ensure the desktop user exists
ansible.builtin.user:
name: "{{ xfce_user }}"
shell: "{{ xfce_user_shell }}"
create_home: true
state: present
password_lock: false
become: true
when: xfce_manage_user | bool
- name: Fail when the desktop user password is not provided
ansible.builtin.assert:
that:
- xfce_user_password_plaintext | length > 0
fail_msg: >-
xfce_user_password_plaintext must be set so XRDP can authenticate the
desktop user.
when: xfce_manage_user | bool
- name: Set desktop user password for XRDP login
ansible.builtin.user:
name: "{{ xfce_user }}"
password: "{{ xfce_user_password_plaintext | password_hash('sha512') }}"
update_password: always
password_lock: false
become: true
no_log: true
when: xfce_manage_user | bool
- name: Ensure the desktop user can sudo
ansible.builtin.user:
name: "{{ xfce_user }}"
groups: "{{ xfce_user_groups }}"
append: true
state: present
become: true
when:
- xfce_manage_user | bool
- xfce_user_groups | length > 0
- name: Ensure XFCE session file is present
ansible.builtin.template:
src: xsession.j2
dest: "{{ xfce_xsession_file }}"
owner: "{{ xfce_user }}"
group: "{{ xfce_user }}"
mode: "0644"
become: true
when: xfce_manage_user | bool
notify:
- Restart xrdp
- Restart xrdp sesman
- name: Ensure XFCE config directory exists
ansible.builtin.file:
path: "{{ xfce_xfconf_dir }}"
state: directory
owner: "{{ xfce_user }}"
group: "{{ xfce_user }}"
mode: "0755"
become: true
when: xfce_manage_user | bool

31
roles/vhosts/xfce_xrdp_minimal/tasks/install.yml
View File

@ -44,28 +44,6 @@
APT_LISTCHANGES_FRONTEND: none
become: true
- name: Ensure the desktop user exists and is unlocked
ansible.builtin.user:
name: "{{ xfce_user }}"
shell: "{{ xfce_user_shell }}"
create_home: true
state: present
password_lock: false
become: true
when: xfce_manage_user | bool
- name: Set desktop user password for XRDP login
ansible.builtin.user:
name: "{{ xfce_user }}"
password: "{{ xfce_user_password_plaintext | password_hash('sha512') }}"
update_password: always
password_lock: false
become: true
no_log: true
when:
- xfce_manage_user | bool
- xfce_user_password_plaintext | length > 0
- name: Add xrdp user to ssl-cert group to allow reading SSL keys
ansible.builtin.user:
name: xrdp
@ -76,15 +54,6 @@
- Restart xrdp
- Restart xrdp sesman
- name: Configure .xsession for the desktop user
ansible.builtin.template:
src: xsession.j2
dest: "{{ xfce_user_home }}/.xsession"
owner: "{{ xfce_user }}"
group: "{{ xfce_user }}"
mode: '0644'
become: true
- name: Check whether XRDP service units are available
ansible.builtin.stat:
path: "{{ item }}"

4
roles/vhosts/xfce_xrdp_minimal/tasks/main.yml
View File

@ -2,3 +2,7 @@
- name: Install minimal XFCE + XRDP stack
ansible.builtin.import_tasks: install.yml
tags: [xfce, xfce_install]
- name: Configure XFCE desktop user and XRDP session
ansible.builtin.import_tasks: config.yml
tags: [xfce, xfce_config]