1 files changed, 69 insertions, 0 deletions

diff --git a/roles/xrdp/tasks/main.yaml b/roles/xrdp/tasks/main.yaml
new file mode 100644
index 0000000..d0708c2
--- /dev/null
+++ b/roles/xrdp/tasks/main.yaml
@@ -0,0 +1,69 @@
+- name: ensure xrdp and dependencies are installed
+  apt:
+    name:
+      - xrdp
+      - xorg
+      - tigervnc-xorg-extension
+      - tigervnc-standalone-server
+    state: present
+    update_cache: yes
+
+- name: backup sesman.ini
+  copy:
+    src: /etc/xrdp/sesman.ini
+    dest: /etc/xrdp/sesman.ini.bak
+    remote_src: yes
+
+- name: disable root login in sesman.ini
+  lineinfile:
+    path: /etc/xrdp/sesman.ini
+    regexp: '^AllowRootLogin='
+    line: 'AllowRootLogin=false'
+
+- name: deploy custom xrdp.ini from template
+  template:
+    src: xrdp.ini.j2
+    dest: /etc/xrdp/xrdp.ini
+    mode: '0644'
+
+- name: install xrdp logo
+  copy:
+    src: logo.bmp
+    dest: /etc/xrdp/logo.bmp
+    mode: '0644'
+
+- name: configure polkit rules for xrdp sessions
+  copy:
+    src: xrdp_polkit.rules
+    dest: /etc/polkit-1/rules.d/50-xrdp-session.rules
+    mode: '0644'
+
+- name: apply sysctl optimizations for rdp
+  blockinfile:
+    path: /etc/sysctl.conf
+    block: |
+      net.ipv4.tcp_wmem = 4096 262144 33554432
+      net.ipv4.tcp_rmem = 4096 262144 33554432
+      net.core.wmem_max = 33554432
+      net.core.rmem_max = 33554432
+      net.ipv4.tcp_window_scaling = 1
+      net.ipv4.tcp_fastopen = 3
+      net.core.netdev_max_backlog = 3000
+      net.core.somaxconn = 2048
+      net.ipv4.tcp_slow_start_after_idle = 0
+      net.ipv4.tcp_adv_win_scale = 1
+      net.core.default_qdisc = fq
+      net.ipv4.tcp_congestion_control = bbr
+
+- name: apply sysctl settings
+  command: sysctl -p
+  changed_when: false
+
+- name: ensure xrdp services are enabled and started
+  systemd:
+    name: "{{ item }}"
+    enabled: true
+    state: started
+  loop:
+    - xrdp
+    - xrdp-sesman