blob: 6b092c8b74b0ad8c39bf0edb04f5a675264a41e5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
- name: ensure xrdp and dependencies are installed
apt:
name:
- xrdp
- xorg
- tigervnc-xorg-extension
- tigervnc-standalone-server
state: present
update_cache: true
cache_valid_time: 86400
- name: configure polkit rules for xrdp sessions
copy:
src: xrdp_polkit.rules
dest: /etc/polkit-1/rules.d/50-xrdp-session.rules
mode: '0644'
- name: apply sysctl optimizations for rdp
blockinfile:
path: /etc/sysctl.conf
block: |
net.ipv4.tcp_wmem = 4096 262144 33554432
net.ipv4.tcp_rmem = 4096 262144 33554432
net.core.wmem_max = 33554432
net.core.rmem_max = 33554432
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_fastopen = 3
net.core.netdev_max_backlog = 3000
net.core.somaxconn = 2048
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_adv_win_scale = 1
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
- name: apply sysctl settings
command: sysctl -p
changed_when: false
- name: install xrdp logo
copy:
src: logo.bmp
dest: /etc/xrdp/logo.bmp
mode: '0644'
- name: backup sesman.ini
copy:
src: /etc/xrdp/sesman.ini
dest: /etc/xrdp/sesman.ini.bak
remote_src: true
- name: disable root login in sesman.ini
lineinfile:
path: /etc/xrdp/sesman.ini
regexp: '^AllowRootLogin='
line: 'AllowRootLogin=false'
- name: deploy custom xrdp.ini from template
template:
src: xrdp.ini.j2
dest: /etc/xrdp/xrdp.ini
mode: '0644'
- name: restart xrdp
systemd:
name: xrdp
state: restarted
enabled: true
when: ansible_service_mgr == 'systemd'
- name: restart xrdp-sesman
systemd:
name: xrdp-sesman
state: restarted
enabled: true
when: ansible_service_mgr == 'systemd'
|