Implemented browsers with keepassxc and ublock origine default setup

2025-04-04 16:14:16 +02:00 · 2025-04-01 12:08:28 +02:00 · 2025-04-01 12:08:28 +02:00 · 887db59a57
commit 887db59a57
parent 4541e2d636
14 changed files with 259 additions and 2 deletions
--- a/roles/pc-browser-chromium/README.md
+++ b/roles/pc-browser-chromium/README.md
@ -0,0 +1,29 @@
+# Chromium 🌐
+
+## Description
+
+This Ansible role installs and configures the Chromium browser along with essential security and productivity extensions. It ensures that Chromium is installed and properly set up with forced installation of uBlock Origin and the KeePassXC browser extension via Enterprise Policies, providing a secure and streamlined browsing experience.
+
+## Overview
+
+Designed for various Linux distributions, this role manages the installation of the Chromium browser using the system’s package manager. It configures Chromium's managed policies to automatically deploy key browser extensions, ensuring that users always have a secure and consistent environment. This role integrates seamlessly with other system management roles for a holistic deployment.
+
+## Purpose
+
+The purpose of this role is to automate the provisioning of a secure Chromium environment in a consistent and maintainable way. It reduces manual configuration steps and guarantees that critical browser extensions are enforced, making it ideal for both production and personal deployments.
+
+## Features
+
+- **Installs Chromium Browser:** Automatically installs the appropriate Chromium package based on the target system.
+- **Installs KeePassXC:** Ensures KeePassXC is installed for secure password management.
+- **Enforces Browser Extensions:** Configures Chromium Enterprise Policies to force-install uBlock Origin and the KeePassXC browser extension.
+- **Cross-Platform Support:** Handles package variations for multiple Linux distributions.
+- **Seamless Integration:** Provides a stable and secure browsing setup as part of broader system automation workflows.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
--- a/roles/pc-browser-chromium/defaults/main.yml
+++ b/roles/pc-browser-chromium/defaults/main.yml
@ -0,0 +1,2 @@
+---
+chromium_package: "{{ 'chromium-browser' if ansible_os_family == 'Debian' else 'chromium' }}"
--- a/roles/pc-browser-chromium/files/extensions_policy.json
+++ b/roles/pc-browser-chromium/files/extensions_policy.json
@ -0,0 +1,7 @@
+{
+    "ExtensionInstallForcelist": [
+      "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx",
+      "oboonakemofpalcgghocfoadofidjkkk;https://clients2.google.com/service/update2/crx"
+    ]
+  }
+  
--- a/roles/pc-browser-chromium/meta/main.yml
+++ b/roles/pc-browser-chromium/meta/main.yml
@ -0,0 +1,35 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Automates the installation and configuration of the Chromium browser with enforced security extensions."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Debian
+      versions:
+        - stretch
+        - buster
+        - bullseye
+    - name: Ubuntu
+      versions:
+        - bionic
+        - focal
+        - jammy
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - chromium
+    - browser
+    - enterprise-policy
+    - security
+    - automation
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+dependencies: []
--- a/roles/pc-browser-chromium/tasks/main.yml
+++ b/roles/pc-browser-chromium/tasks/main.yml
@ -0,0 +1,27 @@
+---
+- name: Update package cache (Debian/Ubuntu)
+  apt:
+    update_cache: yes
+  when: ansible_os_family == "Debian"
+
+- name: Install Chromium browser
+  package:
+    name: "{{ chromium_package }}"
+    state: present
+
+- name: Install KeePassXC
+  package:
+    name: keepassxc
+    state: present
+
+- name: Ensure Chromium policies directory exists
+  file:
+    path: /etc/chromium/policies/managed
+    state: directory
+    mode: '0755'
+
+- name: Copy the extensions policy file for Chromium
+  copy:
+    src: extensions_policy.json
+    dest: /etc/chromium/policies/managed/extensions_policy.json
+    mode: '0644'
--- a/roles/pc-browser-firefox/README.md
+++ b/roles/pc-browser-firefox/README.md
@ -0,0 +1,28 @@
+# Firefox 🦊
+
+## Description
+
+This Ansible role installs and configures Firefox on Arch Linux systems, enforcing Enterprise Policies to automatically install key browser extensions. It ensures that Firefox is installed and set up with policies that force-install uBlock Origin and the KeePassXC Browser extension, delivering a secure and consistent browsing experience.
+
+## Overview
+
+Tailored for Arch Linux, this role handles the installation of Firefox using the system’s package manager (`pacman`). It deploys a `policies.json` file to Firefox’s distribution directory, ensuring that critical extensions are automatically installed via Firefox Enterprise Policies.
+
+## Purpose
+
+The role automates the provisioning of a secure Firefox environment, reducing manual configuration and ensuring consistency across deployments. It is ideal for environments where a standardized and secure browsing setup is required.
+
+## Features
+
+- **Installs Firefox:** Uses `pacman` to install the Firefox package.
+- **Enforces Enterprise Policies:** Deploys a `policies.json` file that forces the installation of uBlock Origin and the KeePassXC Browser extension.
+- **Streamlined Configuration:** Automatically creates necessary directories and applies correct file permissions.
+- **Seamless Integration:** Easily integrates with other automation roles for a complete system setup.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
--- a/roles/pc-browser-firefox/defaults/main.yml
+++ b/roles/pc-browser-firefox/defaults/main.yml
@ -0,0 +1,11 @@
+---
+# Default variables for the pc-firefox role
+
+# Package name for Firefox on Arch Linux
+firefox_package: firefox
+
+# Directory where Firefox expects distribution policies
+firefox_policy_dir: "/usr/lib/firefox/distribution"
+
+# Full path to the policies file
+firefox_policy_file: "{{ firefox_policy_dir }}/policies.json"
--- a/roles/pc-browser-firefox/files/policies.json
+++ b/roles/pc-browser-firefox/files/policies.json
@ -0,0 +1,11 @@
+{
+    "policies": {
+      "Extensions": {
+        "Install": [
+          "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi",
+          "https://addons.mozilla.org/firefox/downloads/latest/keepassxc-browser/latest.xpi"
+        ]
+      }
+    }
+  }
+  
--- a/roles/pc-browser-firefox/meta/main.yml
+++ b/roles/pc-browser-firefox/meta/main.yml
@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Automates the installation and configuration of Firefox with enforced extension policies on Arch Linux."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - firefox
+    - browser
+    - enterprise-policy
+    - security
+    - automation
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+dependencies: []
--- a/roles/pc-browser-firefox/tasks/main.yml
+++ b/roles/pc-browser-firefox/tasks/main.yml
@ -0,0 +1,17 @@
+---
+- name: Install Firefox
+  package:
+    name: "{{ firefox_package }}"
+    state: present
+
+- name: Ensure Firefox distribution policies directory exists
+  file:
+    path: "{{ firefox_policy_dir }}"
+    state: directory
+    mode: '0755'
+
+- name: Deploy Firefox Enterprise Policies file
+  copy:
+    src: policies.json
+    dest: "{{ firefox_policy_file }}"
+    mode: '0644'
--- a/roles/pc-browsers/README.md
+++ b/roles/pc-browsers/README.md
@ -0,0 +1,28 @@
+# Browsers 🎨
+
+## Description
+
+This Ansible role serves as a wrapper to install and configure multiple browsers on a target system. It integrates the configurations of both Chromium and Firefox, ensuring that each browser is set up with forced installation of key security extensions (uBlock Origin and the KeePassXC browser extension) via Enterprise Policies.
+
+## Overview
+
+The **pc-browsers** role orchestrates the deployment of two specialized roles: **pc-browser-chromium** and **pc-browser-firefox**. By executing both roles, it provides a unified solution for browser management, making it easier to maintain a secure and consistent browsing environment across your systems.
+
+## Purpose
+
+The purpose of this role is to simplify the automation of browser deployments. Instead of managing separate playbooks or tasks for Chromium and Firefox, this role consolidates browser installation and configuration into one streamlined process.
+
+## Features
+
+- **Unified Browser Management:** Executes both Chromium and Firefox configuration roles.
+- **Automated Installation:** Installs Chromium and Firefox along with their essential security extensions.
+- **Enforced Security Policies:** Ensures that uBlock Origin and the KeePassXC browser extension are automatically deployed using Enterprise Policies.
+- **Seamless Integration:** Easily integrates into your existing automation workflows for a consistent system setup.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
--- a/roles/pc-browsers/meta/main.yml
+++ b/roles/pc-browsers/meta/main.yml
@ -0,0 +1,38 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Wrapper role to install and configure both Chromium and Firefox with enforced security extensions."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Debian
+      versions:
+        - stretch
+        - buster
+        - bullseye
+    - name: Ubuntu
+      versions:
+        - bionic
+        - focal
+        - jammy
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - browsers
+    - chromium
+    - firefox
+    - enterprise-policy
+    - security
+    - automation
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+dependencies:
+  - pc-browser-chromium
+  - pc-browser-firefox
--- a/roles/pc-office/meta/main.yml
+++ b/roles/pc-office/meta/main.yml
@ -1,3 +1,3 @@
 dependencies:
 - pc-libreoffice
- pc-zoom
+- pc-browsers
--- a/roles/pc-office/tasks/main.yml
+++ b/roles/pc-office/tasks/main.yml
@ -1,7 +1,6 @@
 - name: install office sofware
  community.general.pacman:
    name: 
-      - chromium
      - thunderbird
      - calibre
      - retext