From 93d261e73ba519c2200b032833520e5c768589de Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Thu, 23 May 2024 09:58:41 +0200
Subject: [PATCH 1/4] Network devices are now only managed by NetworkManager.

Systemd-networkd is no longer used.
NetworkManager creates a MACVTAP device for each physical Ethernet device.
When calling vm-run with option macvtap, all macvtap-devices are passed to the VM.
---
 lmn-client.yml                    | 16 +++++++++++++---
 roles/lmn_vm/files/vm-run         | 12 +++++++++++-
 roles/lmn_vm/tasks/main.yml       | 14 ++++++++------
 roles/lmn_wlan_iwd/tasks/main.yml | 15 ++++++++++-----
 4 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/lmn-client.yml b/lmn-client.yml
index d2da0a4..d2b0cb8 100644
--- a/lmn-client.yml
+++ b/lmn-client.yml
@@ -89,8 +89,6 @@
       when: groups.localhome is defined and inventory_hostname in groups.localhome
     - role: lmn_teacherlaptop
       when: groups.teacherlaptop is defined and inventory_hostname in groups.teacherlaptop
-    - role: lmn_networkd
-      when: ansible_interfaces | select('search', 'enp.+') | length > 1
 
   tasks:
     ## Temporary fixes and quirks:
@@ -269,6 +267,13 @@
         - /etc/sudoers.d/90-lmn-startvirtiofsd
         - /etc/sudoers.d/90-lmn-link-images
         - /etc/rsync.secret
+        - /etc/systemd/network/30-virbr1.netdev
+        - /etc/systemd/network/30-virbr2.netdev
+        - /etc/systemd/network/40-ethernet.network
+        - /etc/systemd/network/40-ethernet-usb.network
+        - /etc/systemd/network/50-virbr1.network
+        - /etc/systemd/network/50-virbr2.network
+        - /etc/systemd/network/60-wlan0-dhcp.network
 
     - name: check if vm_usage_information.txt exists
       stat: path=/lmn/vm/vm_usage_information.txt
@@ -303,6 +308,12 @@
         line: 'Listen 192.168.122.1:631'
         state: absent
 
+    - name: Remove NetworkManager Ansible-Block for non-laptops
+      blockinfile:
+        path: /etc/NetworkManager/NetworkManager.conf
+        state: absent
+      when: groups.laptop is defined and inventory_hostname not in groups.laptop
+
 ## bookworm fixes/hacks:
     - name: Work around sddm hang on shutdown
       ansible.builtin.lineinfile:
@@ -361,7 +372,6 @@
   roles:
     - role: lmn_wlan_iwd
       when: ansible_interfaces | select('search', 'wl.+') | first is defined
-    - lmn_networkd
     - lmn_localuser
   tasks:
     - name: Remove deprecated files and directories (laptop-class)
diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run
index 5ef6e2a..4214ae9 100755
--- a/roles/lmn_vm/files/vm-run
+++ b/roles/lmn_vm/files/vm-run
@@ -19,6 +19,7 @@ options:
        --os OS           operating system (win10|linux|..)
        --data-disk size  additional data-disk
        --bridge virbrX   additional network interface on bridge virbrX
+       --macvtap         additional network interface on device macvtap
        --options options additional options for virt-install command
 EOF
 }
@@ -115,7 +116,7 @@ NO_VIEWER=0
 
 source /etc/lmn/vm.conf
 
-TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,os:,help -n $0 -- "$@")
+TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,macvtap,os:,help -n $0 -- "$@")
 if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
 
 eval set -- "$TEMP"
@@ -180,6 +181,15 @@ while true; do
             fi
 	    shift 2
 	    ;;
+    --macvtap )
+	    for interface in $(ip link | sed -En 's/.*(macvtap-.*)@.*/\1/p'); do
+              mac="$(ip link | grep -A1 "${interface}" | \
+                sed -nE "s%\s+link/ether ([[:xdigit:]:]{17}) .+%\1%p")"
+              type="ethernet,mac=${mac},target.dev=${interface},xpath1.set=./target/@managed=no,model.type=virtio"
+	      LIBVIRTOPTS="${LIBVIRTOPTS} --network type=$type"
+	    done
+	    shift
+	    ;;
     --os )
             LIBVIRTOSINFO=$2
 	    shift 2
diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml
index d109fca..1aade31 100644
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@@ -215,29 +215,31 @@
 
 - name: Configure macvtap interface
   ansible.builtin.copy:
-    dest: /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
+    dest: "/etc/NetworkManager/system-connections/macvlan-vm-macvtap-{{ item }}.nmconnection"
     mode: '0600'
     content: |
       [connection]
-      id=macvlan-vm-macvtap
+      id=macvlan-macvtap-{{ item[3:9] }}
       type=macvlan
-      interface-name=vm-macvtap
+      interface-name=macvtap-{{ item[3:9] }}
       [macvlan]
       mode=2
-      parent={{ ansible_default_ipv4['interface'] }}
+      parent={{ item }}
       tap=true
       [ipv4]
       method=disabled
       [ipv6]
       method=disabled
       [proxy]
+  loop: "{{ ansible_interfaces | select('search', '^enp.+') }}"
 
 - name: Adjust interface permissions for user mode VMs
   ansible.builtin.copy:
     dest: /etc/udev/rules.d/80-macvlan.rules
     content: |
-      SUBSYSTEMS=="net", KERNELS=="vm-macvtap", MODE="0666"
-
+      {% for interface in (ansible_interfaces | select('search', '^enp.+')) %}
+      SUBSYSTEMS=="net", KERNELS=="macvtap-{{ interface[3:9] }}", MODE="0666"
+      {% endfor %}
 
 - name: Create directory for local .desktop-Files
   ansible.builtin.file:
diff --git a/roles/lmn_wlan_iwd/tasks/main.yml b/roles/lmn_wlan_iwd/tasks/main.yml
index c8ff1c1..6265067 100644
--- a/roles/lmn_wlan_iwd/tasks/main.yml
+++ b/roles/lmn_wlan_iwd/tasks/main.yml
@@ -33,11 +33,16 @@
       [Security]
       Passphrase={{ wifipasswd }}
 
-- name: Enable systemd-networkd
-  ansible.builtin.systemd:
-    name: systemd-networkd.service
-    enabled: True
-
+- name: Use iwd (NetworkManager)
+  blockinfile:
+    dest: /etc/NetworkManager/NetworkManager.conf
+    block: |
+      [device]
+      match-device=interface-name:wl*
+      wifi.backend=iwd
+      [connection]
+      match-device=interface-name:wl*
+      ipv4.route-metric=2048
 
 - name: Provide service to enable WiFi on boot
   ansible.builtin.copy:

From ce9b1806f1a31443386cb32d19eb1ebb98547a3d Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Tue, 4 Jun 2024 14:26:40 +0200
Subject: [PATCH 2/4] Create macvtap devices based on all physical network
 devices (en[pos]).

---
 roles/lmn_vm/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml
index 1aade31..24bde7b 100644
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@@ -231,13 +231,13 @@
       [ipv6]
       method=disabled
       [proxy]
-  loop: "{{ ansible_interfaces | select('search', '^enp.+') }}"
+  loop: "{{ ansible_interfaces | select('search', '^en[pso].+') }}"
 
 - name: Adjust interface permissions for user mode VMs
   ansible.builtin.copy:
     dest: /etc/udev/rules.d/80-macvlan.rules
     content: |
-      {% for interface in (ansible_interfaces | select('search', '^enp.+')) %}
+      {% for interface in (ansible_interfaces | select('search', '^en[pso].+')) %}
       SUBSYSTEMS=="net", KERNELS=="macvtap-{{ interface[3:9] }}", MODE="0666"
       {% endfor %}
 

From 4b4328bde584ec8249b3de3d8467e2f3e4ae3c18 Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Tue, 4 Jun 2024 14:28:06 +0200
Subject: [PATCH 3/4] Remove deprecated macvtap NetworkManager config.

---
 lmn-client.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lmn-client.yml b/lmn-client.yml
index d2b0cb8..cf19633 100644
--- a/lmn-client.yml
+++ b/lmn-client.yml
@@ -274,6 +274,7 @@
         - /etc/systemd/network/50-virbr1.network
         - /etc/systemd/network/50-virbr2.network
         - /etc/systemd/network/60-wlan0-dhcp.network
+        - /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
 
     - name: check if vm_usage_information.txt exists
       stat: path=/lmn/vm/vm_usage_information.txt
@@ -302,6 +303,10 @@
           done
       when: not ipp_everywhere.rc
 
+    - name: Remove old VM-printerlists
+      shell:
+        cmd: rm -f /lmn/media/*/.printerlist.csv
+
     - name: Remove Listen on VMBridge
       lineinfile:
         dest: /etc/cups/cupsd.conf

From c3d7692f216ab5627db0f16318320ae2e99ade22 Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Tue, 11 Jun 2024 13:37:56 +0200
Subject: [PATCH 4/4] Remove NetworkManager connection Wired Connection.

NetworkManager has problems using the default 'Wired Connection 1'
setting for more than one network card, so it is better to remove this file
and NetworkManager will use default 'Wired Connections' in memory.
---
 lmn-client.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lmn-client.yml b/lmn-client.yml
index cf19633..c7e3715 100644
--- a/lmn-client.yml
+++ b/lmn-client.yml
@@ -92,6 +92,12 @@
 
   tasks:
     ## Temporary fixes and quirks:
+    - name: Remove disturbing NetworkManager connection
+      file:
+        path: "/etc/NetworkManager/system-connections/Wired connection 1"
+        state: absent
+      when: ansible_interfaces | select('search', '^en[pso].+') | length > 1
+
     - name: Fix 8086:4909 external graphics card
       replace:
         dest: "/etc/default/grub"