Unify bind mounts for localhome and non-localhome devices

lmn-client.yml

@@ -205,6 +205,12 @@
           </volume>
         state: absent
 
+    - name: Remove pam_mount for VM bind mounts
+      ansible.builtin.blockinfile:
+        dest: /etc/security/pam_mount.conf.xml
+        marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mount school for VMs) -->"
+        state: absent
+
     - name: Check if rmlpr.timer is installed
       ansible.builtin.stat:
         path: /etc/systemd/system/rmlpr.timer

roles/lmn_vm/tasks/main.yml

@@ -45,13 +45,6 @@
         options="bind"
         ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
       </volume>
-    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
-
-- name: Configure pam_mount for VM bind mounts
-  ansible.builtin.blockinfile:
-    dest: /etc/security/pam_mount.conf.xml
-    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mount school for VMs) -->"
-    block: |
       <volume
         path="/srv/samba/schools/default-school"
         mountpoint="/lmn/media/%(USER)/school"
@@ -59,7 +52,6 @@
         ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
       </volume>
     insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
-  when: localhome is defined and localhome
 
 - name: Use umount script for proper cleanup
   ansible.builtin.blockinfile: