From 2f7da9c1b49cd37ce0a3cf19da3109efe1fa2335 Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andreas.mundt@steinbeisschule-reutlingen.de>
Date: Fri, 18 Aug 2023 09:56:19 +0200
Subject: [PATCH] Move PAM mount config for VMs to corresponding role. Cleanup.

---
 roles/lmn_kde/files/lmn-reset-dolphin.sh |  4 +-
 roles/lmn_mount/tasks/main.yml           | 18 +------
 roles/lmn_vm/tasks/main.yml              | 65 ++++++++----------------
 3 files changed, 24 insertions(+), 63 deletions(-)

diff --git a/roles/lmn_kde/files/lmn-reset-dolphin.sh b/roles/lmn_kde/files/lmn-reset-dolphin.sh
index 6558b6e..10f6e75 100755
--- a/roles/lmn_kde/files/lmn-reset-dolphin.sh
+++ b/roles/lmn_kde/files/lmn-reset-dolphin.sh
@@ -186,7 +186,7 @@ sed -e "s|HOME|/${HOME##/srv/samba/schools/default-school/}|g" -e "s|USER|${USER
  <separator>
   <info>
    <metadata owner="http://www.kde.org">
-    <UDI>/org/kde/fstab///server/default-schoolHOME:/lmn/media/USER/home</UDI>
+    <UDI>/org/kde/fstab///server/default-school/:/lmn/media/USER/home</UDI>
     <isSystemItem>true</isSystemItem>
     <IsHidden>true</IsHidden>
    </metadata>
@@ -204,7 +204,7 @@ sed -e "s|HOME|/${HOME##/srv/samba/schools/default-school/}|g" -e "s|USER|${USER
  <separator>
   <info>
    <metadata owner="http://www.kde.org">
-    <UDI>/org/kde/fstab///server/default-school/share:/lmn/media/USER/share</UDI>
+    <UDI>/org/kde/fstab///server/default-school/:/lmn/media/USER/share</UDI>
     <isSystemItem>true</isSystemItem>
     <IsHidden>true</IsHidden>
    </metadata>
diff --git a/roles/lmn_mount/tasks/main.yml b/roles/lmn_mount/tasks/main.yml
index 6b81675..3f3dce2 100644
--- a/roles/lmn_mount/tasks/main.yml
+++ b/roles/lmn_mount/tasks/main.yml
@@ -9,10 +9,10 @@
       - davfs2
     state: latest
 
-- name: Configure pam_mount
+- name: Configure pam_mount for LMN homes
   blockinfile:
     dest: /etc/security/pam_mount.conf.xml
-    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"
+    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount LMN homes) -->"
     block: |
       <!-- mounts for home, share and nextcloud -->
       <volume
@@ -30,20 +30,6 @@
         options="username=%(USER),nosuid,nodev,uid=%(USER),gid=1010,grpid,file_mode=0770,dir_mode=0770,forceuid,forcegid"
         ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
       </volume>
-
-      <!-- bind mounts for the VMs, setting gid here does not work -->
-      <volume
-        path="~"
-        mountpoint="/lmn/media/%(USER)/home"
-        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
-      </volume>
-      <volume
-        path="/srv/samba/schools/default-school/share"
-        mountpoint="/lmn/media/%(USER)/share"
-        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
-      </volume>
     insertafter: "<!-- Volume definitions -->"
 
 
diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml
index 62a1918..c56df95 100644
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@@ -6,17 +6,6 @@
       - virt-manager
     state: latest
     autoremove: true
-    default_release: "{{ ansible_distribution_release }}-backports"
-  when: ansible_distribution_release == 'bullseye'
-
-- name: install libvirt packages
-  apt:
-    name:
-      - libvirt-daemon-system
-      - virt-manager
-    state: latest
-    autoremove: true
-  when: ansible_distribution_release == 'bookworm'
 
     #- name: allow all users to use VMs
     #  lineinfile:
@@ -25,6 +14,26 @@
     #    insertafter: '#auth_unix_rw = "polkit"'
     #  notify: reload libvirtd
 
+- name: Configure pam_mount for VMs
+  blockinfile:
+    dest: /etc/security/pam_mount.conf.xml
+    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mounts for VMs) -->"
+    block: |
+      <!-- bind mounts for the VMs, setting gid here does not work -->
+      <volume
+        path="~"
+        mountpoint="/lmn/media/%(USER)/home"
+        options="bind"
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+      </volume>
+      <volume
+        path="/srv/samba/schools/default-school/share"
+        mountpoint="/lmn/media/%(USER)/share"
+        options="bind"
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+      </volume>
+    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
+
 - name: autostart default network for VMs
   file:
     src: /etc/libvirt/qemu/networks/default.xml
@@ -37,7 +46,6 @@
     comment: lmn sync user
     system: true
     create_home: false
-    shell: /usr/bin/false
 
 - name: create vm directory
   file:
@@ -172,38 +180,5 @@
 
 - name: sync .torrent, .xml and .desktop files and run update-desktop-database
   command: sudo -u lmnsynci /usr/local/bin/sync-vm.sh -t
-    #become: true
-    #become_user: lmnsynci
-    #become_method: su
-    #become_flags: '-s /usr/bin/bash'
   register: result
   changed_when: result.stdout | length > 0
-
-#### VMs
-#- name: Deploy initial image list
-#  copy:
-#    src: images.list
-#    dest: /var/lib/libvirt/images/images.list
-#    force: false
-#
-#- name: rsync VM image definitions
-#  command: >
-#    rsync -a --itemize-changes
-#    rsync://server:/vmimages-download/xml /var/lib/libvirt/images/
-#  become: true
-#  become_user: lmnsynci
-#  register: result
-#  changed_when: result.stdout | length > 0
-#  when: not run_in_installer | default(false) | bool
-#
-#- name: rsync VM images
-#  command: >
-#    rsync -a -i --files-from=/lmn/lib/libvirt/images/images.list
-#    rsync://server:/vmimages-download/ /var/lib/libvirt/images/
-#  become: true
-#  become_user: lmnsynci
-#  register: result
-#  changed_when: result.stdout | length > 0
-#  when: >
-#    false and not run_in_installer | default(false) | bool and (ansible_mounts |
-#    selectattr("mount", "equalto", "/") | list)[0].size_available > 80000000000