From 3ff8d4882708e14eea5639a17dbb84a301d7a773 Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Wed, 2 Jul 2025 13:15:21 +0200
Subject: [PATCH] Bind mounts are no longer required; removing them

---
 roles/lmn_vm/tasks/main.yml | 52 ++++++++++---------------------------
 1 file changed, 13 insertions(+), 39 deletions(-)

diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml
index a3ce960..8ba0131 100644
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@@ -28,46 +28,20 @@
     #     insertafter: '#auth_unix_rw = "polkit"'
     #   notify: reload libvirtd
 
-- name: Configure pam_mount for VM bind mounts
-  ansible.builtin.blockinfile:
-    dest: /etc/security/pam_mount.conf.xml
-    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mounts for VMs) -->"
-    block: |
-      <!-- bind mounts for the VMs, setting gid here does not work -->
-      <volume
-        path="~"
-        mountpoint="/lmn/media/%(USER)/home"
-        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
-      </volume>
-      <volume
-        path="/srv/samba/schools/default-school/share"
-        mountpoint="/lmn/media/%(USER)/share"
-        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
-      </volume>
-      <volume
-        path="/srv/samba/schools/default-school"
-        mountpoint="/lmn/media/%(USER)/school"
-        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
-      </volume>
-    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
+    # - name: Use umount script for proper cleanup
+    #   ansible.builtin.blockinfile:
+    #     dest: /etc/security/pam_mount.conf.xml
+    #     marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (umount script needed for bind mounts ordering) -->"
+    #     block: |
+    #       <!-- Provide special umount script here to handle bind mounts and proper ordering -->
+    #       <umount>/usr/local/sbin/pam-umount.sh %(USER) %(USERUID) %(MNTPT)</umount>
+    #     insertafter: '^<mntoptions.*'
 
-- name: Use umount script for proper cleanup
-  ansible.builtin.blockinfile:
-    dest: /etc/security/pam_mount.conf.xml
-    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (umount script needed for bind mounts ordering) -->"
-    block: |
-      <!-- Provide special umount script here to handle bind mounts and proper ordering -->
-      <umount>/usr/local/sbin/pam-umount.sh %(USER) %(USERUID) %(MNTPT)</umount>
-    insertafter: '^<mntoptions.*'
-
-- name: Prepare umount script
-  ansible.builtin.copy:
-    src: pam-umount.sh
-    dest: /usr/local/sbin/pam-umount.sh
-    mode: '0755'
+    # - name: Prepare umount script
+    #   ansible.builtin.copy:
+    #     src: pam-umount.sh
+    #     dest: /usr/local/sbin/pam-umount.sh
+    #     mode: '0755'
 
 - name: Insert domain in default-network
   ansible.builtin.lineinfile: