Mount network-shares after established wireguard-connection.

roles/lmn_teacherlaptop/files/10-lmn-mount.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/bash
+#
+set -eu
+
+if [[ "$CONNECTION_ID" = "wg0" ]]; then
+  USERNAME=$(ps -o pid,user,args -C sddm-helper | sed -nE 's/.*user (.*)$/\1/p')
+  USERID=$(id -u "${USERNAME}")
+  KRB5CCNAME=$(ls /tmp/krb5cc_"${USERID}"_*)
+  export KRB5CCNAME
+  printenv >&2
+  if [[ "$NM_DISPATCHER_ACTION" = "up" ]]; then
+    # Exit if server is already mounted
+    findmnt /srv/samba/schools/default-school > /dev/null && exit 0
+
+    if ! klist -s  -c "${KRB5CCNAME}"; then
+      #echo "try to renew KRB5-Ticket" >&2
+      #sudo -u "${USERNAME}" kinit -R -c "${KRB5CCNAME}"
+      echo "KRB5-Ticket is expired. Sleep 3 seconds and hope it will be renewed after." >&2
+      sleep 3
+    fi
+
+    echo "prepare mountpoints" >&2
+    umask 0002
+    mkdir -p /srv/samba/schools/default-school
+    chmod 777  /srv/samba/schools/default-school
+    mkdir -p "/lmn/media/${USERNAME}/share"
+    
+    mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
+          -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
+	  echo "after mount" >&2
+    mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share"
+  elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then
+    # FIXME: Only umount server when Wireguard-Connection was the only connection to server.
+    # Dirty fix (works only in fvs-IP-Range)
+    if !(ip r s | grep "10.190." | grep -v wg0); then
+      echo "Try to umount server shares"
+      umount "/lmn/media/${USERNAME}/share"
+      umount /srv/samba/schools/default-school
+    fi
+  fi
+fi

roles/lmn_teacherlaptop/tasks/main.yml

@@ -1,4 +1,11 @@
 ---
+- name: Install wireguard
+  apt:
+    name:
+      - wireguard
+        #- krb5-auth-dialog
+    state: latest
+
 - name: Copy polkit rule to allow install packages by role-teacher
   ansible.builtin.copy:
     src: "{{ item }}"
@@ -14,6 +21,18 @@
     dest: /usr/local/bin/
     mode: "0755"
 
+- name: Copy NetworkManager dispatcher-script (10-lmn-mount.sh)
+  ansible.builtin.copy:
+    src: 10-lmn-mount.sh
+    dest: /etc/NetworkManager/dispatcher.d/
+    mode: "0755"
+
+- name: Create link to dispatcher-script (10-lmn-mount.sh)
+  ansible.builtin.file:
+    src: ../10-lmn-mount.sh
+    dest: /etc/NetworkManager/dispatcher.d/pre-down.d/10-lmn-mount.sh
+    state: link
+
 - name: Deploy sudo configurations (apt for role-teacher) 
   copy:
     dest: /etc/sudoers.d/90-lmn-teacherlaptop