From 6ba24ade095002ab54738a08e8c2a8b081c39e34 Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Sat, 29 Mar 2025 11:25:22 +0100
Subject: [PATCH] Add missing files for a8e4130

---
 roles/lmn_tmpfixes/tasks/bookworm.yml |  66 ++++++++++
 roles/lmn_tmpfixes/tasks/cleanup.yml  | 170 ++++++++++++++++++++++++++
 roles/lmn_tmpfixes/tasks/main.yml     |  10 ++
 3 files changed, 246 insertions(+)
 create mode 100644 roles/lmn_tmpfixes/tasks/bookworm.yml
 create mode 100644 roles/lmn_tmpfixes/tasks/cleanup.yml
 create mode 100644 roles/lmn_tmpfixes/tasks/main.yml

diff --git a/roles/lmn_tmpfixes/tasks/bookworm.yml b/roles/lmn_tmpfixes/tasks/bookworm.yml
new file mode 100644
index 0000000..7713f23
--- /dev/null
+++ b/roles/lmn_tmpfixes/tasks/bookworm.yml
@@ -0,0 +1,66 @@
+---
+## Temporary fixes and quirks:
+- name: Remove disturbing NetworkManager connection
+  ansible.builtin.file:
+    path: "/etc/NetworkManager/system-connections/Wired connection 1"
+    state: absent
+  when: ansible_interfaces | select('search', '^en[pso].+') | length > 1
+
+- name: Fix 8086:4909 external graphics card
+  ansible.builtin.replace:
+    dest: "/etc/default/grub"
+    regexp: 'GRUB_CMDLINE_LINUX=""$'
+    replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
+  notify: Run update-grub
+  when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
+
+- name: Fix sound on 312A
+  ansible.builtin.replace:
+    dest: "/etc/default/grub"
+    regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
+    replace: 'GRUB_CMDLINE_LINUX=""'
+  notify: Run update-grub
+  when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
+
+- name: Fix sound on 312A and 312D
+  ansible.builtin.apt:
+    name: firmware-sof-signed
+    state: latest
+  when: >
+    ansible_board_vendor == "LENOVO" and
+    (ansible_board_name == "312D" or ansible_board_name == "312A")
+
+- name: Install customized CodeBlocks packages
+  when: "'PCroom' in group_names"
+  block:
+    - name: Check for old CodeBlocks
+      ansible.builtin.command:
+        cmd: dpkg -l codeblocks
+      register: codeblocks_version
+      changed_when: false
+
+    - name: Download codeblocks zip archive
+      ansible.builtin.get_url:
+        url: "http://livebox.pn.steinbeis.schule/codeblocks/CodeBlocks.zip"
+        dest: /tmp/CodeBlocks.zip
+        mode: '0644'
+        use_proxy: false
+      register: new_codeblocks
+      when: codeblocks_version.stdout is not search('svn13544')
+
+    - name: Unpack zip archive and install packages manually
+      ansible.builtin.shell:
+        cmd: unzip -d /tmp/cb/ CodeBlocks.zip && dpkg -i cb/*.deb
+        chdir: /tmp/
+      when: new_codeblocks.changed | default(false)
+
+- name: Work around sddm hang on shutdown
+  ansible.builtin.lineinfile:
+    path: /etc/systemd/system.conf
+    line: DefaultTimeoutStopSec=5s
+    insertafter: '^#DefaultTimeoutStopSec=.*'
+
+- name: Patch spyder to fix 'file-has-changed' issues on CIFS
+  ansible.posix.patch:
+    src: spyder.patch
+    dest: /usr/lib/python3/dist-packages/spyder/plugins/editor/widgets/editor.py
diff --git a/roles/lmn_tmpfixes/tasks/cleanup.yml b/roles/lmn_tmpfixes/tasks/cleanup.yml
new file mode 100644
index 0000000..ccd8318
--- /dev/null
+++ b/roles/lmn_tmpfixes/tasks/cleanup.yml
@@ -0,0 +1,170 @@
+---
+# clean up stuff from obsolete/faulty tasks:
+- name: Remove sddm login screen patch with deprecated marker (homeondisk)
+  ansible.builtin.blockinfile:
+    path: /usr/share/sddm/themes/debian-breeze/Main.qml
+    marker: // {mark} ANSIBLE MANAGED BLOCK homeondisk
+    state: absent
+
+- name: Remove packages we do not need anymore
+  ansible.builtin.apt:
+    name:
+      - cachefilesd
+      - mosquitto
+    state: absent
+    purge: true
+
+- name: Remove virtiofs service
+  ansible.builtin.file:
+    path: /etc/systemd/system/virtiofs@.service
+    state: absent
+
+- name: Fix mount point permissions and owner
+  ansible.builtin.file:
+    path: "{{ item }}"
+    mode: '0755'
+    owner: root
+    group: root
+  loop:
+    - /srv/samba
+    - /srv/samba/schools
+
+- name: Remove pam_mount sysvol mount
+  ansible.builtin.blockinfile:
+    dest: /etc/security/pam_mount.conf.xml
+    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (SysVol) -->"
+    block: |
+      <volume
+        fstype="cifs"
+        server="{{ smb_server }}"
+        path="sysvol/"
+        mountpoint="/srv/samba/%(USER)/sysvol"
+        options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
+      </volume>
+    state: absent
+
+- name: Remove pam_mount for VM bind mounts
+  ansible.builtin.blockinfile:
+    dest: /etc/security/pam_mount.conf.xml
+    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mount school for VMs) -->"
+    state: absent
+
+- name: Check if rmlpr.timer is installed
+  ansible.builtin.stat:
+    path: /etc/systemd/system/rmlpr.timer
+  register: rmlpr
+
+- name: Disable rmlpr.timer
+  ansible.builtin.systemd:
+    name: rmlpr.timer
+    enabled: false
+  when: rmlpr.stat.exists
+
+- name: Check if vmimage-torrent.service is installed
+  ansible.builtin.stat:
+    path: /etc/systemd/system/vmimage-torrent.service
+  register: vmimagetorrent
+
+- name: Disable vmimage-torrent.service
+  ansible.builtin.systemd:
+    name: vmimage-torrent.service
+    enabled: false
+  when: vmimagetorrent.stat.exists
+
+- name: Remove deprecated files and directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/linuxmuster-linuxclient7
+    - /usr/lib/python3/dist-packages/linuxmusterLinuxclient7
+    - /usr/share/linuxmuster-linuxclient7
+    - /usr/local/bin/onLogin
+    - /etc/sudoers.d/90-lmn-sudotools
+    - /etc/systemd/system/rmlpr.service
+    - /etc/systemd/system/rmlpr.timer
+    - /usr/local/bin/sync-vm.sh
+    - /usr/local/bin/run-vm.sh
+    - /usr/local/bin/rebase-vm.sh
+    - /usr/local/bin/create-vm.sh
+    - /usr/local/bin/upload-vm.sh
+    - /usr/local/bin/vmimage-torrent
+    - /etc/systemd/system/vmimage-torrent.service
+    - /usr/local/bin/linbo-torrenthelper.sh
+    - /usr/local/bin/link-images.sh
+    - /usr/local/bin/start-virtiofsd.sh
+    - /etc/sudoers.d/90-lmn-upload-vm
+    - /etc/sudoers.d/90-lmn-sync-vm
+    - /etc/sudoers.d/90-lmn-startvirtiofsd
+    - /etc/sudoers.d/90-lmn-link-images
+    - /etc/rsync.secret
+    - /etc/systemd/network/30-virbr1.netdev
+    - /etc/systemd/network/30-virbr2.netdev
+    - /etc/systemd/network/40-ethernet.network
+    - /etc/systemd/network/40-ethernet-usb.network
+    - /etc/systemd/network/50-virbr1.network
+    - /etc/systemd/network/50-virbr2.network
+    - /etc/systemd/network/60-wlan0-dhcp.network
+    - /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
+    - /etc/tmpfiles.d/clean-exam.conf
+    - /etc/polkit-1/rules.d/lmn-networkmanager.rules
+    - /etc/polkit-1/rules.d/lmn-packagekit.rules
+
+- name: Check if vm_usage_information.txt exists
+  ansible.builtin.stat:
+    path: /lmn/vm/vm_usage_information.txt
+  register: vm_usage_information
+
+- name: Pre-fill vm_usage_information.txt
+  ansible.builtin.shell:
+    cmd: |
+      ls -tr *.qcow2 > vm_usage_information.txt || touchvm_usage_information.txt
+      chown lmnsynci:lmnsynci vm_usage_information.txt
+    chdir: /lmn/vm/
+  when: not vm_usage_information.stat.exists
+
+- name: Detect if IPP-Everywhere printers exist
+  ansible.builtin.shell:
+    cmd: grep "IPP Everywhere" /etc/cups/printers.conf
+  register: ipp_everywhere
+  failed_when: false
+  changed_when: false
+
+- name: Delete old IPP-Everywhere printers
+  ansible.builtin.shell:
+    cmd: |
+      for p in $(lpstat -p | cut -d" " -f2); do
+        lpadmin -x "$p"
+      done
+  when: not ipp_everywhere.rc
+
+- name: Remove old VM-printerlists
+  ansible.builtin.shell:
+    cmd: rm -f /lmn/media/*/.printerlist.csv
+
+- name: Remove Listen on VMBridge
+  ansible.builtin.lineinfile:
+    dest: /etc/cups/cupsd.conf
+    line: 'Listen 192.168.122.1:631'
+    state: absent
+
+- name: Remove NetworkManager Ansible-Block for non-laptops
+  ansible.builtin.blockinfile:
+    path: /etc/NetworkManager/NetworkManager.conf
+    state: absent
+  when: "'laptop' not in group_names"
+
+- name: Remove pam-exec from common-auth
+  ansible.builtin.lineinfile:
+    dest: /etc/pam.d/common-auth
+    line: "auth    optional        pam_exec.so /usr/local/sbin/pam-exec.sh"
+    state: absent
+  when: exam_mode
+
+- name: Remove pam-mkhomedir from common-session
+  ansible.builtin.lineinfile:
+    dest: /etc/pam.d/common-session
+    line: "session  optional        pam_mkhomedir.so  umask=0077"
+    state: absent
+  when: localhome
diff --git a/roles/lmn_tmpfixes/tasks/main.yml b/roles/lmn_tmpfixes/tasks/main.yml
new file mode 100644
index 0000000..8e90138
--- /dev/null
+++ b/roles/lmn_tmpfixes/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Remove disturbing NetworkManager connection
+  ansible.builtin.include_tasks:
+    file: "{{ taskfile }}"
+  loop_control:
+     loop_var: taskfile
+  loop:
+    - bookworm.yml
+    - cleanup.yml
+  when: ansible_distribution_release == "bookworm"