From 93a0f07846709812bb2f8ed655ecf24112a3e030 Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Wed, 17 Dec 2025 13:19:43 +0100
Subject: [PATCH] Apply libvirt firewall policy only on devices with vm_support

---
 roles/lmn_exam/tasks/main.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/roles/lmn_exam/tasks/main.yml b/roles/lmn_exam/tasks/main.yml
index aba8b29..4670933 100644
--- a/roles/lmn_exam/tasks/main.yml
+++ b/roles/lmn_exam/tasks/main.yml
@@ -62,9 +62,11 @@
     src: no-way-out.xml.j2
     dest: "/etc/firewalld/policies/no-way-out-{{ item }}.xml"
     mode: '0644'
-  loop:
-    - HOST
-    - libvirt
+  vars:
+    zones:
+      - HOST
+      - "{{ 'libvirt' if vm_support | default(false) else '' }}"
+  loop: "{{ zones | reject('match','^$') }}"
   when:
     - exam_destination_allowed_ipv4 is defined
     - exam_destination_allowed_ipv4 | length > 0