Merge branch 'fvs' of gitlab.steinbeisschule-reutlingen.de:L_MDT/debian-lan4fvs into fvs

inventory.yml

@@ -80,7 +80,7 @@ K400:
     10.190.97.131:
     10.190.97.141:
     10.190.97.151:
-CK001:
+CK100:
   hosts:
     10.190.90.[152:159]:
 DK21:
@@ -105,6 +105,12 @@ CL000:
   hosts:
     10.190.89.59:
     10.190.89.60:
+CL100:
+  hosts:
+    10.190.62.[61:64]:
+W000:
+  hosts:
+    10.190.3.[1:3]:
 
 PCroom:
   children:
@@ -116,8 +122,6 @@ PCroom:
     R319:
     R406:
     R407:
-    C052: # Laptops
-    C055: # Laptops
     C061:
     C062:
   vars:
@@ -127,7 +131,7 @@ Kroom:
     K200:
     K300:
     K400:
-    CK001:
+    CK100:
     DK21:
 Lroom:
   children:
@@ -135,3 +139,14 @@ Lroom:
     L300:
     L400:
     CL000:
+    CL100:
+desktop:
+  children:
+    PCroom:
+    Kroom:
+    Lroom:
+laptop:
+  children:
+    W000:
+    C052:
+    C055:

lmn-client.yml

@@ -1,4 +1,4 @@
-## This playbook deploys a KDE desktop machine for LinuxMuster.
+## This playbook deploys a client for LinuxMuster.
 #
 # Use the following in the installer's preseed file:
 #
@@ -17,8 +17,8 @@
 #       fi
 #
 ---
-- name: apply configuration to the machines
-  hosts: all
+- name: Apply common configuration to the machines
+  hosts: all # desktop:laptop
   remote_user: ansible
   become: yes
   pre_tasks:
@@ -35,6 +35,7 @@
         value: >-
           /srv/samba/schools/default-school/teachers/
           /srv/samba/schools/default-school/students/*/
+          /srv/samba/schools/default-school/examusers/
         vtype: string
     - name: Preseed unattended-upgrades
       debconf:
@@ -63,6 +64,7 @@
 
     rsyncsecret: "{{ vault_rsyncsecret }}"
     keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
+    localuser: "{{ vault_localuser }}"  ##  needed here for the (universal) pam-mount configuration
 
     ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
     grub_pwd: "{{ vault_grub_pwd }}"
@@ -143,3 +145,19 @@
         path: /etc/systemd/system.conf
         line: DefaultTimeoutStopSec=5s
         insertafter: '^#DefaultTimeoutStopSec=.*'
+
+#################
+
+- name: Apply additional laptop configuration
+  hosts: laptop
+  remote_user: ansible
+  become: yes
+  vars_files: lmn-vault
+  vars:
+    ssid: "{{ vault_ssid }}"
+    wifipasswd: "{{ vault_wifipasswd }}"
+    localuser: "{{ vault_localuser }}"
+    localuser_pwd: "{{ vault_localuser_pwd }}"
+  roles:
+    - lmn_wlan
+    - lmn_localuser

lmn-laptop.yml

@@ -1,130 +0,0 @@
-## This playbook deploys a KDE laptop machine for LinuxMuster.
----
-- name: apply configuration to the machines
-  hosts: all
-  remote_user: ansible
-  become: yes
-  pre_tasks:
-    - pause:
-        prompt: "Enter global-admin AD password. Leave empty to skip domain join"
-        echo: false
-      register: adpw
-      no_log: true
-      when: "ansible_cmdline.adpw is not defined"
-    - name: Preseed apparmor
-      debconf:
-        name: apparmor
-        question: apparmor/homedirs
-        value: >-
-          /srv/samba/schools/default-school/teachers/
-          /srv/samba/schools/default-school/students/*/
-        vtype: string
-    - name: Preseed unattended-upgrades
-      debconf:
-        name: unattended-upgrades
-        question: unattended-upgrades/enable_auto_updates
-        value: True
-        vtype: boolean
-
-  vars_files: lmn-vault
-  vars:
-    domain: "{{ ansible_domain }}"
-    kerberize_uris: "{{ vault_kerberize_uris }}"  ##  example.org
-    apt_conf: "{{ vault_apt_conf }}"  ## Acquire::http::Proxy "http://aptcache.example.org:3142/";
-    ntp_serv: "{{ vault_ntp_serv }}"  ## ntp.example.org
-    proxy: "{{ vault_proxy }}"        ## http://firewall.example.org:3128
-    no_proxy: "{{ vault_no_proxy }}"  ## firewall.example.org,server.example.org,idam.example.org,dw.example.org
-
-    ## PAM mount nextcloud, remove or leave empty to skip:
-    web_dav: "{{ vault_web_dav }}"    ## https://nc.example.org/remote.php/dav/files/%(USER)
-
-    ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
-    mirror_msfonts: "{{ vault_mirror_msfonts }}" ## http://livebox.example.org/mscorefonts/
-
-    ## Local mirror for libdvdcss. Remove or leave empty to use no mirror:
-    mirror_dvdcss: "{{ vault_mirror_dvdcss }}"   ## http://livebox.example.org/libdvdcss/
-
-    rsyncsecret: "{{ vault_rsyncsecret }}"
-    wifipasswd: "{{ vault_wifipasswd }}"
-    keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
-
-    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
-    grub_pwd: "{{ vault_grub_pwd }}"
-    nfs4: false
-    extra_pkgs:
-      - vim
-      - mc
-      - tmux
-      - krb5-user
-      - unattended-upgrades
-      - debconf-utils
-    extra_pkgs_bpo: [] # [ linux-image-amd64 ]
-
-  roles:
-    - lmn_network
-    - up2date_debian
-    - lmn_sssd
-    - lmn_mount
-    - lmn_kde
-    - lmn_fvs ## school specific customization
-    - lmn_vm
-    - lmn_printer
-    - kerberize
-    - lmn_wlan
-    - lmn_security
-
-  tasks:
-## Temporary fixes and quirks:
-    - name: Fix 8086:4909 external graphics card
-      replace:
-        dest: "/etc/default/grub"
-        regexp: 'GRUB_CMDLINE_LINUX=""$'
-        replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
-      notify: Run update-grub
-      when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
-
-    - name: Fix sound on 312A
-      replace:
-        dest: "/etc/default/grub"
-        regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
-        replace: 'GRUB_CMDLINE_LINUX=""'
-      notify: Run update-grub
-      when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
-
-    - name: Fix sound on 312A and 312D
-      apt:
-        name: firmware-sof-signed
-        state: latest
-      when: >
-        ansible_board_vendor == "LENOVO" and
-        (ansible_board_name == "312D" or ansible_board_name == "312A")
-
-## Clean up stuff from obsolete/faulty tasks:
-    - name: Remove virtiofs service
-      file:
-        path: /etc/systemd/system/virtiofs@.service
-        state: absent
-
-    - name: Fix mount point permissions and owner
-      file:
-        path: "{{ item }}"
-        mode: '0755'
-        owner: root
-        group: root
-      loop:
-        - /srv/samba
-        - /srv/samba/schools
-
-    - name: Fix unattended-upgrades
-      ansible.builtin.copy:
-        dest: /etc/apt/apt.conf.d/20auto-upgrades
-        content: |
-          APT::Periodic::Update-Package-Lists "1";
-          APT::Periodic::Unattended-Upgrade "1";
-
-## bookworm fixes/hacks:
-    - name: Work around sddm hang on shutdown
-      ansible.builtin.lineinfile:
-        path: /etc/systemd/system.conf
-        line: DefaultTimeoutStopSec=5s
-        insertafter: '^#DefaultTimeoutStopSec=.*'

lmn-vault

@@ -1,88 +1,108 @@
 $ANSIBLE_VAULT;1.1;AES256
-32636664616238393662376463373731633938323336623065323763613332363661353833643236
-3063383038383733393431626336373261666333373438360a346330663233333338643765366139
-30616635336234653861663938376237613066356130383066653137343363633666326264656434
-3635633262366330640a663839383661343464643938363333393734383737653736326562666564
-36346338623363626261666563336564346533393532666130646534646532613632396561363966
-39613563613131663564653934636131653365633132363536373732303437643938306264376130
-33643262323365363535353036333535663037353938356663346238643836386666663561303264
-64353262633532353236343537373137353135336438366335646532373961343931636433306232
-32383730643962333064653833666537383336366234343730623832336238633537333038353236
-33613164353737323838343465353630626665303836303865663864306332393039613265383630
-31353234626664626133333465386166353635343364363765346138633362333161666438363866
-61323433323363363531396530326365306532656530363335613364373964323665393761313932
-32316330386231623934636661396466613932356531383533653331643431323238646566343734
-32636337613165643164373161376634363361653163636661653762613036336632306138666361
-66656264393033373930613736323037336635633365386662653739316633306138326235363038
-35353366366166323361656161326435363934393239336637393539653532636532366633613233
-66633765636436383165313338663737386539366532323938646562623039613865373132333161
-65366637313966626363383437616631653639656131303932633833643163633831376635373933
-66666430363361656238643833326631373330313333396433666539346431343864336333336465
-34303931653632386238323336383466353266323163383537666538633932383462363637613833
-32346362303464616135333237383061333762623830656162643935616635623166343638663637
-32633962663864626337346566616232333839386438313365323339366435396434323539363938
-36623966343530653366333138633836383538333833643637656536653033386163323064656263
-61633738653461366163643363626364633636616265626232393861376330616234633461323032
-64626537346566303434343534653531306439303563343732616464386333323862323333613365
-31356466326134633961363265336461303462633932653634656334363033323835653765333163
-34353664316361356638333330323364373236313237313962336630613636363038363533653963
-64336463643035613539346466316361393666346136373533343633346464376130393066653965
-64643437376132613731333363396636383939646465346439303737663539646165313164333633
-66333463633865323465313932396265616638383665333239623364356537373930343432373935
-39663635343135613339313937303763613733616662386331336662383865643066373633653863
-34613063636134393965333333663264633863656331363135316238643333393431306236353464
-33633637633665303736663338313061616539376264343536633434313766613466346365656133
-37646434323435313532396633343663616562613937306265643933323461613437633666663230
-64653330616333326665323263663635373936633463663831333932323863323631373033636139
-36366139333230306137356430613761373630666363373062613237383562363630356235626166
-61613239613937346536386465326230623431333233386131383638323563626132663638653136
-38663664636362393339653964663330353663393765333135313965383837333139383832633238
-66616665373336313961393032383432313337336139306530313130306634613939386465353561
-36373462336435303831383764356531643232313434633530303135623134386663643534356238
-39663235326137386130383534363431636139373966336162343536356136616335666561383762
-66666366646261633761666663383566333531323764663664353139386565636661323365636265
-35326637313937346639323136653437313465356532373461333736336437393065363430363262
-32326436373266323835323038326330306635306537316333383864623835636330653837663033
-39613663333232333031643935613066643032353935356238663238383930383035623939383165
-35636538633231383439326432663734613262356339346136616634346461356263336163346433
-31666236316363373132626633386535323635626330613730303134313263646430376433623661
-39656530313135333737656632653731373363653861393562663261666164366161616131376235
-63396435643066633738643965393061376237656232666437366664353037383461393538353239
-65663235343036666538376439313465366333636436646563623961336230346365373764363737
-31616162663438316366323063653334316663646261353230663764383364643864373562323734
-32666262643634663339653332393566356636613662373835313664303035633333396131646165
-61336438333735613963353064393233343565396562383734373365336431643863633938333733
-38653138353763356461326531303733323134323865623361383933396337346533653635353965
-32336236316462656632656161303138613133663861353237396139393930306565313532356365
-39356531626130653430353331373363626264333730346563666234313163613161643162393839
-62356331613863613538376337313837383064373932346138353264663232383565313833346566
-32306366656564393364303830323637323336356665333037623362383363623135646334306438
-65373036656636393536323462363234366538636566373361396530373535333033313233623032
-32373666313462663465373863653433363738646265383338623861366163633638343566393731
-38303162356463656339303337363461386461396639633064323965366464623639366336313537
-39353638616230613264343735333539353366613735363062636233326130666362363363633136
-37313962376233303834313432313565333264343733653835653831343261343437383832373936
-63376461396533613364313236356364393534326339373565316530303437353732653733326232
-37663837333966653238323234316463643339626663643766343735353239633838653336663834
-34373266613336376537363335616134366633373039343934386333343530633962626435366463
-37613562616335363637323361303138653565376466396533336332643365376265643435333435
-32613266356539623230646135333234376135623435666235373266363836653938316266613038
-39653064326661363538343732336437626537366430666639303162653033613631343930643961
-62633432343464333066643830343033643461316166663935383366313665623665346263613037
-64366662626536663765343339343136313863613633316264636531366638303133636539666461
-32383734633837306465323434306338653331356638353731666537623335306532643431353563
-65326339396433666566666631613630663863643935633936313265313866326130383735313031
-32396434643333343962306364643631383164376464316637623739356264343735393838623962
-61323633663633343464663638653761383164363932616630353564666237663530383239353866
-33343236303532366430383331623138633564336538623034643630373138356134393861643039
-39633565343063373533326232383038333330353539346533313433303133366534343033666161
-36306566623361643663333265626561393036633966333331353033393066356138326663356539
-65393066643939373730383437363232366434386636666636643137616465633635393930306335
-62383136376637653861323761646262646162346538393639346139656530303062353764653835
-39363165373633333564353938646331613336316230353331313861363361666265643034633230
-31313033343533386232343039646537336339303434383439353363656632366364656238373835
-35663731313439396435373238363739353935306335646536363961373631373039366331393138
-38663263363731306236323563663965323261626134373532343762363632316339666465323936
-35646462313237656261626138313431303264613032316138613634616133396662356232626565
-36623762656633386463633664363665616564393166313439396138363335666665383838376439
-613237313732306630313738643233333966
+65633363646535646163353331353934343961306136663461633362323362643537386162346435
+6161306230316364656463313530376230313561653964650a333737336431326663366631666663
+61366333623231316336353362666130653838663233306334353734316338336334313630653339
+6335306166653434320a396232363732346239386533366236623332356231633536346136333666
+66316630313133646537373139636533313638663336343366623464313764636161326432653132
+38303864373736643932383436383331376139333439666166613463346636306235623961663530
+31616339623538663332633539376366663739633831633361363961323039386237323830393734
+36383734643134643530313631643561346266353665646563306334303339323231323766353334
+33353830336131653831636564383635356439363433663133663536653764653133666262303432
+38633034363764396461356130323531616561613734333039393836333338346235633838663330
+30646665656564646561663335643331633562623937623337353933623530363166646666363436
+35356434663830306634396633626139613632363364333163366539396539366434333331313438
+63353163386361396233643832313535383261366363333863383363353835633032376133373361
+61373535356535383836323438626265646330303238636632393034396133363131663031353933
+37393865393336313264393231643831623566666133343836633635353861613836386661376238
+39353461623839323532373064326238623961356466613130323535653437626364303261623537
+35306666373163646134666232356564623764353630333166326261393230623663363266336532
+35306564396430626639623461643035363933346435646363633464636432323462353766363639
+63346464396563656463383961623234366162666236646465336535343234376534616363363661
+64366134356362613535343835643538656333363935313865383436303230373634313166333566
+33643962623963356139396366316563623835313265656461636665396361336237353162646236
+38333661323765303932363237383939363336623765376538346538623836373539373339326435
+63656263343862356363616636366461313766363365636339336439333135326633343935653739
+63623839343338616336626163623261613062643433333331656230303138313037336536303638
+37643639336633386239366463383130623637633938313534323066643930313931313965313562
+66386434303964646363346634393230313132383764323635313430336565343837653536336238
+31303937636165393939653965303766653937376639656333643636623334346261666432336235
+64326366656635303635666161333231323530376236303238336663656562353132373265396434
+63663431626664626130333765346430633061333238363033343737633766633663633266363835
+35616533336666353033316462643732363565663162623630313462663761363333623663336163
+31626461663435303435663161626134343535383832366430653036323037343533356230386438
+34303335666663373638323761303135646330626566373065666130393863666539303037376231
+61643832633463323831623866333432353734313863643235386333396538383531303434376536
+65376336653864636230643861616530333666623036393435333237343137316463613730633066
+61346535356461653734396661643332323666393631313133353333666137613035346237313362
+65363433393066346131323733363034303031326563343161323366343866336338333832343832
+61633762323962393531313164313232356630333935623662383639363336393165343636393033
+34656466636632316365383038613130373535393532646136303063376431323963653163623665
+37353765616633303134346364643564613136633165396162343231626634353831373638656138
+34336536653533326661366332363239626233346436613738626339643433323438356139633762
+66613937613830306530646239363834613533346432376463663230363432343165353233643436
+39666233633266636136383335386539383263356534353563316365613336363965633039396430
+62376339396233653864373031353436633333666636643739313766643037306463323235363732
+38356630623739303761303133366436333536363131663633376566643030643334353137646436
+30666634346232656237363935666337393332333031353534646137373464326237353731303635
+66663461383932613333653665343361393161306462386362643562663861363238636633363231
+31666662613266333832343639376564363865643336373961653334656630313939353762623765
+64633964643332356562623061376335666566383539333334303964636137313539373039623532
+38373763626261316662333766613362633063653062363730383365323839386365373830663632
+34623031363266333461396164613433306338313830373564626439336662303365343335636164
+37373238656238646437636237366335623039656536323732386635633233336230346230336631
+63646238376232346630353565373534623034313639386539366662336534323231626136653436
+39613165336464333433333862333331613761323263636337336231353733373632313530636266
+30343233663161306166623033666664336161613664326636336533616335316462646539663438
+38316533646161656335333938343866623865313235646265373565323862356438383339353263
+37646431643935303965326132323131346231616262313964643736393334656233333864646261
+66353666303666656535326266343262306137633139303734613965333232633766326437333638
+33323061623032326563626132383935626230343030303337663530356333316533346164326461
+39666239303439343135613930363238356531356536333535396238366130663565663332323537
+30346234386166343332353132623036383732336166626662616666663539316161373934333030
+64316539376561613937666562656635343165323636636433656638303031373935616435646332
+63393039613466383034313037383063313830616563646233306164353439653832313463393566
+36353162353365653065386532333233363864626339383232313264333835366334363564313165
+63326135393432636634376534356665633733316133373666366337316566303634653637363466
+63623761623032393361393630613036346637356465643838393366393966373035333861623434
+63623835383132623766366639313837323539333933346165666138626139623965373962663835
+62643661616565353138343262323366653330366164313031623861663234353966383737386664
+30333564613631643762613932396666653566323536353961353933376262323739653338383538
+34666231616635333866306535393730313837346638393665316563323538386366323630383334
+32303361383231313863346166653233616364333736346264393836643935373065346438633138
+64323636623066303537373762303932303963303430383839656361386437646564383937333239
+64306238663130666234626537303466383162316230373633373766346338323865616435653838
+30613435356337613261373330323536646333376333366531326165383336623735353834643337
+32386561653035376663633062373133303036363133303564636461313235373030623337326237
+36666462353337373437326236623531366564323065623530633663363866373364373536653232
+30633634376336313366376161316633323238313261616233316339343230306131643531626163
+38303632653432643436626339373536616366653062613739666233613638626133353632633739
+61663230656366376537346434303266303263663064303932383035333764633135376236316232
+33626566333030346562613531313534326564383130396366353664616439323465616165323865
+65643663643633326435613565346132313866633932636561326536643138643137313836613062
+62313930663338616362336231643831316130643736633566303565626434623666633762643935
+61343633386134373935376339393965333666383731623832373936613764376361653737333236
+65663666353736366266316233646536343763633163383539306364383566383131333530633833
+37666639643663363531643930656332633030373531323334663632653363623936346634626531
+35636535646462623939303965383661346161326231303031346136613462313062303233653633
+31333237333331643138663530393537323231653637363032613133616130626333343739666164
+32343164363965643335646165343632626161373638343062656639653461653637326238303865
+36663830323066363562626666306431316165313265356139313033613065326461363963316633
+65306261633233373066393539326138313238656663303334626362313564393637313930616266
+33366137643163343933383962303539386131623063616632323831306230316264356336396338
+64623931333161336631313163356637336562323738336638363831363064363034636435376538
+35636166303630663466306630383432633030363762323363616562636135376566306630323065
+33303333323563633533653932653434623636303966343466336633303537393137336439386530
+39666431383636646634376332653131353465633664316266383835373332303936653936363737
+62393038646434623265663730653938646438343336396537316436633837383862353839386464
+33376264353537626231393366666139343833363135646233633638666234383566383934323732
+62313031323534356233623932623663346632646464323566623636333433333664313130383561
+33333231346435323266336261623665336630333166633561363963376439323736623362383030
+38393138353337383466366334373130393633393331393632666435373737306237383562343235
+35656163343939626130353537393032643732613631313233366637303663653635306539383430
+36333465306539613935643131393266366361313361313832313630373065653031663564663535
+35343430373061313061616164363530373731666239653130613731323734373136323736313161
+32613430376136656337646563646365356466616539613337393737356662646530386133646562
+38633732396338373361326338323862326138666461306264353137316532636564626230313635
+38316435363965343035303363353831646439666363363130656364636532656430633135383163
+66656532353662616134393439666561616436333463343962393739326337323965366165633963
+383861353830666365343437396238366138

roles/lmn_kde/tasks/main.yml

@@ -72,13 +72,14 @@
       [%General]
       Driver=QSQLITE3
 
-
+## Akonadi complains if not set:
 - name: Add home dirs to apparmor
   lineinfile:
     dest: /etc/apparmor.d/tunables/home.d/ubuntu
     line: >-
       @{HOMEDIRS}+=/srv/samba/schools/default-school/teachers/
       /srv/samba/schools/default-school/students/*/
+      /srv/samba/schools/default-school/examusers/
 
 
 - name: tune SDDM login

roles/lmn_localuser/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+- name: Mount tmpfs on /home/{{ localuser }}
+  ansible.posix.mount:
+    name: /home/{{ localuser }}
+    src: tmpfs
+    fstype: tmpfs
+    opts: uid=1001,gid=1001,mode=755,size=4G
+    state: mounted
+
+- name: Add local guest user
+  ansible.builtin.user:
+    name: "{{ localuser }}"
+    comment: "Local Guest User,,,"
+    shell: /bin/bash
+    uid: 1001
+    password_expire_min: 99999
+    createhome: false
+    password: "{{ localuser_pwd }}"
+
+- name: Prepare generator for local guest user
+  ansible.builtin.copy:
+    dest: /etc/systemd/user-environment-generators/60-guest-user.sh
+    content: |
+      #!/usr/bin/bash
+      set -eu
+      [[ "$UID" -ne 1001 ]] && exit 0
+      cp -r -n /etc/skel/.* "$HOME"
+    mode: "0755"

roles/lmn_mount/tasks/main.yml

@@ -19,7 +19,7 @@
         path="{{ web_dav }}"
         mountpoint="/lmn/media/%(USER)/nextcloud"
         options="username=%(USER),nosuid,nodev,uid=%(USER),gid=1010,grpid,file_mode=0770,dir_mode=0770,forceuid,forcegid"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- Volume definitions -->"
   when: web_dav is defined and web_dav | length > 0
@@ -35,7 +35,7 @@
         path="{{ smb_share }}"
         mountpoint="/srv/samba/schools/default-school"
         options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- Volume definitions -->"
 

roles/lmn_printer/tasks/main.yml

@@ -30,7 +30,7 @@
         path="sysvol/"
         mountpoint="/srv/samba/%(USER)/sysvol"
         options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- Volume definitions -->"
 

roles/lmn_vm/tasks/main.yml

@@ -25,17 +25,17 @@
         path="~"
         mountpoint="/lmn/media/%(USER)/home"
         options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
       <volume
         path="/srv/samba/schools/default-school/share"
         mountpoint="/lmn/media/%(USER)/share"
         options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
 
-- name: Use umount script for proper ordering
+- name: Use umount script for proper cleanup
   blockinfile:
     dest: /etc/security/pam_mount.conf.xml
     marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (umount script needed for bind mounts ordering) -->"

roles/lmn_wlan/tasks/main.yml

@@ -4,20 +4,24 @@
 ---
 - name: Configure WLAN for devices
   community.general.nmcli:
-    conn_name: FVS-devices
+    conn_name: "{{ ssid }}"
     type: wifi
-    ssid: FVS-devices
+    ssid: "{{ ssid }}"
     ifname: "{{ ansible_interfaces | select('search', 'wl.+') | first }}"
     wifi_sec:
       key-mgmt: wpa-psk
       psk: "{{ wifipasswd }}"
     autoconnect: true
     state: present
-  when: not run_in_installer|default(false)|bool
+  when: |
+    not run_in_installer|default(false)|bool and
+    ansible_interfaces | select('search', 'wl.+') | first is defined
 
 - name: Provide WLAN config during installation
   template:
-    src: FVS-devices.nmconnection.j2
-    dest: /etc/NetworkManager/system-connections/FVS-devices.nmconnection
+    src: ssid.nmconnection.j2
+    dest: "/etc/NetworkManager/system-connections/{{ ssid }}.nmconnection"
     mode: '0600'
-  when: run_in_installer|default(false)|bool
+  when: |
+    run_in_installer|default(false)|bool and
+    ansible_interfaces | select('search', 'wl.+') | first is defined

wol-generator.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/bash
+#
+# Pipe the '--list-hosts' output of ansible into this program to wake up all corresponding hosts:
+#
+# ansible-playbook [...] -i inventory/inventory.yml -l R317 --list-hosts | ./wol-generator.sh
+#
+set -eu
+
+tmpf="$(mktemp)"
+devs='devices.csv'
+
+while read -r line ; do
+    sed -nE -e "s%.*(..:..:..:..:..:..);(${line//./\\.});.*%\1  \2%p" "$devs" >> "$tmpf"
+done < <(cat - | grep -E "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+")
+
+wakeonlan -f "$tmpf"
+rm "$tmpf"