Create final task including lmn_finish and lmn_tmpfixes

lmn_tmpfixes is used for:
- temporary fixes and quirks
- cleaning up stuff from obsolete/erroneous tasks

lmn_finish is used for:
- installing extra_pkg
- setting ansible-stamps

lmn-client.yml

@@ -82,7 +82,6 @@
       when: vm_support
     - lmn_printer
     - kerberize
-    - lmn_security
     - lmn_misc
     - role: lmn_localhome
       when: localhome
@@ -94,7 +93,6 @@
       when:
         - ansible_interfaces | select('search', 'wl.+') | first is defined
         - wlan != none
-    - role: lmn_extrapkgs
 
   tasks:
     - name: Include custom roles
@@ -105,255 +103,18 @@
         loop_var: rolename
       when: custom_roles is defined
 
-    ## Temporary fixes and quirks:
-    - name: Remove disturbing NetworkManager connection
-      ansible.builtin.file:
-        path: "/etc/NetworkManager/system-connections/Wired connection 1"
-        state: absent
-      when: ansible_interfaces | select('search', '^en[pso].+') | length > 1
-
-    - name: Fix 8086:4909 external graphics card
-      ansible.builtin.replace:
-        dest: "/etc/default/grub"
-        regexp: 'GRUB_CMDLINE_LINUX=""$'
-        replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
-      notify: Run update-grub
-      when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
-
-    - name: Fix sound on 312A
-      ansible.builtin.replace:
-        dest: "/etc/default/grub"
-        regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
-        replace: 'GRUB_CMDLINE_LINUX=""'
-      notify: Run update-grub
-      when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
-
-    - name: Fix sound on 312A and 312D
-      ansible.builtin.apt:
-        name: firmware-sof-signed
-        state: latest
-      when: >
-        ansible_board_vendor == "LENOVO" and
-        (ansible_board_name == "312D" or ansible_board_name == "312A")
-
-    - name: Install customized CodeBlocks packages
-      when: "'PCroom' in group_names"
-      block:
-        - name: Check for old CodeBlocks
-          ansible.builtin.command:
-            cmd: dpkg -l codeblocks
-          register: codeblocks_version
-          changed_when: false
-
-        - name: Download codeblocks zip archive
-          ansible.builtin.get_url:
-            url: "http://livebox.pn.steinbeis.schule/codeblocks/CodeBlocks.zip"
-            dest: /tmp/CodeBlocks.zip
-            mode: '0644'
-            use_proxy: false
-          register: new_codeblocks
-          when: codeblocks_version.stdout is not search('svn13544')
-
-        - name: Unpack zip archive and install packages manually
-          ansible.builtin.shell:
-            cmd: unzip -d /tmp/cb/ CodeBlocks.zip && dpkg -i cb/*.deb
-            chdir: /tmp/
-          when: new_codeblocks.changed | default(false)
-
-## Clean up stuff from obsolete/faulty tasks:
-    - name: Remove sddm login screen patch with deprecated marker (homeondisk)
-      ansible.builtin.blockinfile:
-        path: /usr/share/sddm/themes/debian-breeze/Main.qml
-        marker: // {mark} ANSIBLE MANAGED BLOCK homeondisk
-        state: absent
-
-    - name: Remove packages we do not need anymore
-      ansible.builtin.apt:
-        name:
-          - cachefilesd
-          - mosquitto
-        state: absent
-        purge: true
-
-    - name: Remove virtiofs service
-      ansible.builtin.file:
-        path: /etc/systemd/system/virtiofs@.service
-        state: absent
-
-    - name: Fix mount point permissions and owner
-      ansible.builtin.file:
-        path: "{{ item }}"
-        mode: '0755'
-        owner: root
-        group: root
-      loop:
-        - /srv/samba
-        - /srv/samba/schools
-
-    - name: Remove pam_mount sysvol mount
-      ansible.builtin.blockinfile:
-        dest: /etc/security/pam_mount.conf.xml
-        marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (SysVol) -->"
-        block: |
-          <volume
-            fstype="cifs"
-            server="{{ smb_server }}"
-            path="sysvol/"
-            mountpoint="/srv/samba/%(USER)/sysvol"
-            options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
-            ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
-          </volume>
-        state: absent
-
-    - name: Remove pam_mount for VM bind mounts
-      ansible.builtin.blockinfile:
-        dest: /etc/security/pam_mount.conf.xml
-        marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mount school for VMs) -->"
-        state: absent
-
-    - name: Check if rmlpr.timer is installed
-      ansible.builtin.stat:
-        path: /etc/systemd/system/rmlpr.timer
-      register: rmlpr
-
-    - name: Disable rmlpr.timer
-      ansible.builtin.systemd:
-        name: rmlpr.timer
-        enabled: false
-      when: rmlpr.stat.exists
-
-    - name: Check if vmimage-torrent.service is installed
-      ansible.builtin.stat:
-        path: /etc/systemd/system/vmimage-torrent.service
-      register: vmimagetorrent
-
-    - name: Disable vmimage-torrent.service
-      ansible.builtin.systemd:
-        name: vmimage-torrent.service
-        enabled: false
-      when: vmimagetorrent.stat.exists
-
-    - name: Remove deprecated files and directories
-      ansible.builtin.file:
-        path: "{{ item }}"
-        state: absent
-      with_items:
-        - /etc/linuxmuster-linuxclient7
-        - /usr/lib/python3/dist-packages/linuxmusterLinuxclient7
-        - /usr/share/linuxmuster-linuxclient7
-        - /usr/local/bin/onLogin
-        - /etc/sudoers.d/90-lmn-sudotools
-        - /etc/systemd/system/rmlpr.service
-        - /etc/systemd/system/rmlpr.timer
-        - /usr/local/bin/sync-vm.sh
-        - /usr/local/bin/run-vm.sh
-        - /usr/local/bin/rebase-vm.sh
-        - /usr/local/bin/create-vm.sh
-        - /usr/local/bin/upload-vm.sh
-        - /usr/local/bin/vmimage-torrent
-        - /etc/systemd/system/vmimage-torrent.service
-        - /usr/local/bin/linbo-torrenthelper.sh
-        - /usr/local/bin/link-images.sh
-        - /usr/local/bin/start-virtiofsd.sh
-        - /etc/sudoers.d/90-lmn-upload-vm
-        - /etc/sudoers.d/90-lmn-sync-vm
-        - /etc/sudoers.d/90-lmn-startvirtiofsd
-        - /etc/sudoers.d/90-lmn-link-images
-        - /etc/rsync.secret
-        - /etc/systemd/network/30-virbr1.netdev
-        - /etc/systemd/network/30-virbr2.netdev
-        - /etc/systemd/network/40-ethernet.network
-        - /etc/systemd/network/40-ethernet-usb.network
-        - /etc/systemd/network/50-virbr1.network
-        - /etc/systemd/network/50-virbr2.network
-        - /etc/systemd/network/60-wlan0-dhcp.network
-        - /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
-        - /etc/tmpfiles.d/clean-exam.conf
-        - /etc/polkit-1/rules.d/lmn-networkmanager.rules
-        - /etc/polkit-1/rules.d/lmn-packagekit.rules
-
-    - name: Check if vm_usage_information.txt exists
-      ansible.builtin.stat:
-        path: /lmn/vm/vm_usage_information.txt
-      register: vm_usage_information
-
-    - name: Pre-fill vm_usage_information.txt
-      ansible.builtin.shell:
-        cmd: |
-          ls -tr *.qcow2 > vm_usage_information.txt || touchvm_usage_information.txt
-          chown lmnsynci:lmnsynci vm_usage_information.txt
-        chdir: /lmn/vm/
-      when: not vm_usage_information.stat.exists
-
-    - name: Detect if IPP-Everywhere printers exist
-      ansible.builtin.shell:
-        cmd: grep "IPP Everywhere" /etc/cups/printers.conf
-      register: ipp_everywhere
-      failed_when: false
-      changed_when: false
-
-    - name: Delete old IPP-Everywhere printers
-      ansible.builtin.shell:
-        cmd: |
-          for p in $(lpstat -p | cut -d" " -f2); do
-            lpadmin -x "$p"
-          done
-      when: not ipp_everywhere.rc
-
-    - name: Remove old VM-printerlists
-      ansible.builtin.shell:
-        cmd: rm -f /lmn/media/*/.printerlist.csv
-
-    - name: Remove Listen on VMBridge
-      ansible.builtin.lineinfile:
-        dest: /etc/cups/cupsd.conf
-        line: 'Listen 192.168.122.1:631'
-        state: absent
-
-    - name: Remove NetworkManager Ansible-Block for non-laptops
-      ansible.builtin.blockinfile:
-        path: /etc/NetworkManager/NetworkManager.conf
-        state: absent
-      when: "'laptop' not in group_names"
-
-    - name: Remove pam-exec from common-auth
-      ansible.builtin.lineinfile:
-        dest: /etc/pam.d/common-auth
-        line: "auth    optional        pam_exec.so /usr/local/sbin/pam-exec.sh"
-        state: absent
-      when: exam_mode
-
-    - name: Remove pam-mkhomedir from common-session
-      ansible.builtin.lineinfile:
-        dest: /etc/pam.d/common-session
-        line: "session  optional        pam_mkhomedir.so  umask=0077"
-        state: absent
-      when: localhome
-
-## bookworm fixes/hacks:
-    - name: Work around sddm hang on shutdown
-      ansible.builtin.lineinfile:
-        path: /etc/systemd/system.conf
-        line: DefaultTimeoutStopSec=5s
-        insertafter: '^#DefaultTimeoutStopSec=.*'
-
-    - name: Patch spyder to fix 'file-has-changed' issues on CIFS
-      ansible.posix.patch:
-        src: spyder.patch
-        dest: /usr/lib/python3/dist-packages/spyder/plugins/editor/widgets/editor.py
 
 #################
 
-    - name: Timestamp successfull run and send up-to-date report
-      ansible.builtin.shell:
-        cmd: date --iso-8601=seconds >> /var/local/ansible-stamps && /usr/local/sbin/reporter
-      changed_when: false
-      tags: upgrade
-
-    - name: Force ansible-run after install trough emitter by setting timestamp in the past
-      ansible.builtin.shell:
-        cmd: echo "2020-01-01T00:00:00+01:00" >> /var/local/ansible-stamps && /usr/local/sbin/reporter
-      when: run_in_installer|default(false)|bool
+    - name: Final tasks
+      ansible.builtin.include_role:
+        name: "{{ role }}"
+      loop_control:
+        loop_var: role
+      loop:
+        - lmn_security
+        - lmn_finish
+        - lmn_tmpfixes
 
 #################
 

roles/lmn_extrapkgs/defaults/main.yml

@@ -1,2 +0,0 @@
-extra_pkgs: []
-extra_pkgs_bpo: []

roles/lmn_finish/defaults/main.yml

@@ -0,0 +1,6 @@
+extra_pkgs: []
+extra_pkgs1: []
+extra_pkgs2: []
+extra_pkgs_bpo: []
+extra_pkgs_bpo1: []
+extra_pkgs_bpo2: []

roles/lmn_finish/tasks/main.yaml

@@ -1,14 +1,11 @@
 ---
-- name: Merge extra_pkgs and extra_pkgs_bpo lists
-  ansible.builtin.set_fact:
-    extra_pkgs: "{{ extra_pkgs + lookup('vars', 'extra_pkgs' + item, default=[]) }}"
-    extra_pkgs_bpo: "{{ extra_pkgs_bpo + lookup('vars', 'extra_pkgs_bpo' + item, default=[]) }}"
-  loop: "{{ range(1, 11) | map('string') | list }}"
-
 - name: Install extra packages from stable
   ansible.builtin.apt:
-    name: "{{ extra_pkgs }}"
-  when: extra_pkgs|length
+    name: "{{ item }}"
+  loop:
+    - "{{ extra_pkgs }}"
+    - "{{ extra_pkgs1 }}"
+    - "{{ extra_pkgs2 }}"
 
 - name: Add backports for {{ ansible_distribution_release }}
   ansible.builtin.apt_repository:
@@ -17,11 +14,20 @@
       main non-free-firmware
     state: present
     update_cache: true
-  when: extra_pkgs_bpo|length
+#  when: extra_pkgs_bpo|length
 
 - name: Install extra packages from backports
   ansible.builtin.apt:
-    name: "{{ extra_pkgs_bpo }}"
+    name: "{{ item }}"
     state: latest # noqa package-latest
     default_release: "{{ ansible_distribution_release }}-backports"
-  when: extra_pkgs_bpo|length
+  loop:
+    - "{{ extra_pkgs_bpo }}"
+    - "{{ extra_pkgs_bpo1 }}"
+    - "{{ extra_pkgs_bpo2 }}"
+
+- name: Timestamp successfull run and send up-to-date report
+  ansible.builtin.shell:
+    cmd: date --iso-8601=seconds >> /var/local/ansible-stamps && /usr/local/sbin/reporter
+  changed_when: false
+  tags: upgrade