From b518b9a2062f9b60f5bc5b6592cf1abd2cff53bd Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andreas.mundt@steinbeisschule-reutlingen.de>
Date: Wed, 6 Sep 2023 08:50:52 +0200
Subject: [PATCH] Set sticky bit (restricted deletion flag) to allow PAM mount
 as user.

---
 roles/lmn_vm/tasks/main.yml | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml
index 82ddd0a..dd934cf 100644
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@@ -49,25 +49,31 @@
     dest: /usr/local/sbin/pam-umount.sh
     mode: "0755"
 
-- name: autostart default network for VMs
+- name: Autostart default network for VMs
   file:
     src: /etc/libvirt/qemu/networks/default.xml
     dest: /etc/libvirt/qemu/networks/autostart/default.xml
     state: link
 
-- name: create system-user syncing VM-files and others
+- name: Create system-user syncing VM-files and others
   ansible.builtin.user:
     name: lmnsynci
     comment: lmn sync user
     system: true
     create_home: false
 
-- name: create vm directory
+- name: Create /lmn directory
   file:
     path: /lmn
     state: directory
 
-- name: create vm directory
+- name: Create /lmn/media directory
+  file:
+    path: /lmn/media
+    state: directory
+    mode: '1777'
+
+- name: Create vm directory
   file:
     path: /lmn/vm
     state: directory
@@ -75,26 +81,26 @@
     group: lmnsynci
     mode: 0755
 
-- name: install squid
+- name: Install squid
   apt:
     name:
       - squid
     state: latest
     autoremove: true
 
-- name: disable squid
+- name: Disable squid
   systemd:
     name: squid
     enabled: false
     state: stopped
 
-- name: deploy squid user mode configuration
+- name: Deploy squid user mode configuration
   template:
     src: squid-usermode.conf.j2
     dest: /etc/squid/squid-usermode.conf
     mode: '0644'
 
-- name: deploy sudo configurations
+- name: Deploy sudo configurations
   copy:
     src: "{{ item }}"
     dest: "/etc/sudoers.d/90-{{ item }}"
@@ -108,7 +114,7 @@
     - lmn-link-images
     - lmn-startvirtiofsd
 
-- name: deploy vmimages scripts
+- name: Deploy vmimages scripts
   copy:
     src: "{{ item }}"
     dest: /usr/local/bin/
@@ -178,7 +184,7 @@
     - /usr/local/share/desktop-directories
   notify: Run update-desktop-database
 
-- name: set owner lmnsynci for menu entry directory
+- name: Set owner lmnsynci for menu entry directory
   file:
     path: /usr/local/share/applications
     state: directory
@@ -196,7 +202,7 @@
     dest: /etc/xdg/menus/applications-merged/
   notify: Run update-desktop-database
 
-- name: sync .torrent, .xml and .desktop files and run update-desktop-database
+- name: Sync .torrent, .xml and .desktop files and run update-desktop-database
   command: sudo -u lmnsynci /usr/local/bin/sync-vm.sh -t
   register: result
   changed_when: result.stdout | length > 0