Eliminate bind mounts that are no longer required for virtual machines (VMs)

roles/lmn_vm/tasks/main.yml

@@ -29,32 +29,6 @@
     #     insertafter: '#auth_unix_rw = "polkit"'
     #   notify: reload libvirtd
 
-- name: Configure pam_mount for VM bind mounts
-  ansible.builtin.blockinfile:
-    dest: /etc/security/pam_mount.conf.xml
-    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mounts for VMs) -->"
-    block: |
-      <!-- bind mounts for the VMs, setting gid here does not work -->
-      <volume
-        path="~"
-        mountpoint="/lmn/media/%(USER)/home"
-        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
-      </volume>
-      <volume
-        path="/srv/samba/schools/default-school/share"
-        mountpoint="/lmn/media/%(USER)/share"
-        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
-      </volume>
-      <volume
-        path="/srv/samba/schools/default-school"
-        mountpoint="/lmn/media/%(USER)/school"
-        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
-      </volume>
-    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
-
 - name: Use umount script for proper cleanup
   ansible.builtin.blockinfile:
     dest: /etc/security/pam_mount.conf.xml

roles/lmn_vpn/files/10-lmn-mount.sh

@@ -29,19 +29,16 @@ if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
     umask 0002
     mkdir -p /srv/samba/schools/default-school
     chmod 777  /srv/samba/schools/default-school
-    mkdir -p "/lmn/media/${USERNAME}/share"
 
     mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
           -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=${GROUPID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
 	  echo "after mount" >&2
-    mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share"
     SUDO_USER=$USERNAME /usr/local/bin/install-printers.sh
   elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then
     # FIXME: Only umount server when Wireguard-Connection was the only connection to server.
     # Dirty fix (works only in fvs-IP-Range)
     if ! (ip r s | grep "10.190." | grep -v wg0); then
-      echo "Try to umount server shares"
-      umount "/lmn/media/${USERNAME}/share"
+      echo "Try to umount server"
       umount /srv/samba/schools/default-school
     fi
   fi

roles/lmn_vpn/files/mountserver

@@ -3,7 +3,6 @@ set -eu
 
 exit_script() {
     echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log"
-    findmnt "/lmn/media/${SUDO_USER}/share" && umount "/lmn/media/${SUDO_USER}/share"
     findmnt "/srv/samba/schools/default-school" && umount "/srv/samba/schools/default-school"
     trap - SIGHUP SIGINT SIGTERM # clear the trap
     kill -- -$$ # Sends SIGTERM to child/sub processes
@@ -14,11 +13,9 @@ findmnt /srv/samba/schools/default-school > /dev/null && exit 0
 umask 0002
 mkdir -p /srv/samba/schools/default-school
 chmod 777  /srv/samba/schools/default-school
-mkdir -p "/lmn/media/${SUDO_USER}/share"
 
 mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
       -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
-mount --bind /srv/samba/schools/default-school/share "/lmn/media/${SUDO_USER}/share"
 
 echo "Einbindung erfolgreich!"
 echo "Dieses Fenster bitte nicht schließen!"