diff --git a/roles/lmn_kde/tasks/main.yml b/roles/lmn_kde/tasks/main.yml index 8a1caaf..6f3f963 100644 --- a/roles/lmn_kde/tasks/main.yml +++ b/roles/lmn_kde/tasks/main.yml @@ -3,7 +3,7 @@ ansible.builtin.debconf: name: wireshark-common question: wireshark-common/install-setuid - value: true + value: 'true' vtype: boolean - name: Preseed ttf-mscorefonts-installer diff --git a/roles/lmn_mount/files/lmn-mounthome.sh b/roles/lmn_mount/files/lmn-mounthome.sh new file mode 100644 index 0000000..44f81e1 --- /dev/null +++ b/roles/lmn_mount/files/lmn-mounthome.sh @@ -0,0 +1,3 @@ +if [[ "${UID}" -gt 60000 ]]; then + sudo /usr/local/bin/mounthome.sh & +fi diff --git a/roles/lmn_mount/tasks/main.yml b/roles/lmn_mount/tasks/main.yml index 3927d1a..9e22dfa 100644 --- a/roles/lmn_mount/tasks/main.yml +++ b/roles/lmn_mount/tasks/main.yml @@ -25,8 +25,8 @@ rootansibleDebian-gdmsddmvirti @@ -78,17 +78,25 @@ line: KillUserProcesses=yes insertafter: '#KillUserProcesses=no' +- name: Umount all user-mounts on logout + blockinfile: + dest: /usr/share/sddm/scripts/Xstop + block: | + for i in $(mount | /usr/bin/grep "/lmn/media/" | /usr/bin/cut -f 3 -d ' '); do + umount $i + done + umount /srv/samba/schools/default-school + - name: Deploy script to generate links in /lmn/media/$USER/ copy: - src: lmn-linkhome.sh + src: lmn-mounthome.sh dest: /etc/profile.d/ mode: '0644' - when: false - name: Bind mount lmn/media with nosuid directory ansible.posix.mount: src: /lmn/media - path: /lmn/nosuidmedia + path: /lmn/media opts: nosuid,bind state: present fstype: none diff --git a/roles/lmn_vm/files/mounthome.sh b/roles/lmn_vm/files/mounthome.sh index 3c0f3bd..1ad2796 100755 --- a/roles/lmn_vm/files/mounthome.sh +++ b/roles/lmn_vm/files/mounthome.sh @@ -5,17 +5,24 @@ home="$(getent passwd "$SUDO_UID" | cut -d : -f 6 | sed 's|/srv/samba/schools/de exit_script() { echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log" - findmnt "/media/${SUDO_USER}/oldhome" && umount "/media/${SUDO_USER}/oldhome" && rmdir "/media/${SUDO_USER}/oldhome" - findmnt "/media/${SUDO_USER}/linuxhome" && umount "/media/${SUDO_USER}/linuxhome" && rmdir "/media/${SUDO_USER}/linuxhome" + findmnt "/lmn/media/${SUDO_USER}/oldhome" && umount "/lmn/media/${SUDO_USER}/oldhome" && rmdir "/lmn/media/${SUDO_USER}/oldhome" + findmnt "/lmn/media/${SUDO_USER}/linuxhome" && umount "/lmn/media/${SUDO_USER}/linuxhome" && rmdir "/lmn/media/${SUDO_USER}/linuxhome" + trap - SIGHUP SIGINT SIGTERM # clear the trap + kill -- -$$ # Sends SIGTERM to child/sub processes +} + +exit_script_home() { + echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log" + umount "/lmn/media/${SUDO_USER}/home" trap - SIGHUP SIGINT SIGTERM # clear the trap kill -- -$$ # Sends SIGTERM to child/sub processes } if [[ "$#" -gt 0 ]] && [[ "$1" = '-u' ]]; then - findmnt "/media/${SUDO_USER}/home" && umount "/media/${SUDO_USER}/home" && rmdir "/media/${SUDO_USER}/home" - #findmnt "/media/${SUDO_USER}/share" && umount "/media/${SUDO_USER}/share" && rmdir "/media/${SUDO_USER}/share" - findmnt "/media/${SUDO_USER}/oldhome" && umount "/media/${SUDO_USER}/oldhome" && rmdir "/media/${SUDO_USER}/oldhome" - findmnt "/media/${SUDO_USER}/linuxhome" && umount "/media/${SUDO_USER}/linuxhome" && rmdir "/media/${SUDO_USER}/linuxhome" + findmnt "/lmn/media/${SUDO_USER}/home" && umount "/lmn/media/${SUDO_USER}/home" && rmdir "/lmn/media/${SUDO_USER}/home" + #findmnt "/lmn/media/${SUDO_USER}/share" && umount "/lmn/media/${SUDO_USER}/share" && rmdir "/lmn/media/${SUDO_USER}/share" + findmnt "/lmn/media/${SUDO_USER}/oldhome" && umount "/lmn/media/${SUDO_USER}/oldhome" && rmdir "/lmn/media/${SUDO_USER}/oldhome" + findmnt "/lmn/media/${SUDO_USER}/linuxhome" && umount "/lmn/media/${SUDO_USER}/linuxhome" && rmdir "/lmn/media/${SUDO_USER}/linuxhome" elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then echo "Einbinden der Daten des alten/bisherigen Systems (PaedML Novell)." echo "Bitte den Username und Passwort aus dem ALTEN System eingeben." @@ -23,12 +30,12 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then read -srp "Passwort: " PASSWD export PASSWD echo - mkdir -p "/media/${SUDO_USER}/oldhome" + mkdir -p "/lmn/media/${SUDO_USER}/oldhome" #errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \ - # "//192.168.1.2/DOCS/fvs" "/media/${SUDO_USER}/oldhome") + # "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome") #if [[ ! "${errcode}" ]]; then - mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \ - "//192.168.1.2/DOCS/fvs" "/media/${SUDO_USER}/oldhome" + mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \ + "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome" #echo "Mounting successfull!" echo "Einbindung erfolgreich!" echo "Dieses Fenster bitte nicht schließen!" @@ -40,9 +47,9 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-l' ]; then echo "Bitte den Username und Passwort aus dem ALTEN System (PaedML Novell) eingeben." echo "Bitte auch Groß- und Kleinschreibung achten." read -rp "Username: " username - mkdir -p "/media/${SUDO_USER}/linuxhome" + mkdir -p "/lmn/media/${SUDO_USER}/linuxhome" mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=1010,reconnect" \ - "sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/media/${SUDO_USER}/linuxhome" + "sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/lmn/media/${SUDO_USER}/linuxhome" #echo "Mounting successfull!" echo "Einbindung erfolgreich!" echo "Dieses Fenster bitte nicht schließen!" @@ -54,19 +61,22 @@ else #chown "${SUDO_USER}:1010" "/media/${SUDO_USER}" chgrp 1010 "/lmn/media/${SUDO_USER}" chmod 0770 "/lmn/media/${SUDO_USER}" - if ! findmnt "/lmn/media/${SUDO_USER}/share"; then - [[ -d "/lmn/media/${SUDO_USER}/share" ]] || mkdir "/lmn/media/${SUDO_USER}/share" - mount --bind "/lmn/media/${SUDO_USER}/.default-school/share" "/lmn/media/${SUDO_USER}/share" - fi + #if ! findmnt "/lmn/media/${SUDO_USER}/share"; then + # [[ -d "/lmn/media/${SUDO_USER}/share" ]] || mkdir "/lmn/media/${SUDO_USER}/share" + # mount --bind "/lmn/media/${SUDO_USER}/.default-school/share" "/lmn/media/${SUDO_USER}/share" + #fi if ! findmnt "/lmn/media/${SUDO_USER}/home"; then [[ -d "/lmn/media/${SUDO_USER}/home" ]] || mkdir "/lmn/media/${SUDO_USER}/home" home="$(getent passwd $SUDO_USER | cut -d: -f6)" - mount --bind "/lmn/media/${SUDO_USER}/.default-school/${home##/srv/samba/schools/default-school/}" "/lmn/media/${SUDO_USER}/home" + mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,nobrl,mfsymlinks" \ + "//server/default-school/${home##/srv/samba/schools/default-school/}" "/lmn/media/${SUDO_USER}/home" + trap exit_script_home SIGHUP SIGINT SIGTERM + sleep infinity fi - #mkdir -p "/media/${SUDO_USER}/home" - #mkdir -p "/media/${SUDO_USER}/share" + #mkdir -p "/lmn/media/${SUDO_USER}/home" + #mkdir -p "/lmn/media/${SUDO_USER}/share" #mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \ - # "//server/default-school/${home}" "/media/${SUDO_USER}/home" + # "//server/default-school/${home}" "/lmn/media/${SUDO_USER}/home" #mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \ - # "//server/default-school/share" "/media/${SUDO_USER}/share" + # "//server/default-school/share" "/lmn/media/${SUDO_USER}/share" fi diff --git a/roles/lmn_vm/files/run-vm.sh b/roles/lmn_vm/files/run-vm.sh index 1f5d496..d368262 100755 --- a/roles/lmn_vm/files/run-vm.sh +++ b/roles/lmn_vm/files/run-vm.sh @@ -108,7 +108,7 @@ fi ## check, if we have to mount home #if ! findmnt "/media/${USER}/home"; then # echo "mounting home." - sudo mounthome.sh + sudo mounthome.sh & #fi # because virsh has problems with long pathnames, using diffent configdir @@ -124,9 +124,10 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then virsh --connect=qemu:///session undefine "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist" # finally, create the new vm virsh --connect=qemu:///session define "${VM_DIR}/${VM_NAME}-clone.xml" - trap exit_script SIGHUP SIGINT SIGTERM + #trap exit_script SIGHUP SIGINT SIGTERM [[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/start-virtiofsd.sh "${VM_NAME}" virsh --connect="${QEMU}" start "${VM_NAME}-clone" fi echo "starting viewer" +trap exit_script SIGHUP SIGINT SIGTERM virt-viewer --connect="${QEMU}" --full-screen "${VM_NAME}-clone" diff --git a/roles/lmn_vm/files/start-virtiofsd.sh b/roles/lmn_vm/files/start-virtiofsd.sh index 83926eb..83d9e0c 100755 --- a/roles/lmn_vm/files/start-virtiofsd.sh +++ b/roles/lmn_vm/files/start-virtiofsd.sh @@ -19,7 +19,7 @@ fi [[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]] && /usr/bin/rm "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" #sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" --announce-submounts -o source="/media/${USER}" -o sandbox=chroot > /dev/null & #sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" -o source="/media/${USER}" -o sandbox=chroot > /dev/null & -/usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/lmn/nosuidmedia/${SUDO_USER}" -o sandbox=chroot > /dev/null & +/usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/lmn/media/${SUDO_USER}" -o sandbox=chroot > /dev/null & # Wait until socket-File exists and chown to user until [[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]]; do echo "waiting for ${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock"