From d285b9dbf034de01ab8a01e55d883ece898ae03c Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Mon, 5 Feb 2024 12:59:23 +0100
Subject: [PATCH] vm-upload must be run as user root

---
 roles/lmn_vm/files/lmn-vm      | 2 +-
 roles/lmn_vm/files/vm-rebase   | 2 +-
 roles/lmn_vm/files/vm-upload   | 5 ++++-
 roles/lmn_vm/handlers/main.yml | 8 --------
 roles/lmn_vm/tasks/main.yml    | 9 +--------
 5 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/roles/lmn_vm/files/lmn-vm b/roles/lmn_vm/files/lmn-vm
index 4f90db8..7d4011e 100644
--- a/roles/lmn_vm/files/lmn-vm
+++ b/roles/lmn_vm/files/lmn-vm
@@ -22,4 +22,4 @@ lmnsynci ALL=(root) NOPASSWD: /usr/local/bin/vm-aria2
 %role-teacher ALL=(root) NOPASSWD: /usr/local/bin/desktop-sync
 
 # vm-upload:
-%role-teacher ALL=(lmnsynci) NOPASSWD: /usr/local/bin/vm-upload
+%role-teacher ALL=(root) NOPASSWD: /usr/local/bin/vm-upload
diff --git a/roles/lmn_vm/files/vm-rebase b/roles/lmn_vm/files/vm-rebase
index b235760..4182390 100755
--- a/roles/lmn_vm/files/vm-rebase
+++ b/roles/lmn_vm/files/vm-rebase
@@ -72,7 +72,7 @@ qemu-img rebase -f qcow2 -b "${NEWBASE}" -F qcow2 "${VM_NAME}.qcow2"
 if [[ -v NEWNAME ]]; then
     NEWNAME="${NEWNAME}.qcow2"
 else
-    rm "${CURRENTBASE}"
+    rm -f "${CURRENTBASE}"
     NEWNAME="${CURRENTBASE}"
 fi
 
diff --git a/roles/lmn_vm/files/vm-upload b/roles/lmn_vm/files/vm-upload
index 732b59b..1fbdda3 100755
--- a/roles/lmn_vm/files/vm-upload
+++ b/roles/lmn_vm/files/vm-upload
@@ -16,7 +16,7 @@ upload_image() {
         echo "File not found ${VM_NAME}.qcow2" >&2
         exit 1
     fi
-    sudo vm-aria2 stop "${VM_NAME}" || echo "VMImage-torrent not running"
+    vm-aria2 stop "${VM_NAME}" || echo "VMImage-torrent not running"
     # link private VM-Diskimage to system-Dir
     if [[ -f "${VM_DIR}/${VM_NAME}.qcow2" \
           &&   ( -f "${VM_SYSDIR}/${VM_NAME}.qcow2" && ("${VM_DIR}/${VM_NAME}.qcow2" -nt "${VM_SYSDIR}/${VM_NAME}.qcow2") \
@@ -26,6 +26,9 @@ upload_image() {
       ln -f "${VM_DIR}/${VM_NAME}.qcow2" "${VM_SYSDIR}/${VM_NAME}.qcow2"
     fi
     cd "${VM_SYSDIR}"
+    if [[ -f "/tmp/${VM_NAME}.qcow2.torrent" ]]; then
+      rm -f "/tmp/${VM_NAME}.qcow2.torrent"
+    fi
     uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \
 	       --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${VM_NAME}.qcow2"
 }
diff --git a/roles/lmn_vm/handlers/main.yml b/roles/lmn_vm/handlers/main.yml
index 53ff53c..6af3160 100644
--- a/roles/lmn_vm/handlers/main.yml
+++ b/roles/lmn_vm/handlers/main.yml
@@ -3,14 +3,6 @@
     name: libvirtd.service
   listen: reload libvirtd
 
-- name: Enable vmimage-torrent service
-  systemd:
-    name: vmimage-torrent.service
-    state: restarted
-    daemon_reload: true
-    enabled: true
-  listen: "enable vmimage-torrent.service"
-
 - name: Run update-desktop-database
   command: update-desktop-database "{{ item }}"
   loop:
diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml
index 3227054..3409db2 100644
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@@ -197,14 +197,7 @@
     content: |
       allow virbr0
       allow virbr1
-
-- name: Deploy rsync.secret
-  lineinfile:
-    path: /etc/rsync.secret
-    line: "{{ rsyncsecret }}"
-    create: True
-    mode: '0600'
-
+      allow virbr2
 
 - name: Configure macvtap interface
   ansible.builtin.copy: