lmn_tmpfixes is used for:
- temporary fixes and quirks
- cleaning up stuff from obsolete/erroneous tasks
lmn_finish is used for:
- installing extra_pkg
- setting ansible-stamps
- Add variable to configure sudo-program permissions (`sudo_permissions`)
- Add variable to configure polkit-rules (`polkit_rules`)
- Migrate sudo and polkit permissions from lmn_teacherlaptop role to inventory
- Separate `lmn_vpn` from `lmn_teacherlaptop`.
- Implement a check for the availability of the wireguard-server during the wg-config rollout.
- Enhance variable support with a standardized naming schema:
- VPN selection via `vpn` variable (`none`, `wg`).
- Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath).
- Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts
to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked.
- Ensure required packages and services are only installed and configured if the `vpn` variable is set.
- Provide documentation for `lmn_vpn` module.
- Consolidate `lmn_wlan`, `lmn_wlan_nm`, and `lmn_wlan_8021x` into single `lmn_wlan` role.
- Implement a check for the availability of the radius-server during the EAP-TLS rollout.
- Enhance variable support with a standardized naming schema:
- Mode selection via `wlan` variable (`none`, `psk`, `eap-tls`).
- EAP-TLS CA configuration (CA information, email address, CA password).
- Introduce a switch to force the (re-)issue of existing certificates.
- PSK configuration through `wlan_ssid` and `wlan_password`.
- Add a check to verify if the radius certificate is revoked.
- Ensure required packages and services are only installed and configured if the `wifi` variable is set.
Use variable localhome to determines whether the localhome module is installed.
Default: localhome=false
Further changes:
- Move pam-exec from common-auth to common-session
- Move pam-mkhomedir before pam-mount to avoid double login on first use
on localhome devices
Iwd as wifi-backend has some disadvantages:
- teachers cannot add wpa-Enterprise connections with the
networkManager
- gnome-network-displays (miracast) does not work
Switching to wpa-supplicant will solve these problems.
The issue has been reported to upstream in spyder-ide/21877.
The patch implements a more tolerant file modification detection
and only reports differences greater than 1000 ms.
We don't have the time to test all upgrades in advance. Therefore, it's
safer to install all updates unattended and live with the (rare) risk of
faulty ones.
This reverts the commits:
b4d9cbdb94a29d89a7ab
NetworkManager has problems using the default 'Wired Connection 1'
setting for more than one network card, so it is better to remove this file
and NetworkManager will use default 'Wired Connections' in memory.
Systemd-networkd is no longer used.
NetworkManager creates a MACVTAP device for each physical Ethernet device.
When calling vm-run with option macvtap, all macvtap-devices are passed to the VM.
- Wifi-devices will be managed by NetworkManager
- (USB-)Dockingstation with same MAC as internal device
will be assigned to virbr1
- users with role-teacher have privilege
- to create new NetworkManager connections
- install additional software
- change luks-key
- package plasma-discover will not be removed (for teacherlaptops)
- http-proxy-Settings will be configured by auto-detect
- providing sudo-script to mount default-school from server after
wireguard-connection is established
- user-home is on local disk
- additional entry in dolphin: home@server
- display info about localhome on login-screen
- provide unison-config for sync home with home@server
- force user to be logged out immediately after first login, because
home-dir must exists for bind-mounts on /lmn/media
