Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								962dc07a2a 
								
							 
						 
						
							
							
								
								Make wg configuration an optional task  
							
							... 
							
							
							
							During installation and automatic updates applied by the emmiter
permissions to access the wg server are not available.
Switch the task on with the tag: "--tags all,wgconfig". 
							
						 
						
							2024-07-24 08:41:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								3e02142123 
								
							 
						 
						
							
							
								
								Improve printer installation script  
							
							... 
							
							
							
							- Remove all printers from known print servers before installing again
- Add second print server 
							
						 
						
							2024-07-24 08:32:31 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								6c8de6d49c 
								
							 
						 
						
							
							
								
								Running virtiofsd with systemd-run prevents process from beeing killed when closing virt-viewer  
							
							
							
						 
						
							2024-07-23 08:11:28 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								e7916a5f30 
								
							 
						 
						
							
							
								
								Revert "Extends krb5-ticket renewable_lifetime for teacherlaptops, so there is no need to login every day."  
							
							... 
							
							
							
							This reverts commit 44f87537bb 
							
						 
						
							2024-07-10 07:59:44 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								44f87537bb 
								
							 
						 
						
							
							
								
								Extends krb5-ticket renewable_lifetime for teacherlaptops, so there is no need to login every day.  
							
							
							
						 
						
							2024-07-07 10:58:27 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								b8904286ab 
								
							 
						 
						
							
							
								
								Allow users to modify power management (relevant for teacher devices).  
							
							
							
						 
						
							2024-07-03 14:19:16 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								d787ec9aba 
								
							 
						 
						
							
							
								
								Fix enabling wifi on boot for school laptops.  
							
							
							
						 
						
							2024-07-02 13:29:30 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								48a3aa831d 
								
							 
						 
						
							
							
								
								Create cleanup-config to remove /lmn/media/*-exam on boot.  
							
							
							
						 
						
							2024-07-01 11:59:55 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								4e229b4a5d 
								
							 
						 
						
							
							
								
								Merge branch 'virtiofsd-usermapping' into fvs  
							
							
							
						 
						
							2024-06-24 07:20:55 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								a3d8fbaa82 
								
							 
						 
						
							
							
								
								Improved temporary fix for assigning default UID and GID mappings for linux-VMs.  
							
							
							
						 
						
							2024-06-23 18:02:16 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								bb3acdba6d 
								
							 
						 
						
							
							
								
								Fix regexp for wireguard-IP-detection.  
							
							
							
						 
						
							2024-06-23 10:57:24 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								4863caf526 
								
							 
						 
						
							
							
								
								Rename wireguard-connection from wg0 to VPN-Schule.  
							
							
							
						 
						
							2024-06-23 10:37:18 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								640f58996c 
								
							 
						 
						
							
							
								
								Adjust mmcblk-device gid on teacherlaptops to permit teachers access.  
							
							
							
						 
						
							2024-06-22 10:31:30 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								2d7372e0c3 
								
							 
						 
						
							
							
								
								Fix spelling of virtiofsd binary.  
							
							
							
						 
						
							2024-06-21 19:00:59 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								1c4554e9e0 
								
							 
						 
						
							
							
								
								Run VM-sync only when server is reachable.  
							
							
							
						 
						
							2024-06-21 15:49:36 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								f201332a4b 
								
							 
						 
						
							
							
								
								Run virtiofsd in usermode and mount shares with correct gid.  
							
							... 
							
							
							
							- The new virtiofsd provides the ability to map a specified
  UID and GID to that of the user when running in user mode.
  As a result, virtiofsd is moved to userland for VMs and
  the new -uid and -gid options are introduced that specify
  the IDs on the guest.New v
- The drives no longer have to be mounted with the group ID 1010.
  Therefore, the mount options are changed to the real group ID 
							
						 
						
							2024-06-17 21:35:18 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								4d961c60e9 
								
							 
						 
						
							
							
								
								Adapt to latest macvtap device names.  
							
							
							
						 
						
							2024-06-14 14:24:26 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								3573fa3697 
								
							 
						 
						
							
							
								
								Use unattended-upgrades again to make sure packages are up-to-date.  
							
							... 
							
							
							
							We don't have the time to test all upgrades in advance.  Therefore, it's
safer to install all updates unattended and live with the (rare) risk of
faulty ones.
This reverts the commits:
  b4d9cbdb94a29d89a7ab 
							
						 
						
							2024-06-14 09:19:57 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								4356474a43 
								
							 
						 
						
							
							
								
								Disable Wireguard-config when in installer.  
							
							
							
						 
						
							2024-06-13 10:10:34 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								0d557335fc 
								
							 
						 
						
							
							
								
								Change productive wireguard-config on server.  
							
							
							
						 
						
							2024-06-13 09:21:23 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								07ff7f258c 
								
							 
						 
						
							
							
								
								Merge branch 'macvtap' into fvs  
							
							
							
						 
						
							2024-06-11 14:45:15 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								9c068dd915 
								
							 
						 
						
							
							
								
								Wireguard client and WLAN-SSID-Config.  
							
							... 
							
							
							
							NetworkManager wireguard VPN-config will be created and updated.
Split configuration of WLAN-SSID in inventory (SSID) and vault (secret). 
							
						 
						
							2024-06-11 13:25:34 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								450ca22441 
								
							 
						 
						
							
							
								
								Mount network-shares after established wireguard-connection.  
							
							
							
						 
						
							2024-06-04 14:46:17 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								679e0cc0aa 
								
							 
						 
						
							
							
								
								Rework printer setup.  
							
							... 
							
							
							
							Don't remove local printers.
Create printerlist.csv for VMs. 
							
						 
						
							2024-06-04 14:42:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								463997aa26 
								
							 
						 
						
							
							
								
								Allow teachers to install printers on teacherlaptops.  
							
							
							
						 
						
							2024-06-04 14:40:15 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								ce9b1806f1 
								
							 
						 
						
							
							
								
								Create macvtap devices based on all physical network devices (en[pos]).  
							
							
							
						 
						
							2024-06-04 14:26:40 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								93d261e73b 
								
							 
						 
						
							
							
								
								Network devices are now only managed by NetworkManager.  
							
							... 
							
							
							
							Systemd-networkd is no longer used.
NetworkManager creates a MACVTAP device for each physical Ethernet device.
When calling vm-run with option macvtap, all macvtap-devices are passed to the VM. 
							
						 
						
							2024-05-23 09:58:41 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								edf92566cf 
								
							 
						 
						
							
							
								
								Allow multiple VMs.  
							
							
							
						 
						
							2024-04-30 11:16:32 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								f3d9b0c46f 
								
							 
						 
						
							
							
								
								Move chromium policy create to lmn_fvs task (and make sure, directory exists).  
							
							
							
						 
						
							2024-04-30 07:41:11 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								da88db0061 
								
							 
						 
						
							
							
								
								Teacherlaptops don't need pwroff service and suspend function will not be disabled.  
							
							
							
						 
						
							2024-04-29 18:53:22 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								06d7360677 
								
							 
						 
						
							
							
								
								Introduction of a new device class (teacherlaptop).  
							
							... 
							
							
							
							- Wifi-devices will be managed by NetworkManager
 - (USB-)Dockingstation with same MAC as internal device
   will be assigned to virbr1
 - users with role-teacher have privilege
   - to create new NetworkManager connections
   - install additional software
   - change luks-key
 - package plasma-discover will not be removed (for teacherlaptops)
 - http-proxy-Settings will be configured by auto-detect
 - providing sudo-script to mount default-school from server after
   wireguard-connection is established 
							
						 
						
							2024-04-28 19:37:13 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								08f0f082fd 
								
							 
						 
						
							
							
								
								Introduction of a new device class (localhome).  
							
							... 
							
							
							
							- user-home is on local disk
- additional entry in dolphin: home@server
- display info about localhome on login-screen
- provide unison-config for sync home with home@server
- force user to be logged out immediately after first login, because
  home-dir must exists for bind-mounts on /lmn/media 
							
						 
						
							2024-04-28 19:37:13 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								4aeee9442c 
								
							 
						 
						
							
							
								
								Allow local squid direct internet access if parent proxy not available. This is important for devices that are not exclusively in the school network.  
							
							
							
						 
						
							2024-04-28 19:37:13 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								ecad541567 
								
							 
						 
						
							
							
								
								Make sure there is at least 5GB of free space after the VM sync.  
							
							
							
						 
						
							2024-04-28 19:37:13 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								6e578a6d95 
								
							 
						 
						
							
							
								
								Remove mosquitto service that was added accidentially.  
							
							
							
						 
						
							2024-04-16 12:17:08 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								06de050a29 
								
							 
						 
						
							
							
								
								Install packages needed for reading programming docu.  
							
							
							
						 
						
							2024-04-16 11:55:44 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								3230946e7b 
								
							 
						 
						
							
							
								
								Install packages, mostly for programming.  
							
							
							
						 
						
							2024-04-12 08:21:03 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								eab3b75bff 
								
							 
						 
						
							
							
								
								Fix implementing printing from virtual machines.  
							
							... 
							
							
							
							Already installed "IPP everywhere" printers have to be replaced by
"driverless" printers.
Fix Listen address in cupsd.conf because VMBridge IP is not yet avaible
when cups is starting. 
							
						 
						
							2024-03-13 13:06:47 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								e7aa91e7f8 
								
							 
						 
						
							
							
								
								Make lmn-client a separate repository.  
							
							... 
							
							
							
							Remove all playbooks and roles not used for the lmn-client playbook.
They are almost all maintained within the debian-lan-ansible project
at:
     https://salsa.debian.org/andi/debian-lan-ansible/  
							
						 
						
							2024-03-12 18:41:04 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								b4a78bdd84 
								
							 
						 
						
							
							
								
								Revert "Implement cifs caching with cachefilesd."  
							
							... 
							
							
							
							This reverts commit 6c7209e82b 
							
						 
						
							2024-03-12 11:25:18 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								ac97b0d3a4 
								
							 
						 
						
							
							
								
								Work around interrupted dpkg run.  
							
							
							
						 
						
							2024-03-12 11:11:22 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								4c6a499cf0 
								
							 
						 
						
							
							
								
								Fix misspelled name of lmnsynci-User.  
							
							
							
						 
						
							2024-03-12 10:39:18 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								7667f12399 
								
							 
						 
						
							
							
								
								use correct path to rfkill  
							
							
							
						 
						
							2024-03-12 08:59:53 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								30f24bb666 
								
							 
						 
						
							
							
								
								delete old VM-images when running out of space  
							
							
							
						 
						
							2024-03-10 10:02:31 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Raphael Dannecker 
								
							 
						 
						
							
							
							
							
								
							
							
								c99ec444f8 
								
							 
						 
						
							
							
								
								create printerlist.csv to inform VMs about available printers  
							
							
							
						 
						
							2024-03-10 10:02:31 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								ed7dadf612 
								
							 
						 
						
							
							
								
								Fix ansible run during installation with limitted groups.  
							
							
							
						 
						
							2024-02-24 11:30:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								94b6aaf640 
								
							 
						 
						
							
							
								
								Throttling not needed with patched apt-cacher-ng, cf.  #1022043 .  
							
							
							
						 
						
							2024-02-24 11:30:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								e3db074ba7 
								
							 
						 
						
							
							
								
								Use groups instead of boolean group varibles.  
							
							
							
						 
						
							2024-02-24 11:30:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								ad76bbd1f1 
								
							 
						 
						
							
							
								
								For some laptops, wifi is off after booting.  
							
							
							
						 
						
							2024-02-24 11:30:54 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas B. Mundt 
								
							 
						 
						
							
							
							
							
								
							
							
								37e4108021 
								
							 
						 
						
							
							
								
								Provide dual screen setup where needed.  
							
							... 
							
							
							
							For SDDM, the projector is switched off: dual_screen[0].
For Wayland, dual_screen[1] is set as primary screen. 
							
						 
						
							2024-02-14 15:06:05 +01:00