it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
705 commits 2 branches 0 tags 7.2 MiB
Commit graph

72 commits

Author SHA1 Message Date
Raphael Dannecker
89fa704ea2 Mounthome is no longer required 2025-04-01 15:52:11 +02:00
Raphael Dannecker
0f4e455717 Use vm_torrent_srv to configure the torrent server 2025-04-01 15:45:11 +02:00
Raphael Dannecker
ce40cb885f Create own role for the usersquid http_proxy functionality 2025-03-31 18:13:50 +02:00
Raphael Dannecker
1018912703 Unify bind mounts for localhome and non-localhome devices 2025-03-26 14:49:31 +01:00
Raphael Dannecker
2602189911 Control execution of localuser by variable instead of group-membership 2025-03-25 09:14:47 +01:00
Raphael Dannecker
f965f4466c Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00
Raphael Dannecker
9f1c60eefd Use variable instead of group membership to install localhome 
Use variable localhome to determines whether the localhome module is installed.
Default: localhome=false

Further changes:
- Move pam-exec from common-auth to common-session
- Move pam-mkhomedir before pam-mount to avoid double login on first use
  on localhome devices
 2025-03-19 11:08:57 +01:00
Raphael Dannecker
3d01394820 Separate exam-mode stuff in own role 2025-03-18 14:37:13 +01:00
Raphael Dannecker
97b9ba8d97 Shorten path for XDG_CONFIG_HOME and clean dir 
In Linux socket paths are limited to 108 char length.
/var/tmp/vm/$UID/.config will be too long in some cases.
So we use /var/tmp/vm/$UID

/var/tmp/vm must be
- cleaned on startup
- created with sticky-bit (used by different users)
 2025-02-18 14:16:56 +01:00
Raphael Dannecker
e3396ef06c Start firewalld when -exam user logs in 2025-02-05 13:15:42 +01:00
Raphael Dannecker
5998c5900e Trixies uses tmpfs for /tmp, so let's use /var/tmp/vm for temporary VM files 2025-01-27 17:11:12 +01:00
Raphael Dannecker
f4dffc06fc Rename instead of delete -exam media directories (belongs to commit 39da308) 2025-01-27 17:01:03 +01:00
Raphael Dannecker
a6eadce948 Sync application starters on boot and separate ansible tasks from lmn_vm role 2025-01-22 14:36:38 +01:00
Raphael Dannecker
352a897d88 Start user-squid-proxy at login so that all programs without kerberos support have proxy access 2025-01-09 12:31:24 +01:00
Raphael Dannecker
23a9b6ff97 Enable firewall activation for exam-mode 
For working exam-mode we need to block direct internet access by firewall.
Users have to use squid-proxy on firewall, which can be disabled for exam-users.
To allow VM-traffic (anonymous user), we use a local squid server with users
kerberos-ticket to authenticate on the parent squid.

When using VMs on teacherdevices offsite, the local squid has to use direct internet access.
So we need two squid configs. When switching between offsite and onsite,
the squid has to be restartet with corresponding config.
 2024-12-11 13:09:30 +01:00
Andreas B. Mundt
77f4643628 Make tests for group membership more readable 2024-11-21 12:42:37 +01:00
Raphael Dannecker
48a3aa831d Create cleanup-config to remove /lmn/media/*-exam on boot. 2024-07-01 11:59:55 +02:00
Raphael Dannecker
ce9b1806f1 Create macvtap devices based on all physical network devices (en[pos]). 2024-06-04 14:26:40 +02:00
Raphael Dannecker
93d261e73b Network devices are now only managed by NetworkManager. 
Systemd-networkd is no longer used.
NetworkManager creates a MACVTAP device for each physical Ethernet device.
When calling vm-run with option macvtap, all macvtap-devices are passed to the VM.
 2024-05-23 09:58:41 +02:00
Raphael Dannecker
08f0f082fd Introduction of a new device class (localhome). 
- user-home is on local disk
- additional entry in dolphin: home@server
- display info about localhome on login-screen
- provide unison-config for sync home with home@server
- force user to be logged out immediately after first login, because
  home-dir must exists for bind-mounts on /lmn/media
 2024-04-28 19:37:13 +02:00
Andreas B. Mundt
72a134fcbf Fixes for the laptop role merged before. 
Packages need to be installed before messing around
with network configurations.
 2024-02-07 17:20:11 +01:00
Raphael Dannecker
d285b9dbf0 vm-upload must be run as user root 2024-02-05 12:59:23 +01:00
Raphael Dannecker
fb4041b6f2 remove old desktop VM-starters 2024-01-30 15:17:02 +01:00
Raphael Dannecker
a18bb05551 Merge branch 'fvs' into dev-vm 2024-01-30 08:38:46 +01:00
Andreas B. Mundt
cfae3f22ed VM chooser menu and much faster direct kernel loading. 2024-01-30 08:28:47 +01:00
Andreas B. Mundt
138c4f7d7e Simplify netboot VM start by script. 2024-01-27 10:12:30 +01:00
Andreas B. Mundt
4ce97f5486 Fixes and new desktop starter synchronization system. 2024-01-20 14:38:02 +01:00
Andreas B. Mundt
350f4c2646 Configure a valid DHT cache directory. 2024-01-20 14:33:12 +01:00
Andreas B. Mundt
57ec856f49 Avoid exposing passwords in the process list, use a password file. 2024-01-20 07:56:48 +01:00
Raphael Dannecker
40962fd9de distribute VM-images with aria2 instead of ctorrent 2024-01-19 20:08:19 +01:00
Andreas B. Mundt
877396dc15 Move task to the top before the last apt run. 2023-12-11 20:27:11 +01:00
Andreas B. Mundt
e1ac7eb798 Ensure that suid mode is persistent on package upgrades. 2023-12-07 15:35:44 +01:00
Andreas B. Mundt
25c9a4db4b Implement netboot VM with macvtap interface. 2023-11-28 11:17:12 +01:00
Raphael Dannecker
47844f3019 extra network interface for TIA VM 2023-11-15 14:57:05 +01:00
Raphael Dannecker
5b652b0e28 fixed filepath (link does not exist when installing) 2023-11-13 15:15:07 +01:00
Raphael Dannecker
5f088511c4 windows-VMs need to know the domain to contact the kms server 2023-11-09 07:31:42 +01:00
Andreas B. Mundt
a586ac5201 Combine playbooks and update/adapt inventory accordingly. 2023-10-21 17:18:41 +02:00
Andreas B. Mundt
e48c761935 Provide a local guest user. 2023-10-21 10:01:02 +02:00
Andreas B. Mundt
987e33c989 Displayed hostname overlaps with battery symbol on laptops. 2023-10-08 19:47:37 +02:00
Andreas B. Mundt
bfae6ff010 Separate clean-up-stuff from other tasks. 2023-09-28 14:23:35 +02:00
Andreas B. Mundt
cb2ed82715 Switch to transient service unit. Socket-triggering fails for now. 2023-09-16 11:31:11 +02:00
Andreas B. Mundt
46a45bfc0f Fix syntax in desktop-file related tasks. 2023-09-08 14:02:58 +02:00
Andreas B. Mundt
a8f950e085 Some package cleanup. 2023-09-07 07:55:53 +02:00
Andreas B. Mundt
9e16c216a7 Use latest virtiofs. The distributed daemon sometimes causes issues. 
Binary downloaded from: https://gitlab.com/virtio-fs/virtiofsd
 2023-09-07 07:50:36 +02:00
Andreas B. Mundt
b518b9a206 Set sticky bit (restricted deletion flag) to allow PAM mount as user. 2023-09-06 08:50:52 +02:00
Andreas B. Mundt
7756c30bb5 Avoid lmnsynci as owner for /lmn. 2023-09-04 15:38:03 +02:00
Andreas B. Mundt
da71eed94b Clean up VM scripts a bit. 2023-09-04 15:38:03 +02:00
Andreas B. Mundt
3ea922c263 Clean up proxy configuraton. 2023-09-04 12:43:55 +02:00
Andreas B. Mundt
7fd6c76996 Use a service for virtiofs for better control. 2023-09-04 11:39:29 +02:00
Andreas B. Mundt
c59fb67ed0 Try smart umount as a simple solution (no credentials needed). 2023-08-19 18:31:09 +02:00