- Separate `lmn_vpn` from `lmn_teacherlaptop`.
- Implement a check for the availability of the wireguard-server during the wg-config rollout.
- Enhance variable support with a standardized naming schema:
- VPN selection via `vpn` variable (`none`, `wg`).
- Wireguard configuration (endpoint, allowed IPs, ip_cdr, dns, searchpath).
- Run wg-config role in separate play with serial 1 to avoid conflicts, when the role attempts
to determine the next free Wireguard IP on the server when role try to Add a check to verify if the radius certificate is revoked.
- Ensure required packages and services are only installed and configured if the `vpn` variable is set.
- Provide documentation for `lmn_vpn` module.
- Consolidate `lmn_wlan`, `lmn_wlan_nm`, and `lmn_wlan_8021x` into single `lmn_wlan` role.
- Implement a check for the availability of the radius-server during the EAP-TLS rollout.
- Enhance variable support with a standardized naming schema:
- Mode selection via `wlan` variable (`none`, `psk`, `eap-tls`).
- EAP-TLS CA configuration (CA information, email address, CA password).
- Introduce a switch to force the (re-)issue of existing certificates.
- PSK configuration through `wlan_ssid` and `wlan_password`.
- Add a check to verify if the radius certificate is revoked.
- Ensure required packages and services are only installed and configured if the `wifi` variable is set.
Use variable localhome to determines whether the localhome module is installed.
Default: localhome=false
Further changes:
- Move pam-exec from common-auth to common-session
- Move pam-mkhomedir before pam-mount to avoid double login on first use
on localhome devices
Fixed EDID modes are set on the HDMI switch (ACER 120Hz problem).
This means that the affected PCs always see a second screen, even if beamer is off.
To avoid confusion, it must be ensured that no information is displayed on invisible devices:
- set primary screen for login dialog
- set primary screen after login
- clone screen
If the primary screen deviates from the standard, this information is maintained via inventory.
In addition, some PCs have different audio autputs than HDMI (or they have multiple HDMI outputs).
It is therefore possible to specify the audio device in the inventory.
If computers get new IP addresses via DHCP, they may be assigned to the wrong
group in the inventory. For example, laptops that are no longer in the homeondisk group.
A DNS based inventory could solve the problem.
