it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
671 commits 2 branches 0 tags 7.2 MiB
Commit graph

539 commits

Author SHA1 Message Date
Andreas B. Mundt
5192b27d9e Move ansible last run stamping to better location 
Before, only root could read the file containing the stamps.
 2024-07-24 08:50:20 +02:00
Raphael Dannecker
962dc07a2a Make wg configuration an optional task 
During installation and automatic updates applied by the emmiter
permissions to access the wg server are not available.

Switch the task on with the tag: "--tags all,wgconfig".
 2024-07-24 08:41:58 +02:00
Raphael Dannecker
3e02142123 Improve printer installation script 
- Remove all printers from known print servers before installing again
- Add second print server
 2024-07-24 08:32:31 +02:00
Raphael Dannecker
6c8de6d49c Running virtiofsd with systemd-run prevents process from beeing killed when closing virt-viewer 2024-07-23 08:11:28 +02:00
Raphael Dannecker
e7916a5f30 Revert "Extends krb5-ticket renewable_lifetime for teacherlaptops, so there is no need to login every day." 
This reverts commit 44f87537bb.
 2024-07-10 07:59:44 +02:00
Raphael Dannecker
44f87537bb Extends krb5-ticket renewable_lifetime for teacherlaptops, so there is no need to login every day. 2024-07-07 10:58:27 +02:00
Andreas B. Mundt
b8904286ab Allow users to modify power management (relevant for teacher devices). 2024-07-03 14:19:16 +02:00
Andreas B. Mundt
d787ec9aba Fix enabling wifi on boot for school laptops. 2024-07-02 13:29:30 +02:00
Raphael Dannecker
48a3aa831d Create cleanup-config to remove /lmn/media/*-exam on boot. 2024-07-01 11:59:55 +02:00
Raphael Dannecker
4e229b4a5d Merge branch 'virtiofsd-usermapping' into fvs 2024-06-24 07:20:55 +02:00
Raphael Dannecker
a3d8fbaa82 Improved temporary fix for assigning default UID and GID mappings for linux-VMs. 2024-06-23 18:02:16 +02:00
Raphael Dannecker
bb3acdba6d Fix regexp for wireguard-IP-detection. 2024-06-23 10:57:24 +02:00
Raphael Dannecker
4863caf526 Rename wireguard-connection from wg0 to VPN-Schule. 2024-06-23 10:37:18 +02:00
Raphael Dannecker
640f58996c Adjust mmcblk-device gid on teacherlaptops to permit teachers access. 2024-06-22 10:31:30 +02:00
Raphael Dannecker
2d7372e0c3 Fix spelling of virtiofsd binary. 2024-06-21 19:00:59 +02:00
Raphael Dannecker
1c4554e9e0 Run VM-sync only when server is reachable. 2024-06-21 15:49:36 +02:00
Raphael Dannecker
f201332a4b Run virtiofsd in usermode and mount shares with correct gid. 
- The new virtiofsd provides the ability to map a specified
  UID and GID to that of the user when running in user mode.
  As a result, virtiofsd is moved to userland for VMs and
  the new -uid and -gid options are introduced that specify
  the IDs on the guest.New v
- The drives no longer have to be mounted with the group ID 1010.
  Therefore, the mount options are changed to the real group ID
 2024-06-17 21:35:18 +02:00
Andreas B. Mundt
4d961c60e9 Adapt to latest macvtap device names. 2024-06-14 14:24:26 +02:00
Andreas B. Mundt
3573fa3697 Use unattended-upgrades again to make sure packages are up-to-date. 
We don't have the time to test all upgrades in advance.  Therefore, it's
safer to install all updates unattended and live with the (rare) risk of
faulty ones.

This reverts the commits:
  b4d9cbdb94
  a29d89a7ab
 2024-06-14 09:19:57 +02:00
Raphael Dannecker
4356474a43 Disable Wireguard-config when in installer. 2024-06-13 10:10:34 +02:00
Raphael Dannecker
0d557335fc Change productive wireguard-config on server. 2024-06-13 09:21:23 +02:00
Raphael Dannecker
07ff7f258c Merge branch 'macvtap' into fvs 2024-06-11 14:45:15 +02:00
Raphael Dannecker
9c068dd915 Wireguard client and WLAN-SSID-Config. 
NetworkManager wireguard VPN-config will be created and updated.
Split configuration of WLAN-SSID in inventory (SSID) and vault (secret).
 2024-06-11 13:25:34 +02:00
Raphael Dannecker
450ca22441 Mount network-shares after established wireguard-connection. 2024-06-04 14:46:17 +02:00
Raphael Dannecker
679e0cc0aa Rework printer setup. 
Don't remove local printers.
Create printerlist.csv for VMs.
 2024-06-04 14:42:10 +02:00
Raphael Dannecker
463997aa26 Allow teachers to install printers on teacherlaptops. 2024-06-04 14:40:15 +02:00
Raphael Dannecker
ce9b1806f1 Create macvtap devices based on all physical network devices (en[pos]). 2024-06-04 14:26:40 +02:00
Raphael Dannecker
93d261e73b Network devices are now only managed by NetworkManager. 
Systemd-networkd is no longer used.
NetworkManager creates a MACVTAP device for each physical Ethernet device.
When calling vm-run with option macvtap, all macvtap-devices are passed to the VM.
 2024-05-23 09:58:41 +02:00
Andreas B. Mundt
edf92566cf Allow multiple VMs. 2024-04-30 11:16:32 +02:00
Raphael Dannecker
f3d9b0c46f Move chromium policy create to lmn_fvs task (and make sure, directory exists). 2024-04-30 07:41:11 +02:00
Raphael Dannecker
da88db0061 Teacherlaptops don't need pwroff service and suspend function will not be disabled. 2024-04-29 18:53:22 +02:00
Raphael Dannecker
06d7360677 Introduction of a new device class (teacherlaptop). 
- Wifi-devices will be managed by NetworkManager
 - (USB-)Dockingstation with same MAC as internal device
   will be assigned to virbr1
 - users with role-teacher have privilege
   - to create new NetworkManager connections
   - install additional software
   - change luks-key
 - package plasma-discover will not be removed (for teacherlaptops)
 - http-proxy-Settings will be configured by auto-detect
 - providing sudo-script to mount default-school from server after
   wireguard-connection is established
 2024-04-28 19:37:13 +02:00
Raphael Dannecker
08f0f082fd Introduction of a new device class (localhome). 
- user-home is on local disk
- additional entry in dolphin: home@server
- display info about localhome on login-screen
- provide unison-config for sync home with home@server
- force user to be logged out immediately after first login, because
  home-dir must exists for bind-mounts on /lmn/media
 2024-04-28 19:37:13 +02:00
Raphael Dannecker
4aeee9442c Allow local squid direct internet access if parent proxy not available. This is important for devices that are not exclusively in the school network. 2024-04-28 19:37:13 +02:00
Raphael Dannecker
ecad541567 Make sure there is at least 5GB of free space after the VM sync. 2024-04-28 19:37:13 +02:00
Andreas B. Mundt
6e578a6d95 Remove mosquitto service that was added accidentially. 2024-04-16 12:17:08 +02:00
Andreas B. Mundt
06de050a29 Install packages needed for reading programming docu. 2024-04-16 11:55:44 +02:00
Andreas B. Mundt
3230946e7b Install packages, mostly for programming. 2024-04-12 08:21:03 +02:00
Raphael Dannecker
eab3b75bff Fix implementing printing from virtual machines. 
Already installed "IPP everywhere" printers have to be replaced by
"driverless" printers.

Fix Listen address in cupsd.conf because VMBridge IP is not yet avaible
when cups is starting.
 2024-03-13 13:06:47 +01:00
Andreas B. Mundt
e7aa91e7f8 Make lmn-client a separate repository. 
Remove all playbooks and roles not used for the lmn-client playbook.
They are almost all maintained within the debian-lan-ansible project
at:
     https://salsa.debian.org/andi/debian-lan-ansible/
 2024-03-12 18:41:04 +01:00
Andreas B. Mundt
b4a78bdd84 Revert "Implement cifs caching with cachefilesd." 
This reverts commit 6c7209e82b.
 2024-03-12 11:25:18 +01:00
Andreas B. Mundt
ac97b0d3a4 Work around interrupted dpkg run. 2024-03-12 11:11:22 +01:00
Raphael Dannecker
4c6a499cf0 Fix misspelled name of lmnsynci-User. 2024-03-12 10:39:18 +01:00
Raphael Dannecker
7667f12399 use correct path to rfkill 2024-03-12 08:59:53 +01:00
Raphael Dannecker
30f24bb666 delete old VM-images when running out of space 2024-03-10 10:02:31 +01:00
Raphael Dannecker
c99ec444f8 create printerlist.csv to inform VMs about available printers 2024-03-10 10:02:31 +01:00
Andreas B. Mundt
ed7dadf612 Fix ansible run during installation with limitted groups. 2024-02-24 11:30:54 +01:00
Andreas B. Mundt
94b6aaf640 Throttling not needed with patched apt-cacher-ng, cf. #1022043. 2024-02-24 11:30:54 +01:00
Andreas B. Mundt
e3db074ba7 Use groups instead of boolean group varibles. 2024-02-24 11:30:54 +01:00
Andreas B. Mundt
ad76bbd1f1 For some laptops, wifi is off after booting. 2024-02-24 11:30:54 +01:00