Set the environment variable for the path to KiCad's 3D models (NFS)

Enable ARP support in nftable for outbound restriction in exam_mode
2025-12-17 19:43:54 +01:00 · 2025-12-17 19:43:33 +01:00
2 changed files with 13 additions and 4 deletions
--- a/roles/custom/fvs/tasks/main.yml
+++ b/roles/custom/fvs/tasks/main.yml
@ -251,5 +251,12 @@
      KERNEL=="mmcblk[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
      KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"

+- name: Set KiCad 3Dmodel path
+  ansible.builtin.lineinfile:
+    path: /etc/environment.d/90lmn-kicad.conf
+    create: true
+    mode: '0644'
+    line: KICAD9_3DMODEL_DIR=/lmn/tools/KiCad/kicad-packages3D
+
 - name: Include sync
  ansible.builtin.include_tasks: sync.yml
--- a/roles/lmn_exam/templates/no-way-out-nftable.j2
+++ b/roles/lmn_exam/templates/no-way-out-nftable.j2
@ -13,15 +13,17 @@ ${filterchain}
    chain filterin_${interface} {
        type filter hook ingress device ${interface} priority filter; policy drop;
        ip saddr \$allowed_ipv4 accept
-        ip saddr ${gateway} accept;
-        ip saddr 255.255.255.255 accept;
+        ip saddr ${gateway} accept
+        ip saddr 255.255.255.255 accept
+        ether type arp accept
    }

    chain filterout_${interface} {
        type filter hook egress device ${interface} priority filter; policy drop;
        ip daddr \$allowed_ipv4 accept
-        ip daddr ${gateway} accept;
-        ip daddr 255.255.255.255 accept;
+        ip daddr ${gateway} accept
+        ip daddr 255.255.255.255 accept
+        ether type arp accept
    }
 EOF
 )
Author	SHA1	Message	Date
Raphael Dannecker	cdfc7c2d9c	Set the environment variable for the path to KiCad's 3D models (NFS)	2025-12-17 19:43:54 +01:00
Raphael Dannecker	04a5e8b455	Enable ARP support in nftable for outbound restriction in exam_mode	2025-12-17 19:43:33 +01:00