roles/custom/fvs/files/lmn-patch-dolphin.sh

@@ -16,16 +16,11 @@ fi
 id="$(grep ID "$file" | sed -E "s|^.+ID>([[:digit:]]+)/([[:digit:]]+)</ID.+$|\1:\2|" \
 	    | sort -n -t: -k2 | tail -1 )"
 
-for dir in teachers examusers staff parents; do
+if id | grep -q teachers; then
-  if [[ -d "/srv/samba/schools/default-school/${dir}/${USER}" ]]; then
+  NETHOME=/srv/samba/schools/default-school/teachers/$USER
-    NETHOME="/srv/samba/schools/default-school/${dir}/${USER}"
+else
-    break
-  fi
-done
-if [[ -z "${NETHOME+x}" ]]; then
   NETHOME=(/srv/samba/schools/default-school/students/*/"$USER")
 fi
-
 [[ -d $NETHOME ]] || exit 0
 
 IDENTITY="${id%%:*}"

roles/lmn_exam/defaults/main.yml

@@ -1,3 +1,2 @@
 ---
 exam_mode: true
-exam_teacherpc_last_digit: 80

roles/lmn_exam/tasks/main.yml

@@ -50,25 +50,6 @@
     - pam-exec.sh
     - rmexam
 
-- name: Append teacherPC to exam_destination_allowed_ipv4 addresses
-  ansible.builtin.set_fact:
-    exam_destination_allowed_ipv4: "{{ exam_destination_allowed_ipv4 + [ ansible_default_ipv4.address[:-1] ~ exam_teacherpc_last_digit ] }}"
-  when:
-    - exam_destination_allowed_ipv4 is defined
-    - exam_destination_allowed_ipv4 | length > 0
-
-- name: Install no-way-out-policy
-  ansible.builtin.template:
-    src: no-way-out.xml.j2
-    dest: "/etc/firewalld/policies/no-way-out-{{ item }}.xml"
-    mode: '0644'
-  loop:
-    - HOST
-    - libvirt
-  when:
-    - exam_destination_allowed_ipv4 is defined
-    - exam_destination_allowed_ipv4 | length > 0
-
 - name: Enable login script via pam_exec.so
   ansible.builtin.lineinfile:
     dest: /etc/pam.d/common-session

roles/lmn_exam/templates/no-way-out.xml.j2

@@ -1,10 +0,0 @@
-<policy target="REJECT">
-{% for address in exam_destination_allowed_ipv4 %}
-<rule family="ipv4">
-<destination address="{{ address }}"/>
-<accept/>
-</rule>
-{% endfor %}
-<ingress-zone name="{{ item }}"/>
-<egress-zone name="ANY"/>
-</policy>

roles/lmn_tmpfixes/tasks/main.yml

@@ -8,11 +8,3 @@
     - bookworm.yml
     - cleanup.yml
   when: ansible_distribution_release == "bookworm" 
-
-- name: Set chromium gl-flags fixing AMD graphic issues
-  ansible.builtin.copy:
-    dest: /etc/chromium.d/fvs
-    content: |
-      export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --use-gl=desktop"
-  when: ansible_board_vendor == "LENOVO" and
-    (ansible_board_name == "312D" or ansible_board_name == "312A")

roles/lmn_vm/files/vm-run

@@ -346,16 +346,11 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
     virsh --connect=qemu:///session undefine --nvram "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist"
     #trap exit_script SIGHUP SIGINT SIGTERM
 
-    for dir in teachers examusers staff parents; do
+    if id | grep -q teachers; then
-      if [[ -d "/srv/samba/schools/default-school/${dir}/${USER}" ]]; then
+      NETHOME=/srv/samba/schools/default-school/teachers/$USER
-        NETHOME="/srv/samba/schools/default-school/${dir}/${USER}"
+    else
-	break
-      fi
-    done
-    if [[ -z "${NETHOME+x}" ]]; then
       NETHOME=(/srv/samba/schools/default-school/students/*/"$USER")
     fi
-
     if [[ "${HOME}" != "${NETHOME}" ]]; then
       VMINFO_DIR="${HOME}"
     else

roles/lmn_vm/files/vm-vminfo

@@ -93,12 +93,9 @@ def main():
     vminfo['User'] = environ.get('USER')
     vminfo['Groups'] = get_groups(environ.get('USER'))
 
-    for dir in ['teachers','examusers','staff','parents']:
+    if 'teachers' in vminfo['Groups']:
-        potential_path = f"/srv/samba/schools/default-school/{dir}/{vminfo['User']}"
+        nethome = f"/srv/samba/schools/default-school/teachers/{vminfo['User']}"
-        if path.isdir(potential_path):
+    else:
-            nethome = potential_path
-            break
-    if not nethome:
         result = subprocess.run(['find', '/srv/samba/schools/default-school/students/', '-name', vminfo['User'], '-maxdepth', '2', '-type', 'd'], capture_output=True, text=True, check=False)
         nethome = result.stdout.splitlines()[0]