it-team/lmn-client
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: it-team:9ee19d145924e5cd7acd21ea010bde4dc2a93ab0
Branches Tags
it-team:main
it-team:bookworm
it-team:tpm2
it-team:dev
it-team:fvs
..
compare: it-team:e02add04aea46ed2c51e8ac3f5d8799b2399dab7
Branches Tags
it-team:main
it-team:bookworm
it-team:tpm2
it-team:dev
it-team:fvs

4 commits
9ee19d1459 ... e02add04ae

Author SHA1 Message Date
Raphael Dannecker
e02add04ae Set the environment variable for the path to KiCad's 3D models (NFS) 2025-12-17 19:41:38 +01:00
Raphael Dannecker
f89b113049 Enable ARP support in nftable for outbound restriction in exam_mode 2025-12-17 18:50:16 +01:00
Raphael Dannecker
194fbbc735 Fix a syntax error in the var section of a task 2025-12-17 18:28:34 +01:00
Raphael Dannecker
2b45174f0f Prevent luks-detection task from aborting on unencrypted devices 2025-12-17 18:23:10 +01:00
4 changed files with 16 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
roles/custom/fvs/tasks/main.yml
View file

@ -260,5 +260,12 @@
KERNEL=="mmcblk[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
- name: Set KiCad 3Dmodel path
ansible.builtin.lineinfile:
path: /etc/environment.d/90lmn-kicad.conf
create: true
mode: '0644'
line: KICAD9_3DMODEL_DIR=/lmn/tools/KiCad/kicad-packages3D
- name: Include sync
ansible.builtin.include_tasks: sync.yml

1
roles/lmn_encrypt/tasks/main.yml
View file

@ -7,6 +7,7 @@
when:
- item.value.partitions is defined
- item.value.partitions | dict2items | length > 0
- item.value.partitions | dict2items | selectattr('value.holders', 'search', 'luks|crypt') | length > 0
loop: "{{ ansible_devices | dict2items }}"
- name: Get luks slots

10
roles/lmn_exam/templates/no-way-out-nftable.j2
View file

@ -13,15 +13,17 @@ ${filterchain}
chain filterin_${interface} {
type filter hook ingress device ${interface} priority filter; policy drop;
ip saddr \$allowed_ipv4 accept
ip saddr ${gateway} accept;
ip saddr 255.255.255.255 accept;
ip saddr ${gateway} accept
ip saddr 255.255.255.255 accept
ether type arp accept
}
chain filterout_${interface} {
type filter hook egress device ${interface} priority filter; policy drop;
ip daddr \$allowed_ipv4 accept
ip daddr ${gateway} accept;
ip daddr 255.255.255.255 accept;
ip daddr ${gateway} accept
ip daddr 255.255.255.255 accept
ether type arp accept
}
EOF
)

4
roles/lmn_sssd/tasks/main.yml
View file

@ -27,8 +27,8 @@
echo "{{ ad_passwd }}" | adcli join --stdin-password -U {{ ad_user }} {{ domain | upper }}
no_log: true
vars:
- ad_user: "{{ 'global-admin' if (adpw.user_input | default(ansible_cmdline.adpw) | default('') | length > 0) else sssd_domjoin_user }}"
- ad_passwd: "{{ adpw.user_input | default('') if adpw.user_input | length > 0 else ansible_cmdline.adpw | default(sssd_domjoin_passwd) | default('') }}"
ad_user: "{{ 'global-admin' if (adpw.user_input | default(ansible_cmdline.adpw) | default('') | length > 0) else sssd_domjoin_user }}"
ad_passwd: "{{ adpw.user_input | default('') if adpw.user_input | length > 0 else ansible_cmdline.adpw | default(sssd_domjoin_passwd) | default('') }}"
when:
- adpw.user_input | length > 0 or
ansible_cmdline.adpw | default(sssd_domjoin_passwd) | default('') | length > 0