Set the environment variable for the path to KiCad's 3D models (NFS)

Enable ARP support in nftable for outbound restriction in exam_mode
Fix a syntax error in the var section of a task
2025-12-17 19:41:38 +01:00 · 2025-12-17 18:50:16 +01:00 · 2025-12-17 18:28:34 +01:00 · 2025-12-17 18:23:10 +01:00
4 changed files with 16 additions and 6 deletions
--- a/roles/custom/fvs/tasks/main.yml
+++ b/roles/custom/fvs/tasks/main.yml
@ -260,5 +260,12 @@
      KERNEL=="mmcblk[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
      KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
 - name: Set KiCad 3Dmodel path
  ansible.builtin.lineinfile:
    path: /etc/environment.d/90lmn-kicad.conf
    create: true
    mode: '0644'
    line: KICAD9_3DMODEL_DIR=/lmn/tools/KiCad/kicad-packages3D
 - name: Include sync
  ansible.builtin.include_tasks: sync.yml
--- a/roles/lmn_encrypt/tasks/main.yml
+++ b/roles/lmn_encrypt/tasks/main.yml
@ -7,6 +7,7 @@
  when:
    - item.value.partitions is defined
    - item.value.partitions | dict2items | length > 0
    - item.value.partitions | dict2items | selectattr('value.holders', 'search', 'luks|crypt') | length > 0
  loop: "{{ ansible_devices | dict2items }}"
 - name: Get luks slots
--- a/roles/lmn_exam/templates/no-way-out-nftable.j2
+++ b/roles/lmn_exam/templates/no-way-out-nftable.j2
@ -13,15 +13,17 @@ ${filterchain}
    chain filterin_${interface} {
        type filter hook ingress device ${interface} priority filter; policy drop;
        ip saddr \$allowed_ipv4 accept
-        ip saddr ${gateway} accept;
+        ip saddr ${gateway} accept
-        ip saddr 255.255.255.255 accept;
+        ip saddr 255.255.255.255 accept
        ether type arp accept
    }
    chain filterout_${interface} {
        type filter hook egress device ${interface} priority filter; policy drop;
        ip daddr \$allowed_ipv4 accept
-        ip daddr ${gateway} accept;
+        ip daddr ${gateway} accept
-        ip daddr 255.255.255.255 accept;
+        ip daddr 255.255.255.255 accept
        ether type arp accept
    }
 EOF
 )
--- a/roles/lmn_sssd/tasks/main.yml
+++ b/roles/lmn_sssd/tasks/main.yml
@ -27,8 +27,8 @@
      echo "{{ ad_passwd }}" | adcli join --stdin-password -U {{ ad_user }} {{ domain | upper }}
  no_log: true
  vars:
-    - ad_user: "{{ 'global-admin' if (adpw.user_input | default(ansible_cmdline.adpw) | default('') | length > 0) else sssd_domjoin_user }}"
+    ad_user: "{{ 'global-admin' if (adpw.user_input | default(ansible_cmdline.adpw) | default('') | length > 0) else sssd_domjoin_user }}"
-    - ad_passwd: "{{ adpw.user_input | default('') if  adpw.user_input | length > 0 else ansible_cmdline.adpw | default(sssd_domjoin_passwd) | default('') }}"
+    ad_passwd: "{{ adpw.user_input | default('') if  adpw.user_input | length > 0 else ansible_cmdline.adpw | default(sssd_domjoin_passwd) | default('') }}"
  when:
    - adpw.user_input | length > 0 or
      ansible_cmdline.adpw | default(sssd_domjoin_passwd) | default('') | length > 0
Author	SHA1	Message	Date
Raphael Dannecker	e02add04ae	Set the environment variable for the path to KiCad's 3D models (NFS)	2025-12-17 19:41:38 +01:00
Raphael Dannecker	f89b113049	Enable ARP support in nftable for outbound restriction in exam_mode	2025-12-17 18:50:16 +01:00
Raphael Dannecker	194fbbc735	Fix a syntax error in the `var` section of a task	2025-12-17 18:28:34 +01:00
Raphael Dannecker	2b45174f0f	Prevent luks-detection task from aborting on unencrypted devices	2025-12-17 18:23:10 +01:00