9 changed files with 566 additions and 704 deletions
--- a/doc/vm_support.md
+++ b/doc/vm_support.md
@ -14,22 +14,23 @@ VMs based on Qemu/KVM in school network.
  Repository with ansible-playbook for seedbox install: https://codeberg.org/digitalsouveraeneschule/...
 * `seedbox`-hostname must be resolvable via DNS

-## Configuration / Variables
+## Activation / Default
+
+### To enable VM support:
+
+```
+vm_support: true
+```
+
+Default: `vm_support: false
+
+### Torrent Server
+```
+vm_torrent_srv: "myseedbox.linuxmuster.net"
+```
+
+Default: `vm_torrent_srv: "seedbox.{{ domain }}"`

-  * **vm_support**
-    This flag indicates whether to activate VM support.
-    Type: *Boolean*
-    Values:
-    * `false` <-- (default)
-    * `true`
-  * **vm_torrent_serv**
-    Name of the torrent server.
-    Type: *String*
-    Default: `vm_torrent_serv: "seedbox.{{ domain }}"`
-  * **vm_uploadseed_pwd**
-    Password for upload-seed. Used for image upload to torrent-server.
-    Type: *String*
-    Default: `secret = "token:topsecret"`

 ## Example

@ -40,5 +41,5 @@ inventory.yml
 all:
  vars:
    vm_support: true
-    vm_torrent_serv: "myseedbox.linuxmuster.net" # default: seedbox.{{ domain }}
+    vm_torrent_srv: "myseedbox.linuxmuster.net" # default: seedbox.{{ domain }}
 ```
--- a/inventory.yml
+++ b/inventory.yml
--- a/lmn-client.yml
+++ b/lmn-client.yml
@ -45,6 +45,31 @@
        value: true
        vtype: boolean

+  vars_files: lmn-vault
+  vars:
+    domain: "{{ ansible_domain }}"
+    apt_conf: "{{ vault_apt_conf }}"  ## Acquire::http::Proxy "http://aptcache.example.org:3142/";
+    ntp_serv: "{{ vault_ntp_serv }}"  ## ntp.example.org
+    nfs_server: "{{ vault_nfs_server }}"  ## nfs.example.org
+    proxy: "{{ vault_proxy }}"        ## http://firewall.example.org:3128
+    no_proxy: "{{ vault_no_proxy }}"  ## firewall.example.org,server.example.org,idam.example.org,dw.example.org
+    printservers: "{{ vault_printservers }}" ## ['10.0.0.1', '10.0.0.15']
+
+    ## PAM mount nextcloud, remove or leave empty to skip:
+    web_dav: "{{ vault_web_dav }}"    ## https://nc.example.org/remote.php/dav/files/%(USER)
+
+    ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
+    mirror_msfonts: "{{ vault_mirror_msfonts }}" ## http://livebox.example.org/mscorefonts/
+
+    ## Local mirror for libdvdcss. Remove or leave empty to use no mirror:
+    mirror_dvdcss: "{{ vault_mirror_dvdcss }}"   ## http://livebox.example.org/libdvdcss/
+
+    uploadseed_pwd: "{{ vault_uploadseed_pwd }}"
+    keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
+
+    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
+    grub_pwd: "{{ vault_grub_pwd }}"
+
  roles:
    - lmn_network
    - role: up2date_debian
--- a/roles/lmn_misc/defaults/main.yml
+++ b/roles/lmn_misc/defaults/main.yml
@ -3,6 +3,6 @@ misc_avoid_suspend: true
 misc_pwroff: true
 misc_pwroff_idle: true
 misc_pxe_first: false
-misc_reporter_serv: ""
+misc_reporter: false
 misc_clonescreen: false
 misc_clonescreen_mode: "1920x1080@60"
--- a/roles/lmn_misc/tasks/main.yml
+++ b/roles/lmn_misc/tasks/main.yml
@ -162,11 +162,10 @@
 # Install reporter

 - name: Copy reporter
-  ansible.builtin.template:
-    src: reporter.j2
+  ansible.builtin.copy:
+    src: reporter
    dest: /usr/local/sbin/
    mode: '0755'
-  when: misc_reporter_serv | length > 0

 - name: Provide services and timers for reporter
  ansible.builtin.copy:
@ -176,13 +175,13 @@
  loop:
    - reporter.service
    - reporter.timer
-  when: misc_reporter_serv | length > 0
+  when: misc_reporter

 - name: Enable reporter.timer
  ansible.builtin.systemd:
    name: reporter.timer
    enabled: true
-  when: misc_reporter_serv | length > 0
+  when: misc_reporter

 # Prepare CloneScreen on Presenter PCs

--- a/roles/lmn_misc/templates/reporter.j2
+++ b/roles/lmn_misc/templates/reporter.j2
@ -1,33 +0,0 @@
-#!/usr/bin/bash
-#
-# Send stdout of some commands to monitoring server.
-# Collect the reports with 'nc -u -k -l 1234' on 'sendto'.
-# Use /bin/nc.openbsd, /bin/nc.traditional seems not to work.
-#
-set -eu
-
-sendto="{{ misc_reporter_serv }} 1234"
-n=0
-
-cmds=(
-    'uname -a'
-    'tail -1 /var/local/ansible-stamps'
-    'ip route list default'
-    'ip link show | \
-       sed -nE -e "s/^[2-9]: (\S+): .+/\1/p" -e "s/.+ether ([0-9a-f:]+) .+/\1/p" | \
-       paste - -'
-)
-#    'w'
-#    'uptime'
-#    'ls -d --full-time /home/ansible/.ansible/tmp/'
-#    'ip addr show'
-#    'apt list --upgradeable -o Apt::Cmd::Disable-Script-Warning=true'
-
-r="$HOSTNAME ------- $(date --rfc-3339=seconds) -------
-$(for c in "${cmds[@]}" ; do
-      n=$(( n + 1 ))
-      echo -n "$n"
-      eval "$c" | sed 's/^/\t/'
-done | sed "s/^/$HOSTNAME /")
-## -------------------------------------------------"
-echo "$r" | nc -w 1 -u $sendto
--- a/roles/lmn_vm/defaults/main.yml
+++ b/roles/lmn_vm/defaults/main.yml
@ -1,4 +1,3 @@
 ---
 vm_support: false
-vm_torrent_serv: "seedbox.{{ domain }}"
-vm_uploadseed_pwd: secret = "token:topsecret"
+vm_torrent_srv: "seedbox.{{ domain }}"
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@ -169,7 +169,7 @@
    group: lmnsynci
    mode: '0640'
    content: |
-      {{ vm_uploadseed_pwd }}
+      {{ uploadseed_pwd }}

 - name: Prepare directory for aria2 dht.dat
  ansible.builtin.file:
--- a/roles/lmn_vm/templates/vm.conf.j2
+++ b/roles/lmn_vm/templates/vm.conf.j2
@ -1,6 +1,6 @@
 # variables for LMN VM submodule

-SEEDBOX_HOST="{{ vm_torrent_serv }}"
+SEEDBOX_HOST="{{ vm_torrent_srv }}"
 SEEDBOX_PORT=6789
 SEEDBOX_RPC_PORT=6800
 SEEDBOX_PWFILE="/etc/lmn/uploadseed.conf"