Fix graphic issues in Chromium for specific video cards

roles/custom/fvs/files/lmn-patch-dolphin.sh

@@ -16,11 +16,16 @@ fi
 id="$(grep ID "$file" | sed -E "s|^.+ID>([[:digit:]]+)/([[:digit:]]+)</ID.+$|\1:\2|" \
 	    | sort -n -t: -k2 | tail -1 )"
 
-if id | grep -q teachers; then
+for dir in teachers examusers staff parents; do
-  NETHOME=/srv/samba/schools/default-school/teachers/$USER
+  if [[ -d "/srv/samba/schools/default-school/${dir}/${USER}" ]]; then
-else
+    NETHOME="/srv/samba/schools/default-school/${dir}/${USER}"
+    break
+  fi
+done
+if [[ -z "${NETHOME+x}" ]]; then
   NETHOME=(/srv/samba/schools/default-school/students/*/"$USER")
 fi
+
 [[ -d $NETHOME ]] || exit 0
 
 IDENTITY="${id%%:*}"

roles/lmn_exam/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 exam_mode: true
+exam_teacherpc_last_digit: 80

roles/lmn_exam/tasks/main.yml

@@ -50,6 +50,25 @@
     - pam-exec.sh
     - rmexam
 
+- name: Append teacherPC to exam_destination_allowed_ipv4 addresses
+  ansible.builtin.set_fact:
+    exam_destination_allowed_ipv4: "{{ exam_destination_allowed_ipv4 + [ ansible_default_ipv4.address[:-1] ~ exam_teacherpc_last_digit ] }}"
+  when:
+    - exam_destination_allowed_ipv4 is defined
+    - exam_destination_allowed_ipv4 | length > 0
+
+- name: Install no-way-out-policy
+  ansible.builtin.template:
+    src: no-way-out.xml.j2
+    dest: "/etc/firewalld/policies/no-way-out-{{ item }}.xml"
+    mode: '0644'
+  loop:
+    - HOST
+    - libvirt
+  when:
+    - exam_destination_allowed_ipv4 is defined
+    - exam_destination_allowed_ipv4 | length > 0
+
 - name: Enable login script via pam_exec.so
   ansible.builtin.lineinfile:
     dest: /etc/pam.d/common-session

roles/lmn_exam/templates/no-way-out.xml.j2

@@ -0,0 +1,10 @@
+<policy target="REJECT">
+{% for address in exam_destination_allowed_ipv4 %}
+<rule family="ipv4">
+<destination address="{{ address }}"/>
+<accept/>
+</rule>
+{% endfor %}
+<ingress-zone name="{{ item }}"/>
+<egress-zone name="ANY"/>
+</policy>

roles/lmn_tmpfixes/tasks/main.yml

@@ -8,3 +8,11 @@
     - bookworm.yml
     - cleanup.yml
   when: ansible_distribution_release == "bookworm" 
+
+- name: Set chromium gl-flags fixing AMD graphic issues
+  ansible.builtin.copy:
+    dest: /etc/chromium.d/fvs
+    content: |
+      export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --use-gl=desktop"
+  when: ansible_board_vendor == "LENOVO" and
+    (ansible_board_name == "312D" or ansible_board_name == "312A")

roles/lmn_vm/files/vm-run

@@ -346,11 +346,16 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
     virsh --connect=qemu:///session undefine --nvram "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist"
     #trap exit_script SIGHUP SIGINT SIGTERM
 
-    if id | grep -q teachers; then
+    for dir in teachers examusers staff parents; do
-      NETHOME=/srv/samba/schools/default-school/teachers/$USER
+      if [[ -d "/srv/samba/schools/default-school/${dir}/${USER}" ]]; then
-    else
+        NETHOME="/srv/samba/schools/default-school/${dir}/${USER}"
+	break
+      fi
+    done
+    if [[ -z "${NETHOME+x}" ]]; then
       NETHOME=(/srv/samba/schools/default-school/students/*/"$USER")
     fi
+
     if [[ "${HOME}" != "${NETHOME}" ]]; then
       VMINFO_DIR="${HOME}"
     else

roles/lmn_vm/files/vm-vminfo

@@ -93,9 +93,12 @@ def main():
     vminfo['User'] = environ.get('USER')
     vminfo['Groups'] = get_groups(environ.get('USER'))
 
-    if 'teachers' in vminfo['Groups']:
+    for dir in ['teachers','examusers','staff','parents']:
-        nethome = f"/srv/samba/schools/default-school/teachers/{vminfo['User']}"
+        potential_path = f"/srv/samba/schools/default-school/{dir}/{vminfo['User']}"
-    else:
+        if path.isdir(potential_path):
+            nethome = potential_path
+            break
+    if not nethome:
         result = subprocess.run(['find', '/srv/samba/schools/default-school/students/', '-name', vminfo['User'], '-maxdepth', '2', '-type', 'd'], capture_output=True, text=True, check=False)
         nethome = result.stdout.splitlines()[0]