Fix screen resolution for C157

The error messages were corrupting the contents of the .vminfo.json file.
Error messages are now sent to stderr.

lmn-client.yml

@@ -63,7 +63,7 @@
     - role: lmn_localhome
       when: localhome
     - role: lmn_localuser
-      when: localuser|bool
+      when: localuser
     - role: lmn_exam
       when: exam_mode
     - role: lmn_wlan

roles/custom/fvs/files/lmn-patch-dolphin.sh

@@ -49,7 +49,7 @@ fi
 patch="
 --- a/$file
 +++ b/$file
-@@ -98,9 +98,33 @@
+@@ -98,9 +98,45 @@
      <isSystemItem>true</isSystemItem>
     </metadata>
    </info>
@@ -66,6 +66,18 @@ $HOMEONSERVER
 +    <isSystemItem>true</isSystemItem>
 +   </metadata>
 +  </info>
++ </bookmark>
++ <bookmark href=\"file:///lmn/media/$USER/nextcloud\">
++  <title>Nextcloud</title>
++  <info>
++   <metadata owner=\"http://freedesktop.org\">
++    <bookmark:icon name=\"folder-cloud\"/>
++   </metadata>
++   <metadata owner=\"http://www.kde.org\">
++    <ID>$IDENTITY/${NUM3}</ID>
++    <isSystemItem>true</isSystemItem>
++   </metadata>
++  </info>
 + </bookmark>
   <bookmark href=\"remote:/\">
    <title>Network</title>

roles/custom/fvs/tasks/main.yml

@@ -29,6 +29,7 @@
       - elpa-magit
       - emacs
       - filezilla
+      - freeplane
       - git
       - git-cola
       - gitg
@@ -81,7 +82,7 @@
       - unison-gtk
       - w3m
       - wireshark
-      # - zulucrypt-gui ## no longer in trixie
+      - zulucrypt-gui
     autoremove: true
     state: latest
   environment:
@@ -161,16 +162,6 @@
     dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
     mode: '0644'
 
-- name: Configure default KDE applications
-  ansible.builtin.blockinfile:
-    path: /etc/xdg/mimeapps.list
-    create: true
-    mode: '0644'
-    block: |
-      [Default Applications]
-      x-scheme-handler/http=firefox-esr.desktop;
-      x-scheme-handler/https=firefox-esr.desktop;
-      x-scheme-handler/mailto=thunderbird.desktop;
 
 - name: Configure some KDE aspects
   ansible.builtin.blockinfile:
@@ -179,11 +170,11 @@
     mode: '0644'
     block: |
       [KDE]
-      #SingleClick=false
+      SingleClick=false
 
       [KDE Action Restrictions][$i]
       action/start_new_session=false
-      action/switch_user=false
+      #action/switch_user=false
       #action/lock_screen=false
 
 - name: Start with empty session by default
@@ -229,7 +220,7 @@
   ansible.builtin.blockinfile:
     path: /usr/share/sddm/themes/debian-breeze/Main.qml
     marker: // {mark} ANSIBLE MANAGED BLOCK
-    insertbefore: '^}$'
+    insertbefore: '\s+//Footer'
     block: |
       Text {
          id: hostname

roles/lmn_finish/tasks/main.yaml

@@ -14,7 +14,7 @@
       main non-free-firmware
     state: present
     update_cache: true
-  when: extra_pkgs_bpo | length > 0 or extra_pkgs_bpo1 | length > 0 or extra_pkgs_bpo2 | length > 0
+#  when: extra_pkgs_bpo|length
 
 - name: Install extra packages from backports
   ansible.builtin.apt:
@@ -25,7 +25,6 @@
     - "{{ extra_pkgs_bpo }}"
     - "{{ extra_pkgs_bpo1 }}"
     - "{{ extra_pkgs_bpo2 }}"
-  when: extra_pkgs_bpo | length > 0 or extra_pkgs_bpo1 | length > 0 or extra_pkgs_bpo2 | length > 0
 
 - name: Timestamp successfull run and send up-to-date report
   ansible.builtin.shell:

roles/lmn_kde/defaults/main.yml

@@ -6,7 +6,6 @@ kde_desktop_pkg:
   - calligra
   - codeblocks
   - dia
-  - filius
   - flameshot
   - freecad
   - fritzing
@@ -15,9 +14,8 @@ kde_desktop_pkg:
   - inkscape
   - kde-full
   - keepassxc
-  - kicad
-  - kicad-doc-de
   - librecad
+  - mu-editor
   - openboard
   - qtcreator
   - spyder
@@ -36,5 +34,3 @@ kde_desktop_pkg:
   - xdg-desktop-portal-kde
   - xdg-desktop-portal-wlr # share screen in browser
   - xournalpp
-
-kde_desktop_pkg_bpo: [ ]

roles/lmn_kde/tasks/main.yml

@@ -8,14 +8,19 @@
     repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main non-free-firmware
     state: present
     update_cache: true
-  when: kde_desktop_pkg_bpo | length > 0
 
 - name: Install extra packages from backports
   ansible.builtin.apt:
-    name: "{{ kde_desktop_pkg_bpo }}"
+    name:
+      - filius
+      - kicad
+      - kicad-doc-de
+      - libreoffice
+      - libreoffice-l10n-de
+      - libreoffice-qt5
+    state: latest # noqa package-latest
     autoremove: true
     default_release: "{{ ansible_distribution_release }}-backports"
-  when: kde_desktop_pkg_bpo | length > 0
 
 
 - name: Create akonadi config dir

roles/lmn_localhome/tasks/main.yml

@@ -9,7 +9,7 @@
   ansible.builtin.blockinfile:
     path: /usr/share/sddm/themes/debian-breeze/Main.qml
     marker: // {mark} ANSIBLE MANAGED BLOCK localhome
-    insertbefore: '^}$'
+    insertbefore: '\s+//Footer'
     block: |
       Text {
          id: localhome

roles/lmn_misc/tasks/main.yml

@@ -98,7 +98,7 @@
       export superusers
       password_pbkdf2 root {{ grub_pwd }}
   notify: Run update-grub
-  when: grub_pwd | bool | default(false)
+  when: grub_pwd|default(false)
 
 - name: Allow booting grub menu entries
   ansible.builtin.lineinfile:

roles/lmn_network/tasks/main.yml

@@ -5,14 +5,14 @@
     mode: '0644'
     content: >
       {{ apt_conf }}
-  when: apt_conf | bool | default(false)
+  when: apt_conf|default(false)
 
 - name: Set NTP server
   ansible.builtin.lineinfile:
     path: /etc/systemd/timesyncd.conf
     insertafter: '^#NTP='
     line: NTP={{ ntp_serv }}
-  when: ntp_serv | bool | default(false)
+  when: ntp_serv|default(false)
 
 - name: Add proposed-updates repository
   ansible.builtin.apt_repository:

roles/lmn_printer/tasks/main.yml

@@ -37,7 +37,7 @@
     line: "SystemGroup root lpadmin {{ printer_admin_group }}"
     regexp: '^SystemGroup'
     state: present
-  when: printer_admin_group | length > 0
+  when: printer_admin_group | length
 
 - name: Disable cups-browsed
   ansible.builtin.systemd:

roles/lmn_vm/tasks/main.yml

@@ -18,7 +18,6 @@
       - mktorrent
       - libvirt-daemon-system
       - virt-manager
-      - virt-viewer
       - dialog # for vm-netboot menu
       - python3-impacket
 
@@ -29,6 +28,32 @@
     #     insertafter: '#auth_unix_rw = "polkit"'
     #   notify: reload libvirtd
 
+- name: Configure pam_mount for VM bind mounts
+  ansible.builtin.blockinfile:
+    dest: /etc/security/pam_mount.conf.xml
+    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mounts for VMs) -->"
+    block: |
+      <!-- bind mounts for the VMs, setting gid here does not work -->
+      <volume
+        path="~"
+        mountpoint="/lmn/media/%(USER)/home"
+        options="bind"
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
+      </volume>
+      <volume
+        path="/srv/samba/schools/default-school/share"
+        mountpoint="/lmn/media/%(USER)/share"
+        options="bind"
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
+      </volume>
+      <volume
+        path="/srv/samba/schools/default-school"
+        mountpoint="/lmn/media/%(USER)/school"
+        options="bind"
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
+      </volume>
+    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
+
 - name: Use umount script for proper cleanup
   ansible.builtin.blockinfile:
     dest: /etc/security/pam_mount.conf.xml

roles/lmn_vpn/files/10-lmn-mount.sh

@@ -29,16 +29,19 @@ if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
     umask 0002
     mkdir -p /srv/samba/schools/default-school
     chmod 777  /srv/samba/schools/default-school
+    mkdir -p "/lmn/media/${USERNAME}/share"
 
     mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
           -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=${GROUPID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
 	  echo "after mount" >&2
+    mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share"
     SUDO_USER=$USERNAME /usr/local/bin/install-printers.sh
   elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then
     # FIXME: Only umount server when Wireguard-Connection was the only connection to server.
     # Dirty fix (works only in fvs-IP-Range)
     if ! (ip r s | grep "10.190." | grep -v wg0); then
-      echo "Try to umount server"
+      echo "Try to umount server shares"
+      umount "/lmn/media/${USERNAME}/share"
       umount /srv/samba/schools/default-school
     fi
   fi

roles/lmn_vpn/files/mountserver

@@ -3,6 +3,7 @@ set -eu
 
 exit_script() {
     echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log"
+    findmnt "/lmn/media/${SUDO_USER}/share" && umount "/lmn/media/${SUDO_USER}/share"
     findmnt "/srv/samba/schools/default-school" && umount "/srv/samba/schools/default-school"
     trap - SIGHUP SIGINT SIGTERM # clear the trap
     kill -- -$$ # Sends SIGTERM to child/sub processes
@@ -13,9 +14,11 @@ findmnt /srv/samba/schools/default-school > /dev/null && exit 0
 umask 0002
 mkdir -p /srv/samba/schools/default-school
 chmod 777  /srv/samba/schools/default-school
+mkdir -p "/lmn/media/${SUDO_USER}/share"
 
 mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
       -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
+mount --bind /srv/samba/schools/default-school/share "/lmn/media/${SUDO_USER}/share"
 
 echo "Einbindung erfolgreich!"
 echo "Dieses Fenster bitte nicht schließen!"