Add hosts to inventory

Provide a skript to delete VM disks in /lmn/vm
Due to new media tables, change the default audio output for some PCs
2025-12-04 08:13:29 +01:00 · 2025-11-27 17:02:12 +01:00 · 2025-11-27 15:51:32 +01:00 · 2025-11-27 15:40:16 +01:00 · 2025-11-27 15:26:32 +01:00 · 2025-11-17 12:35:08 +01:00
17 changed files with 738 additions and 714 deletions
--- a/inventory.yml
+++ b/inventory.yml
--- a/lmn-client.yml
+++ b/lmn-client.yml
@ -63,7 +63,7 @@
    - role: lmn_localhome
      when: localhome
    - role: lmn_localuser
-      when: localuser|bool
+      when: localuser
    - role: lmn_exam
      when: exam_mode
    - role: lmn_wlan
--- a/roles/custom/fvs/files/lmn-patch-dolphin.sh
+++ b/roles/custom/fvs/files/lmn-patch-dolphin.sh
@ -49,7 +49,7 @@ fi
 patch="
 --- a/$file
 +++ b/$file
-@@ -98,9 +98,33 @@
+@@ -98,9 +98,45 @@
     <isSystemItem>true</isSystemItem>
    </metadata>
   </info>
@ -66,6 +66,18 @@ $HOMEONSERVER
 +    <isSystemItem>true</isSystemItem>
 +   </metadata>
 +  </info>
 + </bookmark>
 + <bookmark href=\"file:///lmn/media/$USER/nextcloud\">
 +  <title>Nextcloud</title>
 +  <info>
 +   <metadata owner=\"http://freedesktop.org\">
 +    <bookmark:icon name=\"folder-cloud\"/>
 +   </metadata>
 +   <metadata owner=\"http://www.kde.org\">
 +    <ID>$IDENTITY/${NUM3}</ID>
 +    <isSystemItem>true</isSystemItem>
 +   </metadata>
 +  </info>
 + </bookmark>
  <bookmark href=\"remote:/\">
   <title>Network</title>
--- a/roles/custom/fvs/tasks/main.yml
+++ b/roles/custom/fvs/tasks/main.yml
@ -29,6 +29,7 @@
      - elpa-magit
      - emacs
      - filezilla
      - freeplane
      - git
      - git-cola
      - gitg
@ -82,7 +83,7 @@
      - unison-gtk
      - w3m
      - wireshark
-      # - zulucrypt-gui ## no longer in trixie
+      - zulucrypt-gui
    autoremove: true
    state: latest
  environment:
@ -162,16 +163,6 @@
    dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
    mode: '0644'
 - name: Configure default KDE applications
  ansible.builtin.blockinfile:
    path: /etc/xdg/mimeapps.list
    create: true
    mode: '0644'
    block: |
      [Default Applications]
      x-scheme-handler/http=firefox-esr.desktop;
      x-scheme-handler/https=firefox-esr.desktop;
      x-scheme-handler/mailto=thunderbird.desktop;
 - name: Configure some KDE aspects
  ansible.builtin.blockinfile:
@ -180,11 +171,11 @@
    mode: '0644'
    block: |
      [KDE]
-      #SingleClick=false
+      SingleClick=false
      [KDE Action Restrictions][$i]
      action/start_new_session=false
-      action/switch_user=false
+      #action/switch_user=false
      #action/lock_screen=false
 - name: Start with empty session by default
@ -230,7 +221,7 @@
  ansible.builtin.blockinfile:
    path: /usr/share/sddm/themes/debian-breeze/Main.qml
    marker: // {mark} ANSIBLE MANAGED BLOCK
-    insertbefore: '^}$'
+    insertbefore: '\s+//Footer'
    block: |
      Text {
         id: hostname
--- a/roles/lmn_finish/tasks/main.yaml
+++ b/roles/lmn_finish/tasks/main.yaml
@ -14,7 +14,7 @@
      main non-free-firmware
    state: present
    update_cache: true
-  when: extra_pkgs_bpo | length > 0 or extra_pkgs_bpo1 | length > 0 or extra_pkgs_bpo2 | length > 0
+#  when: extra_pkgs_bpo|length
 - name: Install extra packages from backports
  ansible.builtin.apt:
@ -25,7 +25,6 @@
    - "{{ extra_pkgs_bpo }}"
    - "{{ extra_pkgs_bpo1 }}"
    - "{{ extra_pkgs_bpo2 }}"
  when: extra_pkgs_bpo | length > 0 or extra_pkgs_bpo1 | length > 0 or extra_pkgs_bpo2 | length > 0
 - name: Timestamp successfull run and send up-to-date report
  ansible.builtin.shell:
--- a/roles/lmn_kde/defaults/main.yml
+++ b/roles/lmn_kde/defaults/main.yml
@ -6,7 +6,6 @@ kde_desktop_pkg:
  - calligra
  - codeblocks
  - dia
  - filius
  - flameshot
  - freecad
  - fritzing
@ -15,9 +14,8 @@ kde_desktop_pkg:
  - inkscape
  - kde-full
  - keepassxc
  - kicad
  - kicad-doc-de
  - librecad
  - mu-editor
  - openboard
  - qtcreator
  - spyder
@ -36,5 +34,3 @@ kde_desktop_pkg:
  - xdg-desktop-portal-kde
  - xdg-desktop-portal-wlr # share screen in browser
  - xournalpp
 kde_desktop_pkg_bpo: [ ]
--- a/roles/lmn_kde/tasks/main.yml
+++ b/roles/lmn_kde/tasks/main.yml
@ -8,14 +8,19 @@
    repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main non-free-firmware
    state: present
    update_cache: true
  when: kde_desktop_pkg_bpo | length > 0
 - name: Install extra packages from backports
  ansible.builtin.apt:
-    name: "{{ kde_desktop_pkg_bpo }}"
+    name:
      - filius
      - kicad
      - kicad-doc-de
      - libreoffice
      - libreoffice-l10n-de
      - libreoffice-qt5
    state: latest # noqa package-latest
    autoremove: true
    default_release: "{{ ansible_distribution_release }}-backports"
  when: kde_desktop_pkg_bpo | length > 0
 - name: Create akonadi config dir
--- a/roles/lmn_localhome/tasks/main.yml
+++ b/roles/lmn_localhome/tasks/main.yml
@ -9,7 +9,7 @@
  ansible.builtin.blockinfile:
    path: /usr/share/sddm/themes/debian-breeze/Main.qml
    marker: // {mark} ANSIBLE MANAGED BLOCK localhome
-    insertbefore: '^}$'
+    insertbefore: '\s+//Footer'
    block: |
      Text {
         id: localhome
--- a/roles/lmn_misc/files/bootorder.sh
+++ b/roles/lmn_misc/files/bootorder.sh
@ -5,11 +5,11 @@
 set -eu
 cur="$(efibootmgr | grep -Ei 'BootOrder:' | \
-                    sed -E 's/^BootOrder: ([[:xdigit:]]{4}),.+$/\1/')"
+		     sed -E 's/^BootOrder: ([[:xdigit:]]{4}),.+$/\1/')"
-pxeip4="$(efibootmgr | grep -Ei "IP.{0,5}4" | \
+pxeip4="$(efibootmgr | grep -Ei "IP.*4" | \
-                    sed -E 's/^Boot([[:xdigit:]]{4}).+$/\1/' | paste -sd, -)"
+		     sed -E 's/^Boot([[:xdigit:]]{4}).+$/\1/')"
 debian="$(efibootmgr | grep -Ei "debian" | \
-                    sed -E 's/^Boot([[:xdigit:]]{4}).+$/\1/' | paste -sd, -)"
+		     sed -E 's/^Boot([[:xdigit:]]{4}).+$/\1/')"
 if [[ "$cur" != "$pxeip4" ]] && [[ -n "$pxeip4" ]] && [[ -n "$debian" ]] ; then
    efibootmgr -o $pxeip4,$debian
--- a/roles/lmn_misc/tasks/main.yml
+++ b/roles/lmn_misc/tasks/main.yml
@ -98,7 +98,7 @@
      export superusers
      password_pbkdf2 root {{ grub_pwd }}
  notify: Run update-grub
-  when: grub_pwd | bool | default(false)
+  when: grub_pwd|default(false)
 - name: Allow booting grub menu entries
  ansible.builtin.lineinfile:
--- a/roles/lmn_network/tasks/main.yml
+++ b/roles/lmn_network/tasks/main.yml
@ -5,14 +5,14 @@
    mode: '0644'
    content: >
      {{ apt_conf }}
-  when: apt_conf | bool | default(false)
+  when: apt_conf|default(false)
 - name: Set NTP server
  ansible.builtin.lineinfile:
    path: /etc/systemd/timesyncd.conf
    insertafter: '^#NTP='
    line: NTP={{ ntp_serv }}
-  when: ntp_serv | bool | default(false)
+  when: ntp_serv|default(false)
 - name: Add proposed-updates repository
  ansible.builtin.apt_repository:
--- a/roles/lmn_printer/tasks/main.yml
+++ b/roles/lmn_printer/tasks/main.yml
@ -37,7 +37,7 @@
    line: "SystemGroup root lpadmin {{ printer_admin_group }}"
    regexp: '^SystemGroup'
    state: present
-  when: printer_admin_group | length > 0
+  when: printer_admin_group | length
 - name: Disable cups-browsed
  ansible.builtin.systemd:
--- a/roles/lmn_sssd/templates/sssd.conf.j2
+++ b/roles/lmn_sssd/templates/sssd.conf.j2
@ -9,7 +9,9 @@ ad_domain = {{ domain }}
 id_provider = ad
 access_provider = ad
 use_fully_qualified_names = False
 {% if localhome is defined and localhome %}
 cache_credentials = True
 {% endif %}
 krb5_store_password_if_offline = True
 default_shell = /usr/bin/bash
 # default: # ldap_id_mapping = True
--- a/roles/lmn_tmpfixes/tasks/main.yml
+++ b/roles/lmn_tmpfixes/tasks/main.yml
@ -8,11 +8,3 @@
    - bookworm.yml
    - cleanup.yml
  when: ansible_distribution_release == "bookworm" 
 - name: Set chromium gl-flags fixing AMD graphic issues
  ansible.builtin.copy:
    dest: /etc/chromium.d/fvs
    content: |
      export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --use-gl=desktop"
  when: ansible_board_vendor == "LENOVO" and
    (ansible_board_name == "312D" or ansible_board_name == "312A")
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@ -18,7 +18,6 @@
      - mktorrent
      - libvirt-daemon-system
      - virt-manager
      - virt-viewer
      - dialog # for vm-netboot menu
      - python3-impacket
@ -29,6 +28,32 @@
    #     insertafter: '#auth_unix_rw = "polkit"'
    #   notify: reload libvirtd
 - name: Configure pam_mount for VM bind mounts
  ansible.builtin.blockinfile:
    dest: /etc/security/pam_mount.conf.xml
    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mounts for VMs) -->"
    block: |
      <!-- bind mounts for the VMs, setting gid here does not work -->
      <volume
        path="~"
        mountpoint="/lmn/media/%(USER)/home"
        options="bind"
        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
      </volume>
      <volume
        path="/srv/samba/schools/default-school/share"
        mountpoint="/lmn/media/%(USER)/share"
        options="bind"
        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
      </volume>
      <volume
        path="/srv/samba/schools/default-school"
        mountpoint="/lmn/media/%(USER)/school"
        options="bind"
        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
      </volume>
    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
 - name: Use umount script for proper cleanup
  ansible.builtin.blockinfile:
    dest: /etc/security/pam_mount.conf.xml
--- a/roles/lmn_vpn/files/10-lmn-mount.sh
+++ b/roles/lmn_vpn/files/10-lmn-mount.sh
@ -29,16 +29,19 @@ if [[ "$CONNECTION_ID" = "VPN-Schule" ]]; then
    umask 0002
    mkdir -p /srv/samba/schools/default-school
    chmod 777  /srv/samba/schools/default-school
    mkdir -p "/lmn/media/${USERNAME}/share"
    mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
          -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=${GROUPID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
 	  echo "after mount" >&2
    mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share"
    SUDO_USER=$USERNAME /usr/local/bin/install-printers.sh
  elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then
    # FIXME: Only umount server when Wireguard-Connection was the only connection to server.
    # Dirty fix (works only in fvs-IP-Range)
    if ! (ip r s | grep "10.190." | grep -v wg0); then
-      echo "Try to umount server"
+      echo "Try to umount server shares"
      umount "/lmn/media/${USERNAME}/share"
      umount /srv/samba/schools/default-school
    fi
  fi
--- a/roles/lmn_vpn/files/mountserver
+++ b/roles/lmn_vpn/files/mountserver
@ -3,6 +3,7 @@ set -eu
 exit_script() {
    echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log"
    findmnt "/lmn/media/${SUDO_USER}/share" && umount "/lmn/media/${SUDO_USER}/share"
    findmnt "/srv/samba/schools/default-school" && umount "/srv/samba/schools/default-school"
    trap - SIGHUP SIGINT SIGTERM # clear the trap
    kill -- -$$ # Sends SIGTERM to child/sub processes
@ -13,9 +14,11 @@ findmnt /srv/samba/schools/default-school > /dev/null && exit 0
 umask 0002
 mkdir -p /srv/samba/schools/default-school
 chmod 777  /srv/samba/schools/default-school
 mkdir -p "/lmn/media/${SUDO_USER}/share"
 mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
      -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
 mount --bind /srv/samba/schools/default-school/share "/lmn/media/${SUDO_USER}/share"
 echo "Einbindung erfolgreich!"
 echo "Dieses Fenster bitte nicht schließen!"
Author	SHA1	Message	Date
Raphael Dannecker	b9985102a8	Add hosts to inventory	2025-12-04 08:13:29 +01:00
Raphael Dannecker	110ff5efda	Provide a skript to delete VM disks in /lmn/vm	2025-11-27 17:02:12 +01:00
Raphael Dannecker	ae04c0f8f4	Due to new media tables, change the default audio output for some PCs	2025-11-27 15:51:32 +01:00
Raphael Dannecker	b894ee77e5	Add package libsqlite3-dev (required for teaching purposes)	2025-11-27 15:40:16 +01:00
Raphael Dannecker	1e57d3c126	Update browser bookmarks (webuntis)	2025-11-27 15:26:32 +01:00
Andreas B. Mundt	9adac239e9	Fix type=user VMs	2025-11-17 12:35:08 +01:00
Andreas B. Mundt	32ddf04fb0	Fixes for trixie livebox images (dracut)	2025-11-17 12:24:27 +01:00
Raphael Dannecker	17ad6c5e1a	Prevent login without krb5-ticket on non localhome machines	2025-11-17 12:20:55 +01:00
Raphael Dannecker	71d2ddbb38	Fix screen resolution for C157	2025-10-07 10:32:50 +02:00
Raphael Dannecker	1d7001a505	Implement timeout for krb5 ticket retrieval during VPN connections	2025-10-06 13:11:04 +02:00
Raphael Dannecker	8ab0fe6f79	Restrict outbound traffic in exam mode for c051 devices	2025-10-02 08:50:44 +02:00
Raphael Dannecker	cf6b320f40	Add more links to firefox bookmarks	2025-09-29 12:36:54 +02:00
Raphael Dannecker	04cc3d3e0c	Force vminfo.service to run on every vm start	2025-09-29 12:35:23 +02:00
Raphael Dannecker	7ddc8cc12f	Due to new media tables, the audio output on some devices has changed	2025-09-22 13:23:34 +02:00
Raphael Dannecker	a78c04d098	No longer output error messages from the vminfo script to stdout The error messages were corrupting the contents of the .vminfo.json file. Error messages are now sent to stderr.	2025-09-22 13:17:57 +02:00
Raphael Dannecker	673449026e	Fix home directory for localhomes in vminfo.service	2025-09-10 13:02:30 +02:00
Raphael Dannecker	fda7475484	Force use of /lmn/media/USER share for legacy VMs - Introduced VMLEGACY environment variable to ensure that old VMs utilize the legacy media share located at /lmn/media/USER. - This change is aimed at maintaining compatibility with older virtual machines that rely on the previous media share structure.	2025-07-09 10:45:24 +02:00
Raphael Dannecker	2cc80a0946	Sync desktop starters from fileserver instead of server	2025-07-02 14:30:00 +02:00
Raphael Dannecker	2e6996c75b	Configure SSSD for hourly ticket lifetime checks and renewal	2025-07-02 14:29:24 +02:00
Raphael Dannecker	8471e34b0f	Refactor VM volume mounting - Replace bind-mounts on /lmn/media/$USER with separate mounting for Home and Share SMB shares in the VM. - Update vm-run to start virtiofsd with /lmn/media/$USER (/home/$USER on localhome machines). - Use vm-vminfo to generate a JSON file containing user information, including Username, Groups, printer list krb5-ticket and some more - Configure vminfo.service (systemd-timer) to periodically call vm-vminfo. - Ensure krb5-ticket (TGT) is injected into the Windows VM. - Mount SMB-Home and SMB-Share shares as part of the new structure.	2025-07-02 14:28:58 +02:00
Raphael Dannecker	48ce882c16	Prevents the `--options` option in `vm-run` from interfering with other options	2025-06-05 12:43:22 +02:00
Raphael Dannecker	0a7fd9369c	Allow multiple macvtap-VMs to use the same MAC address	2025-06-04 11:08:00 +02:00
Raphael Dannecker	253b5247d8	Configure display resolution / audio out for specific clients	2025-05-14 12:39:43 +02:00