---
- name: Remove disturbing NetworkManager connection
  ansible.builtin.include_tasks:
    file: "{{ taskfile }}"
  loop_control:
     loop_var: taskfile
  loop:
    - bookworm.yml
    - cleanup.yml
  when: ansible_distribution_release == "bookworm" 

- name: Set chromium gl-flags fixing AMD graphic issues
  ansible.builtin.copy:
    dest: /etc/chromium.d/fvs
    content: |
      export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --use-gl=desktop"
  when: ansible_board_vendor == "LENOVO" and
    (ansible_board_name == "312D" or ansible_board_name == "312A")

- name: Fix 8086:4909 external graphics card
  ansible.builtin.replace:
    dest: "/etc/default/grub"
    regexp: 'GRUB_CMDLINE_LINUX=""$'
    replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
  notify: Run update-grub
  when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"

- name: Remove calligra
  ansible.builtin.apt:
    name:
      - calligra
    state: absent
    purge: true
    autoremove: true

# CVE-2026-31431 https://copy.fail/#mitigation
- name: Create modprobe config to disable algif_aead
  ansible.builtin.lineinfile:
    path: /etc/modprobe.d/disable-algif.conf
    line: "install algif_aead /bin/false"
    create: true
    mode: '0644'

- name: Remove algif_aead module if loaded
  community.general.modprobe:
    name: algif_aead
    state: absent

- name: Set VM permissions
  ansible.builtin.command: chmod -R o+r /lmn/vm