---
- name: install desktop EDU packages and some more
  apt:
    name:
      - atftp
      - thunderbird-l10n-de
      - webext-privacy-badger
      - webext-ublock-origin-firefox
      - webext-ublock-origin-chromium
      - emacs
      - elpa-magit
      - elpa-color-theme-modern
      - vlc
      - gimp
      - inkscape
      - flameshot
      - bluefish
      - git
      - gitk
      - gitg
      - wireshark
      - nmap
      - netcat-openbsd
      - net-tools
      - ghex
      - thonny
      - spyder
#      - mu-editor
      - dia
      - vym
      - tree
      - xdg-desktop-portal-kde
      - task-german-kde-desktop
      - task-german-desktop
      - kde-full
      - ttf-mscorefonts-installer
      - sqlite3
      - sqlitebrowser
      - neovim
      - qtcreator
      - freecad
      - librecad
      - arduino
      - kicad
      - keepassxc
      - tmux
      - curl
      - default-jdk
      - pulseview
      - sigrok
      - sigrok-cli
      - codeblocks
    state: latest
  environment:
    http_proxy: http://firewall.pn.steinbeis.schule:3128
    https_proxy: http://firewall.pn.steinbeis.schule:3128

- name: add {{ ansible_distribution_release }}-backports
  apt_repository:
    repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main contrib non-free
    state: present
    update_cache: true
  when: ansible_distribution_release == 'bullseye'

- name: install extra packages from backports
  apt:
    name:
      - libreoffice
      - libreoffice-l10n-de
    state: latest # noqa package-latest
    autoremove: true
    default_release: "{{ ansible_distribution_release }}-backports"
  when: ansible_distribution_release == 'bullseye'

- name: Allow users to dump packets for wireshark
  ansible.builtin.file:
    path: /usr/bin/dumpcap
    mode: '0755'

- name: Add home dirs to apparmor
  lineinfile:
    dest: /etc/apparmor.d/tunables/home.d/ubuntu
    line: >-
      @{HOMEDIRS}+=/srv/samba/schools/default-school/teachers/
      /srv/samba/schools/default-school/students/*/

- name: Create firefox policies directory
  ansible.builtin.file:
    path: /etc/firefox-esr/policies
    state: directory
    mode: '0755'

- name: Create a symbolic link firefox to firefox-esr
  ansible.builtin.file:
    src: /etc/firefox-esr
    dest: /etc/firefox
    state: link


- name: copy policy
  ansible.builtin.copy:
    src: policies.json
    dest: /etc/firefox-esr/policies/

- name: tune SDDM login
  blockinfile:
    path: /etc/sddm.conf
    create: true
    block: |
      [Users]
      MaximumUid=999
      RememberLastUser=false
      RememberLastSession=false

- name: Create directory to avoid suspend
  ansible.builtin.file:
    path: /etc/systemd/sleep.conf.d/
    state: directory
    mode: '0755'

- name: Avoid suspending
  blockinfile:
    path: /etc/systemd/sleep.conf.d/nosuspend.conf
    create: true
    block: |
      [Sleep]
      AllowSuspend=no
      AllowHibernation=no
      AllowSuspendThenHibernate=no
      AllowHybridSleep=no

################# general settings ##################
- name: Protect grub menu entries
  blockinfile:
    path: /etc/grub.d/40_custom
    block: |
      set superusers='root'
      password_pbkdf2 root {{ grub_pwd }}
  notify: update grub

- name: Allow booting default entry
  lineinfile:
    dest: /etc/grub.d/10_linux
    line: CLASS="${CLASS} --unrestricted"
    insertafter: '^CLASS=.*'
    firstmatch: true
  notify: update grub

- name: grub timeout
  lineinfile:
    dest: /etc/default/grub
    regexp: '^(GRUB_TIMEOUT=).*'
    line: '\g<1>1'
    backrefs: yes
  notify: update grub

- name: keyboard compose key
  lineinfile:
    dest: /etc/default/keyboard
    regexp: '^(XKBOPTIONS=).*'
    line: '\1"compose:caps"'
    backrefs: yes