## This playbook deploys a FvS KDE desktop machine for LinuxMuster.
---
- name: apply configuration to the machines
  hosts: all
  remote_user: ansible
  become: yes
  pre_tasks:
    - pause:
        prompt: "Enter global-admin active directory password, leave empty to skip domain join"
        minutes: 5
        echo: false
      register: adpw
      no_log: true
      when: "ansible_cmdline.adpw is not defined"
    - name: preseed apparmor
      debconf:
        name: apparmor
        question: apparmor/homedirs
        value: >-
          /srv/samba/schools/default-school/teachers/
          /srv/samba/schools/default-school/students/*/
        vtype: string

  vars:
    domain: "{{ ansible_domain }}"
    kerberize_uris: steinbeis.schule
    rsyncsecret: Muster!
    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
    grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
    nfs4: false
    extra_pkgs:
      - vim
      - mc
      - tmux
      - console-setup
      - krb5-user
      - unattended-upgrades
      - debconf-utils
      - ctorrent
    extra_pkgs_bpo: [] # [ linux-image-amd64 ]
    ansible_python_interpreter: "/usr/bin/python3"

  roles:
    - lmn_network
    - up2date_debian
    - lmn_sssd
    - lmn_mount
    - lmn_kde
    - lmn_vm
    - kerberize

  tasks:
    - name: Add local user 'virti' in the 'libvirt' group
      ansible.builtin.user:
        name: virti
        password: $y$j9T$DuSvAO63v5LvoJmJ1rB0B0$D4tovIz79AdLHs5I6tYa7rxr3SWknQeUFvGaaKvUpo3
        comment: Libvirt VM User,,,
        shell: /bin/bash
        groups: libvirt
        append: yes
      when: false

    - name: Fix 8086:4909 external graphics card
      replace:
        dest: "/etc/default/grub"
        regexp: 'GRUB_CMDLINE_LINUX=""$'
        replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
      notify: Run update-grub
      when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"

    - name: Fix sound on 312A
      replace:
        dest: "/etc/default/grub"
        regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
        replace: 'GRUB_CMDLINE_LINUX=""'
      notify: Run update-grub
      when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"

    - name: Fix sound on 312A and 312D
      apt:
        name: firmware-sof-signed
        state: latest
      environment:
        http_proxy: http://firewall.pn.steinbeis.schule:3128
        https_proxy: http://firewall.pn.steinbeis.schule:3128
      when: >
        ansible_board_vendor == "LENOVO" and
        (ansible_board_name == "312D" or ansible_board_name == "312A")

## bullseye fixes:
    - name: add bookworm firmware repository if needed
      apt_repository:
        repo: deb http://deb.debian.org/debian/ bookworm non-free-firmware
        state: present
        update_cache: true
      when: >
        ansible_board_vendor == "LENOVO" and
        ansible_board_name == "32CB" and
        ansible_distribution_release == "bullseye"

    - name: upgrade non-free-firmware packages
      apt:
        upgrade: true
        autoremove: true
        autoclean: true
      when: >
        ansible_board_vendor == "LENOVO" and
        ansible_board_name == "32CB" and
        ansible_distribution_release == "bullseye"