## This playbook deploys a KDE teacher's laptop machine for LinuxMuster.
---
- name: apply configuration to the machines
  hosts: all
  remote_user: ansible
  become: yes
  pre_tasks:
    - name: Preseed unattended-upgrades
      debconf:
        name: unattended-upgrades
        question: unattended-upgrades/enable_auto_updates
        value: True
        vtype: boolean

  vars:
    domain: "{{ ansible_domain }}"
    kerberize_uris: steinbeis.schule
    apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/";
    ntp_serv: server.pn.steinbeis.schule
    proxy: http://firewall.pn.steinbeis.schule:3128
    no_proxy: firewall.pn.steinbeis.schule,server.pn.steinbeis.schule,idam.steinbeis.schule,dw.steinbeis.schule,.pn.steinbeis.schule,.steinbeis.schule

    ## PAM mount nextcloud, remove or leave empty to skip:
    web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER)

    ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
    mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/

    rsyncsecret: Muster!
    keys2deploy:
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0 andi@netboot'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM andi@yogi'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7 raphael@uranus'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA raphael@pluto'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy sascha@america'
      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMR4TP7jE+wS7zcH0iUBmlxCbvy9saYeEjonX/0yYfEJ daniel@NB-20-DW'

    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
    grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
    nfs4: false
    extra_pkgs:
      - vim
      - mc
      - tmux
      - krb5-user
      - unattended-upgrades
      - debconf-utils
    extra_pkgs_bpo: [] # [ linux-image-amd64 ]

  roles:
    - lmn_network
    - up2date_debian
    - lmn_sssd
    - lmn_kde
    - lmn_fvs ## school specific customization
#    - lmn_vm
    - kerberize
#    - lmn_security

  tasks:
    - name: enable pam_mkhomedir.so
      lineinfile:
        dest: /etc/pam.d/common-session
        line: "session  optional        pam_mkhomedir.so  umask=0022"
        insertbefore: "# end of pam-auth-update config"
    - name: Fix unattended-upgrades
      ansible.builtin.copy:
        dest: /etc/apt/apt.conf.d/20auto-upgrades
        content: |
          APT::Periodic::Update-Package-Lists "1";
          APT::Periodic::Unattended-Upgrade "1";