---
- name: Install desktop and educational packages
  apt:
    name:
      - akonadi-backend-sqlite
      - arduino
      - bluefish
      - calligra
      - codeblocks
      - dia
      - flameshot
      - freecad
      - fritzing
      - ghex
      - gimp
      - inkscape
      - kde-full
      - keepassxc
      - librecad
      - mu-editor
      - openboard
      - qtcreator
      - spyder
      - sqlite3
      - sqlitebrowser
      - task-german-desktop
      - task-german-kde-desktop
      - task-kde-desktop
      - thonny
      - thunderbird-l10n-de
      - vlc
      - vym
      - webext-privacy-badger
      - webext-ublock-origin-chromium
      - webext-ublock-origin-firefox
      - xdg-desktop-portal-kde
      - xdg-desktop-portal-wlr # share screen in browser
      - xournalpp
    autoremove: true
    state: latest

- name: Add {{ ansible_distribution_release }}-backports
  apt_repository:
    repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main non-free-firmware
    state: present
    update_cache: true

- name: Install extra packages from backports
  apt:
    name:
      - filius
      - kicad
      - kicad-doc-de
      - libreoffice
      - libreoffice-l10n-de
    state: latest # noqa package-latest
    autoremove: true
    default_release: "{{ ansible_distribution_release }}-backports"


- name: Create akonadi config dir
  ansible.builtin.file:
    path: /etc/xdg/akonadi/
    state: directory
    mode: '0755'

- name: Use sqlite in akonadi
  blockinfile:
    path: /etc/xdg/akonadi/akonadiserverrc
    create: true
    block: |
      [%General]
      Driver=QSQLITE3


- name: Add home dirs to apparmor
  lineinfile:
    dest: /etc/apparmor.d/tunables/home.d/ubuntu
    line: >-
      @{HOMEDIRS}+=/srv/samba/schools/default-school/teachers/
      /srv/samba/schools/default-school/students/*/


- name: tune SDDM login
  blockinfile:
    path: /etc/sddm.conf
    create: true
    block: |
      [Users]
      MaximumUid=999
      RememberLastUser=false
      RememberLastSession=false


- name: Create directory to avoid suspend
  ansible.builtin.file:
    path: /etc/systemd/sleep.conf.d/
    state: directory
    mode: '0755'

- name: Avoid suspending
  blockinfile:
    path: /etc/systemd/sleep.conf.d/nosuspend.conf
    create: true
    block: |
      [Sleep]
      AllowSuspend=no
      AllowHibernation=no
      AllowSuspendThenHibernate=no
      AllowHybridSleep=no


################# general settings ##################
- name: Enable boot splash screen
  replace:
    dest: "/etc/default/grub"
    regexp: '"quiet"$'
    replace: '"quiet splash"'
  notify: Run update-grub

- name: Protect grub menu entries
  blockinfile:
    path: /etc/grub.d/40_custom
    block: |
      set superusers='root'
      password_pbkdf2 root {{ grub_pwd }}
  notify: Run update-grub

- name: Allow booting default entry
  lineinfile:
    dest: /etc/grub.d/10_linux
    line: CLASS="${CLASS} --unrestricted"
    insertafter: '^CLASS=.*'
    firstmatch: true
  notify: Run update-grub

- name: Grub timeout
  lineinfile:
    dest: /etc/default/grub
    regexp: '^(GRUB_TIMEOUT=).*'
    line: '\g<1>3'
    backrefs: yes
  notify: Run update-grub

- name: Keyboard compose key
  lineinfile:
    dest: /etc/default/keyboard
    regexp: '^(XKBOPTIONS=).*'
    line: '\1"compose:caps"'
    backrefs: yes