---
- name: Preseed wireshark to allow users sniffing packets
  ansible.builtin.debconf:
    name: wireshark-common
    question: wireshark-common/install-setuid
    value: 'true'
    vtype: boolean

- name: Preseed ttf-mscorefonts-installer
  ansible.builtin.debconf:
    name: ttf-mscorefonts-installer
    question: msttcorefonts/dlurl
    value: "{{ mirror_msfonts }}"
    vtype: string
  when: mirror_msfonts is defined and mirror_msfonts | length > 0


- name: Install desktop EDU packages and some more
  apt:
    name:
      - atftp
      - biber
      - calligraplan
      - cmake  ## for kdevelop
      - codelite
      - codelite-plugins
      - curl
      - elpa-color-theme-modern
      - elpa-magit
      - emacs
      - filezilla
      - freeplane
      - git
      - gitg
      - gitk
      - htop
      - jq
      - jupyter
      - kchmviewer
      - kdevelop
      - kdevelop-php
      - kdevelop-python
      - krita
      - libasound2-dev
      - libnotify-bin ## needed for pwroff script
      - libwayland-dev
      - libxcursor-dev
      - libxi-dev
      - libxinerama-dev
      - libxkbcommon-dev
      - libxrandr-dev
      - links2
      - minder
      - mosquitto-clients
      - neovim
      - net-tools
      - netcat-openbsd
      - nmap
      - okular-extra-backends ## needed for CHM files
      - pdf-presenter-console
      - php-cli
      - pipx
      - planner
      - pulseview
      - python3-paho-mqtt
      - python3-websockets
      - qpdfview
      - shellcheck
      - sigrok
      - sigrok-cli
      - texlive-lang-german
      - texlive-latex-recommended
      - texlive-xetex
      - texstudio
      - tmux
      - tree
      - ttf-mscorefonts-installer
      - twinkle
      - unison-gtk
      - w3m
      - wireshark
      - zulucrypt-gui
    autoremove: true
    state: latest
  environment:
    http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher

- name: Remove update notifications from plasma-discover
  apt:
    name:
      - plasma-discover
    autoremove: true
    state: absent
  when: not (groups.teacherlaptop is defined and inventory_hostname in groups.teacherlaptop)

- name: Make sure wireshark works for all users after installation and upgrades
  ansible.builtin.copy:
    dest: /etc/apt/apt.conf.d/92wireshark4all
    content: |
      ## Modify permissions after installation/upgrade to allow all
      ## users dumping packages on network interfaces for wireshark
      DPkg::Post-Invoke {"/usr/bin/chmod o+x /usr/bin/dumpcap || true"; };


- name: Create firefox policies directory
  ansible.builtin.file:
    path: /etc/firefox-esr/policies
    state: directory
    mode: '0755'

- name: Create a symbolic link firefox to firefox-esr
  ansible.builtin.file:
    src: /etc/firefox-esr
    dest: /etc/firefox
    state: link

- name: Copy firefox policy
  ansible.builtin.copy:
    src: policies.json
    dest: /etc/firefox-esr/policies/

- name: Create chromium policies directory
  ansible.builtin.file:
    path: /etc/chromium/policies/managed
    state: directory
    mode: '0755'

- name: Set chromium proxy-policy to auto_detect
  copy:
    dest: /etc/chromium/policies/managed/proxy.json
    content: |
      {
        "ProxyMode": "auto_detect"
      }

- name: Update all packages unattended
  ansible.builtin.replace:
    path: /etc/apt/apt.conf.d/50unattended-upgrades
    regexp: '^//(\s+"origin=.+-updates";)$'
    replace: '  \1'

- name: Copy some scripts
  copy:
    src: "{{ item }}"
    dest: /usr/local/sbin/
    mode: 0755
  loop:
    - pwroff
    - bootorder.sh
    - reporter

- name: Provide services and timers for some scripts
  copy:
    src: "{{ item }}"
    dest: "/etc/systemd/system/{{ item }}"
    mode: 0644
  loop:
    - pwroff.service
    - pwroff.timer
    - reporter.service
    - reporter.timer
  when: not (groups.teacherlaptop is defined and inventory_hostname in groups.teacherlaptop)

- name: Enable pwroff.timer
  systemd:
    name: "{{ item }}"
    enabled: true
  loop:
    - pwroff.timer
    - reporter.timer
  when: not (groups.teacherlaptop is defined and inventory_hostname in groups.teacherlaptop)

- name: PXE first boot order
  command: /usr/local/sbin/bootorder.sh
  register: cmd_result
  changed_when: cmd_result.stdout is not search('Nothing to do.')
  when: groups.PCroom is defined and inventory_hostname in groups.PCroom

- name: Copy dolphin config scripts
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /usr/local/bin/
    mode: 0755
  loop:
    - lmn-reset-dolphin.sh
    - lmn-patch-dolphin.sh
    - lmn-fixhome-dolphin.sh

- name: Configure KDE dolphin menu
  ansible.builtin.copy:
    src: lmn-dolphin.sh
    dest: /etc/profile.d/


- name: Copy fvs-config.js to configure plasma
  ansible.builtin.copy:
    src: fvs-config.js
    dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
    mode: 0644


- name: Configure some KDE aspects
  blockinfile:
    path: /etc/xdg/kdeglobals
    create: true
    block: |
      [KDE]
      SingleClick=false

      [KDE Action Restrictions][$i]
      action/start_new_session=false
      #action/switch_user=false
      #action/lock_screen=false

- name: Shut down when idle for too long
  ansible.builtin.copy:
    dest: /etc/xdg/powermanagementprofilesrc
    content: |
      [AC][SuspendSession]
      idleTime=7200000
      suspendType=8
  when: not (groups.teacherlaptop is defined and inventory_hostname in groups.teacherlaptop)

- name: Start with empty session by default
  ansible.builtin.copy:
    dest: /etc/xdg/ksmserverrc
    content: |
      [General]
      loginMode=emptySession

- name: Fix primary screen for class room PCs with projector
  block:
    - name: Set primary screen for login
      blockinfile:
        path: /usr/share/sddm/scripts/Xsetup
        block: |
          xrandr --output {{ dual_screen[0] }} --primary
      when: dual_screen is defined
    - name: Deploy fix-screen script
      ansible.builtin.template:
        src: lmn-fix-screen.j2
        dest: /usr/local/bin/lmn-fix-screen
        mode: '0755'
    - name: Deploy fix-screen autostarter
      ansible.builtin.copy:
        dest: /etc/xdg/autostart/lmn-fix-screen.desktop
        content: |
          [Desktop Entry]
          Name=fix-screen
          Exec=lmn-fix-screen
          Type=Application
          NoDisplay=true
  when: groups.CloneScreen is defined and inventory_hostname in groups.CloneScreen

#- name: Avoid starting kscreen (confusing autodetection)
#  ansible.builtin.copy:
#    dest: /etc/xdg/kded5rc
#    content: |
#      [Module-kscreen]
#      autoload=false
#
#- name: Disable automatic lock screen and user specific modifications
#  ansible.builtin.copy:
#    path: /etc/xdg/kscreenlockerrc
#    content: |
#      [Daemon][$i]
#      Autolock=false
#      LockOnResume=false
#

- name: Download libdvdcss from mirror
  ansible.builtin.get_url:
    url: "{{ mirror_dvdcss }}/libdvdcss.so.2.2.0"
    dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2.2.0
    use_proxy: False
  when: mirror_dvdcss is defined and mirror_dvdcss | length > 0

- name: Link library so name
  ansible.builtin.file:
    src: libdvdcss.so.2.2.0
    dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2
    state: link
  when: mirror_dvdcss is defined and mirror_dvdcss | length > 0

- name: Patch sddm login screen to show hostname
  blockinfile:
    path: /usr/share/sddm/themes/debian-breeze/Main.qml
    marker: // {mark} ANSIBLE MANAGED BLOCK
    insertbefore: '\s+//Footer'
    block: |
      Text {
         id: hostname
         anchors.top: parent.top
         anchors.right: parent.right
         anchors.topMargin: 10
         anchors.rightMargin: 15
         color: "#ffffff"
         text: sddm.hostName + " | <{{ ansible_date_time['date'] }}>"
         font.pointSize: config.fontSize
      }