---
- name: Install additional teacherlaptop packages
  ansible.builtin.apt:
    name:
      - plasma-discover
      - wireguard
      - nextcloud-desktop
      - dolphin-nextcloud
        # - krb5-auth-dialog
    state: latest # noqa package-latest

- name: Copy polkit rule to allow install packages by role-teacher
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /etc/polkit-1/rules.d/
    mode: "0644"
  loop:
    - lmn-packagekit.rules
    - lmn-networkmanager.rules

- name: Copy mountserver script to /usr/local/bin
  ansible.builtin.copy:
    src: mountserver
    dest: /usr/local/bin/
    mode: "0755"

- name: Copy NetworkManager dispatcher-script (10-lmn-mount.sh)
  ansible.builtin.copy:
    src: 10-lmn-mount.sh
    dest: /etc/NetworkManager/dispatcher.d/
    mode: "0755"

- name: Create link to dispatcher-script (10-lmn-mount.sh)
  ansible.builtin.file:
    src: ../10-lmn-mount.sh
    dest: /etc/NetworkManager/dispatcher.d/pre-down.d/10-lmn-mount.sh
    state: link

- name: Deploy sudo configurations (apt for role-teacher)
  ansible.builtin.copy:
    dest: /etc/sudoers.d/90-lmn-teacherlaptop
    owner: root
    group: root
    mode: '0700'
    content: |
      %role-teacher ALL=(root) NOPASSWD: /usr/bin/apt
      %role-teacher ALL=(root) NOPASSWD: /usr/sbin/cryptsetup
      %role-teacher ALL=(root) NOPASSWD: /usr/local/bin/mountserver

- name: Configure Wireguard
  ansible.builtin.include_tasks: wg_config.yml
  tags:
    - never
    - wgconfig