---
# Requirement: Install firewalld after installing libvirt
- name: Install firewalld packages
  ansible.builtin.apt:
    name:
      - firewalld
  register: result

- name: Stop firewalld-service
  ansible.builtin.systemd:
    name: firewalld
    state: stopped
  when: result.changed # noqa: no-handler

- name: Disable firewalld-service
  ansible.builtin.systemd:
    name: firewalld
    enabled: false

- name: Add virbr0 to libvirt zone
  ansible.posix.firewalld:
    zone: libvirt
    interface: virbr0
    permanent: true
    state: enabled
  when: vm_support is defined and vm_support

- name: Permit access to cups from libvirt
  ansible.posix.firewalld:
    zone: libvirt
    port: 631/tcp
    permanent: true
    state: enabled
  when: vm_support is defined and vm_support # and printing is defined and printing

- name: Permit access to usersquid from libvirt
  ansible.posix.firewalld:
    zone: libvirt
    port: 3128/tcp
    permanent: true
    state: enabled
  when: vm_support is defined and vm_support # and localsquid is defined and localsquid

- name: Copy some scripts
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /usr/local/sbin/
    mode: '0755'
  loop:
    - pam-exec.sh
    - rmexam

- name: Enable login script via pam_exec.so
  ansible.builtin.lineinfile:
    dest: /etc/pam.d/common-session
    line: 'session optional        pam_exec.so /usr/local/sbin/pam-exec.sh'

- name: Provide rmexam services and timers for some scripts
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/etc/systemd/system/{{ item }}"
    mode: '0644'
  loop:
    - rmexam.service
    - rmexam.timer

- name: Enable rmexam.timer
  ansible.builtin.systemd:
    name: rmexam.timer
    enabled: true