# exam_mode

## Description / use cases

**Activating Exam Mode: Functionalities**

When a user logs in with the `-exam` designation, the following functionalities will be activated:

* The `firewalld.service` will start, blocking all incoming traffic. Additionally, it will restrict outgoing traffic to the addresses specified in `exam_destination_allowed_ipv4`, if this variable is set. Communication is permitted with devices listed in `exam_teacherpc_ips`, including the teacher PCs. By default, the IP of the teacher PC is determined by the client's IP, with the last digit in the last octet specified by `exam_teacherpc_last_digit`.

* The home and media directories of `-exam` users will be renamed the following day and removed after a certain period. This is crucial because the `-exam` user will be created anew (with a new user ID) upon the initialization of Exam Mode. Without renaming/deleting the home and media directories, the new `-exam` user would be unable to log in on the same PC, especially on machines with local home configurations.



## Requirements

none

## Example

Per default, all hosts will get `exam_mode`. But we don't want `exam_mode` on teacher devices. In `exam_mode` the Networks `10.0.0.0/24`, `10.0.1.0/24`, `192.168.122.0/24/24` will be reachable.

inventory.yml

```yml
all:
  vars:
    exam_destination_allowed_ipv4:
      - 10.0.0.0/24
      - 10.0.1.0/24
      - 192.168.122.0/24

teacherdevices:
  hosts:
    10.0.14.[1..75]
  vars:
    exam_mode: false
```