---
- name: Install desktop and educational packages
  ansible.builtin.apt:
    name:
      - akonadi-backend-sqlite
      - arduino
      - bluefish
      - calligra
      - codeblocks
      - dia
      - flameshot
      - freecad
      - fritzing
      - ghex
      - gimp
      - inkscape
      - kde-full
      - keepassxc
      - librecad
      - mu-editor
      - openboard
      - qtcreator
      - spyder
      - sqlite3
      - sqlitebrowser
      - task-german-desktop
      - task-german-kde-desktop
      - task-kde-desktop
      - thonny
      - thunderbird-l10n-de
      - vlc
      - vym
      - webext-privacy-badger
      - webext-ublock-origin-chromium
      - webext-ublock-origin-firefox
      - xdg-desktop-portal-kde
      - xdg-desktop-portal-wlr # share screen in browser
      - xournalpp
    autoremove: true
    state: latest

- name: Add backports {{ ansible_distribution_release }}
  ansible.builtin.apt_repository:
    repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main non-free-firmware
    state: present
    update_cache: true

- name: Install extra packages from backports
  ansible.builtin.apt:
    name:
      - filius
      - kicad
      - kicad-doc-de
      - libreoffice
      - libreoffice-l10n-de
      - libreoffice-qt5
    state: latest # noqa package-latest
    autoremove: true
    default_release: "{{ ansible_distribution_release }}-backports"


- name: Create akonadi config dir
  ansible.builtin.file:
    path: /etc/xdg/akonadi/
    state: directory
    mode: '0755'

- name: Use sqlite in akonadi
  ansible.builtin.blockinfile:
    path: /etc/xdg/akonadi/akonadiserverrc
    create: true
    mode: '0644'
    block: |
      [%General]
      Driver=QSQLITE3

## Akonadi complains if not set:
- name: Add home dirs to apparmor
  ansible.builtin.lineinfile:
    dest: /etc/apparmor.d/tunables/home.d/ubuntu
    line: >-
      @{HOMEDIRS}+=/srv/samba/schools/default-school/teachers/
      /srv/samba/schools/default-school/students/*/
      /srv/samba/schools/default-school/examusers/


- name: Tune SDDM login
  ansible.builtin.blockinfile:
    path: /etc/sddm.conf
    create: true
    mode: '0644'
    block: |
      [Users]
      MaximumUid=999
      RememberLastUser=false
      RememberLastSession=false

- name: Enable wake-on-lan for all ethernet connections
  ansible.builtin.copy:
    dest: /etc/NetworkManager/conf.d/wake-on-lan.conf
    mode: '0644'
    content: |
      [connection]
      ethernet.wake-on-lan=64

- name: Prepare directory for apt-daily override
  ansible.builtin.file:
    path: /etc/systemd/system/apt-daily.timer.d/
    recurse: true
    mode: '0755'
    state: directory

- name: Run apt update early to avoid outdated package lists
  ansible.builtin.copy:
    dest: /etc/systemd/system/apt-daily.timer.d/override.conf
    mode: '0644'
    content: |
      [Timer]
      RandomizedDelaySec=30m

- name: Create directory to avoid suspend
  ansible.builtin.file:
    path: /etc/systemd/sleep.conf.d/
    state: directory
    mode: '0755'
  when: "'teacherlaptop' not in group_names"

- name: Avoid suspending
  ansible.builtin.blockinfile:
    path: /etc/systemd/sleep.conf.d/nosuspend.conf
    create: true
    mode: '0644'
    block: |
      [Sleep]
      AllowSuspend=no
      AllowHibernation=no
      AllowSuspendThenHibernate=no
      AllowHybridSleep=no
  when: "'teacherlaptop' not in group_names"

- name: Deploy dolphin script
  ansible.builtin.copy:
    src: lmn-fix-dolphin.sh
    dest: /usr/local/bin/
    mode: '0755'

################# general settings ##################
- name: Enable boot splash screen
  ansible.builtin.replace:
    dest: "/etc/default/grub"
    regexp: '"quiet"$'
    replace: '"quiet splash"'
  notify: Run update-grub

- name: Protect editing grub menu entries
  ansible.builtin.blockinfile:
    path: /etc/grub.d/40_custom
    block: |
      set superusers='root'
      export superusers
      password_pbkdf2 root {{ grub_pwd }}
  notify: Run update-grub

- name: Allow booting grub menu entries
  ansible.builtin.lineinfile:
    dest: /etc/grub.d/10_linux
    line: CLASS="${CLASS} --unrestricted"
    insertafter: '^CLASS=.*'
    firstmatch: true
  notify: Run update-grub

- name: Disable Grub submenus
  ansible.builtin.lineinfile:
    dest: /etc/default/grub
    line: 'GRUB_DISABLE_SUBMENU=true'
    insertafter: '^GRUB_TIMEOUT=.*'
  notify: Run update-grub

- name: Grub timeout
  ansible.builtin.lineinfile:
    dest: /etc/default/grub
    regexp: '^(GRUB_TIMEOUT=).*'
    line: '\g<1>1'
    backrefs: true
  notify: Run update-grub

- name: Keyboard compose key
  ansible.builtin.lineinfile:
    dest: /etc/default/keyboard
    regexp: '^(XKBOPTIONS=).*'
    line: '\1"compose:caps"'
    backrefs: true

- name: Default KDE filepicker
  ansible.builtin.lineinfile:
    path: /etc/environment.d/90lmn-filepicker.conf
    create: true
    mode: '0644'
    line: GTK_USE_PORTAL=1