170 lines
5.3 KiB
YAML
170 lines
5.3 KiB
YAML
---
|
|
# clean up stuff from obsolete/faulty tasks:
|
|
- name: Remove sddm login screen patch with deprecated marker (homeondisk)
|
|
ansible.builtin.blockinfile:
|
|
path: /usr/share/sddm/themes/debian-breeze/Main.qml
|
|
marker: // {mark} ANSIBLE MANAGED BLOCK homeondisk
|
|
state: absent
|
|
|
|
- name: Remove packages we do not need anymore
|
|
ansible.builtin.apt:
|
|
name:
|
|
- cachefilesd
|
|
- mosquitto
|
|
state: absent
|
|
purge: true
|
|
|
|
- name: Remove virtiofs service
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/system/virtiofs@.service
|
|
state: absent
|
|
|
|
- name: Fix mount point permissions and owner
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
mode: '0755'
|
|
owner: root
|
|
group: root
|
|
loop:
|
|
- /srv/samba
|
|
- /srv/samba/schools
|
|
|
|
- name: Remove pam_mount sysvol mount
|
|
ansible.builtin.blockinfile:
|
|
dest: /etc/security/pam_mount.conf.xml
|
|
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (SysVol) -->"
|
|
block: |
|
|
<volume
|
|
fstype="cifs"
|
|
server="{{ smb_server }}"
|
|
path="sysvol/"
|
|
mountpoint="/srv/samba/%(USER)/sysvol"
|
|
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
|
|
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
|
|
</volume>
|
|
state: absent
|
|
|
|
- name: Remove pam_mount for VM bind mounts
|
|
ansible.builtin.blockinfile:
|
|
dest: /etc/security/pam_mount.conf.xml
|
|
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mount school for VMs) -->"
|
|
state: absent
|
|
|
|
- name: Check if rmlpr.timer is installed
|
|
ansible.builtin.stat:
|
|
path: /etc/systemd/system/rmlpr.timer
|
|
register: rmlpr
|
|
|
|
- name: Disable rmlpr.timer
|
|
ansible.builtin.systemd:
|
|
name: rmlpr.timer
|
|
enabled: false
|
|
when: rmlpr.stat.exists
|
|
|
|
- name: Check if vmimage-torrent.service is installed
|
|
ansible.builtin.stat:
|
|
path: /etc/systemd/system/vmimage-torrent.service
|
|
register: vmimagetorrent
|
|
|
|
- name: Disable vmimage-torrent.service
|
|
ansible.builtin.systemd:
|
|
name: vmimage-torrent.service
|
|
enabled: false
|
|
when: vmimagetorrent.stat.exists
|
|
|
|
- name: Remove deprecated files and directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /etc/linuxmuster-linuxclient7
|
|
- /usr/lib/python3/dist-packages/linuxmusterLinuxclient7
|
|
- /usr/share/linuxmuster-linuxclient7
|
|
- /usr/local/bin/onLogin
|
|
- /etc/sudoers.d/90-lmn-sudotools
|
|
- /etc/systemd/system/rmlpr.service
|
|
- /etc/systemd/system/rmlpr.timer
|
|
- /usr/local/bin/sync-vm.sh
|
|
- /usr/local/bin/run-vm.sh
|
|
- /usr/local/bin/rebase-vm.sh
|
|
- /usr/local/bin/create-vm.sh
|
|
- /usr/local/bin/upload-vm.sh
|
|
- /usr/local/bin/vmimage-torrent
|
|
- /etc/systemd/system/vmimage-torrent.service
|
|
- /usr/local/bin/linbo-torrenthelper.sh
|
|
- /usr/local/bin/link-images.sh
|
|
- /usr/local/bin/start-virtiofsd.sh
|
|
- /etc/sudoers.d/90-lmn-upload-vm
|
|
- /etc/sudoers.d/90-lmn-sync-vm
|
|
- /etc/sudoers.d/90-lmn-startvirtiofsd
|
|
- /etc/sudoers.d/90-lmn-link-images
|
|
- /etc/rsync.secret
|
|
- /etc/systemd/network/30-virbr1.netdev
|
|
- /etc/systemd/network/30-virbr2.netdev
|
|
- /etc/systemd/network/40-ethernet.network
|
|
- /etc/systemd/network/40-ethernet-usb.network
|
|
- /etc/systemd/network/50-virbr1.network
|
|
- /etc/systemd/network/50-virbr2.network
|
|
- /etc/systemd/network/60-wlan0-dhcp.network
|
|
- /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
|
|
- /etc/tmpfiles.d/clean-exam.conf
|
|
- /etc/polkit-1/rules.d/lmn-networkmanager.rules
|
|
- /etc/polkit-1/rules.d/lmn-packagekit.rules
|
|
|
|
- name: Check if vm_usage_information.txt exists
|
|
ansible.builtin.stat:
|
|
path: /lmn/vm/vm_usage_information.txt
|
|
register: vm_usage_information
|
|
|
|
- name: Pre-fill vm_usage_information.txt
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
ls -tr *.qcow2 > vm_usage_information.txt || touchvm_usage_information.txt
|
|
chown lmnsynci:lmnsynci vm_usage_information.txt
|
|
chdir: /lmn/vm/
|
|
when: vm_support and not vm_usage_information.stat.exists
|
|
|
|
- name: Detect if IPP-Everywhere printers exist
|
|
ansible.builtin.shell:
|
|
cmd: grep "IPP Everywhere" /etc/cups/printers.conf
|
|
register: ipp_everywhere
|
|
failed_when: false
|
|
changed_when: false
|
|
|
|
- name: Delete old IPP-Everywhere printers
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
for p in $(lpstat -p | cut -d" " -f2); do
|
|
lpadmin -x "$p"
|
|
done
|
|
when: not ipp_everywhere.rc
|
|
|
|
- name: Remove old VM-printerlists
|
|
ansible.builtin.shell:
|
|
cmd: rm -f /lmn/media/*/.printerlist.csv
|
|
|
|
- name: Remove Listen on VMBridge
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/cups/cupsd.conf
|
|
line: 'Listen 192.168.122.1:631'
|
|
state: absent
|
|
|
|
- name: Remove NetworkManager Ansible-Block for non-laptops
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/NetworkManager/NetworkManager.conf
|
|
state: absent
|
|
when: "'laptop' not in group_names"
|
|
|
|
- name: Remove pam-exec from common-auth
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/pam.d/common-auth
|
|
line: "auth optional pam_exec.so /usr/local/sbin/pam-exec.sh"
|
|
state: absent
|
|
when: exam_mode
|
|
|
|
- name: Remove pam-mkhomedir from common-session
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/pam.d/common-session
|
|
line: "session optional pam_mkhomedir.so umask=0077"
|
|
state: absent
|
|
when: localhome
|