lmn-client/roles/lmn_localhome/tasks/main.yml

---
- name: enable pam_mkhomedir.so
  lineinfile:
    dest: /etc/pam.d/common-session
    line: "session  optional        pam_mkhomedir.so  umask=0077"
    insertbefore: "session  optional        pam_mount.so"

- name: Patch sddm login screen to inform about localhome
  blockinfile:
    path: /usr/share/sddm/themes/debian-breeze/Main.qml
    marker: // {mark} ANSIBLE MANAGED BLOCK localhome
    insertbefore: '\s+//Footer'
    block: |
      Text {
         id: localhome
         anchors.top: parent.top
         anchors.left: parent.left
         anchors.topMargin: 10
         anchors.leftMargin: 15
         color: "#ffffff"
         text: "Lokale Anmeldung!\nHome-Verzeichnis liegt nicht im Netz!"
         font.pointSize: config.fontSize
      }

- name: Copy unison-createconfig scripts
  ansible.builtin.copy:
    src: lmn-create-unisonconfig.sh
    dest: /usr/local/bin/
    mode: 0755

- name: Install auto-logout-script for first login in /etc/profile.d/
  copy:
    dest: /etc/profile.d/lmn-logout.sh
    content: |
      [[ "${UID}" -gt 10000 ]] && ! findmnt "/lmn/media/${USER}/home" > /dev/null && exit 0
      {% if 'teacherlaptop' not in group_names %}
      [[ "${UID}" -gt 10000 ]] && ! findmnt /srv/samba/schools/default-school > /dev/null && exit 0
      {% endif %}

- name: Provide rmexam script
  ansible.builtin.copy:
    src: rmexam
    dest: /usr/local/sbin/
    mode: 0755
  when: "'teacherlaptop' not in group_names"

- name: Provide rmexam services and timers for some scripts
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/etc/systemd/system/{{ item }}"
    mode: 0644
  loop:
    - rmexam.service
    - rmexam.timer
  when: "'teacherlaptop' not in group_names"

- name: Enable rmexam.timer
  ansible.builtin.systemd:
    name: rmexam.timer
    enabled: true
  when: "'teacherlaptop' not in group_names"