lmn-client/roles/custom/fvs/tasks/main.yml

---
- name: Preseed wireshark to allow users sniffing packets
  ansible.builtin.debconf:
    name: wireshark-common
    question: wireshark-common/install-setuid
    value: 'true'
    vtype: boolean

- name: Preseed ttf-mscorefonts-installer
  ansible.builtin.debconf:
    name: ttf-mscorefonts-installer
    question: msttcorefonts/dlurl
    value: "{{ mirror_msfonts }}"
    vtype: string
  when: mirror_msfonts is defined and mirror_msfonts | length > 0

- name: Install desktop EDU packages and some more
  ansible.builtin.apt:
    name:
      - atftp
      - audacity
      - biber
      - calligraplan
      - cmake  ## for kdevelop
      - codelite
      - codelite-plugins
      - curl
      - elpa-color-theme-modern
      - elpa-magit
      - emacs
      - filezilla
      - freeplane
      - git
      - git-cola
      - gitg
      - gitk
      - git-gui
      - htop
      - jq
      - jupyter
      - kchmviewer
      - kdevelop
      - kdevelop-php
      - kdevelop-python
      - krita
      - libasound2-dev
      - libdbus-glib-1-2 ## needed for zotero
      - libnotify-bin ## needed for pwroff script
      - libwayland-dev
      - libxcursor-dev
      - libxi-dev
      - libxinerama-dev
      - libxkbcommon-dev
      - libxrandr-dev
      - links2
      - minder
      - mosquitto-clients
      - neovim
      - net-tools
      - netcat-openbsd
      - nmap
      - okular-extra-backends ## needed for CHM files
      - pdf-presenter-console
      - php-cli
      - pipx
      - planner
      - pulseview
      - python3-paho-mqtt
      - python3-websockets
      - qpdfview
      - shellcheck
      - sigrok
      - sigrok-cli
      - texlive-lang-german
      - texlive-latex-recommended
      - texlive-xetex
      - texstudio
      - tmux
      - tree
      - ttf-mscorefonts-installer
      - twinkle
      - unison-gtk
      - w3m
      - wireshark
      - zulucrypt-gui
    autoremove: true
    state: latest
  environment:
    http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher

- name: Remove update notifications from plasma-discover
  ansible.builtin.apt:
    name:
      - plasma-discover
    autoremove: true
    state: absent
  when: "'teacherlaptop' not in group_names"

- name: Make sure wireshark works for all users after installation and upgrades
  ansible.builtin.copy:
    dest: /etc/apt/apt.conf.d/92wireshark4all
    mode: '0644'
    content: |
      ## Modify permissions after installation/upgrade to allow all
      ## users dumping packages on network interfaces for wireshark
      DPkg::Post-Invoke {"/usr/bin/chmod o+x /usr/bin/dumpcap || true"; };


- name: Create firefox policies directory
  ansible.builtin.file:
    path: /etc/firefox-esr/policies
    state: directory
    mode: '0755'

- name: Create a symbolic link firefox to firefox-esr
  ansible.builtin.file:
    src: /etc/firefox-esr
    dest: /etc/firefox
    state: link

- name: Copy firefox policy
  ansible.builtin.copy:
    src: policies.json
    dest: /etc/firefox-esr/policies/
    mode: '0644'

- name: Create chromium policies directory
  ansible.builtin.file:
    path: /etc/chromium/policies/managed
    state: directory
    mode: '0755'

- name: Set chromium proxy-policy to auto_detect
  ansible.builtin.copy:
    dest: /etc/chromium/policies/managed/proxy.json
    mode: '0644'
    content: |
      {
        "ProxyMode": "auto_detect"
      }

- name: Copy dolphin config scripts
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /usr/local/bin/
    mode: '0755'
  loop:
    - lmn-reset-dolphin.sh
    - lmn-patch-dolphin.sh
    - lmn-fixhome-dolphin.sh

- name: Configure KDE dolphin menu
  ansible.builtin.copy:
    src: lmn-dolphin.sh
    dest: /etc/profile.d/
    mode: '0644'


- name: Copy fvs-config.js to configure plasma
  ansible.builtin.copy:
    src: fvs-config.js
    dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
    mode: '0644'


- name: Configure some KDE aspects
  ansible.builtin.blockinfile:
    path: /etc/xdg/kdeglobals
    create: true
    mode: '0644'
    block: |
      [KDE]
      SingleClick=false

      [KDE Action Restrictions][$i]
      action/start_new_session=false
      #action/switch_user=false
      #action/lock_screen=false

- name: Start with empty session by default
  ansible.builtin.copy:
    dest: /etc/xdg/ksmserverrc
    mode: '0644'
    content: |
      [General]
      loginMode=emptySession

- name: Fix primary screen for class room PCs with projector
  when: "'CloneScreen' in group_names"
  block:
    - name: Set primary screen for login
      ansible.builtin.blockinfile:
        path: /usr/share/sddm/scripts/Xsetup
        block: |
          xrandr --output {{ dual_screen[0] }} --primary
      when: dual_screen is defined
    - name: Reset primary screen for login
      ansible.builtin.blockinfile:
        path: /usr/share/sddm/scripts/Xsetup
        state: absent
      when: dual_screen is not defined
    - name: Deploy fix-screen script
      ansible.builtin.template:
        src: lmn-fix-screen.j2
        dest: /usr/local/bin/lmn-fix-screen
        mode: '0755'
    - name: Deploy fix-screen autostarter
      ansible.builtin.copy:
        dest: /etc/xdg/autostart/lmn-fix-screen.desktop
        mode: '0644'
        content: |
          [Desktop Entry]
          Name=fix-screen
          Exec=lmn-fix-screen
          Type=Application
          NoDisplay=true

# - name: Avoid starting kscreen (confusing autodetection)
#   ansible.builtin.copy:
#     dest: /etc/xdg/kded5rc
#     content: |
#       [Module-kscreen]
#       autoload=false
#
# - name: Disable automatic lock screen and user specific modifications
#   ansible.builtin.copy:
#     path: /etc/xdg/kscreenlockerrc
#     content: |
#       [Daemon][$i]
#       Autolock=false
#       LockOnResume=false
#

- name: Download libdvdcss from mirror
  ansible.builtin.get_url:
    url: "{{ mirror_dvdcss }}/libdvdcss.so.2.2.0"
    dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2.2.0
    mode: '0644'
    use_proxy: false
  when: mirror_dvdcss is defined and mirror_dvdcss | length > 0

- name: Link library so name
  ansible.builtin.file:
    src: libdvdcss.so.2.2.0
    dest: /usr/lib/x86_64-linux-gnu/libdvdcss.so.2
    state: link
  when: mirror_dvdcss is defined and mirror_dvdcss | length > 0

- name: Patch sddm login screen to show hostname
  ansible.builtin.blockinfile:
    path: /usr/share/sddm/themes/debian-breeze/Main.qml
    marker: // {mark} ANSIBLE MANAGED BLOCK
    insertbefore: '\s+//Footer'
    block: |
      Text {
         id: hostname
         anchors.top: parent.top
         anchors.right: parent.right
         anchors.topMargin: 10
         anchors.rightMargin: 15
         color: "#ffffff"
         text: sddm.hostName + " | <{{ ansible_date_time['date'] }}>"
         font.pointSize: config.fontSize
      }

- name: Set git default-branch to main
  ansible.builtin.copy:
    dest: /etc/gitconfig
    mode: '0644'
    content: |
      [init]
        defaultBranch = main

- name: Adjust mmcblk-device gid to allow users to access SD-cards
  ansible.builtin.copy:
    dest: /etc/udev/rules.d/80-mmcblk.rules
    mode: '0644'
    content: |
      KERNEL=="mmcblk[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"
      KERNEL=="mmcblk[0-9]p[0-9]*", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", GROUP="domain users"

- name: Include sync
  ansible.builtin.include_tasks: sync.yml