lmn-client/roles/lmn_misc/tasks/main.yml

---
- name: Enable wake-on-lan for all ethernet connections
  ansible.builtin.copy:
    dest: /etc/NetworkManager/conf.d/wake-on-lan.conf
    mode: '0644'
    content: |
      [connection]
      ethernet.wake-on-lan=64

- name: Prepare directory for apt-daily override
  ansible.builtin.file:
    path: /etc/systemd/system/apt-daily.timer.d/
    mode: '0755'
    state: directory

- name: Run apt update early to avoid outdated package lists
  ansible.builtin.copy:
    dest: /etc/systemd/system/apt-daily.timer.d/override.conf
    mode: '0644'
    content: |
      [Timer]
      RandomizedDelaySec=30m

# Avoid suspend

- name: Create directory to avoid suspend
  ansible.builtin.file:
    path: /etc/systemd/sleep.conf.d/
    state: directory
    mode: '0755'
  when: misc_avoid_suspend

- name: Avoid suspending
  ansible.builtin.blockinfile:
    path: /etc/systemd/sleep.conf.d/nosuspend.conf
    create: true
    mode: '0644'
    block: |
      [Sleep]
      AllowSuspend=no
      AllowHibernation=no
      AllowSuspendThenHibernate=no
      AllowHybridSleep=no
  when: misc_avoid_suspend

# Auto Poweroff

- name: Copy pwroff script
  ansible.builtin.copy:
    src: pwroff
    dest: /usr/local/sbin/
    mode: '0755'

- name: Provide services and timers for pwroff
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/etc/systemd/system/{{ item }}"
    mode: '0644'
  loop:
    - pwroff.service
    - pwroff.timer
  when: misc_pwroff

- name: Enable pwroff.timer
  ansible.builtin.systemd:
    name: pwroff.timer
    enabled: true
  when: misc_pwroff

# Shut down when idle for too long

- name: Shut down when idle for too long
  ansible.builtin.copy:
    dest: /etc/xdg/powermanagementprofilesrc
    mode: '0644'
    content: |
      [AC][SuspendSession]
      idleTime=7200000
      suspendType=8
  when: misc_pwroff_idle

# Boot splash

- name: Enable boot splash screen
  ansible.builtin.replace:
    dest: "/etc/default/grub"
    regexp: '"quiet"$'
    replace: '"quiet splash"'
  notify: Run update-grub

# Grub settings

- name: Protect editing grub menu entries
  ansible.builtin.blockinfile:
    path: /etc/grub.d/40_custom
    block: |
      set superusers='root'
      export superusers
      password_pbkdf2 root {{ grub_pwd }}
  notify: Run update-grub

- name: Allow booting grub menu entries
  ansible.builtin.lineinfile:
    dest: /etc/grub.d/10_linux
    line: CLASS="${CLASS} --unrestricted"
    insertafter: '^CLASS=.*'
    firstmatch: true
  notify: Run update-grub

- name: Disable Grub submenus
  ansible.builtin.lineinfile:
    dest: /etc/default/grub
    line: 'GRUB_DISABLE_SUBMENU=true'
    insertafter: '^GRUB_TIMEOUT=.*'
  notify: Run update-grub

- name: Grub timeout
  ansible.builtin.lineinfile:
    dest: /etc/default/grub
    regexp: '^(GRUB_TIMEOUT=).*'
    line: '\g<1>1'
    backrefs: true
  notify: Run update-grub

# PXE first boot order

- name: Copy some scripts
  ansible.builtin.copy:
    src: bootorder.sh
    dest: /usr/local/sbin/
    mode: '0755'
  when: misc_pxe_first

- name: PXE first boot order
  ansible.builtin.command: /usr/local/sbin/bootorder.sh
  register: cmd_result
  changed_when: cmd_result.stdout is not search('Nothing to do.')
  when: misc_pxe_first

# Disable Caps Lock

- name: Keyboard compose key
  ansible.builtin.lineinfile:
    dest: /etc/default/keyboard
    regexp: '^(XKBOPTIONS=).*'
    line: '\1"compose:caps"'
    backrefs: true

# Activate unattended upgrades

- name: Install unattended-upgrades
  ansible.builtin.apt:
    name:
      - unattended-upgrades

- name: Update all packages unattended
  ansible.builtin.replace:
    path: /etc/apt/apt.conf.d/50unattended-upgrades
    regexp: '^//(\s+"origin=.+-updates";)$'
    replace: '  \1'

# Install reporter

- name: Copy reporter
  ansible.builtin.copy:
    src: reporter
    dest: /usr/local/sbin/
    mode: '0755'

- name: Provide services and timers for reporter
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/etc/systemd/system/{{ item }}"
    mode: '0644'
  loop:
    - reporter.service
    - reporter.timer
  when: misc_reporter

- name: Enable reporter.timer
  ansible.builtin.systemd:
    name: reporter.timer
    enabled: true
  when: misc_reporter

# Prepare CloneScreen on Presenter PCs

- name: Fix primary screen for class room PCs with projector
  when: misc_clonescreen
  block:
    - name: Set primary screen for login
      ansible.builtin.blockinfile:
        path: /usr/share/sddm/scripts/Xsetup
        block: |
          xrandr --output {{ dual_screen[0] }} --primary
      when: dual_screen is defined
    - name: Reset primary screen for login
      ansible.builtin.blockinfile:
        path: /usr/share/sddm/scripts/Xsetup
        state: absent
      when: dual_screen is not defined
    - name: Deploy fix-screen script
      ansible.builtin.template:
        src: lmn-fix-screen.j2
        dest: /usr/local/bin/lmn-fix-screen
        mode: '0755'
    - name: Deploy fix-screen autostarter
      ansible.builtin.copy:
        dest: /etc/xdg/autostart/lmn-fix-screen.desktop
        mode: '0644'
        content: |
          [Desktop Entry]
          Name=fix-screen
          Exec=lmn-fix-screen
          Type=Application
          NoDisplay=true