lmn-client/lmn-desktop.yml

## This playbook deploys a FvS KDE desktop machine for LinuxMuster.
---
- name: apply configuration to the machines
  hosts: all
  remote_user: ansible
  become: yes
  pre_tasks:
    - pause:
        prompt: "Enter global-admin active directory password, leave empty to skip domain join"
        minutes: 5
        echo: false
      register: adpw
      no_log: true
      when: "ansible_cmdline.adpw is not defined"
    - name: preseed apparmor
      debconf:
        name: apparmor
        question: apparmor/homedirs
        value: >-
          /srv/samba/schools/default-school/teachers/
          /srv/samba/schools/default-school/students/*/
        vtype: string

  vars:
    domain: "{{ ansible_domain }}"
    kerberize_uris: steinbeis.schule
    rsyncsecret: Muster!
    nfs4: false
    extra_pkgs:
      - vim
      - mc
      - tmux
      - console-setup
      - krb5-user
      - unattended-upgrades
      - debconf-utils
      - ctorrent
    extra_pkgs_bpo: [] # [ linux-image-amd64 ]
    ansible_python_interpreter: "/usr/bin/python3"

  roles:
    - up2date_debian
    - lmn_sssd
    - lmn_mount
    - kde
    - lmn_kde
    - lmn_vm
    - lmn_packages
    - kerberize

  tasks:
    - name: Add local user 'virti' in the 'libvirt' group
      ansible.builtin.user:
        name: virti
        password: $y$j9T$DuSvAO63v5LvoJmJ1rB0B0$D4tovIz79AdLHs5I6tYa7rxr3SWknQeUFvGaaKvUpo3
        comment: Libvirt VM User,,,
        shell: /bin/bash
        groups: libvirt
        append: yes
    - name: Fix 8086:4909 external graphics card
      replace:
        dest: "/etc/default/grub"
        regexp: 'GRUB_CMDLINE_LINUX=""$'
        replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
      notify: update grub
      when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"

    - name: add bookworm firmware repository if needed
      apt_repository:
        repo: deb http://deb.debian.org/debian/ bookworm non-free-firmware
        state: present
        update_cache: true
      when: >
        ansible_board_vendor == "LENOVO" and
        ansible_board_name == "32CB" and
        ansible_distribution_release == "bullseye"
    - name: upgrade non-free-firmware packages
      apt:
        upgrade: true
        autoremove: true
        autoclean: true
      when: >
        ansible_board_vendor == "LENOVO" and
        ansible_board_name == "32CB" and
        ansible_distribution_release == "bullseye"