lmn-client/roles/lmn_teacherlaptop/tasks/main.yml

---
- name: Install additional teacherlaptop packages
  ansible.builtin.apt:
    name:
      - plasma-discover
      - nextcloud-desktop
      - dolphin-nextcloud
        # - krb5-auth-dialog
    state: latest # noqa package-latest

- name: Copy polkit rule to allow install packages by role-teacher
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: /etc/polkit-1/rules.d/
    mode: "0644"
  loop:
    - lmn-packagekit.rules
    - lmn-networkmanager.rules

- name: Deploy sudo configurations (apt for role-teacher)
  ansible.builtin.copy:
    dest: /etc/sudoers.d/90-lmn-teacherlaptop
    owner: root
    group: root
    mode: '0700'
    content: |
      %role-teacher ALL=(root) NOPASSWD: /usr/bin/apt
      %role-teacher ALL=(root) NOPASSWD: /usr/sbin/cryptsetup