SW Download als role, kernel Bug

lmn-desktop.yml

@@ -27,6 +27,9 @@
         value: True
         vtype: boolean
   
+  vars_files:
+    - vars-qgsoftware.yml
+
   vars:
     domain: "{{ ansible_domain }}"
     kerberize_uris: qgm.lan
@@ -44,13 +47,6 @@
     ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
     mirror_msfonts: http://netboot.qgm.lan/mscorefonts/
     
-    ## Local Mirror for Greenfoot and BlueJ. Leave empty to skip installation of bluej and greenfoot
-    mirror_javadev: http://netboot.qgm.lan/javadev/
-    ## Bluej/Greenfoot Versionen
-    bluej_target_version: "5.2.0"
-    greenfoot_target_version: "3.7.1"
-
-
     # Linbo Passwort
     rsyncsecret: Muster!
     ## Use grub-mkpasswd-pbkdf2: to calculate the password hash, this hash is for "geheim":
@@ -85,7 +81,7 @@
         dest: /etc/apt/apt.conf.d/20auto-upgrades
         content: |
           APT::Periodic::Update-Package-Lists "1";
-          APT::Periodic::Unattended-Upgrade "1";
+          APT::Periodic::Unattended-Upgrade "0";
 
     - name: Fix mount point permissions and owner
       file:
@@ -97,3 +93,61 @@
         - /srv/samba
         - /srv/samba/schools
         - /srv/samba/schools/default-school
+
+    - name: Disable Grub submenus
+      lineinfile:
+        dest: /etc/default/grub
+        line: 'GRUB_DISABLE_SUBMENU=true'
+        insertafter: '^GRUB_TIMEOUT=.*'
+      notify: Run update-grub
+
+
+    - name: Check for the buggy kernel
+      stat:
+        path: /boot/vmlinuz-6.1.0-17-amd64
+      register: bug
+
+    - name: Check for the fixed kernel
+      stat:
+        path: /boot/vmlinuz-6.1.0-18-amd64
+      register: fix
+
+    - name: Work around kernel with CIFS regression
+      block:
+        - name: Make sure kernel package -16 is available
+          ansible.builtin.apt:
+            name: linux-image-6.1.0-16-amd64
+            state: present
+        - name: Set 6.1.0-16 as default kernel in grub
+          lineinfile:
+            dest: /etc/default/grub
+            regexp: '^(GRUB_DEFAULT=).*'
+            line: '\g<1>"Debian GNU/Linux, with Linux 6.1.0-16-amd64"'
+            backrefs: yes
+          notify: Run update-grub
+      when: bug.stat.exists and not fix.stat.exists
+
+    - name: Set latest kernel in grub if bug is fixed
+      lineinfile:
+        dest: /etc/default/grub
+        regexp: '^(GRUB_DEFAULT=).*'
+        line: '\g<1>0'
+        backrefs: yes
+      when: fix.stat.exists or not bug.stat.exists
+      notify: Run update-grub
+
+    - name: Remove "unattended-upgrades" package
+      ansible.builtin.apt:
+        name: unattended-upgrades
+        state: absent
+        purge: True
+
+    - name: Fix stuttering sound on HDMI 
+      lineinfile:
+        dest: /etc/default/grub
+        regexp: '^(GRUB_CMDLINE_LINUX=).*'
+        line: '\g<1>"intel_iommu=on,igfx_off"'
+        backrefs: yes
+      when: "'lt-' in inventory_hostname"
+      notify: Run update-grub
+

qgm-desktop.yml

@@ -5,7 +5,11 @@
   remote_user: ansible
   become: yes
 
+  vars_files:
+    - vars-qgsoftware.yml
+  
   vars:
+    joinpw: '' 
     domain: "{{ ansible_domain }}"
     kerberize_uris: qgm.lan
     realm: QGM.LAN
@@ -21,11 +25,6 @@
 
     ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
     mirror_msfonts: http://netboot.qgm.lan/mscorefonts/
-    ## Local Mirror for Greenfoot and BlueJ
-    mirror_javadev: http://netboot.qgm.lan/javadev/
-    ## Bluej/Greenfoot Versionen
-    bluej_target_version: "5.2.0"
-    greenfoot_target_version: "3.7.1"
 
     # Linbo Passwort
     rsyncsecret: Muster!
@@ -44,14 +43,15 @@
     extra_pkgs_bpo: [] # [ linux-image-amd64 ]
 
   roles:
-    #- lmn_network
-    - up2date_debian
-    #- lmn_sssd
-    #- lmn_mount
-    #- lmn_kde
+    - lmn_network
+    #- up2date_debian
+    - lmn_sssd
+    - lmn_mount
+    - lmn_kde
     - lmn_qgm ## school specific customization
+    - lmn_qgsoftware
     - lmn_qgsddm
-    #- lmn_printer
+    - lmn_printer
     #- kerberize
   
   tasks:
@@ -60,7 +60,7 @@
         dest: /etc/apt/apt.conf.d/20auto-upgrades
         content: |
           APT::Periodic::Update-Package-Lists "1";
-          APT::Periodic::Unattended-Upgrade "1";
+          APT::Periodic::Unattended-Upgrade "0";
 
     - name: Prepare mount point for homes
       ansible.builtin.file:
@@ -68,7 +68,6 @@
         state: directory
         mode: '0755'
 
-
     - name: Fix mount point permissions and owner
       file:
         path: "{{ item }}"
@@ -79,3 +78,63 @@
         - /srv/samba
         - /srv/samba/schools
         - /srv/samba/schools/default-school
+    
+    - name: Disable Grub submenus
+      lineinfile:
+        dest: /etc/default/grub
+        line: 'GRUB_DISABLE_SUBMENU=true'
+        insertafter: '^GRUB_TIMEOUT=.*'
+      notify: Run update-grub
+
+
+    - name: Check for the buggy kernel
+      stat:
+        path: /boot/vmlinuz-6.1.0-17-amd64
+      register: bug
+
+    - name: Check for the fixed kernel
+      stat:
+        path: /boot/vmlinuz-6.1.0-18-amd64
+      register: fix
+
+    - name: Work around kernel with CIFS regression
+      block:
+        - name: Make sure kernel package -16 is available
+          ansible.builtin.apt:
+            name: linux-image-6.1.0-16-amd64
+            state: present
+        - name: Set 6.1.0-16 as default kernel in grub
+          lineinfile:
+            dest: /etc/default/grub
+            regexp: '^(GRUB_DEFAULT=).*'
+            line: '\g<1>"Debian GNU/Linux, with Linux 6.1.0-16-amd64"'
+            backrefs: yes
+          notify: Run update-grub
+      when: bug.stat.exists and not fix.stat.exists
+
+    - name: Set latest kernel in grub if bug is fixed
+      lineinfile:
+        dest: /etc/default/grub
+        regexp: '^(GRUB_DEFAULT=).*'
+        line: '\g<1>0'
+        backrefs: yes
+      when: fix.stat.exists or not bug.stat.exists
+      notify: Run update-grub
+
+    - name: Remove "unattended-upgrades" package
+      ansible.builtin.apt:
+        name: unattended-upgrades
+        state: absent
+        purge: True
+
+    - name: Fix stuttering sound on HDMI 
+      lineinfile:
+        dest: /etc/default/grub
+        regexp: '^(GRUB_CMDLINE_LINUX=).*'
+        line: '\g<1>"intel_iommu=on,igfx_off"'
+        backrefs: yes
+      when: "'lt-' in inventory_hostname"
+      notify: Run update-grub
+
+
+    

qgm-updatecache.yml

@@ -0,0 +1,13 @@
+## This playbook deploys a KDE desktop machine for LinuxMuster.
+---
+- name: Update local software cache on netboot Host
+  hosts: all
+  remote_user: ansible
+  become: yes
+
+  vars_files:
+    - vars-qgsoftware.yml
+  
+  roles:
+    - qgm_updatecache
+  

roles/activate_last_kernel/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: Run update-grub
+  command: update-grub

roles/activate_last_kernel/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Change Grub default Kernel
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: '^(GRUB_DEFAULT=).*'
+    line: '\g<1>"1>2"'
+    backrefs: yes
+  notify: Run update-grub
+
+- name: Remove grub protection
+  ansible.builtin.blockinfile:
+    path: /etc/grub.d/40_custom
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    block: ""
+  notify: Run update-grub

roles/lmn_kde/tasks/main.yml

@@ -113,13 +113,13 @@
     replace: '"quiet splash"'
   notify: Run update-grub
 
-- name: Protect grub menu entries
-  blockinfile:
-    path: /etc/grub.d/40_custom
-    block: |
-      set superusers='root'
-      password_pbkdf2 root {{ grub_pwd }}
-  notify: Run update-grub
+#- name: Protect grub menu entries
+#  blockinfile:
+#    path: /etc/grub.d/40_custom
+#    block: |
+#      set superusers='root'
+#      password_pbkdf2 root {{ grub_pwd }}
+#  notify: Run update-grub
 
 - name: Allow booting default entry
   lineinfile:

roles/lmn_qgm/tasks/base.yml

@@ -0,0 +1,260 @@
+---
+#########
+# Management: Ansible User benötigt auf den Clients kein 
+# Passwort für sudo
+- name: Enable passwordless sudo access for user ansible
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^ansible ALL='
+    line: 'ansible ALL=(ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+
+#########
+# Paketvorkonfigurationen
+- name: Preseed ttf-mscorefonts-installer
+  ansible.builtin.debconf:
+    name: ttf-mscorefonts-installer
+    question: msttcorefonts/dlurl
+    value: "{{ mirror_msfonts }}"
+    vtype: string
+  when: mirror_msfonts is defined and mirror_msfonts | length > 0
+
+- name: Preseed libdvd-pkg
+  ansible.builtin.debconf:
+    name: libdvd-pkg
+    question: libdvd-pkg/build
+    value: "true"
+    vtype: boolean
+  ansible.builtin.debconf:
+    name: libdvd-pkg
+    question: libdvd-pkg/post-invoke_hook-install
+    value: "true"
+    vtype: boolean
+  ansible.builtin.debconf:
+    name: libdvd-pkg
+    question: libdvd-pkg/post-invoke_hook-remove
+    value: "false"
+    vtype: boolean
+
+#########
+# Softwareauswahl
+- name: Install desktop EDU packages and some more
+  apt:
+    name:
+      - curl
+      - git
+      - gitg
+      - gitk
+      - lshw
+      - libnotify-bin ## needed for pwroff script
+      - neovim
+      - net-tools
+      - ethtool
+      - netcat-openbsd
+      - nmap
+      - tmux
+      - hexyl
+      - tree
+      - ttf-mscorefonts-installer
+      - libdvd-pkg
+      - handbrake
+      - firmware-intel-sound
+      - slic3r-prusa
+      - cura
+      - filius
+      - wine
+    autoremove: true
+    state: latest
+  environment:
+    http_proxy: ''  # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
+
+#########
+# libdvdcss muss gebaut werden
+# Optimierungspotential: Einmal bauen und über netboot
+# die Pakete verteilen geht wahrscheinlich schneller
+ 
+- name: Build libdvdcss
+  ansible.builtin.shell:
+    cmd: dpkg-reconfigure -f noninteractive libdvd-pkg
+
+#########
+# Den cups-browsed will ich gar nicht haben, nicht 
+# nur disablen.
+- name: Remove cups-browsed
+  ansible.builtin.apt:
+    name: cups-browsed
+    state: absent
+
+
+#########
+# Das Skript, das beim Userlogin ausgeführt wird
+# Setzt derzeit nur den Hintergrund zurück - nicht bei der 
+# allerersten Anmeldung eines Nutzers, weil es da die KDE Config noch 
+# nicht gibt.  
+
+- name: Copy qgm-login.sh for misc login Tasks
+  copy: 
+    src: files/qgm-login.sh   
+    dest: /etc/profile.d/qgm-login.sh
+    mode: '0644'
+    owner: root
+    group: root
+
+#########
+# Anpassungen an KDE
+# - Doppelklick zum öffnen von Dateien
+# - Style aug breeze fetstackern
+# - Kein Benutzerwechsel
+# - Kein Lockscreen
+# - Keine neue Session
+
+- name: Set mandatory KDE settings
+  ansible.builtin.copy: 
+    dest: /etc/xdg/kdeglobals
+    content: |
+      [KDE][$i]
+      SingleClick=false
+      widgetStyle=breeze
+
+      [KDE Action Restrictions][$i]
+      action/switch_user=false
+      action/lock_screen=false
+      action/start_new_session=false
+      
+#########
+# Screen Locking abschalten, Mittelstufenschüler...
+- name: Disable screen locking
+  ansible.builtin.copy: 
+    dest: /etc/xdg/kscreenlockerrc
+    content: |
+      [Daemon][$i]
+      Autolock=false
+      LockOnResume=false
+      
+      [Greeter][Wallpaper][org.kde.image][General]
+      Image=file:///usr/local/share/qgm/qgm_background.jpg 
+
+########
+# Logout beschleunigen
+- name: Wartezeit nach KDE nach Logout/Shutdown verkürzen
+  ansible.builtin.replace: 
+     path: /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/logout/Logout.qml
+     regexp: '^(\s+)property real timeout:.*$'
+     replace: '\1property real timeout: 4'    
+
+########
+# Wayland abschalten, Standardsession X11
+# SDDM hat (noch) keine Option, die Standardsession vorzugeben
+# Bei einem "normalen" System, merkt er sich die letzte Sitzung, die 
+# der Nutzer wählt für künftige Anmeldungen, das klappt im Netz nicht.
+# Die Session Liste baut er alphabetisch zusammen aus den desktop-Dateien 
+# in den Verzeichnissen /usr/share/wayland-sessions und /usr/share/xsessions/
+# der erste Eintrag ist Standard - und das ist leider eben immer die Sitzung in 
+# wayland-sessions. Darum: Weg damit ;)
+
+- name: Disable wayland session systemwide
+  ansible.builtin.file:
+    path: /usr/share/wayland-sessions/plasmawayland.desktop
+    state: absent
+
+
+#########
+# plasma-discover ist der grafische Paketmamanger
+# der stürzt nur ab und die Bejutzer können eh 
+# nichts selbst installieren
+- name: Remove plasma-discover
+  ansible.builtin.apt:
+    name: plasma-discover
+    state: absent
+
+#########
+# Anpassungen für Arduino
+# - modemmanager dinstallieren, soll die Probleme mit wechselnden 
+#   Device Namen lössen (ungetestet)
+# - Udev-Rule, so dass die Devices mit 0666 angelegt werden, wie 
+#   Warnung des Debian Pakets "arduino" wegen der dialout Gruppe 
+#   bleiben leider.
+
+- name: Remove modemmanager to fix arduino problems
+  ansible.builtin.apt:
+    name: modemmanager
+    state: absent
+
+- name: Copy arduino udev rule
+  copy: 
+    src: files/52-arduino.rules    
+    dest: /etc/udev/rules.d/52-arduino.rules
+    mode: '0644'
+    owner: root
+    group: root
+
+- name: reload udev rules
+  ansible.builtin.command: udevadm control --reload-rules
+  
+- name: trigger udev update
+  ansible.builtin.command: udevadm trigger
+
+
+#########
+# Firefox ESR Anpassungen
+# Lesezeichen und Startseite müssen in der 
+# Datei firefox_policies.json für die eigene Schule
+# angepasst werden.
+- name: Create firefox policies directory
+  ansible.builtin.file:
+    path: /etc/firefox-esr/policies
+    state: directory
+    mode: '0755'
+
+- name: Create a symbolic link firefox to firefox-esr
+  ansible.builtin.file:
+    src: /etc/firefox-esr
+    dest: /etc/firefox
+    state: link
+
+- name: Copy firefox policy
+  ansible.builtin.copy:
+    src: firefox_policies.json
+    dest: /etc/firefox-esr/policies/policies.json
+
+- name: Remove wrongly copied policies file
+  ansible.builtin.file:
+    path: /etc/firefox-esr/policies/firefox_policies.json
+    state: absent
+
+##########
+# Enable WOL
+#
+- name: Enable WOL
+  ansible.builtin.command: ethtool -s {{ ansible_default_ipv4.interface }} wol g
+
+- name: Copy 81-wol.rules to target
+  copy: 
+    src: 81-wol.rules
+    dest: /etc/udev/rules.d/81-wol.rules
+    mode: '0644'
+    owner: root
+    group: root
+
+##########
+# Laptop Skripte
+#
+- name: Copy qgm-soudfix.sh 
+  copy: 
+    src: qgm-soundfix.sh   
+    dest: /usr/local/bin/qgm-soundfix.sh
+    mode: '0755'
+    owner: root
+    group: root
+  
+- name: Copy qgm-soudfix.desktop
+  copy: 
+    src: qgm-soundfix.desktop   
+    dest: /usr/share/applications/qgm-soundfix.desktop
+    mode: '0644'
+    owner: root
+    group: root
+
+
+  

roles/lmn_qgm/tasks/main.yml

@@ -1,288 +1,9 @@
 ---
-#########
-# Management: Ansible User benötigt auf den Clients kein 
-# Passwort für sudo
-- name: Enable passwordless sudo access for user ansible
-  lineinfile:
-    path: /etc/sudoers
-    state: present
-    regexp: '^ansible ALL='
-    line: 'ansible ALL=(ALL) NOPASSWD: ALL'
-    validate: '/usr/sbin/visudo -cf %s'
-
-- name: Gather the package facts
-  ansible.builtin.package_facts:
-    manager: auto
-
-#########
-# Paketvorkonfigurationen
-- name: Preseed ttf-mscorefonts-installer
-  ansible.builtin.debconf:
-    name: ttf-mscorefonts-installer
-    question: msttcorefonts/dlurl
-    value: "{{ mirror_msfonts }}"
-    vtype: string
-  when: mirror_msfonts is defined and mirror_msfonts | length > 0
-
-- name: Preseed libdvd-pkg
-  ansible.builtin.debconf:
-    name: libdvd-pkg
-    question: libdvd-pkg/build
-    value: "true"
-    vtype: boolean
-  ansible.builtin.debconf:
-    name: libdvd-pkg
-    question: libdvd-pkg/post-invoke_hook-install
-    value: "true"
-    vtype: boolean
-  ansible.builtin.debconf:
-    name: libdvd-pkg
-    question: libdvd-pkg/post-invoke_hook-remove
-    value: "false"
-    vtype: boolean
-
-#########
-# Softwareauswahl
-- name: Install desktop EDU packages and some more
-  apt:
-    name:
-      - curl
-      - git
-      - gitg
-      - gitk
-      - libnotify-bin ## needed for pwroff script
-      - neovim
-      - net-tools
-      - ethtool
-      - netcat-openbsd
-      - nmap
-      - tmux
-      - tree
-      - ttf-mscorefonts-installer
-      - libdvd-pkg
-      - handbrake
-      - slic3r-prusa
-      - filius
-      - wine
-    autoremove: true
-    state: latest
-  environment:
-    http_proxy: ''  # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
-
-#########
-# libdvdcss muss gebaut werden
-# Optimierungspotential: Einmal bauen und über netboot
-# die Pakete verteilen geht wahrscheinlich schneller
- 
-- name: Build libdvdcss
-  ansible.builtin.shell:
-    cmd: dpkg-reconfigure -f noninteractive libdvd-pkg
-
-#########
-# Den cups-browsed will ich gar nicht haben, nicht 
-# nur disablen.
-- name: Remove cups-browsed
-  ansible.builtin.apt:
-    name: cups-browsed
-    state: absent
-
-
-#########
-# Das Skript, das beim Userlogin ausgeführt wird
-# Setzt derzeit nur den Hintergrund zurück - nicht bei der 
-# allerersten Anmeldung eines Nutzers, weil es da die KDE Config noch 
-# nicht gibt.  
-
-- name: Copy qgm-login.sh for misc login Tasks
-  copy: 
-    src: files/qgm-login.sh   
-    dest: /etc/profile.d/qgm-login.sh
-    mode: '0644'
-    owner: root
-    group: root
-
-#########
-# Anpassungen an KDE
-# - Doppelklick zum öffnen von Dateien
-# - Style aug breeze fetstackern
-# - Kein Benutzerwechsel
-# - Kein Lockscreen
-# - Keine neue Session
-
-- name: Set mandatory KDE settings
-  ansible.builtin.copy: 
-    dest: /etc/xdg/kdeglobals
-    content: |
-      [KDE][$i]
-      SingleClick=false
-      widgetStyle=breeze
-
-      [KDE Action Restrictions][$i]
-      action/switch_user=false
-      action/lock_screen=false
-      action/start_new_session=false
-      
-#########
-# Screen Locking abschalten, Mittelstufenschüler...
-- name: Disable screen locking
-  ansible.builtin.copy: 
-    dest: /etc/xdg/kscreenlockerrc
-    content: |
-      [Daemon][$i]
-      Autolock=false
-      LockOnResume=false
-      
-      [Greeter][Wallpaper][org.kde.image][General]
-      Image=file:///usr/local/share/qgm/qgm_background.jpg 
-
-########
-# Logout beschleunigen
-- name: Wartezeit nach KDE nach Logout/Shutdown verkürzen
-  ansible.builtin.replace: 
-     path: /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/logout/Logout.qml
-     regexp: '^(\s+)property real timeout:.*$'
-     replace: '\1property real timeout: 4'    
-
-########
-# Wayland abschalten, Standardsession X11
-# SDDM hat (noch) keine Option, die Standardsession vorzugeben
-# Bei einem "normalen" System, merkt er sich die letzte Sitzung, die 
-# der Nutzer wählt für künftige Anmeldungen, das klappt im Netz nicht.
-# Die Session Liste baut er alphabetisch zusammen aus den desktop-Dateien 
-# in den Verzeichnissen /usr/share/wayland-sessions und /usr/share/xsessions/
-# der erste Eintrag ist Standard - und das ist leider eben immer die Sitzung in 
-# wayland-sessions. Darum: Weg damit ;)
-
-- name: Disable wayland session systemwide
-  ansible.builtin.file:
-    path: /usr/share/wayland-sessions/plasmawayland.desktop
-    state: absent
-
-
-#########
-# plasma-discover ist der grafische Paketmamanger
-# der stürzt nur ab und die Bejutzer können eh 
-# nichts selbst installieren
-- name: Remove plasma-discover
-  ansible.builtin.apt:
-    name: plasma-discover
-    state: absent
-
-#########
-# Greenfoot und BlueJ. 
-# Müssen einmalig auf den netboot Server
-# in den http Cache geschoben werden. 
-# Siehe Script im Repo.
-
-- name: Determine installed bluej version
-  set_fact:
-    bluej_installed_version: "{{ bluej_target_version if ansible_facts.packages['bluej'][0]['version'] is defined else 0 }}"
-
-- name: Install bluej if necessary
-  ansible.builtin.apt:
-    deb: "{{ mirror_javadev }}/bluej.deb" 
-  when: (mirror_javadev is defined and mirror_javadev | length > 0) and
-        (bluej_target_version is defined and bluej_target_version | length > 0 ) and
-        (bluej_installed_version != bluej_target_version )
-
-- name: Determine installed greenfoot version
-  set_fact:
-    greenfoot_installed_version: "{{ greenfoot_target_version if ansible_facts.packages['greenfoot'][0]['version'] is defined else 0 }}"
-
-- name: Install greenfoot if necessary
-  ansible.builtin.apt:
-    deb: "{{ mirror_javadev }}/greenfoot.deb" 
-  when: (mirror_javadev is defined and mirror_javadev | length > 0) and
-        (greenfoot_target_version is defined and greenfoot_target_version | length > 0 ) and
-        (greenfoot_installed_version != greenfoot_target_version )
-
-#########
-# Anpassungen für Arduino
-# - modemmanager dinstallieren, soll die Probleme mit wechselnden 
-#   Device Namen lössen (ungetestet)
-# - Udev-Rule, so dass die Devices mit 0666 angelegt werden, wie 
-#   Warnung des Debian Pakets "arduino" wegen der dialout Gruppe 
-#   bleiben leider.
-
-- name: Remove modemmanager to fix arduino problems
-  ansible.builtin.apt:
-    name: modemmanager
-    state: absent
-
-- name: Copy arduino udev rule
-  copy: 
-    src: files/52-arduino.rules    
-    dest: /etc/udev/rules.d/52-arduino.rules
-    mode: '0644'
-    owner: root
-    group: root
-
-- name: reload udev rules
-  ansible.builtin.command: udevadm control --reload-rules
-  
-- name: trigger udev update
-  ansible.builtin.command: udevadm trigger
-
-
-#########
-# Firefox ESR Anpassungen
-# Lesezeichen und Startseite müssen in der 
-# Datei firefox_policies.json für die eigene Schule
-# angepasst werden.
-- name: Create firefox policies directory
-  ansible.builtin.file:
-    path: /etc/firefox-esr/policies
-    state: directory
-    mode: '0755'
-
-- name: Create a symbolic link firefox to firefox-esr
-  ansible.builtin.file:
-    src: /etc/firefox-esr
-    dest: /etc/firefox
-    state: link
-
-- name: Copy firefox policy
-  ansible.builtin.copy:
-    src: firefox_policies.json
-    dest: /etc/firefox-esr/policies/policies.json
-
-- name: Remove wrongly copied policies file
-  ansible.builtin.file:
-    path: /etc/firefox-esr/policies/firefox_policies.json
-    state: absent
-
-##########
-# Enable WOL
-#
-- name: Enable WOL
-  ansible.builtin.command: ethtool -s {{ ansible_default_ipv4.interface }} wol g
-
-- name: Copy 81-wol.rules to target
-  copy: 
-    src: 81-wol.rules
-    dest: /etc/udev/rules.d/81-wol.rules
-    mode: '0644'
-    owner: root
-    group: root
-
-##########
-# Laptop Skripte
-#
-- name: Copy qgm-soudfix.sh 
-  copy: 
-    src: qgm-soundfix.sh   
-    dest: /usr/local/bin/qgm-soundfix.sh
-    mode: '0755'
-    owner: root
-    group: root
-  
-- name: Copy qgm-soudfix.desktop
-  copy: 
-    src: qgm-soundfix.desktop   
-    dest: /usr/share/applications/qgm-soundfix.desktop
-    mode: '0644'
-    owner: root
-    group: root
-
-
+- name: Base configuration for all hosts
+  import_tasks: 
+    file: base.yml
 
+- name: Fix sound on lt- hosts
+  import_tasks: 
+    file: soundfix.yml
+  when: "'lt-' in inventory_hostname"

roles/lmn_qgm/tasks/soundfix.yml

@@ -0,0 +1,11 @@
+---
+# Probleme mit akgehackten Ton über HDMI an 
+# den Laptops in den Klassenzimmern
+# ACHTUNG: Beddingung hostname muss mit lt- beginnen.
+- name: Fix stuttering sound on HDMI 
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: '^(GRUB_CMDLINE_LINUX=).*'
+    line: '\g<1>"intel_iommu=on,igfx_off"'
+    backrefs: yes
+  notify: Run update-grub

roles/lmn_qgsoftware/files/qg.appimage.FreeCAD.desktop

@@ -0,0 +1,19 @@
+[Desktop Entry]
+Name=FreeCAD Appimage
+Name[de]=FreeCAD Appimage
+Name[pl]=FreeCAD Appimage
+Name[ru]=FreeCAD Appimage
+Comment=Feature based Parametric Modeler Appimage
+Comment[de]=Feature-basierter parametrischer Modellierer Appimage
+Comment[ru]=Система автоматизированного проектирования Appimage
+GenericName=CAD Application Appimage
+GenericName[de]=CAD-Anwendung Appimage
+GenericName[pl]=Aplikacja CAD Appimage
+GenericName[ru]=Система автоматизированного проектирования Appimage
+Exec=/opt/appimages/freecad/FreeCAD.AppImage - --single-instance %F
+Terminal=false
+Type=Application
+Icon=org.freecadweb.FreeCAD
+Categories=Graphics;Science;Education;Engineering;
+StartupNotify=true
+MimeType=application/x-extension-fcstd;model/obj;model/iges;image/vnd.dwg;image/vnd.dxf;model/vnd.collada+xml;application/iges;model/iges;model/step;model/step+zip;model/stl;application/vnd.shp;model/vrml;

roles/lmn_qgsoftware/tasks/install.yml

@@ -0,0 +1,66 @@
+---
+#########
+# Greenfoot und BlueJ. 
+
+- name: Determine installed bluej version
+  shell: "dpkg -l bluej 2> /dev/null | grep ii | awk '{print $3}'"
+  register: command_output
+- set_fact:
+    bluej_installed_version: "{{ command_output.stdout }}"
+
+- name: Determine installed greenfoot version
+  shell: "dpkg -l greenfoot 2> /dev/null | grep ii | awk '{print $3}'"
+  register: command_output
+- set_fact:
+    greenfoot_installed_version: "{{ command_output.stdout }}"
+  
+- name: Install bluej if necessary
+  ansible.builtin.apt:
+    deb: "{{ mirror_javadev }}/bluej-{{ bluej_target_version}}.deb" 
+  when: (mirror_javadev is defined and mirror_javadev | length > 0) and
+        (bluej_target_version is defined and bluej_target_version | length > 0 ) and
+        (bluej_installed_version != bluej_target_version )
+
+- name: Install greenfoot if necessary
+  ansible.builtin.apt:
+    deb: "{{ mirror_javadev }}/greenfoot-{{ greenfoot_target_version }}.deb" 
+  when: (mirror_javadev is defined and mirror_javadev | length > 0) and
+        (greenfoot_target_version is defined and greenfoot_target_version | length > 0 ) and
+        (greenfoot_installed_version != greenfoot_target_version )
+
+########
+# FreeCAD AppImage
+#
+- name: Make sure target dir exists
+  ansible.builtin.file:
+    path: /opt/appimages/freecad/
+    state: directory
+    recurse: yes
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Download FreeCAD AppImage from Cache
+  ansible.builtin.get_url:
+    url: "{{ mirror_appimage }}/FreeCAD.AppImage"
+    dest: /opt/appimages/freecad/FreeCAD.AppImage
+    mode: '0755'
+
+- name: Copy desktop starter file to target
+  copy: 
+    src: files/qg.appimage.FreeCAD.desktop   
+    dest: /usr/share/applications/qg.appimage.FreeCAD.desktop
+    mode: '0644'
+    owner: root
+    group: root
+
+
+########
+# Digital als tarpack
+#
+- name: Unpack digital.zip to target
+  ansible.builtin.unarchive:
+    src: "{{ tarpack_digital }}"
+    dest: /
+    remote_src: yes
+  when: tarpack_digital is defined and tarpack_digital | length > 0

roles/lmn_qgsoftware/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- name: Install additional software 
+  import_tasks: 
+    file: install.yml

roles/lmn_sssd/tasks/main.yml

@@ -18,8 +18,9 @@
 - name: join the domain
   shell:
     cmd: >
-      echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') }}" |
+      echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') + joinpw | default('') }}" |
       adcli join --stdin-password -U global-admin {{ domain | upper }}
   when: >
     ansible_cmdline.adpw | default('') | length > 0 or
-    adpw.user_input | default('') | length > 0
+    adpw.user_input | default('') | length > 0 or
+    joinpw | default('') | length > 0 

roles/qgm_updatecache/files/qg.appimage.FreeCAD.desktop

@@ -0,0 +1,19 @@
+[Desktop Entry]
+Name=FreeCAD Appimage
+Name[de]=FreeCAD Appimage
+Name[pl]=FreeCAD Appimage
+Name[ru]=FreeCAD Appimage
+Comment=Feature based Parametric Modeler Appimage
+Comment[de]=Feature-basierter parametrischer Modellierer Appimage
+Comment[ru]=Система автоматизированного проектирования Appimage
+GenericName=CAD Application Appimage
+GenericName[de]=CAD-Anwendung Appimage
+GenericName[pl]=Aplikacja CAD Appimage
+GenericName[ru]=Система автоматизированного проектирования Appimage
+Exec=/opt/appimages/freecad/FreeCAD.AppImage - --single-instance %F
+Terminal=false
+Type=Application
+Icon=org.freecadweb.FreeCAD
+Categories=Graphics;Science;Education;Engineering;
+StartupNotify=true
+MimeType=application/x-extension-fcstd;model/obj;model/iges;image/vnd.dwg;image/vnd.dxf;model/vnd.collada+xml;application/iges;model/iges;model/step;model/step+zip;model/stl;application/vnd.shp;model/vrml;

roles/qgm_updatecache/tasks/download.yml

@@ -0,0 +1,49 @@
+---
+- name: Create greenfoot/bluej version strings w/o points
+  set_fact:
+    bluejVersion: "{{ bluej_target_version  | replace('.','') }}"
+    greenfootVersion: "{{ greenfoot_target_version  | replace('.','') }}"
+
+- name: Get download URIs
+  set_fact:
+    bluejURI: "{{ bluej_src_uri | replace ('VERSION', bluejVersion) }}"
+    greenfootURI: "{{ greenfoot_src_uri | replace ('VERSION', greenfootVersion) }}"
+
+- name: Create target filenames
+  set_fact:
+    bluejTargetFile: /var/www/html/javadev/bluej-{{ bluej_target_version }}.deb
+    greenfootTargetFile: /var/www/html/javadev/greenfoot-{{ greenfoot_target_version }}.deb
+
+- name: Check if greenfoot target-file exists
+  delegate_to: localhost
+  stat:
+    path: "{{ greenfootTargetFile }}"
+  register: gftf
+
+- name: Check if bluej target-file exists
+  delegate_to: localhost
+  stat:
+    path: "{{ bluejTargetFile }}"
+  register: bjtf
+
+- name: Download Greenfoot
+  delegate_to: localhost
+  command: wget {{ greenfootURI }} -O {{ greenfootTargetFile }}
+  when: not gftf.stat.exists
+
+- name: Download Greenfoot
+  delegate_to: localhost
+  command: wget {{ greenfootURI }} -O {{ greenfootTargetFile }}
+  when: not gftf.stat.exists
+
+- name: Check if freecad target-file exists
+  delegate_to: localhost
+  stat:
+    path: "{{ freecadTargetFile }}"
+  register: fctf
+
+- name: Download FreeCAD AppImage
+  delegate_to: localhost
+  command: wget {{ freecadFullURI }} -O {{ freecadTargetFile }}
+  when: not fctf.stat.exists
+

roles/qgm_updatecache/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- name: Download additional software 
+  import_tasks: 
+    file: download.yml

roles/qgm_vpdisplay/tasks/main.yml

@@ -1,70 +0,0 @@
-  vars_files:
-    - settings.vault
-
-  vars:
-    packages:
-      - vim
-      - firefox-esr
-      - i3
-      - xorg
-      - git
-      - unclutter
-
-  tasks:
-  - name: "Install needed Packages"
-    apt:
-      pkg:
-        "{{ packages }}"
-
-  - name: "change line in systemd config for autologin"
-    lineinfile:
-      path: "/etc/systemd/system/getty.target.wants/getty@tty1.service"
-      regexp: "ExecStart=-/sbin/agetty"
-      line: "ExecStart=-/sbin/agetty --noclear --autologin vp %I $TERM"
-
-  - name: "Copy .profile for startx"
-    copy:
-      src: "files/dot.profile"
-      dest: "/home/vp/.profile"
-      owner: vp
-      group: vp
-      mode: 0755
-
-  - name: "Create i3 config dir"
-    file:
-      path: "/home/vp/.config/i3"
-      state: directory
-      owner: vp
-      group: vp
-      mode: '0755'
-
-  - name: "Copy i3 config"
-    copy:
-      src: "files/i3.config"
-      dest: "/home/vp/.config/i3/config"
-      owner: vp
-      group: vp
-      mode: 0644
-
-  - name: "Get vplan display repo"
-    git:
-      repo: "https://gitea.schule.social/QG-VP-Dev/VP-Screens-Management.git"
-      dest: /home/vp/vp
-
-  - name: "Configuration Template for Vplan"
-    template:
-      src: "templates/settings.js.j2"
-      dest: "/home/vp/vp/settings.js"
-      owner: vp
-      group: vp
-      mode: 0644
-
-  - name: "Change to teacher version if applicable"
-    when: "'lehrer' in group_names"
-    lineinfile:
-      path: "/home/vp/vp/settings.js"
-      regexp: "^const plantype"
-      line: "const plantype = \"lehrer\";"
-
-  - name: "Reboot"
-    ansible.builtin.reboot:

roles/qgm_vpdisplay/vars/main.yml

@@ -1,7 +0,0 @@
-packages:
-  - vim
-  - firefox-esr
-  - i3
-  - xorg
-  - git
-  - unclutter

scripts/get_greenfoot_bluej.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-srvpath=/var/www/html/javadev
-mkdir -p $srvpath
-rm -f $srvpath/*
-cd $srvpath || exit 1
-
-greenfoot=https://www.greenfoot.org/download/files/Greenfoot-linux-371.deb
-bluej=https://www.bluej.org/download/files/BlueJ-linux-520.deb
-
-wget $greenfoot -O $srvpath/greenfoot.deb
-wget $bluej -O $srvpath/bluej.deb
-
-

scripts/qgm-power.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+. /etc/lmn7-netboot.conf
+
+filter=$1
+
+cd $NBROOT || exit 1
+
+if [ "x$2" == "xoff" ]; then 
+    ansible-playbook -i $INVENTORY -l $filter shutdown.yml
+fi
+
+if [ "x$2" == "xon" ]; then 
+    ansible-playbook -i $INVENTORY -l $filter wol.yml
+fi
+

vars-qgsoftware.yml

@@ -0,0 +1,20 @@
+#### Bluej/Greenfoot
+## Bluej/Greenfoot Versionen
+## Für Updates anpassen
+bluej_target_version: "5.2.1"
+greenfoot_target_version: "3.8.2"
+## --
+greenfoot_src_uri: https://www.greenfoot.org/download/files/Greenfoot-linux-VERSION.deb
+bluej_src_uri: https://www.bluej.org/download/files/BlueJ-linux-VERSION.deb
+mirror_javadev: http://netboot.qgm.lan/javadev/
+
+#### Base Uri fuer die Appimages
+mirror_appimage: http://netboot.qgm.lan/appimage/
+
+#### FreeCAD Appimage
+freecadFullURI: https://github.com/FreeCAD/FreeCAD-Bundle/releases/download/0.21.2/FreeCAD_0.21.2-2023-12-17-conda-Linux-x86_64-py310.AppImage
+freecadTargetFile: /var/www/html/appimage/FreeCAD.AppImage
+
+#### Digital circuit simulation
+tarpack_digital: http://netboot.qgm.lan/tarpacks/digital.tgz
+