diff --git a/config.vars b/config.vars
deleted file mode 100644
index ef10055..0000000
--- a/config.vars
+++ /dev/null
@@ -1,2 +0,0 @@
-ansible_ssh_pubkey: "dummy-placeholder"
-lmn_client_branch: "main"
diff --git a/lmn-desktop.yml b/lmn-desktop.yml
index cb26971..d47194b 100644
--- a/lmn-desktop.yml
+++ b/lmn-desktop.yml
@@ -7,8 +7,8 @@
   pre_tasks:
     - pause:
         prompt: "Enter global-admin active directory password, leave empty to skip domain join"
-        minutes: 1
-        echo:  false
+        minutes: 5
+        echo: false
       register: adpw
       no_log: true
       when: "ansible_cmdline.adpw is not defined"
@@ -22,12 +22,23 @@
         vtype: string
 
   vars:
-    #domain: "{{ ansible_domain }}"
-    domain: qgm.lan
+    domain: "{{ ansible_domain }}"
     kerberize_uris: qgm.lan
+    apt_conf: Acquire::http::Proxy "http://netboot.qgm.lan:3142/";
+    ntp_serv: server.qgm.lan
+    proxy: http://firewall.qgm.lan:3128
+    no_proxy: firewall.qgm.lan, server.qgm.lan, qgm.lan
+
+    ## PAM mount nextcloud, remove or leave empty to skip:
+    web_dav: https://wolke.qg-moessingen.de/remote.php/dav/files/%(USER)
+
+    ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
+    mirror_msfonts: http://netboot.qgm.lan/mscorefonts/
+
+    # Linbo Passwort
     rsyncsecret: Muster!
-    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
-    grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
+    ## Use grub-mkpasswd-pbkdf2: to calculate the password hash, this hash is for "geheim":
+    grub_pwd: 'grub.pbkdf2.sha512.10000.775CB8C7FDA6892B684049EC0257245BA886719264ED9CDB3A7543B3562CC71BA70DB31F3550586D1F41642B13AEF61857FE009AF891D0854A8383251C55119D.30056755AF00EA171069E591D3CA18A592C8C5DEC7E0DEE957AC23A51F58CC5E05231AC49674EC19F2BACAD7D510DF58A157840596F0247054C7FD42C5D43BE7'
     nfs4: false
     extra_pkgs:
       - vim
@@ -39,7 +50,6 @@
       - debconf-utils
       - ctorrent
     extra_pkgs_bpo: [] # [ linux-image-amd64 ]
-    ansible_python_interpreter: "/usr/bin/python3"
 
   roles:
     - lmn_network
@@ -47,5 +57,6 @@
     - lmn_sssd
     - lmn_mount
     #- lmn_kde
+    #- lmn_myschool ## school specific customization
     #- lmn_printer
     #- kerberize
diff --git a/roles/lmn_kde/files/fvs-config.js b/roles/lmn_kde/files/fvs-config.js
deleted file mode 100644
index 71c65ab..0000000
--- a/roles/lmn_kde/files/fvs-config.js
+++ /dev/null
@@ -1,112 +0,0 @@
-// configure plasma defaults
-
-function forEachWidgetInContainmentList(containmentList, callback) {
-    for (var containmentIndex = 0; containmentIndex < containmentList.length; containmentIndex++) {
-        var containment = containmentList[containmentIndex];
-
-        var widgets = containment.widgets();
-        for (var widgetIndex = 0; widgetIndex < widgets.length; widgetIndex++) {
-            var widget = widgets[widgetIndex];
-            callback(widget, containment);
-            if (widget.type === "org.kde.plasma.systemtray") {
-                systemtrayId = widget.readConfig("SystrayContainmentId");
-                if (systemtrayId) {
-                    forEachWidgetInContainmentList([desktopById(systemtrayId)], callback)
-                }
-            }
-        }
-    }
-}
-
-function forEachWidget(callback) {
-    forEachWidgetInContainmentList(desktops(), callback);
-    forEachWidgetInContainmentList(panels(), callback);
-}
-
-function forEachWidgetByType(type, callback) {
-    forEachWidget(function(widget, containment) {
-        if (widget.type == type) {
-            callback(widget, containment);
-        }
-    });
-}
-
-function widgetSetProperty(args) {
-    if (!(args.widgetType && args.configGroup && args.configKey)) {
-        return;
-    }
-
-    forEachWidgetByType(args.widgetType, function(widget){
-        widget.currentConfigGroup = [args.configGroup];
-/*
-        //--- Delete when done debugging
-        const oldValue = widget.readConfig(args.configKey);
-        print("" + widget.type + " (id: " + widget.id + "):");
-        print("\t[" + args.configGroup + "] " + args.configKey + ": " +
-	      oldValue + " => " + args.configValue + "\n");
-        //--- End Debug
-*/
-        widget.writeConfig(args.configKey, args.configValue);
-    });
-}
-
-// configure task bar starters:
-widgetSetProperty({
-    widgetType: "org.kde.plasma.icontasks",
-    configGroup: "General",
-    configKey: "launchers",
-    configValue: [
-	"applications:systemsettings.desktop",
-	"preferred://browser",
-	"applications:thunderbird.desktop",
-	"applications:libreoffice-startcenter.desktop",
-	"preferred://filemanager"
-	//"applications:org.kde.konsole.desktop",
-	//"applications:org.kde.discover.desktop"
-    ],
-
-});
-
-// kickoff is the default menu:
-/* this does not work (anymore?)
-widgetSetProperty({
-    widgetType: "org.kde.plasma.kickoff",
-    configGroup: "General",
-    configKey: "favorites",
-    configValue: ["applications:libreoffice-startcenter.desktop",],
-});
-*/
-
-widgetSetProperty({
-    widgetType: "org.kde.plasma.kickoff",
-    configGroup: "General",
-    configKey: "systemFavorites",
-    configValue: ["reboot", "shutdown", "logout"],
-});
-
-
-// prepare a folder view on the desktop:
-/* 20230917 disabled for now
-var allDesktops = desktops();
-for (var desktopIndex = 0; desktopIndex < allDesktops.length; desktopIndex++) {
-    var d = allDesktops[desktopIndex];
-    d.addWidget("org.kde.plasma.folder", 50, 50, 456, 600)
-    print("Folder app generated!\n")
-}
-
-widgetSetProperty({
-    widgetType: "org.kde.plasma.folder",
-    configGroup: "General",
-    configKey: "url",
-    configValue: "/lmn/media/",
-});
-
-widgetSetProperty({
-    widgetType: "org.kde.plasma.folder",
-    configGroup: "General",
-    configKey: "labelMode",
-    configValue: "0",
-});
-*/
-
-// /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
diff --git a/roles/lmn_kde/files/lmn-reset-dolphin.sh b/roles/lmn_kde/files/lmn-reset-dolphin.sh
deleted file mode 100755
index 10f6e75..0000000
--- a/roles/lmn_kde/files/lmn-reset-dolphin.sh
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/bash
-
-sed -e "s|HOME|/${HOME##/srv/samba/schools/default-school/}|g" -e "s|USER|${USER}|g" > ~/.local/share/user-places.xbel <<EOF
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE xbel>
-<xbel xmlns:mime="http://www.freedesktop.org/standards/shared-mime-info" xmlns:bookmark="http://www.freedesktop.org/standards/desktop-bookmarks" xmlns:kdepriv="http://www.kde.org/kdepriv">
- <info>
-  <metadata owner="http://www.kde.org">
-   <kde_places_version>4</kde_places_version>
-   <GroupState-Places-IsHidden>false</GroupState-Places-IsHidden>
-   <GroupState-Remote-IsHidden>false</GroupState-Remote-IsHidden>
-   <GroupState-Devices-IsHidden>false</GroupState-Devices-IsHidden>
-   <GroupState-RemovableDevices-IsHidden>false</GroupState-RemovableDevices-IsHidden>
-   <GroupState-Tags-IsHidden>false</GroupState-Tags-IsHidden>
-   <withRecentlyUsed>true</withRecentlyUsed>
-   <GroupState-RecentlySaved-IsHidden>false</GroupState-RecentlySaved-IsHidden>
-   <withBaloo>true</withBaloo>
-   <GroupState-SearchFor-IsHidden>false</GroupState-SearchFor-IsHidden>
-  </metadata>
- </info>
- <bookmark href="file:///srv/samba/schools/default-schoolHOME">
-  <title>Home</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="user-home"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/0</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="file:///srv/samba/schools/default-schoolHOME/Schreibtisch">
-  <title>Desktop</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="user-desktop"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/1</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="file:///srv/samba/schools/default-schoolHOME/Dokumente">
-  <title>Documents</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="folder-documents"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/2</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="file:///srv/samba/schools/default-schoolHOME/Downloads">
-  <title>Downloads</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="folder-downloads"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/3</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="file:///srv/samba/schools/default-schoolHOME/Musik">
-  <title>Music</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="folder-music"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/6</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="file:///srv/samba/schools/default-schoolHOME/Bilder">
-  <title>Pictures</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="folder-pictures"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/7</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="file:///srv/samba/schools/default-schoolHOME/Videos">
-  <title>Videos</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="folder-videos"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/8</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="file:///srv/samba/schools/default-school/share">
-  <title>Tausch</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="folder-publicshare"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/9</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="file:///lmn/media/USER/nextcloud">
-  <title>Nextcloud</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="folder-cloud"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/10</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="remote:/">
-  <title>Network</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="folder-network"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/4</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="trash:/">
-  <title>Trash</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="user-trash"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/5</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="recentlyused:/files">
-  <title>Recent Files</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="document-open-recent"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/9</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <bookmark href="recentlyused:/locations">
-  <title>Recent Locations</title>
-  <info>
-   <metadata owner="http://freedesktop.org">
-    <bookmark:icon name="folder-open-recent"/>
-   </metadata>
-   <metadata owner="http://www.kde.org">
-    <ID>1682498425/10</ID>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </bookmark>
- <separator>
-  <info>
-   <metadata owner="http://www.kde.org">
-    <UDI>/org/kde/fstab///server/default-school/:/srv/samba/schools/default-school</UDI>
-    <isSystemItem>true</isSystemItem>
-    <IsHidden>true</IsHidden>
-   </metadata>
-  </info>
- </separator>
- <separator>
-  <info>
-   <metadata owner="http://www.kde.org">
-    <UDI>/org/kde/fstab///server/default-school/:/lmn/media/USER/home</UDI>
-    <isSystemItem>true</isSystemItem>
-    <IsHidden>true</IsHidden>
-   </metadata>
-  </info>
- </separator>
- <separator>
-  <info>
-   <metadata owner="http://www.kde.org">
-    <UDI>/org/kde/fstab///server/sysvol/:/srv/samba/USER/sysvol</UDI>
-    <isSystemItem>true</isSystemItem>
-    <IsHidden>true</IsHidden>
-   </metadata>
-  </info>
- </separator>
- <separator>
-  <info>
-   <metadata owner="http://www.kde.org">
-    <UDI>/org/kde/fstab///server/default-school/:/lmn/media/USER/share</UDI>
-    <isSystemItem>true</isSystemItem>
-    <IsHidden>true</IsHidden>
-   </metadata>
-  </info>
- </separator>
- <separator>
-  <info>
-   <metadata owner="http://www.kde.org">
-    <UDI>/org/freedesktop/UDisks2/block_devices/sda2</UDI>
-    <isSystemItem>true</isSystemItem>
-   </metadata>
-  </info>
- </separator>
-</xbel>
-EOF
diff --git a/roles/lmn_kde/files/policies.json b/roles/lmn_kde/files/policies.json
deleted file mode 100644
index 4edf004..0000000
--- a/roles/lmn_kde/files/policies.json
+++ /dev/null
@@ -1,74 +0,0 @@
-{
-    "policies": {
-        "Proxy": {
-            "Mode": "system"
-        },
-        "OverrideFirstRunPage": "https://www.steinbeisschule-reutlingen.de",
-        "Homepage": {
-            "URL": "https://www.debian.org",
-            "Locked": false,
-            "StartPage": "previous-session"
-        },
-        "DisplayBookmarksToolbar": true,
-        "ManagedBookmarks": [
-            {
-                "toplevel_name": "FvS-Reutlingen"
-            },
-            {
-                "url": "https://server.pn.steinbeis.schule",
-                "name": "Passwort ändern"
-            },
-            {
-                "url": "https://dw.steinbeis.schule",
-                "name": "FvS-Hilfesystem"
-            },
-            {
-                "url": "https://nextcloud.steinbeisschule-reutlingen.de",
-                "name": "FvS-Nextcloud"
-            },
-            {
-                "url": "https://moodle.steinbeisschule-reutlingen.de",
-                "name": "FvS-Moodle"
-            },
-            {
-                "name": "Debian",
-                "children": [
-                    {
-                        "url": "https://www.debian.org",
-                        "name": "Debian Homepage"
-                    },
-                    {
-                        "url": "https://wiki.debian.org",
-                        "name": "Debian Wiki"
-                    },
-                    {
-                        "name": "Debian LAN/Live",
-                        "children": [
-                            {
-                                "url": "https://salsa.debian.org/andi/debian-lan-ansible",
-                                "name": "Debian LAN Ansible"
-                            },
-                            {
-                                "url": "https://wiki.debian.org/DebianLive",
-                                "name": "Debian Live"
-                            }
-                        ]
-                    }
-                ]
-            }
-        ],
-        "SearchEngines": {
-            "Add": [
-                {
-                    "Name": "Startpage",
-                    "URLTemplate": "https://www.startpage.com/sp/search?query={searchTerms}",
-                    "Method": "GET",
-                    "IconURL": "https://www.startpage.com/sp/cdn/favicons/favicon--default.ico",
-                    "Alias": "sp",
-                    "Description": "Startpage Search Engine"
-                }
-            ],
-            "Default": "Startpage"
-        }
-    }
-}
diff --git a/roles/lmn_kde/files/pwroff b/roles/lmn_kde/files/pwroff
deleted file mode 100755
index 56b9d22..0000000
--- a/roles/lmn_kde/files/pwroff
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-#
-# logout idle users and shutdown machine
-#
-set -eu
-
-action="systemctl poweroff"
-uptime=$(cat /proc/uptime | cut -f1 -d.)
-maxidle=3600
-
-u=($(loginctl list-users --no-legend  | sort -hr | head -1))
-una=${u[1]:-''}
-uid=${u[0]:-''}
-
-talk2dbus() {
-    local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
-    sudo -u $una DISPLAY=$display \
-	 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus "$@" 2>/dev/null
-}
-
-########
-
-## shutdown if nobody is loged in:
-if [[ -z "$una" ]] || [[ $uid -lt 1000 ]] ; then
-  exec $action
-fi
-
-# FIXME: find idle time independent of running screensaver
-if ! t=$(talk2dbus qdbus org.kde.screensaver /ScreenSaver GetActiveTime) ; then
-    echo "No graphical logins found."
-else
-    idle=$(( t / 1000 ))
-    if [[ $idle -gt $maxidle ]] ; then
-        talk2dbus notify-send -i system-shutdown -u critical -a 'Important System Information' \
-	          'Please log out, the system will shut down soon!' \
-	          'There has been no activity for too long.'
-        ## shutdown:
-        #talk2dbus qdbus org.kde.ksmserver /KSMServer logout 1 2 0
-        ## logout:
-        talk2dbus qdbus org.kde.ksmserver /KSMServer logout 1 0 0
-        echo "Log-out user $una after being idle for $idle seconds."
-    else
-        echo "The user $una has been idle for $idle seconds."
-    fi
-fi
-
-#w -s | grep tty | sed "s/[[:space:]]\+/ /g" | cut -f4 -d ' '
diff --git a/roles/lmn_kde/files/pwroff.service b/roles/lmn_kde/files/pwroff.service
deleted file mode 100644
index 1fe36d3..0000000
--- a/roles/lmn_kde/files/pwroff.service
+++ /dev/null
@@ -1,6 +0,0 @@
-[Unit]
-Description=Run pwroff script
-
-[Service]
-Type=simple
-ExecStart=/usr/local/sbin/pwroff
diff --git a/roles/lmn_kde/files/pwroff.timer b/roles/lmn_kde/files/pwroff.timer
deleted file mode 100644
index 299bc4b..0000000
--- a/roles/lmn_kde/files/pwroff.timer
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=Run pwroff script every 10 min after 60 min uptime
-
-[Timer]
-OnBootSec=60min
-OnUnitActiveSec=10min
-
-[Install]
-WantedBy=timers.target
diff --git a/roles/lmn_kde/handlers/main.yml b/roles/lmn_kde/handlers/main.yml
index 1a21074..e2b8cdf 100644
--- a/roles/lmn_kde/handlers/main.yml
+++ b/roles/lmn_kde/handlers/main.yml
@@ -1,14 +1,2 @@
 - name: Run update-grub
   command: update-grub
-
-- name: Enable tmp.mount
-  systemd:
-    daemon_reload: yes
-    name: tmp.mount
-    enabled: yes
-  listen: enable tmp.mount
-
-- name: enable pwroff.timer
-  systemd:
-    name: pwroff.timer
-    enabled: true
diff --git a/roles/lmn_kde/tasks/main.yml b/roles/lmn_kde/tasks/main.yml
index 1a80dde..74bed30 100644
--- a/roles/lmn_kde/tasks/main.yml
+++ b/roles/lmn_kde/tasks/main.yml
@@ -1,61 +1,39 @@
 ---
-- name: Preseed ttf-mscorefonts-installer
-  ansible.builtin.debconf:
-    name: ttf-mscorefonts-installer
-    question: msttcorefonts/dlurl
-    value: http://netboot.qgm.lan/mscorefonts/
-    vtype: string
-
-- name: Install desktop EDU packages and some more
+- name: Install desktop and educational packages
   apt:
     name:
-      - task-kde-desktop
-      - task-german-kde-desktop
-      - task-german-desktop
-      - xdg-desktop-portal-kde
-      - xdg-desktop-portal-wlr # share screen in browser
-      - kde-full
       - akonadi-backend-sqlite
-      - thunderbird-l10n-de
-      - webext-privacy-badger
-      - webext-ublock-origin-firefox
-      - webext-ublock-origin-chromium
-      - vlc
+      - arduino
+      - bluefish
+      - codeblocks
+      - dia
+      - flameshot
+      - freecad
+      - ghex
       - gimp
       - inkscape
-      - flameshot
-      - bluefish
-      - git
-      - gitk
-      - gitg
-      - nmap
-      - net-tools
-      - ghex
-      - thonny
-      - spyder
+      - kde-full
+      - keepassxc
+      - librecad
       - mu-editor
-      - dia
-      - vym
-      - tree
+      - qtcreator
+      - spyder
       - sqlite3
       - sqlitebrowser
-      - neovim
-      - qtcreator
-      - freecad
-      - librecad
-      - arduino
-      - keepassxc
-      - tmux
-      - curl
-      - pulseview
-      - sigrok
-      - sigrok-cli
-      - codeblocks
-      - ttf-mscorefonts-installer
+      - task-german-desktop
+      - task-german-kde-desktop
+      - task-kde-desktop
+      - thonny
+      - thunderbird-l10n-de
+      - vlc
+      - vym
+      - webext-privacy-badger
+      - webext-ublock-origin-chromium
+      - webext-ublock-origin-firefox
+      - xdg-desktop-portal-kde
+      - xdg-desktop-portal-wlr # share screen in browser
     autoremove: true
     state: latest
-  environment:
-    http_proxy: '' # this is needed to avoid ttf-mscorefonts-installer picking up aptcacher
 
 - name: Add {{ ansible_distribution_release }}-backports
   apt_repository:
@@ -75,14 +53,6 @@
     default_release: "{{ ansible_distribution_release }}-backports"
 
 
-- name: Enable splash screen
-  replace:
-    dest: "/etc/default/grub"
-    regexp: '"quiet"$'
-    replace: '"quiet splash"'
-  notify: Run update-grub
-
-
 - name: Create akonadi config dir
   ansible.builtin.file:
     path: /etc/xdg/akonadi/
@@ -106,24 +76,6 @@
       /srv/samba/schools/default-school/students/*/
 
 
-- name: Create firefox policies directory
-  ansible.builtin.file:
-    path: /etc/firefox-esr/policies
-    state: directory
-    mode: '0755'
-
-- name: Create a symbolic link firefox to firefox-esr
-  ansible.builtin.file:
-    src: /etc/firefox-esr
-    dest: /etc/firefox
-    state: link
-
-- name: copy policy
-  ansible.builtin.copy:
-    src: policies.json
-    dest: /etc/firefox-esr/policies/
-
-
 - name: tune SDDM login
   blockinfile:
     path: /etc/sddm.conf
@@ -153,35 +105,14 @@
       AllowHybridSleep=no
 
 
-- name: Copy pwroff script
-  copy:
-    src: pwroff
-    dest: /usr/local/sbin/
-    mode: 0755
-
-- name: Provide service and timer for pwroff script
-  copy:
-    src: "{{ item }}"
-    dest: "/etc/systemd/system/{{ item }}"
-    mode: 0644
-  with_items:
-    - pwroff.service
-    - pwroff.timer
-  notify: enable pwroff.timer
-
-- name: copy lmn-reset-dolphin.sh
-  ansible.builtin.copy:
-    src: lmn-reset-dolphin.sh
-    dest: /usr/local/bin/
-    mode: 0755
-
-- name: Copy fvs-config.js to configure plasma
-  ansible.builtin.copy:
-    src: fvs-config.js
-    dest: /usr/share/plasma/shells/org.kde.plasma.desktop/contents/updates/fvs-config.js
-    mode: 0644
-
 ################# general settings ##################
+- name: Enable boot splash screen
+  replace:
+    dest: "/etc/default/grub"
+    regexp: '"quiet"$'
+    replace: '"quiet splash"'
+  notify: Run update-grub
+
 - name: Protect grub menu entries
   blockinfile:
     path: /etc/grub.d/40_custom
diff --git a/roles/lmn_mount/tasks/main.yml b/roles/lmn_mount/tasks/main.yml
index 0f220ee..969f188 100644
--- a/roles/lmn_mount/tasks/main.yml
+++ b/roles/lmn_mount/tasks/main.yml
@@ -9,12 +9,26 @@
       - davfs2
     state: latest
 
+- name: Configure pam_mount for Webdav Nextcloud
+  blockinfile:
+    dest: /etc/security/pam_mount.conf.xml
+    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount Nextcloud) -->"
+    block: |
+      <volume
+        fstype="davfs"
+        path="{{ web_dav }}"
+        mountpoint="/lmn/media/%(USER)/nextcloud"
+        options="username=%(USER),nosuid,nodev,uid=%(USER),gid=1010,grpid,file_mode=0770,dir_mode=0770,forceuid,forcegid"
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+      </volume>
+    insertafter: "<!-- Volume definitions -->"
+  when: web_dav is defined and web_dav | length > 0
+
 - name: Configure pam_mount for LMN homes
   blockinfile:
     dest: /etc/security/pam_mount.conf.xml
-    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount LMN homes) -->"
+    marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (mount LMN home) -->"
     block: |
-      <!-- mounts for home, share and nextcloud -->
       <volume
         fstype="cifs"
         server="{{ smb_server }}"
@@ -64,7 +78,7 @@
     line: KillUserProcesses=yes
     insertafter: '#KillUserProcesses=no'
 
-- name: Bind mount lmn/media with nosuid directory
+- name: Bind mount /lmn/media with nosuid directory
   ansible.posix.mount:
     src: /lmn/media
     path: /lmn/media
@@ -72,11 +86,11 @@
     state: present
     fstype: none
 
-#- name: Mount NFSv4 home directory
-#  ansible.posix.mount:
-#    src: server:/default-school
-#    path: /srv/samba/schools/default-school
-#    opts: sec=krb5p,_netdev,x-systemd.automount,x-systemd.idle-timeout=60
-#    state: present
-#    fstype: nfs4
-#  when: nfs4
+- name: Mount NFSv4 home directory
+  ansible.posix.mount:
+    src: server:/default-school
+    path: /srv/samba/schools/default-school
+    opts: sec=krb5p,_netdev,x-systemd.automount,x-systemd.idle-timeout=60
+    state: present
+    fstype: nfs4
+  when: nfs4
diff --git a/roles/lmn_network/tasks/main.yml b/roles/lmn_network/tasks/main.yml
index 2975d92..3a51738 100644
--- a/roles/lmn_network/tasks/main.yml
+++ b/roles/lmn_network/tasks/main.yml
@@ -1,13 +1,21 @@
 ---
+- name: Deploy http proxy config
+  copy:
+    dest: /etc/environment.d/10-lmn-proxy.conf
+    content: |
+      http_proxy="{{ proxy }}"
+      https_proxy="{{ proxy }}"
+      ftp_proxy="{{ proxy }}"
+      no_proxy="{{ no_proxy }}"
 
 - name: set aptcache
   ansible.builtin.copy:
     dest: /etc/apt/apt.conf
     content: >
-      Acquire::http::Proxy "http://10.16.1.2:3142/";
+      {{ apt_conf }}
 
 - name: set ntp Server
   ansible.builtin.lineinfile:
     path: /etc/systemd/timesyncd.conf
     insertafter: '^#NTP='
-    line: NTP=server.qgm.lan
+    line: NTP={{ ntp_serv }}
diff --git a/roles/lmn_printer/tasks/main.yml b/roles/lmn_printer/tasks/main.yml
index 79f90b0..e6ce966 100644
--- a/roles/lmn_printer/tasks/main.yml
+++ b/roles/lmn_printer/tasks/main.yml
@@ -30,7 +30,8 @@
         path="sysvol/"
         mountpoint="/srv/samba/%(USER)/sysvol"
         options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
-      ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not></volume>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+      </volume>
     insertafter: "<!-- Volume definitions -->"
 
 - name: Create /etc/linuxmuster-linuxclient7 Directory