trixie/roles/lmn_kde/tasks/main.yml

---
- name: Install desktop and educational packages
  ansible.builtin.apt:
    name:
      - akonadi-backend-sqlite
      - arduino
      - bluefish
      - calligra
      - codeblocks
      - dia
      - flameshot
      - freecad
      - fritzing
      - ghex
      - gimp
      - inkscape
      - kde-full
      - keepassxc
      - librecad
      - mu-editor
      - openboard
      - qtcreator
      - spyder
      - sqlite3
      - sqlitebrowser
      - task-german-desktop
      - task-german-kde-desktop
      - task-kde-desktop
      - thonny
      - thunderbird-l10n-de
      - vlc
      - vym
      - webext-privacy-badger
      - webext-ublock-origin-chromium
      - webext-ublock-origin-firefox
      - xdg-desktop-portal-kde
      - xdg-desktop-portal-wlr # share screen in browser
      - xournalpp
    autoremove: true
    state: latest

- name: Add backports {{ ansible_distribution_release }}
  ansible.builtin.apt_repository:
    repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main non-free-firmware
    state: present
    update_cache: true

- name: Install extra packages from backports
  ansible.builtin.apt:
    name:
      - filius
      - kicad
      - kicad-doc-de
      - libreoffice
      - libreoffice-l10n-de
      - libreoffice-qt5
    state: latest # noqa package-latest
    autoremove: true
    default_release: "{{ ansible_distribution_release }}-backports"


- name: Create akonadi config dir
  ansible.builtin.file:
    path: /etc/xdg/akonadi/
    state: directory
    mode: '0755'

- name: Use sqlite in akonadi
  ansible.builtin.blockinfile:
    path: /etc/xdg/akonadi/akonadiserverrc
    create: true
    mode: '0644'
    block: |
      [%General]
      Driver=QSQLITE3

## Akonadi complains if not set:
- name: Add home dirs to apparmor
  ansible.builtin.lineinfile:
    dest: /etc/apparmor.d/tunables/home.d/ubuntu
    line: >-
      @{HOMEDIRS}+=/srv/samba/schools/default-school/teachers/
      /srv/samba/schools/default-school/students/*/
      /srv/samba/schools/default-school/examusers/


- name: Tune SDDM login
  ansible.builtin.blockinfile:
    path: /etc/sddm.conf
    create: true
    mode: '0644'
    block: |
      [Users]
      MaximumUid=999
      RememberLastUser=false
      RememberLastSession=false

- name: Enable wake-on-lan for all ethernet connections
  ansible.builtin.copy:
    dest: /etc/NetworkManager/conf.d/wake-on-lan.conf
    mode: '0644'
    content: |
      [connection]
      ethernet.wake-on-lan=64

- name: Prepare directory for apt-daily override
  ansible.builtin.file:
    path: /etc/systemd/system/apt-daily.timer.d/
    recurse: true
    mode: '0755'
    state: directory

- name: Run apt update early to avoid outdated package lists
  ansible.builtin.copy:
    dest: /etc/systemd/system/apt-daily.timer.d/override.conf
    mode: '0644'
    content: |
      [Timer]
      RandomizedDelaySec=30m

- name: Create directory to avoid suspend
  ansible.builtin.file:
    path: /etc/systemd/sleep.conf.d/
    state: directory
    mode: '0755'
  when: "'teacherlaptop' not in group_names"

- name: Avoid suspending
  ansible.builtin.blockinfile:
    path: /etc/systemd/sleep.conf.d/nosuspend.conf
    create: true
    mode: '0644'
    block: |
      [Sleep]
      AllowSuspend=no
      AllowHibernation=no
      AllowSuspendThenHibernate=no
      AllowHybridSleep=no
  when: "'teacherlaptop' not in group_names"

- name: Deploy dolphin script
  ansible.builtin.copy:
    src: lmn-fix-dolphin.sh
    dest: /usr/local/bin/
    mode: '0755'

################# general settings ##################
- name: Enable boot splash screen
  ansible.builtin.replace:
    dest: "/etc/default/grub"
    regexp: '"quiet"$'
    replace: '"quiet splash"'
  notify: Run update-grub

- name: Protect editing grub menu entries
  ansible.builtin.blockinfile:
    path: /etc/grub.d/40_custom
    block: |
      set superusers='root'
      export superusers
      password_pbkdf2 root {{ grub_pwd }}
  notify: Run update-grub

- name: Allow booting grub menu entries
  ansible.builtin.lineinfile:
    dest: /etc/grub.d/10_linux
    line: CLASS="${CLASS} --unrestricted"
    insertafter: '^CLASS=.*'
    firstmatch: true
  notify: Run update-grub

- name: Disable Grub submenus
  ansible.builtin.lineinfile:
    dest: /etc/default/grub
    line: 'GRUB_DISABLE_SUBMENU=true'
    insertafter: '^GRUB_TIMEOUT=.*'
  notify: Run update-grub

- name: Grub timeout
  ansible.builtin.lineinfile:
    dest: /etc/default/grub
    regexp: '^(GRUB_TIMEOUT=).*'
    line: '\g<1>1'
    backrefs: true
  notify: Run update-grub

- name: Keyboard compose key
  ansible.builtin.lineinfile:
    dest: /etc/default/keyboard
    regexp: '^(XKBOPTIONS=).*'
    line: '\1"compose:caps"'
    backrefs: true

- name: Default KDE filepicker
  ansible.builtin.lineinfile:
    path: /etc/environment.d/90lmn-filepicker.conf
    create: true
    mode: '0644'
    line: GTK_USE_PORTAL=1
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00			`---`
Make playbook more general: Split into general and specific roles, use variables. 2023-09-02 15:46:27 +02:00			`- name: Install desktop and educational packages`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.apt:`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00			`name:`
Drop this, it does not prevent installing akonadi-backend-mysql. 2023-08-14 17:26:24 +02:00			`- akonadi-backend-sqlite`
Make playbook more general: Split into general and specific roles, use variables. 2023-09-02 15:46:27 +02:00			`- arduino`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00			`- bluefish`
Add some packages users showed interest in. 2023-09-13 19:34:02 +02:00			`- calligra`
Make playbook more general: Split into general and specific roles, use variables. 2023-09-02 15:46:27 +02:00			`- codeblocks`
			`- dia`
			`- flameshot`
			`- freecad`
Add some packages users showed interest in. 2023-09-13 19:34:02 +02:00			`- fritzing`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00			`- ghex`
Make playbook more general: Split into general and specific roles, use variables. 2023-09-02 15:46:27 +02:00			`- gimp`
			`- inkscape`
			`- kde-full`
			`- keepassxc`
			`- librecad`
Give arduino a try and add package available again. 2023-08-14 16:42:33 +02:00			`- mu-editor`
Add some packages users showed interest in. 2023-09-13 19:34:02 +02:00			`- openboard`
Make playbook more general: Split into general and specific roles, use variables. 2023-09-02 15:46:27 +02:00			`- qtcreator`
			`- spyder`
add software packages 2023-07-12 15:52:09 +02:00			`- sqlite3`
			`- sqlitebrowser`
Make playbook more general: Split into general and specific roles, use variables. 2023-09-02 15:46:27 +02:00			`- task-german-desktop`
			`- task-german-kde-desktop`
			`- task-kde-desktop`
			`- thonny`
			`- thunderbird-l10n-de`
			`- vlc`
			`- vym`
			`- webext-privacy-badger`
			`- webext-ublock-origin-chromium`
			`- webext-ublock-origin-firefox`
			`- xdg-desktop-portal-kde`
			`- xdg-desktop-portal-wlr # share screen in browser`
Add some packages users showed interest in. 2023-09-13 19:34:02 +02:00			`- xournalpp`
Proxy value is not empty but the apt cache. Try it in an extra task. 2023-08-14 21:28:16 +02:00			`autoremove: true`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00			`state: latest`
Add packages from backports (bullseye only). 2023-01-22 19:46:22 +01:00
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`- name: Add backports {{ ansible_distribution_release }}`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.apt_repository:`
Include backports. 2023-08-16 14:46:55 +02:00			`repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main non-free-firmware`
Add packages from backports (bullseye only). 2023-01-22 19:46:22 +01:00			`state: present`
			`update_cache: true`

Allow screen sharing in video conferences. 2023-08-12 19:22:15 +02:00			`- name: Install extra packages from backports`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.apt:`
Add packages from backports (bullseye only). 2023-01-22 19:46:22 +01:00			`name:`
Some package cleanup. 2023-09-07 07:55:53 +02:00			`- filius`
Include backports. 2023-08-16 14:46:55 +02:00			`- kicad`
			`- kicad-doc-de`
Some package cleanup. 2023-09-07 07:55:53 +02:00			`- libreoffice`
			`- libreoffice-l10n-de`
Prevent autoremove of libreoffice-qt5 (e.g. filepicker) 2025-01-20 15:54:56 +01:00			`- libreoffice-qt5`
Add packages from backports (bullseye only). 2023-01-22 19:46:22 +01:00			`state: latest # noqa package-latest`
			`autoremove: true`
			`default_release: "{{ ansible_distribution_release }}-backports"`

Configure to use sqlite in akonadi. 2023-08-11 18:23:32 +02:00
			`- name: Create akonadi config dir`
			`ansible.builtin.file:`
			`path: /etc/xdg/akonadi/`
			`state: directory`
			`mode: '0755'`

			`- name: Use sqlite in akonadi`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.blockinfile:`
Configure to use sqlite in akonadi. 2023-08-11 18:23:32 +02:00			`path: /etc/xdg/akonadi/akonadiserverrc`
			`create: true`
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`mode: '0644'`
Configure to use sqlite in akonadi. 2023-08-11 18:23:32 +02:00			`block: \|`
			`[%General]`
			`Driver=QSQLITE3`

Apparmor: List all possible homes. 2023-10-19 21:30:25 +02:00			`## Akonadi complains if not set:`
Fixes for akonadi, however, it still does not like the smb working dir. 2023-03-17 19:46:22 +01:00			`- name: Add home dirs to apparmor`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.lineinfile:`
Fixes for akonadi, however, it still does not like the smb working dir. 2023-03-17 19:46:22 +01:00			`dest: /etc/apparmor.d/tunables/home.d/ubuntu`
			`line: >-`
			`@{HOMEDIRS}+=/srv/samba/schools/default-school/teachers/`
			`/srv/samba/schools/default-school/students/*/`
Apparmor: List all possible homes. 2023-10-19 21:30:25 +02:00			`/srv/samba/schools/default-school/examusers/`
Add packages from backports (bullseye only). 2023-01-22 19:46:22 +01:00
Configure to use sqlite in akonadi. 2023-08-11 18:23:32 +02:00
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`- name: Tune SDDM login`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.blockinfile:`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00			`path: /etc/sddm.conf`
			`create: true`
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`mode: '0644'`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00			`block: \|`
			`[Users]`
			`MaximumUid=999`
			`RememberLastUser=false`
			`RememberLastSession=false`

Enable wake-on-lan. 2023-10-10 12:36:58 +02:00			`- name: Enable wake-on-lan for all ethernet connections`
			`ansible.builtin.copy:`
			`dest: /etc/NetworkManager/conf.d/wake-on-lan.conf`
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`mode: '0644'`
Enable wake-on-lan. 2023-10-10 12:36:58 +02:00			`content: \|`
			`[connection]`
			`ethernet.wake-on-lan=64`
Nicer fix for the local-mirror-font issue. 2023-08-15 13:25:22 +02:00
Run apt-daily early to avoid outdated package lists 2024-11-08 11:55:42 +01:00			`- name: Prepare directory for apt-daily override`
			`ansible.builtin.file:`
			`path: /etc/systemd/system/apt-daily.timer.d/`
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`recurse: true`
			`mode: '0755'`
Run apt-daily early to avoid outdated package lists 2024-11-08 11:55:42 +01:00			`state: directory`

			`- name: Run apt update early to avoid outdated package lists`
			`ansible.builtin.copy:`
			`dest: /etc/systemd/system/apt-daily.timer.d/override.conf`
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`mode: '0644'`
Run apt-daily early to avoid outdated package lists 2024-11-08 11:55:42 +01:00			`content: \|`
			`[Timer]`
			`RandomizedDelaySec=30m`

wake up from suspend fails in R217 2023-07-14 13:01:46 +02:00			`- name: Create directory to avoid suspend`
			`ansible.builtin.file:`
			`path: /etc/systemd/sleep.conf.d/`
			`state: directory`
			`mode: '0755'`
Make tests for group membership more readable 2024-11-21 11:20:26 +01:00			`when: "'teacherlaptop' not in group_names"`
wake up from suspend fails in R217 2023-07-14 13:01:46 +02:00
			`- name: Avoid suspending`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.blockinfile:`
wake up from suspend fails in R217 2023-07-14 13:01:46 +02:00			`path: /etc/systemd/sleep.conf.d/nosuspend.conf`
			`create: true`
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`mode: '0644'`
wake up from suspend fails in R217 2023-07-14 13:01:46 +02:00			`block: \|`
			`[Sleep]`
			`AllowSuspend=no`
			`AllowHibernation=no`
			`AllowSuspendThenHibernate=no`
			`AllowHybridSleep=no`
Make tests for group membership more readable 2024-11-21 11:20:26 +01:00			`when: "'teacherlaptop' not in group_names"`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00
Dolphin keeps outdated paths (after Versetzung). 2023-09-13 19:36:20 +02:00			`- name: Deploy dolphin script`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.copy:`
Dolphin keeps outdated paths (after Versetzung). 2023-09-13 19:36:20 +02:00			`src: lmn-fix-dolphin.sh`
			`dest: /usr/local/bin/`
			`mode: '0755'`
Implement shutdown-if-not-in-use. 2023-08-06 13:51:16 +02:00
Protect the grub boot menu. 2023-07-23 11:35:06 +02:00			`################# general settings ##################`
Make playbook more general: Split into general and specific roles, use variables. 2023-09-02 15:46:27 +02:00			`- name: Enable boot splash screen`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.replace:`
Make playbook more general: Split into general and specific roles, use variables. 2023-09-02 15:46:27 +02:00			`dest: "/etc/default/grub"`
			`regexp: '"quiet"$'`
			`replace: '"quiet splash"'`
			`notify: Run update-grub`

Work around kernel CIFS regression. 2024-01-11 17:16:05 +01:00			`- name: Protect editing grub menu entries`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.blockinfile:`
Protect the grub boot menu. 2023-07-23 11:35:06 +02:00			`path: /etc/grub.d/40_custom`
			`block: \|`
			`set superusers='root'`
Work around kernel CIFS regression. 2024-01-11 17:16:05 +01:00			`export superusers`
Protect the grub boot menu. 2023-07-23 11:35:06 +02:00			`password_pbkdf2 root {{ grub_pwd }}`
Add splash screen back. 2023-07-24 08:25:18 +02:00			`notify: Run update-grub`
Protect the grub boot menu. 2023-07-23 11:35:06 +02:00
Work around kernel CIFS regression. 2024-01-11 17:16:05 +01:00			`- name: Allow booting grub menu entries`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.lineinfile:`
Allow to boot the default entry. 2023-07-23 17:06:08 +02:00			`dest: /etc/grub.d/10_linux`
			`line: CLASS="${CLASS} --unrestricted"`
			`insertafter: '^CLASS=.*'`
			`firstmatch: true`
Add splash screen back. 2023-07-24 08:25:18 +02:00			`notify: Run update-grub`
Allow to boot the default entry. 2023-07-23 17:06:08 +02:00
Improve kernel regression handling. 2024-01-12 13:24:14 +01:00			`- name: Disable Grub submenus`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.lineinfile:`
Improve kernel regression handling. 2024-01-12 13:24:14 +01:00			`dest: /etc/default/grub`
			`line: 'GRUB_DISABLE_SUBMENU=true'`
			`insertafter: '^GRUB_TIMEOUT=.*'`
Work around kernel CIFS regression. 2024-01-11 17:16:05 +01:00			`notify: Run update-grub`

Try some ECMAScript to configure the desktop. 2023-08-16 20:50:44 +02:00			`- name: Grub timeout`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.lineinfile:`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00			`dest: /etc/default/grub`
			`regexp: '^(GRUB_TIMEOUT=).*'`
Improve kernel regression handling. 2024-01-12 13:24:14 +01:00			`line: '\g<1>1'`
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`backrefs: true`
Add splash screen back. 2023-07-24 08:25:18 +02:00			`notify: Run update-grub`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00
Try some ECMAScript to configure the desktop. 2023-08-16 20:50:44 +02:00			`- name: Keyboard compose key`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`ansible.builtin.lineinfile:`
Configure KDE, move package installation to extra role. 2023-01-22 11:49:57 +01:00			`dest: /etc/default/keyboard`
			`regexp: '^(XKBOPTIONS=).*'`
			`line: '\1"compose:caps"'`
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`backrefs: true`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00
			`- name: Default KDE filepicker`
			`ansible.builtin.lineinfile:`
			`path: /etc/environment.d/90lmn-filepicker.conf`
			`create: true`
Improve ansible code so that ansibe-lint shows fewer errors 2025-03-24 07:33:56 +01:00			`mode: '0644'`
Use KDE filepicker in Firefox, Thunderbird, ... 2024-09-06 08:13:48 +02:00			`line: GTK_USE_PORTAL=1`