Separate exam-mode stuff in own role

roles/lmn_fvs/files/pam-exec.sh

@@ -1,16 +0,0 @@
-#!/usr/bin/bash
-
-# exit if not running as root. Because other user don't have privileges to start/stop firewalld.
-[[ "${UID}" -eq "0" ]] || exit 0
-
-if [[ "${PAM_USER}" =~ -exam$ ]]; then
-  systemctl start firewalld.service
-  if systemctl is-enabled --quiet libvirtd.service; then
-    systemctl restart libvirtd.service
-  fi
-elif ! (users | grep -q -- "-exam"); then
-  systemctl stop firewalld.service
-  if systemctl is-enabled --quiet libvirtd.service; then
-    systemctl restart libvirtd.service
-  fi
-fi

roles/lmn_fvs/tasks/main.yml

@@ -152,7 +152,6 @@
     - pwroff
     - bootorder.sh
     - reporter
-    - pam-exec.sh
 
 - name: Provide services and timers for some scripts
   copy:
@@ -309,12 +308,6 @@
          font.pointSize: config.fontSize
       }
 
-- name: enable login script via pam_exec.so
-  lineinfile:
-    dest: /etc/pam.d/common-auth
-    line: "auth    optional        pam_exec.so /usr/local/sbin/pam-exec.sh"
-  when: "'teacherlaptop' not in group_names"
-
 - name: Set git default-branch to main
   ansible.builtin.copy:
     dest: /etc/gitconfig