Collect some general tasks from other roles into role_misc

Control execution of task by variables with defaults.

roles/lmn_misc/tasks/main.yml

@@ -0,0 +1,167 @@
+---
+- name: Enable wake-on-lan for all ethernet connections
+  ansible.builtin.copy:
+    dest: /etc/NetworkManager/conf.d/wake-on-lan.conf
+    mode: '0644'
+    content: |
+      [connection]
+      ethernet.wake-on-lan=64
+
+- name: Prepare directory for apt-daily override
+  ansible.builtin.file:
+    path: /etc/systemd/system/apt-daily.timer.d/
+    mode: '0755'
+    state: directory
+
+- name: Run apt update early to avoid outdated package lists
+  ansible.builtin.copy:
+    dest: /etc/systemd/system/apt-daily.timer.d/override.conf
+    mode: '0644'
+    content: |
+      [Timer]
+      RandomizedDelaySec=30m
+
+# Avoid suspend
+
+- name: Create directory to avoid suspend
+  ansible.builtin.file:
+    path: /etc/systemd/sleep.conf.d/
+    state: directory
+    mode: '0755'
+  when: misc_avoid_suspend
+
+- name: Avoid suspending
+  ansible.builtin.blockinfile:
+    path: /etc/systemd/sleep.conf.d/nosuspend.conf
+    create: true
+    mode: '0644'
+    block: |
+      [Sleep]
+      AllowSuspend=no
+      AllowHibernation=no
+      AllowSuspendThenHibernate=no
+      AllowHybridSleep=no
+  when: misc_avoid_suspend
+
+# Auto Poweroff
+
+- name: Copy pwroff script
+  ansible.builtin.copy:
+    src: pwroff
+    dest: /usr/local/sbin/
+    mode: '0755'
+
+- name: Provide services and timers for pwroff
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/systemd/system/{{ item }}"
+    mode: '0644'
+  loop:
+    - pwroff.service
+    - pwroff.timer
+  when: misc_pwroff
+
+- name: Enable pwroff.timer
+  ansible.builtin.systemd:
+    name: pwroff.timer
+    enabled: true
+  when: misc_pwroff
+
+# Boot splash
+
+- name: Enable boot splash screen
+  ansible.builtin.replace:
+    dest: "/etc/default/grub"
+    regexp: '"quiet"$'
+    replace: '"quiet splash"'
+  notify: Run update-grub
+
+# Grub settings
+
+- name: Protect editing grub menu entries
+  ansible.builtin.blockinfile:
+    path: /etc/grub.d/40_custom
+    block: |
+      set superusers='root'
+      export superusers
+      password_pbkdf2 root {{ grub_pwd }}
+  notify: Run update-grub
+
+- name: Allow booting grub menu entries
+  ansible.builtin.lineinfile:
+    dest: /etc/grub.d/10_linux
+    line: CLASS="${CLASS} --unrestricted"
+    insertafter: '^CLASS=.*'
+    firstmatch: true
+  notify: Run update-grub
+
+- name: Disable Grub submenus
+  ansible.builtin.lineinfile:
+    dest: /etc/default/grub
+    line: 'GRUB_DISABLE_SUBMENU=true'
+    insertafter: '^GRUB_TIMEOUT=.*'
+  notify: Run update-grub
+
+- name: Grub timeout
+  ansible.builtin.lineinfile:
+    dest: /etc/default/grub
+    regexp: '^(GRUB_TIMEOUT=).*'
+    line: '\g<1>1'
+    backrefs: true
+  notify: Run update-grub
+
+# PXE first boot order
+
+- name: Copy some scripts
+  ansible.builtin.copy:
+    src: bootorder.sh
+    dest: /usr/local/sbin/
+    mode: '0755'
+  when: misc_pxe_first
+
+- name: PXE first boot order
+  ansible.builtin.command: /usr/local/sbin/bootorder.sh
+  register: cmd_result
+  changed_when: cmd_result.stdout is not search('Nothing to do.')
+  when: misc_pxe_first
+
+# Disable Caps Lock
+
+- name: Keyboard compose key
+  ansible.builtin.lineinfile:
+    dest: /etc/default/keyboard
+    regexp: '^(XKBOPTIONS=).*'
+    line: '\1"compose:caps"'
+    backrefs: true
+
+# Activate unattended upgrades
+
+- name: Update all packages unattended
+  ansible.builtin.replace:
+    path: /etc/apt/apt.conf.d/50unattended-upgrades
+    regexp: '^//(\s+"origin=.+-updates";)$'
+    replace: '  \1'
+
+# Install reporter
+
+- name: Copy reporter
+  ansible.builtin.copy:
+    src: reporter
+    dest: /usr/local/sbin/
+    mode: '0755'
+
+- name: Provide services and timers for reporter
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/systemd/system/{{ item }}"
+    mode: '0644'
+  loop:
+    - reporter.service
+    - reporter.timer
+  when: misc_reporter
+
+- name: Enable reporter.timer
+  ansible.builtin.systemd:
+    name: reporter.timer
+    enabled: true
+  when: misc_reporter