Provide a local guest user.

roles/lmn_localuser/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+- name: Mount tmpfs on /home/{{ localuser }}
+  ansible.posix.mount:
+    name: /home/{{ localuser }}
+    src: tmpfs
+    fstype: tmpfs
+    opts: uid=1001,gid=1001,mode=755,size=4G
+    state: mounted
+
+- name: Add local guest user
+  ansible.builtin.user:
+    name: "{{ localuser }}"
+    comment: "Local Guest User,,,"
+    shell: /bin/bash
+    uid: 1001
+    password_expire_min: 99999
+    createhome: false
+    password: "{{ localuser_pwd }}"
+
+- name: Prepare generator for local guest user
+  ansible.builtin.copy:
+    dest: /etc/systemd/user-environment-generators/60-guest-user.sh
+    content: |
+      #!/usr/bin/bash
+      set -eu
+      [[ "$UID" -ne 1001 ]] && exit 0
+      cp -r -n /etc/skel/.* "$HOME"
+    mode: "0755"

roles/lmn_mount/tasks/main.yml

@@ -19,7 +19,7 @@
         path="{{ web_dav }}"
         mountpoint="/lmn/media/%(USER)/nextcloud"
         options="username=%(USER),nosuid,nodev,uid=%(USER),gid=1010,grpid,file_mode=0770,dir_mode=0770,forceuid,forcegid"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- Volume definitions -->"
   when: web_dav is defined and web_dav | length > 0
@@ -35,7 +35,7 @@
         path="{{ smb_share }}"
         mountpoint="/srv/samba/schools/default-school"
         options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- Volume definitions -->"
 

roles/lmn_printer/tasks/main.yml

@@ -30,7 +30,7 @@
         path="sysvol/"
         mountpoint="/srv/samba/%(USER)/sysvol"
         options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- Volume definitions -->"
 

roles/lmn_vm/tasks/main.yml

@@ -25,13 +25,13 @@
         path="~"
         mountpoint="/lmn/media/%(USER)/home"
         options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
       <volume
         path="/srv/samba/schools/default-school/share"
         mountpoint="/lmn/media/%(USER)/share"
         options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
 

roles/lmn_wlan/tasks/main.yml

@@ -13,11 +13,15 @@
       psk: "{{ wifipasswd }}"
     autoconnect: true
     state: present
-  when: not run_in_installer|default(false)|bool
+  when: |
+    not run_in_installer|default(false)|bool and
+    ansible_interfaces | select('search', 'wl.+') | first is defined
 
 - name: Provide WLAN config during installation
   template:
     src: ssid.nmconnection.j2
     dest: "/etc/NetworkManager/system-connections/{{ ssid }}.nmconnection"
     mode: '0600'
-  when: run_in_installer|default(false)|bool
+  when: |
+    run_in_installer|default(false)|bool and
+    ansible_interfaces | select('search', 'wl.+') | first is defined