install parcimonie

Hooking into tor's nmtrust config seems to make sense. I don't know if
someone would want to run tor and not this, and you can't run this and
not tor.

This does introduce a new requirement for nmtrust that we haven't seen
before: tor must be started before parcimonie for it to work. Given the
order of the tasks, spark will cause parcimonie to be added to the
trusted unit file after tor, which means we should be good here. But if
a user were to manually edit the file, placing parcimonie above tor, it
would not work. I'm not sure I really want to deal with that problem.

We're running parcimonie for the primary user rather than using the
special `all-users.conf` that parcimonie ships with. That would cause
parcimonie to run for all users who have a ~~/.gnupg`, which in our case
includes root. Running this as root seems like a Bad Idea.

playbook.yml

@@ -56,6 +56,7 @@
     - { role: calibre, tags: ['calibre'] }
     - { role: cli53, tags: ['cli53'] }
     - { role: tor, tags: ['tor'] }
+    - { role: parcimonie, tags: ['parcimonie'] }
   vars_prompt:
     - name: user_password
       prompt: "Enter desired user password"

roles/parcimonie/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: tor }

roles/parcimonie/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+- name: Install parcimonie.sh
+  aur: name=parcimonie-sh-git user={{ user.name }}
+  tags:
+    - aur
+
+- name: Push parcimonie.sh user configuration
+  template: src=user.conf.j2 dest=/etc/parcimonie.sh.d/{{ user.name }}.conf
+
+- name: Enable and start parcimione.sh
+  service: name="parcimonie.sh@{{ user.name }}.service" enabled=yes state=started
+  when: tor is defined and tor.run_on == "all"
+
+- name: Remove parcimione.sh from trusted unit list
+  lineinfile: dest=/usr/local/etc/trusted_units
+              state=absent
+              line="parcimonie.sh@{{ user.name }}.service"
+  when: tor is defined and tor.run_on == "all"
+
+- name: Disable parcimione.sh
+  service: name="parcimonie.sh@{{ user.name }}.service" enabled=no
+  when: tor is defined and tor.run_on == "trusted"
+
+- name: Add parcimione.sh to trusted unit list
+  lineinfile: dest=/usr/local/etc/trusted_units
+              state=present
+              line="parcimonie.sh@{{ user.name }}.service"
+  when: tor is defined and tor.run_on == "trusted"

roles/parcimonie/templates/user.conf.j2

@@ -0,0 +1 @@
+PARCIMONIE_USER="{{ user.name }}"