From 2507edc493933a4b05a28ea680cabdf853b366f6 Mon Sep 17 00:00:00 2001 From: Pig Monkey Date: Wed, 10 Aug 2016 21:18:14 -0700 Subject: [PATCH] install parcimonie Hooking into tor's nmtrust config seems to make sense. I don't know if someone would want to run tor and not this, and you can't run this and not tor. This does introduce a new requirement for nmtrust that we haven't seen before: tor must be started before parcimonie for it to work. Given the order of the tasks, spark will cause parcimonie to be added to the trusted unit file after tor, which means we should be good here. But if a user were to manually edit the file, placing parcimonie above tor, it would not work. I'm not sure I really want to deal with that problem. We're running parcimonie for the primary user rather than using the special `all-users.conf` that parcimonie ships with. That would cause parcimonie to run for all users who have a ~~/.gnupg`, which in our case includes root. Running this as root seems like a Bad Idea. --- playbook.yml | 1 + roles/parcimonie/meta/main.yml | 3 +++ roles/parcimonie/tasks/main.yml | 28 +++++++++++++++++++++++++ roles/parcimonie/templates/user.conf.j2 | 1 + 4 files changed, 33 insertions(+) create mode 100644 roles/parcimonie/meta/main.yml create mode 100644 roles/parcimonie/tasks/main.yml create mode 100644 roles/parcimonie/templates/user.conf.j2 diff --git a/playbook.yml b/playbook.yml index 20fce75..e2f99eb 100644 --- a/playbook.yml +++ b/playbook.yml @@ -56,6 +56,7 @@ - { role: calibre, tags: ['calibre'] } - { role: cli53, tags: ['cli53'] } - { role: tor, tags: ['tor'] } + - { role: parcimonie, tags: ['parcimonie'] } vars_prompt: - name: user_password prompt: "Enter desired user password" diff --git a/roles/parcimonie/meta/main.yml b/roles/parcimonie/meta/main.yml new file mode 100644 index 0000000..fd6e4a2 --- /dev/null +++ b/roles/parcimonie/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: tor } diff --git a/roles/parcimonie/tasks/main.yml b/roles/parcimonie/tasks/main.yml new file mode 100644 index 0000000..4df8391 --- /dev/null +++ b/roles/parcimonie/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Install parcimonie.sh + aur: name=parcimonie-sh-git user={{ user.name }} + tags: + - aur + +- name: Push parcimonie.sh user configuration + template: src=user.conf.j2 dest=/etc/parcimonie.sh.d/{{ user.name }}.conf + +- name: Enable and start parcimione.sh + service: name="parcimonie.sh@{{ user.name }}.service" enabled=yes state=started + when: tor is defined and tor.run_on == "all" + +- name: Remove parcimione.sh from trusted unit list + lineinfile: dest=/usr/local/etc/trusted_units + state=absent + line="parcimonie.sh@{{ user.name }}.service" + when: tor is defined and tor.run_on == "all" + +- name: Disable parcimione.sh + service: name="parcimonie.sh@{{ user.name }}.service" enabled=no + when: tor is defined and tor.run_on == "trusted" + +- name: Add parcimione.sh to trusted unit list + lineinfile: dest=/usr/local/etc/trusted_units + state=present + line="parcimonie.sh@{{ user.name }}.service" + when: tor is defined and tor.run_on == "trusted" diff --git a/roles/parcimonie/templates/user.conf.j2 b/roles/parcimonie/templates/user.conf.j2 new file mode 100644 index 0000000..4b415fa --- /dev/null +++ b/roles/parcimonie/templates/user.conf.j2 @@ -0,0 +1 @@ +PARCIMONIE_USER="{{ user.name }}"