From ac407bf2fcd4a5e9867694d013f3577700bbaa69 Mon Sep 17 00:00:00 2001
From: Pig Monkey <pm@pig-monkey.com>
Date: Sun, 19 May 2019 12:13:03 -0700
Subject: [PATCH] improve support for disabling units

---
 roles/nmtrust/tasks/unit.yml | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/roles/nmtrust/tasks/unit.yml b/roles/nmtrust/tasks/unit.yml
index b935b69..ab99aa3 100644
--- a/roles/nmtrust/tasks/unit.yml
+++ b/roles/nmtrust/tasks/unit.yml
@@ -5,18 +5,11 @@
       state: started
   when: run_on == "all" and user_unit is not defined
 
-- name: Remove {{ unit }} from trusted unit list
-  lineinfile:
-      dest: /etc/nmtrust/trusted_units
-      state: absent
-      line: "{{ unit }}"
-  when: run_on == "all" and user_unit is not defined
-
 - name: Disable {{ unit }}
   systemd:
       name: "{{ unit }}"
       enabled: no
-  when: run_on == "trusted" and user_unit is not defined
+  when: run_on != "all" and user_unit is not defined
 
 - name: Add {{ unit }} to trusted unit list
   lineinfile:
@@ -25,6 +18,13 @@
       line: "{{ unit }}"
   when: run_on == "trusted" and user_unit is not defined
 
+- name: Remove {{ unit }} from trusted unit list
+  lineinfile:
+      dest: /etc/nmtrust/trusted_units
+      state: absent
+      line: "{{ unit }}"
+  when: run_on != "trusted" and user_unit is not defined
+
 - name: Enable and start {{ unit }} for user
   systemd:
       name: "{{ unit }}"
@@ -37,13 +37,6 @@
     XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
   when: run_on == "all" and user_unit is defined and user_unit == true
 
-- name: Remove {{ unit }} for user from trusted unit list
-  lineinfile:
-      dest: /etc/nmtrust/trusted_units
-      state: absent
-      line: "{{ unit }},user:{{ user.name }}"
-  when: run_on == "all" and user_unit is defined and user_unit == true
-
 - name: Disable user {{ unit }} for user
   systemd:
       name: "{{ unit }}"
@@ -53,7 +46,7 @@
   become_user: "{{ user.name }}"
   environment:
     XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
-  when: run_on == "trusted" and user_unit is defined and user_unit == true
+  when: run_on != "all" and user_unit is defined and user_unit == true
 
 - name: Add {{ unit }} for user to trusted unit list
   lineinfile:
@@ -61,3 +54,10 @@
       state: present
       line: "{{ unit }},user:{{ user.name }}"
   when: run_on == "trusted" and user_unit is defined and user_unit == true
+
+- name: Remove {{ unit }} for user from trusted unit list
+  lineinfile:
+      dest: /etc/nmtrust/trusted_units
+      state: absent
+      line: "{{ unit }},user:{{ user.name }}"
+  when: run_on != "trusted" and user_unit is defined and user_unit == true