From f06e42b0886110fbda6c3ddc06a199cbec6090cc Mon Sep 17 00:00:00 2001
From: Pig Monkey <pm@pig-monkey.com>
Date: Sat, 17 Dec 2016 18:48:55 -0800
Subject: [PATCH] install magic-wormhole

---
 playbook.yml                                  |  1 +
 .../wormhole/files/firejail/wormhole.profile  |  5 +++++
 roles/wormhole/meta/main.yml                  |  3 +++
 roles/wormhole/tasks/main.yml                 | 19 +++++++++++++++++++
 4 files changed, 28 insertions(+)
 create mode 100644 roles/wormhole/files/firejail/wormhole.profile
 create mode 100644 roles/wormhole/meta/main.yml
 create mode 100644 roles/wormhole/tasks/main.yml

diff --git a/playbook.yml b/playbook.yml
index c6cbb0b..696b752 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -61,6 +61,7 @@
     - { role: aws, tags: ['aws'] }
     - { role: parcimonie, tags: ['parcimonie'], when: "tor is defined" }
     - { role: localtime, tags: ['localtime'], when: "localtime is defined"  }
+    - { role: wormhole, tags: ['wormhole'] }
   vars_prompt:
     - name: user_password
       prompt: "Enter desired user password"
diff --git a/roles/wormhole/files/firejail/wormhole.profile b/roles/wormhole/files/firejail/wormhole.profile
new file mode 100644
index 0000000..80e82e1
--- /dev/null
+++ b/roles/wormhole/files/firejail/wormhole.profile
@@ -0,0 +1,5 @@
+include /usr/local/etc/firejail/generic.profile
+
+private-dev
+# Specify a non-existent file so that we get an empty /etc
+private-etc rmx7nq4ujgyogn
diff --git a/roles/wormhole/meta/main.yml b/roles/wormhole/meta/main.yml
new file mode 100644
index 0000000..cbc0668
--- /dev/null
+++ b/roles/wormhole/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: firejail }
diff --git a/roles/wormhole/tasks/main.yml b/roles/wormhole/tasks/main.yml
new file mode 100644
index 0000000..269415d
--- /dev/null
+++ b/roles/wormhole/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: Install magic-wormhole
+  aur: name=magic-wormhole user={{ user.name }}
+  tags:
+    - aur
+
+- name: Jail magic-wormhole
+  file: src=/usr/bin/firejail
+        dest=/usr/local/bin/wormhole
+        state=link
+  tags:
+    - firejail
+
+- name: Push magic-wormhole firejail profile
+  copy: src=firejail/wormhole.profile dest=/usr/local/etc/firejail/wormhole.profile
+  notify:
+    - activate firejail profiles
+  tags:
+    - firejail