diff --git a/README.md b/README.md index 702f30a..033ccf6 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,7 @@ timer is set to sync every 5 minutes (configurable through the `mail.sync_time` variable). The timer is not started or enabled by default. Instead, the timer is added to -`/usr/local/etc/trusted_units`, causing the NetworkManager trusted unit +`/etc/nmtrust/trusted_units`, causing the NetworkManager trusted unit dispatcher to activate the timer whenever a connection is established to a trusted network. The timer is stopped whenever the network goes down or a connection is established to an untrusted network. @@ -223,10 +223,10 @@ Tarsnapper when it detects the machine ison AC power. To allow Tarsnapper to run when on battery, set the `tarsnapper.ac_only` variable to `False`. As with `mailsync`, the timer is not started or enabled by default. Instead, -the timer is added to `/usr/local/etc/trusted_units`, causing the -NetworkManager trusted unit dispatcher to activate the timer whenever a -connection is established to a trusted network. The timer is stopped whenever -the network goes down or a connection is established to an untrusted network. +the timer is added to `/etc/nmtrust/trusted_units`, causing the NetworkManager +trusted unit dispatcher to activate the timer whenever a connection is +established to a trusted network. The timer is stopped whenever the network +goes down or a connection is established to an untrusted network. To have the timer activated at boot, change the `tarsnapper.run_on` variable from `trusted` to `all`. @@ -239,7 +239,7 @@ If the `tarsnapper.run_on` variable is set to anything other than `trusted` or [Tor][23] is installed by default. A systemd service unit for Tor is installed, but not enabled or started. instead, the service is added to -`/usr/local/etc/trusted_units`, causing the NetworkManager trusted unit +`/etc/nmtrust/trusted_units`, causing the NetworkManager trusted unit dispatcher to activate the service whenever a connection is established to a trusted network. The service is stopped whenever the network goes down or a connection is established to an untrusted network. @@ -254,14 +254,14 @@ configuration. [parcimonie.sh][24] is provided to periodically refresh entries in the user's GnuPG keyring over the Tor network. The service is added to -`/usr/local/etc/trusted_units` and respects the `tor.run_on` variable. +`/etc/nmtrust/trusted_units` and respects the `tor.run_on` variable. ## BitlBee [BitlBee][25] and [WeeChat][26] are used to provide chat services. A systemd service unit for BitlBee is installed, but not enabled or started by default. -Instead, the service is added to `/usr/local/etc/trusted_units`, causing the +Instead, the service is added to `/etc/nmtrust/trusted_units`, causing the NetworkManager trusted unit dispatcher to activate the service whenever a connection is established to a trusted network. The service is stopped whenever the network goes down or a connection is established to an untrusted network. @@ -282,7 +282,7 @@ remove the `bitlebee.torify` variable or disable Tor entirely by removing the git-annex assistant is enabled and started by default. To prevent this, remove the `gitannex` variable from the config. -Additionally, the git-annex unit is added to `/usr/local/etc/trusted_units`, +Additionally, the git-annex unit is added to `/etc/nmtrust/trusted_units`, causing the NetworkManager trusted unit dispatcher to activate the service whenever a connection is established to a trusted network. The service is stopped whenever a connection is established to an untrusted network. Unlike @@ -305,7 +305,7 @@ defined, the service will not be started or enabled. This is intended for local development. PostgreSQL is configured to only listen on localhost and no additional ports are opened in the default firewall. This configuration means that PostgreSQL is not a network service. As such, the -PostgreSQL service is not added to `/usr/local/etc/trusted_units`. +PostgreSQL service is not added to `/etc/nmtrust/trusted_units`. Additional configuration options are set which improve performance but make the database service inappropriate for production use. @@ -318,11 +318,10 @@ background via feh. This should provide early warning of the presence of any Vogon constructor fleets appearing over the Eastern Hemisphere. A systemd service unit and timer is installed, but not enabled or started by -default. Instead, the service is added to `/usr/local/etc/trusted_units`, -causing the NetworkManager trusted unit dispatcher to activate the service -whenever a connection is established to a trusted network. The service is -stopped whenever the network goes down or a connection is established to an -untrusted network. +default. Instead, the service is added to `/etc/nmtrust/trusted_units`, causing +the NetworkManager trusted unit dispatcher to activate the service whenever a +connection is established to a trusted network. The service is stopped whenever +the network goes down or a connection is established to an untrusted network. To have the service activated at boot, change the `himawaripy.run_on` variable from `trusted` to `all`. diff --git a/roles/bitlbee/tasks/main.yml b/roles/bitlbee/tasks/main.yml index bde932b..b154c6e 100644 --- a/roles/bitlbee/tasks/main.yml +++ b/roles/bitlbee/tasks/main.yml @@ -29,7 +29,7 @@ when: bitlbee.run_on == "all" - name: Remove Bitlbee from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line=bitlbee.service when: bitlbee.run_on == "all" @@ -39,7 +39,7 @@ when: bitlbee.run_on == "trusted" - name: Add Bitlbee to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line=bitlbee.service when: bitlbee.run_on == "trusted" diff --git a/roles/git-annex/tasks/main.yml b/roles/git-annex/tasks/main.yml index ba11d21..e7f4cf9 100644 --- a/roles/git-annex/tasks/main.yml +++ b/roles/git-annex/tasks/main.yml @@ -26,13 +26,13 @@ when: autostart.stat is defined and autostart.stat.exists - name: Add git-annex to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="git-annex.service,user:{{ user.name }},allow_offline" when: gitannex.stop_on_untrusted is defined and gitannex.stop_on_untrusted == True - name: Remove git-annex from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="git-annex.service,user:{{ user.name }},allow_offline" when: gitannex.stop_on_untrusted is not defined or gitannex.stop_on_untrusted != True diff --git a/roles/himawaripy/tasks/main.yml b/roles/himawaripy/tasks/main.yml index 0f70974..133c4d1 100644 --- a/roles/himawaripy/tasks/main.yml +++ b/roles/himawaripy/tasks/main.yml @@ -29,7 +29,7 @@ when: himawaripy.run_on == "all" - name: Remove himawaripy from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="himawaripy.timer,user:{{ user.name }}" when: himawaripy.run_on == "all" @@ -43,7 +43,7 @@ when: himawaripy.run_on == "trusted" - name: Add himawaripy to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="himawaripy.timer,user:{{ user.name }}" when: himawaripy.run_on == "trusted" diff --git a/roles/localtime/tasks/main.yml b/roles/localtime/tasks/main.yml index 64e7389..366499c 100644 --- a/roles/localtime/tasks/main.yml +++ b/roles/localtime/tasks/main.yml @@ -9,7 +9,7 @@ when: localtime.run_on == "all" - name: Remove localtime from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line=localtime.service when: localtime.run_on == "all" @@ -19,7 +19,7 @@ when: localtime.run_on == "trusted" - name: Add localtime to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line=localtime.service when: localtime.run_on == "trusted" diff --git a/roles/mail/tasks/mailsync.yml b/roles/mail/tasks/mailsync.yml index 63f0de9..c6233d1 100644 --- a/roles/mail/tasks/mailsync.yml +++ b/roles/mail/tasks/mailsync.yml @@ -30,7 +30,7 @@ - mailsync - name: Remove mailsync from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="mailsync.timer,user:{{ user.name }}" when: mail.sync_on == "all" @@ -48,7 +48,7 @@ - mailsync - name: Add mailsync to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="mailsync.timer,user:{{ user.name }}" when: mail.sync_on == "trusted" diff --git a/roles/mirrorlist/tasks/main.yml b/roles/mirrorlist/tasks/main.yml index 68c62d8..0c6488b 100644 --- a/roles/mirrorlist/tasks/main.yml +++ b/roles/mirrorlist/tasks/main.yml @@ -39,7 +39,7 @@ - name: Remove reflector from trusted unit list lineinfile: - dest: /usr/local/etc/trusted_units + dest: /etc/nmtrust/trusted_units state: absent line: reflector-update.timer when: mirrorlist.run_on == "all" @@ -52,7 +52,7 @@ - name: Add reflector to trusted unit list lineinfile: - dest: /usr/local/etc/trusted_units + dest: /etc/nmtrust/trusted_units state: present line: reflector-update.timer when: mirrorlist.run_on == "trusted" diff --git a/roles/parcimonie/tasks/main.yml b/roles/parcimonie/tasks/main.yml index bfa6cce..645f2de 100644 --- a/roles/parcimonie/tasks/main.yml +++ b/roles/parcimonie/tasks/main.yml @@ -12,7 +12,7 @@ when: tor.run_on == "all" - name: Remove parcimione.sh from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="parcimonie.sh@{{ user.name }}.service" when: tor.run_on == "all" @@ -22,7 +22,7 @@ when: tor.run_on == "trusted" - name: Add parcimione.sh to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="parcimonie.sh@{{ user.name }}.service" when: tor.run_on == "trusted" diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index 4837f69..da9213c 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -11,7 +11,7 @@ when: syncthing.run_on == "all" - name: Remove syncthing from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="syncthing.service,user:{{ user.name }}" when: syncthing.run_on == "all" @@ -25,7 +25,7 @@ when: syncthing.run_on == "trusted" - name: Add syncthing to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="syncthing.service,user:{{ user.name }}" when: syncthing.run_on == "trusted" diff --git a/roles/tarsnap/tasks/main.yml b/roles/tarsnap/tasks/main.yml index ff28c03..c315d93 100644 --- a/roles/tarsnap/tasks/main.yml +++ b/roles/tarsnap/tasks/main.yml @@ -45,7 +45,7 @@ when: tarsnapper.run_on == "all" - name: Remove Tarsnapper from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line=tarsnapper.timer when: tarsnapper.run_on == "all" @@ -55,7 +55,7 @@ when: tarsnapper.run_on == "trusted" - name: Add Tarsnapper to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line=tarsnapper.timer when: tarsnapper.run_on == "trusted" diff --git a/roles/tor/tasks/main.yml b/roles/tor/tasks/main.yml index dac8632..5c72e1a 100644 --- a/roles/tor/tasks/main.yml +++ b/roles/tor/tasks/main.yml @@ -40,7 +40,7 @@ when: tor.run_on == "all" - name: Remove Tor from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line=tor.service when: tor.run_on == "all" @@ -50,7 +50,7 @@ when: tor.run_on == "trusted" - name: Add Tor to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line=tor.service when: tor.run_on == "trusted"