Mirrors/spark
1
0
Fork 0
mirror of https://github.com/pigmonkey/spark.git synced 2026-01-23 02:24:09 +00:00
Code Issues Projects Releases Wiki Activity

simplify nmtrust configuration with includes

Browse source
This commit is contained in:
Pig Monkey 2018-11-17 23:19:47 -08:00
parent f3684a8279
commit fe2f2d88f5
10 changed files with 102 additions and 208 deletions
Download patch file Download diff file Expand all files Collapse all files

23
roles/bitlbee/tasks/main.yml
View file

@ -24,22 +24,7 @@
tags:
- firejail
- name: Enable and start Bitlbee
service: name=bitlbee enabled=yes state=started
when: bitlbee.run_on == "all"
- name: Remove Bitlbee from trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=absent
line=bitlbee.service
when: bitlbee.run_on == "all"
- name: Disable Bitlbee
service: name=bitlbee enabled=no
when: bitlbee.run_on == "trusted"
- name: Add Bitlbee to trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=present
line=bitlbee.service
when: bitlbee.run_on == "trusted"
- include_tasks: roles/nmtrust/tasks/unit.yml
vars:
unit: bitlbee.service
run_on: "{{ bitlbee.run_on }}"

32
roles/himawaripy/tasks/main.yml
View file

@ -20,30 +20,8 @@
- reload systemd config
- restart himawaripy
- name: Enable and start himawaripy timer
systemd: name=himawaripy.timer user=yes enabled=yes state=started
become: yes
become_user: "{{ user.name }}"
environment:
XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
when: himawaripy.run_on == "all"
- name: Remove himawaripy from trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=absent
line="himawaripy.timer,user:{{ user.name }}"
when: himawaripy.run_on == "all"
- name: Disable himawaripy timer
systemd: name=himawaripy.timer user=yes enabled=no
become: yes
become_user: "{{ user.name }}"
environment:
XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
when: himawaripy.run_on == "trusted"
- name: Add himawaripy to trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=present
line="himawaripy.timer,user:{{ user.name }}"
when: himawaripy.run_on == "trusted"
- include_tasks: roles/nmtrust/tasks/unit.yml
vars:
unit: himawaripy.timer
run_on: "{{ himawaripy.run_on }}"
user_unit: true

23
roles/localtime/tasks/main.yml
View file

@ -4,22 +4,7 @@
tags:
- aur
- name: Enable and start localtime
service: name=localtime enabled=yes state=started
when: localtime.run_on == "all"
- name: Remove localtime from trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=absent
line=localtime.service
when: localtime.run_on == "all"
- name: Disable localtime
service: name=localtime enabled=no
when: localtime.run_on == "trusted"
- name: Add localtime to trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=present
line=localtime.service
when: localtime.run_on == "trusted"
- include_tasks: roles/nmtrust/tasks/unit.yml
vars:
unit: localtime.service
run_on: "{{ localtime.run_on }}"

38
roles/mail/tasks/mailsync.yml
View file

@ -19,38 +19,10 @@
- reload systemd config
- restart mailsync
- name: Enable and start mailsync timer
systemd: name=mailsync.timer user=yes enabled=yes state=started
become: yes
become_user: "{{ user.name }}"
environment:
XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
when: mail.sync_on == "all"
tags:
- mailsync
- name: Remove mailsync from trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=absent
line="mailsync.timer,user:{{ user.name }}"
when: mail.sync_on == "all"
tags:
- mailsync
- name: Disable mailsync timer
systemd: name=mailsync.timer user=yes enabled=no
become: yes
become_user: "{{ user.name }}"
environment:
XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
when: mail.sync_on == "trusted"
tags:
- mailsync
- name: Add mailsync to trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=present
line="mailsync.timer,user:{{ user.name }}"
when: mail.sync_on == "trusted"
- include_tasks: roles/nmtrust/tasks/unit.yml
vars:
unit: mailsync.timer
run_on: "{{ mail.sync_on }}"
user_unit: true
tags:
- mailsync

30
roles/mirrorlist/tasks/main.yml
View file

@ -30,29 +30,7 @@
- reload systemd config
- restart reflector update
- name: Enable and start reflector timer
service:
name: reflector-update.timer
enabled: yes
state: started
when: mirrorlist.run_on == "all"
- name: Remove reflector from trusted unit list
lineinfile:
dest: /etc/nmtrust/trusted_units
state: absent
line: reflector-update.timer
when: mirrorlist.run_on == "all"
- name: Disable reflector timer
service:
name: reflector-update.timer
enabled: no
when: mirrorlist.run_on == "trusted"
- name: Add reflector to trusted unit list
lineinfile:
dest: /etc/nmtrust/trusted_units
state: present
line: reflector-update.timer
when: mirrorlist.run_on == "trusted"
- include_tasks: roles/nmtrust/tasks/unit.yml
vars:
unit: reflector-update.timer
run_on: "{{ mirrorlist.run_on }}"

63
roles/nmtrust/tasks/unit.yml Normal file
View file

@ -0,0 +1,63 @@
- name: Enable and start {{ unit }}
systemd:
name: "{{ unit }}"
enabled: yes
state: started
when: run_on == "all" and user_unit is not defined
- name: Remove {{ unit }} from trusted unit list
lineinfile:
dest: /etc/nmtrust/trusted_units
state: absent
line: "{{ unit }}"
when: run_on == "all" and user_unit is not defined
- name: Disable {{ unit }}
systemd:
name: "{{ unit }}"
enabled: no
when: run_on == "trusted" and user_unit is not defined
- name: Add {{ unit }} to trusted unit list
lineinfile:
dest: /etc/nmtrust/trusted_units
state: present
line: "{{ unit }}"
when: run_on == "trusted" and user_unit is not defined
- name: Enable and start {{ unit }} for user
systemd:
name: "{{ unit }}"
enabled: yes
state: started
user: yes
become: yes
become_user: "{{ user.name }}"
environment:
XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
when: run_on == "all" and user_unit is defined and user_unit == true
- name: Remove {{ unit }} for user from trusted unit list
lineinfile:
dest: /etc/nmtrust/trusted_units
state: absent
line: "{{ unit }},user:{{ user.name }}"
when: run_on == "all" and user_unit is defined and user_unit == true
- name: Disable user {{ unit }} for user
systemd:
name: "{{ unit }}"
enabled: no
user: yes
become: yes
become_user: "{{ user.name }}"
environment:
XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
when: run_on == "trusted" and user_unit is defined and user_unit == true
- name: Add {{ unit }} for user to trusted unit list
lineinfile:
dest: /etc/nmtrust/trusted_units
state: present
line: "{{ unit }},user:{{ user.name }}"
when: run_on == "trusted" and user_unit is defined and user_unit == true

23
roles/parcimonie/tasks/main.yml
View file

@ -7,22 +7,7 @@
- name: Push parcimonie.sh user configuration
template: src=user.conf.j2 dest=/etc/parcimonie.sh.d/{{ user.name }}.conf
- name: Enable and start parcimione.sh
service: name="parcimonie.sh@{{ user.name }}.service" enabled=yes state=started
when: tor.run_on == "all"
- name: Remove parcimione.sh from trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=absent
line="parcimonie.sh@{{ user.name }}.service"
when: tor.run_on == "all"
- name: Disable parcimione.sh
service: name="parcimonie.sh@{{ user.name }}.service" enabled=no
when: tor.run_on == "trusted"
- name: Add parcimione.sh to trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=present
line="parcimonie.sh@{{ user.name }}.service"
when: tor.run_on == "trusted"
- include_tasks: roles/nmtrust/tasks/unit.yml
vars:
unit: "parcimonie.sh@{{ user.name }}.service"
run_on: "{{ tor.run_on }}"

32
roles/syncthing/tasks/main.yml
View file

@ -2,30 +2,8 @@
- name: Install syncthing
pacman: name=syncthing state=present
- name: Enable and start syncthing service
systemd: name=syncthing.service user=yes enabled=yes state=started
become: yes
become_user: "{{ user.name }}"
environment:
XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
when: syncthing.run_on == "all"
- name: Remove syncthing from trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=absent
line="syncthing.service,user:{{ user.name }}"
when: syncthing.run_on == "all"
- name: Disable syncthing service
systemd: name=syncthing.service user=yes enabled=no
become: yes
become_user: "{{ user.name }}"
environment:
XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}"
when: syncthing.run_on == "trusted"
- name: Add syncthing to trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=present
line="syncthing.service,user:{{ user.name }}"
when: syncthing.run_on == "trusted"
- include_tasks: roles/nmtrust/tasks/unit.yml
vars:
unit: syncthing.service
run_on: "{{ syncthing.run_on }}"
user_unit: true

23
roles/tarsnap/tasks/main.yml
View file

@ -40,22 +40,7 @@
- reload systemd config
- restart tarsnapper
- name: Enable and start Tarsnapper timer
service: name=tarsnapper.timer enabled=yes state=started
when: tarsnapper.run_on == "all"
- name: Remove Tarsnapper from trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=absent
line=tarsnapper.timer
when: tarsnapper.run_on == "all"
- name: Disable Tarsnapper timer
service: name=tarsnapper.timer enabled=no
when: tarsnapper.run_on == "trusted"
- name: Add Tarsnapper to trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=present
line=tarsnapper.timer
when: tarsnapper.run_on == "trusted"
- include_tasks: roles/nmtrust/tasks/unit.yml
vars:
unit: tarsnapper.timer
run_on: "{{ tarsnapper.run_on }}"

23
roles/tor/tasks/main.yml
View file

@ -35,22 +35,7 @@
tags:
- firejail
- name: Enable and start Tor
service: name=tor enabled=yes state=started
when: tor.run_on == "all"
- name: Remove Tor from trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=absent
line=tor.service
when: tor.run_on == "all"
- name: Disable Tor
service: name=tor enabled=no
when: tor.run_on == "trusted"
- name: Add Tor to trusted unit list
lineinfile: dest=/etc/nmtrust/trusted_units
state=present
line=tor.service
when: tor.run_on == "trusted"
- include_tasks: roles/nmtrust/tasks/unit.yml
vars:
unit: tor.service
run_on: "{{ tor.run_on }}"