diff --git a/roles/bitlbee/tasks/main.yml b/roles/bitlbee/tasks/main.yml index b154c6e..b5c215b 100644 --- a/roles/bitlbee/tasks/main.yml +++ b/roles/bitlbee/tasks/main.yml @@ -24,22 +24,7 @@ tags: - firejail -- name: Enable and start Bitlbee - service: name=bitlbee enabled=yes state=started - when: bitlbee.run_on == "all" - -- name: Remove Bitlbee from trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=absent - line=bitlbee.service - when: bitlbee.run_on == "all" - -- name: Disable Bitlbee - service: name=bitlbee enabled=no - when: bitlbee.run_on == "trusted" - -- name: Add Bitlbee to trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=present - line=bitlbee.service - when: bitlbee.run_on == "trusted" +- include_tasks: roles/nmtrust/tasks/unit.yml + vars: + unit: bitlbee.service + run_on: "{{ bitlbee.run_on }}" diff --git a/roles/himawaripy/tasks/main.yml b/roles/himawaripy/tasks/main.yml index 133c4d1..109339e 100644 --- a/roles/himawaripy/tasks/main.yml +++ b/roles/himawaripy/tasks/main.yml @@ -20,30 +20,8 @@ - reload systemd config - restart himawaripy -- name: Enable and start himawaripy timer - systemd: name=himawaripy.timer user=yes enabled=yes state=started - become: yes - become_user: "{{ user.name }}" - environment: - XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}" - when: himawaripy.run_on == "all" - -- name: Remove himawaripy from trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=absent - line="himawaripy.timer,user:{{ user.name }}" - when: himawaripy.run_on == "all" - -- name: Disable himawaripy timer - systemd: name=himawaripy.timer user=yes enabled=no - become: yes - become_user: "{{ user.name }}" - environment: - XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}" - when: himawaripy.run_on == "trusted" - -- name: Add himawaripy to trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=present - line="himawaripy.timer,user:{{ user.name }}" - when: himawaripy.run_on == "trusted" +- include_tasks: roles/nmtrust/tasks/unit.yml + vars: + unit: himawaripy.timer + run_on: "{{ himawaripy.run_on }}" + user_unit: true diff --git a/roles/localtime/tasks/main.yml b/roles/localtime/tasks/main.yml index 366499c..4a56c1d 100644 --- a/roles/localtime/tasks/main.yml +++ b/roles/localtime/tasks/main.yml @@ -4,22 +4,7 @@ tags: - aur -- name: Enable and start localtime - service: name=localtime enabled=yes state=started - when: localtime.run_on == "all" - -- name: Remove localtime from trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=absent - line=localtime.service - when: localtime.run_on == "all" - -- name: Disable localtime - service: name=localtime enabled=no - when: localtime.run_on == "trusted" - -- name: Add localtime to trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=present - line=localtime.service - when: localtime.run_on == "trusted" +- include_tasks: roles/nmtrust/tasks/unit.yml + vars: + unit: localtime.service + run_on: "{{ localtime.run_on }}" diff --git a/roles/mail/tasks/mailsync.yml b/roles/mail/tasks/mailsync.yml index c6233d1..f4d0b5b 100644 --- a/roles/mail/tasks/mailsync.yml +++ b/roles/mail/tasks/mailsync.yml @@ -19,38 +19,10 @@ - reload systemd config - restart mailsync -- name: Enable and start mailsync timer - systemd: name=mailsync.timer user=yes enabled=yes state=started - become: yes - become_user: "{{ user.name }}" - environment: - XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}" - when: mail.sync_on == "all" - tags: - - mailsync - -- name: Remove mailsync from trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=absent - line="mailsync.timer,user:{{ user.name }}" - when: mail.sync_on == "all" - tags: - - mailsync - -- name: Disable mailsync timer - systemd: name=mailsync.timer user=yes enabled=no - become: yes - become_user: "{{ user.name }}" - environment: - XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}" - when: mail.sync_on == "trusted" - tags: - - mailsync - -- name: Add mailsync to trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=present - line="mailsync.timer,user:{{ user.name }}" - when: mail.sync_on == "trusted" +- include_tasks: roles/nmtrust/tasks/unit.yml + vars: + unit: mailsync.timer + run_on: "{{ mail.sync_on }}" + user_unit: true tags: - mailsync diff --git a/roles/mirrorlist/tasks/main.yml b/roles/mirrorlist/tasks/main.yml index 0c6488b..b13de23 100644 --- a/roles/mirrorlist/tasks/main.yml +++ b/roles/mirrorlist/tasks/main.yml @@ -30,29 +30,7 @@ - reload systemd config - restart reflector update -- name: Enable and start reflector timer - service: - name: reflector-update.timer - enabled: yes - state: started - when: mirrorlist.run_on == "all" - -- name: Remove reflector from trusted unit list - lineinfile: - dest: /etc/nmtrust/trusted_units - state: absent - line: reflector-update.timer - when: mirrorlist.run_on == "all" - -- name: Disable reflector timer - service: - name: reflector-update.timer - enabled: no - when: mirrorlist.run_on == "trusted" - -- name: Add reflector to trusted unit list - lineinfile: - dest: /etc/nmtrust/trusted_units - state: present - line: reflector-update.timer - when: mirrorlist.run_on == "trusted" +- include_tasks: roles/nmtrust/tasks/unit.yml + vars: + unit: reflector-update.timer + run_on: "{{ mirrorlist.run_on }}" diff --git a/roles/nmtrust/tasks/unit.yml b/roles/nmtrust/tasks/unit.yml new file mode 100644 index 0000000..36aac9e --- /dev/null +++ b/roles/nmtrust/tasks/unit.yml @@ -0,0 +1,63 @@ +- name: Enable and start {{ unit }} + systemd: + name: "{{ unit }}" + enabled: yes + state: started + when: run_on == "all" and user_unit is not defined + +- name: Remove {{ unit }} from trusted unit list + lineinfile: + dest: /etc/nmtrust/trusted_units + state: absent + line: "{{ unit }}" + when: run_on == "all" and user_unit is not defined + +- name: Disable {{ unit }} + systemd: + name: "{{ unit }}" + enabled: no + when: run_on == "trusted" and user_unit is not defined + +- name: Add {{ unit }} to trusted unit list + lineinfile: + dest: /etc/nmtrust/trusted_units + state: present + line: "{{ unit }}" + when: run_on == "trusted" and user_unit is not defined + +- name: Enable and start {{ unit }} for user + systemd: + name: "{{ unit }}" + enabled: yes + state: started + user: yes + become: yes + become_user: "{{ user.name }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}" + when: run_on == "all" and user_unit is defined and user_unit == true + +- name: Remove {{ unit }} for user from trusted unit list + lineinfile: + dest: /etc/nmtrust/trusted_units + state: absent + line: "{{ unit }},user:{{ user.name }}" + when: run_on == "all" and user_unit is defined and user_unit == true + +- name: Disable user {{ unit }} for user + systemd: + name: "{{ unit }}" + enabled: no + user: yes + become: yes + become_user: "{{ user.name }}" + environment: + XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}" + when: run_on == "trusted" and user_unit is defined and user_unit == true + +- name: Add {{ unit }} for user to trusted unit list + lineinfile: + dest: /etc/nmtrust/trusted_units + state: present + line: "{{ unit }},user:{{ user.name }}" + when: run_on == "trusted" and user_unit is defined and user_unit == true diff --git a/roles/parcimonie/tasks/main.yml b/roles/parcimonie/tasks/main.yml index 645f2de..9c3c974 100644 --- a/roles/parcimonie/tasks/main.yml +++ b/roles/parcimonie/tasks/main.yml @@ -7,22 +7,7 @@ - name: Push parcimonie.sh user configuration template: src=user.conf.j2 dest=/etc/parcimonie.sh.d/{{ user.name }}.conf -- name: Enable and start parcimione.sh - service: name="parcimonie.sh@{{ user.name }}.service" enabled=yes state=started - when: tor.run_on == "all" - -- name: Remove parcimione.sh from trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=absent - line="parcimonie.sh@{{ user.name }}.service" - when: tor.run_on == "all" - -- name: Disable parcimione.sh - service: name="parcimonie.sh@{{ user.name }}.service" enabled=no - when: tor.run_on == "trusted" - -- name: Add parcimione.sh to trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=present - line="parcimonie.sh@{{ user.name }}.service" - when: tor.run_on == "trusted" +- include_tasks: roles/nmtrust/tasks/unit.yml + vars: + unit: "parcimonie.sh@{{ user.name }}.service" + run_on: "{{ tor.run_on }}" diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index da9213c..cf80c71 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -2,30 +2,8 @@ - name: Install syncthing pacman: name=syncthing state=present -- name: Enable and start syncthing service - systemd: name=syncthing.service user=yes enabled=yes state=started - become: yes - become_user: "{{ user.name }}" - environment: - XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}" - when: syncthing.run_on == "all" - -- name: Remove syncthing from trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=absent - line="syncthing.service,user:{{ user.name }}" - when: syncthing.run_on == "all" - -- name: Disable syncthing service - systemd: name=syncthing.service user=yes enabled=no - become: yes - become_user: "{{ user.name }}" - environment: - XDG_RUNTIME_DIR: "/run/user/{{ user.uid }}" - when: syncthing.run_on == "trusted" - -- name: Add syncthing to trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=present - line="syncthing.service,user:{{ user.name }}" - when: syncthing.run_on == "trusted" +- include_tasks: roles/nmtrust/tasks/unit.yml + vars: + unit: syncthing.service + run_on: "{{ syncthing.run_on }}" + user_unit: true diff --git a/roles/tarsnap/tasks/main.yml b/roles/tarsnap/tasks/main.yml index c315d93..f81f2c5 100644 --- a/roles/tarsnap/tasks/main.yml +++ b/roles/tarsnap/tasks/main.yml @@ -40,22 +40,7 @@ - reload systemd config - restart tarsnapper -- name: Enable and start Tarsnapper timer - service: name=tarsnapper.timer enabled=yes state=started - when: tarsnapper.run_on == "all" - -- name: Remove Tarsnapper from trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=absent - line=tarsnapper.timer - when: tarsnapper.run_on == "all" - -- name: Disable Tarsnapper timer - service: name=tarsnapper.timer enabled=no - when: tarsnapper.run_on == "trusted" - -- name: Add Tarsnapper to trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=present - line=tarsnapper.timer - when: tarsnapper.run_on == "trusted" +- include_tasks: roles/nmtrust/tasks/unit.yml + vars: + unit: tarsnapper.timer + run_on: "{{ tarsnapper.run_on }}" diff --git a/roles/tor/tasks/main.yml b/roles/tor/tasks/main.yml index 5c72e1a..390c5b1 100644 --- a/roles/tor/tasks/main.yml +++ b/roles/tor/tasks/main.yml @@ -35,22 +35,7 @@ tags: - firejail -- name: Enable and start Tor - service: name=tor enabled=yes state=started - when: tor.run_on == "all" - -- name: Remove Tor from trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=absent - line=tor.service - when: tor.run_on == "all" - -- name: Disable Tor - service: name=tor enabled=no - when: tor.run_on == "trusted" - -- name: Add Tor to trusted unit list - lineinfile: dest=/etc/nmtrust/trusted_units - state=present - line=tor.service - when: tor.run_on == "trusted" +- include_tasks: roles/nmtrust/tasks/unit.yml + vars: + unit: tor.service + run_on: "{{ tor.run_on }}"