mirror of
https://github.com/pigmonkey/spark.git
synced 2026-01-23 02:24:09 +00:00
2507edc493
Hooking into tor's nmtrust config seems to make sense. I don't know if someone would want to run tor and not this, and you can't run this and not tor. This does introduce a new requirement for nmtrust that we haven't seen before: tor must be started before parcimonie for it to work. Given the order of the tasks, spark will cause parcimonie to be added to the trusted unit file after tor, which means we should be good here. But if a user were to manually edit the file, placing parcimonie above tor, it would not work. I'm not sure I really want to deal with that problem. We're running parcimonie for the primary user rather than using the special `all-users.conf` that parcimonie ships with. That would cause parcimonie to run for all users who have a ~~/.gnupg`, which in our case includes root. Running this as root seems like a Bad Idea.
62 lines
2.5 KiB
YAML
62 lines
2.5 KiB
YAML
---
|
|
- hosts: localhost
|
|
become: yes
|
|
roles:
|
|
- { role: base, tags: ['base'] }
|
|
- { role: cron, tags: ['cron'] }
|
|
- { role: microcode, tags: ['microcode'], when: "'GenuineIntel' in ansible_processor" }
|
|
- { role: grsec, tags: ['grsec'] }
|
|
- { role: ssh, tags: ['ssh'] }
|
|
- { role: dotfiles, tags: ['dotfiles'] }
|
|
- { role: ssd, tags: ['ssd'] }
|
|
- { role: fonts, tags: ['fonts'] }
|
|
- { role: x, tags: ['x'] }
|
|
- { role: slim, tags: ['slim'] }
|
|
- { role: i3, tags: ['i3'] }
|
|
- { role: iptables, tags: ['iptables'] }
|
|
- { role: nettools, tags: ['nettools'] }
|
|
- { role: networkmanager, tags: ['networkmanager'] }
|
|
- { role: macchiato, tags: ['macchiato'] }
|
|
- { role: ntp, tags: ['ntp'] }
|
|
- { role: firejail, tags: ['firejail'] }
|
|
- { role: unbound, tags: ['unbound'] }
|
|
- { role: editors, tags: ['editors'] }
|
|
- { role: filesystems, tags: ['filesystems'] }
|
|
- { role: archive, tags: ['archive'] }
|
|
- { role: udisks, tags: ['udisks'] }
|
|
- { role: browsers, tags: ['browsers'] }
|
|
- { role: yubikey, tags: ['yubikey'] }
|
|
- { role: media, tags: ['media'] }
|
|
- { role: mpd, tags: ['mpd'] }
|
|
- { role: mpv, tags: ['mpv'] }
|
|
- { role: pianobar, tags: ['pianobar'] }
|
|
- { role: laptop, tags: ['laptop'] }
|
|
- { role: thinkpad, tags: ['thinkpad'], when: "'ThinkPad' in ansible_product_version" }
|
|
- { role: macbook, tags: ['macbook'], when: "'MacBook' in ansible_product_name" }
|
|
- { role: screensaver, tags: ['screensaver'] }
|
|
- { role: chat, tags: ['chat'] }
|
|
- { role: git-annex, tags: ['git-annex'] }
|
|
- { role: ledger, tags: ['ledger'] }
|
|
- { role: mail, tags: ['mail'] }
|
|
- { role: cups, tags: ['cups'] }
|
|
- { role: office, tags: ['office'] }
|
|
- { role: redshift, tags: ['redshift'] }
|
|
- { role: rtorrent, tags: ['rtorrent'] }
|
|
- { role: virtualbox, tags: ['virtualbox'] }
|
|
- { role: hashicorp, tags: ['hashicorp'] }
|
|
- { role: virtualenv, tags: ['virtualenv'] }
|
|
- { role: backup, tags: ['backup'] }
|
|
- { role: tarsnap, tags: ['tarsnap'] }
|
|
- { role: mapping, tags: ['mapping'] }
|
|
- { role: sound, tags: ['sound'] }
|
|
- { role: pim, tags: ['pim'] }
|
|
- { role: radio, tags: ['radio'] }
|
|
- { role: formd, tags: ['formd'] }
|
|
- { role: postgresql, tags: ['postgresql'] }
|
|
- { role: calibre, tags: ['calibre'] }
|
|
- { role: cli53, tags: ['cli53'] }
|
|
- { role: tor, tags: ['tor'] }
|
|
- { role: parcimonie, tags: ['parcimonie'] }
|
|
vars_prompt:
|
|
- name: user_password
|
|
prompt: "Enter desired user password"
|