diff --git a/README.md b/README.md index 702f30ad..033ccf64 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,7 @@ timer is set to sync every 5 minutes (configurable through the `mail.sync_time` variable). The timer is not started or enabled by default. Instead, the timer is added to -`/usr/local/etc/trusted_units`, causing the NetworkManager trusted unit +`/etc/nmtrust/trusted_units`, causing the NetworkManager trusted unit dispatcher to activate the timer whenever a connection is established to a trusted network. The timer is stopped whenever the network goes down or a connection is established to an untrusted network. @@ -223,10 +223,10 @@ Tarsnapper when it detects the machine ison AC power. To allow Tarsnapper to run when on battery, set the `tarsnapper.ac_only` variable to `False`. As with `mailsync`, the timer is not started or enabled by default. Instead, -the timer is added to `/usr/local/etc/trusted_units`, causing the -NetworkManager trusted unit dispatcher to activate the timer whenever a -connection is established to a trusted network. The timer is stopped whenever -the network goes down or a connection is established to an untrusted network. +the timer is added to `/etc/nmtrust/trusted_units`, causing the NetworkManager +trusted unit dispatcher to activate the timer whenever a connection is +established to a trusted network. The timer is stopped whenever the network +goes down or a connection is established to an untrusted network. To have the timer activated at boot, change the `tarsnapper.run_on` variable from `trusted` to `all`. @@ -239,7 +239,7 @@ If the `tarsnapper.run_on` variable is set to anything other than `trusted` or [Tor][23] is installed by default. A systemd service unit for Tor is installed, but not enabled or started. instead, the service is added to -`/usr/local/etc/trusted_units`, causing the NetworkManager trusted unit +`/etc/nmtrust/trusted_units`, causing the NetworkManager trusted unit dispatcher to activate the service whenever a connection is established to a trusted network. The service is stopped whenever the network goes down or a connection is established to an untrusted network. @@ -254,14 +254,14 @@ configuration. [parcimonie.sh][24] is provided to periodically refresh entries in the user's GnuPG keyring over the Tor network. The service is added to -`/usr/local/etc/trusted_units` and respects the `tor.run_on` variable. +`/etc/nmtrust/trusted_units` and respects the `tor.run_on` variable. ## BitlBee [BitlBee][25] and [WeeChat][26] are used to provide chat services. A systemd service unit for BitlBee is installed, but not enabled or started by default. -Instead, the service is added to `/usr/local/etc/trusted_units`, causing the +Instead, the service is added to `/etc/nmtrust/trusted_units`, causing the NetworkManager trusted unit dispatcher to activate the service whenever a connection is established to a trusted network. The service is stopped whenever the network goes down or a connection is established to an untrusted network. @@ -282,7 +282,7 @@ remove the `bitlebee.torify` variable or disable Tor entirely by removing the git-annex assistant is enabled and started by default. To prevent this, remove the `gitannex` variable from the config. -Additionally, the git-annex unit is added to `/usr/local/etc/trusted_units`, +Additionally, the git-annex unit is added to `/etc/nmtrust/trusted_units`, causing the NetworkManager trusted unit dispatcher to activate the service whenever a connection is established to a trusted network. The service is stopped whenever a connection is established to an untrusted network. Unlike @@ -305,7 +305,7 @@ defined, the service will not be started or enabled. This is intended for local development. PostgreSQL is configured to only listen on localhost and no additional ports are opened in the default firewall. This configuration means that PostgreSQL is not a network service. As such, the -PostgreSQL service is not added to `/usr/local/etc/trusted_units`. +PostgreSQL service is not added to `/etc/nmtrust/trusted_units`. Additional configuration options are set which improve performance but make the database service inappropriate for production use. @@ -318,11 +318,10 @@ background via feh. This should provide early warning of the presence of any Vogon constructor fleets appearing over the Eastern Hemisphere. A systemd service unit and timer is installed, but not enabled or started by -default. Instead, the service is added to `/usr/local/etc/trusted_units`, -causing the NetworkManager trusted unit dispatcher to activate the service -whenever a connection is established to a trusted network. The service is -stopped whenever the network goes down or a connection is established to an -untrusted network. +default. Instead, the service is added to `/etc/nmtrust/trusted_units`, causing +the NetworkManager trusted unit dispatcher to activate the service whenever a +connection is established to a trusted network. The service is stopped whenever +the network goes down or a connection is established to an untrusted network. To have the service activated at boot, change the `himawaripy.run_on` variable from `trusted` to `all`. diff --git a/roles/bitlbee/tasks/main.yml b/roles/bitlbee/tasks/main.yml index bde932b3..b154c6e9 100644 --- a/roles/bitlbee/tasks/main.yml +++ b/roles/bitlbee/tasks/main.yml @@ -29,7 +29,7 @@ when: bitlbee.run_on == "all" - name: Remove Bitlbee from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line=bitlbee.service when: bitlbee.run_on == "all" @@ -39,7 +39,7 @@ when: bitlbee.run_on == "trusted" - name: Add Bitlbee to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line=bitlbee.service when: bitlbee.run_on == "trusted" diff --git a/roles/git-annex/tasks/main.yml b/roles/git-annex/tasks/main.yml index ba11d215..e7f4cf9f 100644 --- a/roles/git-annex/tasks/main.yml +++ b/roles/git-annex/tasks/main.yml @@ -26,13 +26,13 @@ when: autostart.stat is defined and autostart.stat.exists - name: Add git-annex to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="git-annex.service,user:{{ user.name }},allow_offline" when: gitannex.stop_on_untrusted is defined and gitannex.stop_on_untrusted == True - name: Remove git-annex from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="git-annex.service,user:{{ user.name }},allow_offline" when: gitannex.stop_on_untrusted is not defined or gitannex.stop_on_untrusted != True diff --git a/roles/himawaripy/tasks/main.yml b/roles/himawaripy/tasks/main.yml index 0f70974c..133c4d19 100644 --- a/roles/himawaripy/tasks/main.yml +++ b/roles/himawaripy/tasks/main.yml @@ -29,7 +29,7 @@ when: himawaripy.run_on == "all" - name: Remove himawaripy from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="himawaripy.timer,user:{{ user.name }}" when: himawaripy.run_on == "all" @@ -43,7 +43,7 @@ when: himawaripy.run_on == "trusted" - name: Add himawaripy to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="himawaripy.timer,user:{{ user.name }}" when: himawaripy.run_on == "trusted" diff --git a/roles/localtime/tasks/main.yml b/roles/localtime/tasks/main.yml index 64e73899..366499c5 100644 --- a/roles/localtime/tasks/main.yml +++ b/roles/localtime/tasks/main.yml @@ -9,7 +9,7 @@ when: localtime.run_on == "all" - name: Remove localtime from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line=localtime.service when: localtime.run_on == "all" @@ -19,7 +19,7 @@ when: localtime.run_on == "trusted" - name: Add localtime to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line=localtime.service when: localtime.run_on == "trusted" diff --git a/roles/mail/tasks/mailsync.yml b/roles/mail/tasks/mailsync.yml index 63f0de95..c6233d1d 100644 --- a/roles/mail/tasks/mailsync.yml +++ b/roles/mail/tasks/mailsync.yml @@ -30,7 +30,7 @@ - mailsync - name: Remove mailsync from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="mailsync.timer,user:{{ user.name }}" when: mail.sync_on == "all" @@ -48,7 +48,7 @@ - mailsync - name: Add mailsync to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="mailsync.timer,user:{{ user.name }}" when: mail.sync_on == "trusted" diff --git a/roles/mirrorlist/tasks/main.yml b/roles/mirrorlist/tasks/main.yml index 68c62d8c..0c6488b7 100644 --- a/roles/mirrorlist/tasks/main.yml +++ b/roles/mirrorlist/tasks/main.yml @@ -39,7 +39,7 @@ - name: Remove reflector from trusted unit list lineinfile: - dest: /usr/local/etc/trusted_units + dest: /etc/nmtrust/trusted_units state: absent line: reflector-update.timer when: mirrorlist.run_on == "all" @@ -52,7 +52,7 @@ - name: Add reflector to trusted unit list lineinfile: - dest: /usr/local/etc/trusted_units + dest: /etc/nmtrust/trusted_units state: present line: reflector-update.timer when: mirrorlist.run_on == "trusted" diff --git a/roles/parcimonie/tasks/main.yml b/roles/parcimonie/tasks/main.yml index bfa6cce6..645f2dea 100644 --- a/roles/parcimonie/tasks/main.yml +++ b/roles/parcimonie/tasks/main.yml @@ -12,7 +12,7 @@ when: tor.run_on == "all" - name: Remove parcimione.sh from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="parcimonie.sh@{{ user.name }}.service" when: tor.run_on == "all" @@ -22,7 +22,7 @@ when: tor.run_on == "trusted" - name: Add parcimione.sh to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="parcimonie.sh@{{ user.name }}.service" when: tor.run_on == "trusted" diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml index 4837f69c..da9213c2 100644 --- a/roles/syncthing/tasks/main.yml +++ b/roles/syncthing/tasks/main.yml @@ -11,7 +11,7 @@ when: syncthing.run_on == "all" - name: Remove syncthing from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line="syncthing.service,user:{{ user.name }}" when: syncthing.run_on == "all" @@ -25,7 +25,7 @@ when: syncthing.run_on == "trusted" - name: Add syncthing to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line="syncthing.service,user:{{ user.name }}" when: syncthing.run_on == "trusted" diff --git a/roles/tarsnap/tasks/main.yml b/roles/tarsnap/tasks/main.yml index ff28c03a..c315d93b 100644 --- a/roles/tarsnap/tasks/main.yml +++ b/roles/tarsnap/tasks/main.yml @@ -45,7 +45,7 @@ when: tarsnapper.run_on == "all" - name: Remove Tarsnapper from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line=tarsnapper.timer when: tarsnapper.run_on == "all" @@ -55,7 +55,7 @@ when: tarsnapper.run_on == "trusted" - name: Add Tarsnapper to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line=tarsnapper.timer when: tarsnapper.run_on == "trusted" diff --git a/roles/tor/tasks/main.yml b/roles/tor/tasks/main.yml index dac86320..5c72e1a9 100644 --- a/roles/tor/tasks/main.yml +++ b/roles/tor/tasks/main.yml @@ -40,7 +40,7 @@ when: tor.run_on == "all" - name: Remove Tor from trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=absent line=tor.service when: tor.run_on == "all" @@ -50,7 +50,7 @@ when: tor.run_on == "trusted" - name: Add Tor to trusted unit list - lineinfile: dest=/usr/local/etc/trusted_units + lineinfile: dest=/etc/nmtrust/trusted_units state=present line=tor.service when: tor.run_on == "trusted"