diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-04-19 00:11:46 -0400 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-04-19 00:11:46 -0400 |
commit | 791817db8b9d34a11fd72759f1373e7481286cfe (patch) | |
tree | 091e2aab38e617d4ac1112942fc4828914381bce | |
parent | 5e9ad61dae8fe4e1beeb572b2ddaf1cee9addbef (diff) | |
download | selfhosted-791817db8b9d34a11fd72759f1373e7481286cfe.tar.gz selfhosted-791817db8b9d34a11fd72759f1373e7481286cfe.zip |
local_homedirs: kwallet fixes
-rw-r--r-- | roles/local_homedirs/files/etc/profile.d/local-homedirs.sh | 6 | ||||
-rw-r--r-- | roles/local_homedirs/files/usr/local/sbin/sync-kwallet-salt.sh | 13 | ||||
-rw-r--r-- | roles/local_homedirs/tasks/main.yml | 22 | ||||
-rw-r--r-- | roles/local_homedirs/vars/main.yml | 1 |
4 files changed, 6 insertions, 36 deletions
diff --git a/roles/local_homedirs/files/etc/profile.d/local-homedirs.sh b/roles/local_homedirs/files/etc/profile.d/local-homedirs.sh index 88d710c..439d888 100644 --- a/roles/local_homedirs/files/etc/profile.d/local-homedirs.sh +++ b/roles/local_homedirs/files/etc/profile.d/local-homedirs.sh @@ -13,4 +13,10 @@ if (( UID >= 1000 )); then # flatpak ln -sfn "/opt/flatpak/${USER}" "${HOME}/.var" + + # kwallet + if [ -f "${HOME}/.local/share/kwalletd/kdewallet.salt" ]; then + mkdir -p "/usr/local/home/${USER}/.local/share/kwalletd" + ln -sfn "${HOME}/.local/share/kwalletd/kdewallet.salt" "/usr/local/home/${USER}/.local/share/kwalletd/kdewallet.salt" + fi fi diff --git a/roles/local_homedirs/files/usr/local/sbin/sync-kwallet-salt.sh b/roles/local_homedirs/files/usr/local/sbin/sync-kwallet-salt.sh deleted file mode 100644 index 591e697..0000000 --- a/roles/local_homedirs/files/usr/local/sbin/sync-kwallet-salt.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -PAM_UID=$(id -u "$PAM_USER") - -LOCAL_SALT="/usr/local/home/${PAM_USER}/.local/share/kwalletd/kdewallet.salt" -NFS_SALT="/home/${PAM_USER}/.local/share/kwalletd/kdewallet.salt" - -if (( PAM_UID >= 1000 )) && [ -f "$NFS_SALT" ]; then - install -o "$PAM_USER" -g "$PAM_USER" -m 0755 -d "/usr/local/home/${PAM_USER}/.local" - install -o "$PAM_USER" -g "$PAM_USER" -m 0755 -d "/usr/local/home/${PAM_USER}/.local/share" - install -o "$PAM_USER" -g "$PAM_USER" -m 0755 -d "/usr/local/home/${PAM_USER}/.local/share/kwalletd" - install -o "$PAM_USER" -g "$PAM_USER" -m 0600 "$NFS_SALT" "$LOCAL_SALT" -fi diff --git a/roles/local_homedirs/tasks/main.yml b/roles/local_homedirs/tasks/main.yml index 2a5859f..7e90959 100644 --- a/roles/local_homedirs/tasks/main.yml +++ b/roles/local_homedirs/tasks/main.yml @@ -26,20 +26,6 @@ when: local_homedir_sefcontext.changed tags: selinux -- name: copy kwallet script - copy: - src: '{{ local_homedir_kwallet_script[1:] }}' - dest: '{{ local_homedir_kwallet_script }}' - mode: 0555 - setype: xdm_unconfined_exec_t - -- name: set xdm_unconfined_exec_t sefcontext on kwallet script - sefcontext: - target: '{{ local_homedir_kwallet_script }}' - state: present - setype: xdm_unconfined_exec_t - tags: selinux - - name: copy profile script copy: src: etc/profile.d/local-homedirs.sh @@ -79,14 +65,6 @@ - auth optional pam_env.so conffile={{ local_homedir_pam_env_path }} when: "'sddm' in ansible_facts.packages" -- name: modify sddm PAM configuration for kwallet - lineinfile: - path: /etc/pam.d/sddm - line: auth optional pam_exec.so {{ local_homedir_kwallet_script }} - insertafter: auth\s+optional\s+pam_kwallet\.so$ - state: present - when: "'sddm' in ansible_facts.packages" - - name: modify pam configs for sshd lineinfile: path: /etc/pam.d/sshd diff --git a/roles/local_homedirs/vars/main.yml b/roles/local_homedirs/vars/main.yml index d906bc1..46ee9b6 100644 --- a/roles/local_homedirs/vars/main.yml +++ b/roles/local_homedirs/vars/main.yml @@ -1,4 +1,3 @@ local_homedir_script_sddm: /usr/local/sbin/create-local-homedir-gdm.sh local_homedir_script_ssh: /usr/local/sbin/create-local-homedir-ssh.sh -local_homedir_kwallet_script: /usr/local/sbin/sync-kwallet-salt.sh local_homedir_pam_env_path: /etc/security/pam_env_xdg.conf |