diff options
Diffstat (limited to 'roles/ws')
-rw-r--r-- | roles/ws/pipewire/tasks/main.yml | 6 | ||||
-rw-r--r-- | roles/ws/thunderbird-gpg-hack/handlers/main.yml | 3 | ||||
-rw-r--r-- | roles/ws/thunderbird-gpg-hack/tasks/main.yml | 49 |
3 files changed, 58 insertions, 0 deletions
diff --git a/roles/ws/pipewire/tasks/main.yml b/roles/ws/pipewire/tasks/main.yml index 3f99b60c..9d310dca 100644 --- a/roles/ws/pipewire/tasks/main.yml +++ b/roles/ws/pipewire/tasks/main.yml @@ -1,4 +1,10 @@ --- +- name: check if ubuntu version is old enough + assert: + msg: "Starting with Ubuntu Kinetic pipewire is already the default - please don't use this role for newer version of Ubuntu!" + that: + - (ansible_distribution_release | ubuntu_release_compare('<', 'kinetic')) + - name: install pipewire and deps apt: name: diff --git a/roles/ws/thunderbird-gpg-hack/handlers/main.yml b/roles/ws/thunderbird-gpg-hack/handlers/main.yml new file mode 100644 index 00000000..d4967d21 --- /dev/null +++ b/roles/ws/thunderbird-gpg-hack/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: replace apparmor profile snap.thunderbird.thunderbird + command: apparmor_parser -v -C -r /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird diff --git a/roles/ws/thunderbird-gpg-hack/tasks/main.yml b/roles/ws/thunderbird-gpg-hack/tasks/main.yml new file mode 100644 index 00000000..8a6037e8 --- /dev/null +++ b/roles/ws/thunderbird-gpg-hack/tasks/main.yml @@ -0,0 +1,49 @@ +--- +## workaround for: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2009825 +## also see: https://forum.snapcraft.io/t/thunderbird-snap-and-external-gnupg-for-smart-cards/39553/1 + +# manual config changes: +## go to: Edit -> Settings -> (scroll to the end) -> Config Editor... +## mail.openpgp.allow_external_gnupg = true +## mail.openpgp.alternative_gpg_path = /home/equinox/gpg-wrapper-snap.sh + +- name: connect gpg-keys slot of thunderbird snap + command: snap connect thunderbird:gpg-keys :gpg-keys + changed_when: false + +## TODOM make home-dir configurable or find location for wrapper that is usable for all users... +- name: generate gpg-wrapper to workaround HOME variable issue + copy: + content: | + #!/bin/sh + export HOME="$SNAP_REAL_HOME" + exec $SNAP/usr/bin/gpg "$@" + dest: /home/equinox/gpg-wrapper-snap.sh + mode: 0755 + +- name: create apparmor abstraction for gnupg2 + copy: + content: | + # vim:syntax=apparmor + # gnupg2 sub-process running permissions + + abi <abi/4.0>, + + # user configurations + owner @{HOME}/.gnupg/* r, + owner @{HOME}/.gnupg/random_seed rk, + owner @{HOME}/.gnupg/tofu.db rwk, + owner /{,var/}run/user/[0-9]*/gnupg/* rw, + + # Include additions to the abstraction + include if exists <abstractions/gnupg2.d> + dest: /etc/apparmor.d/abstractions/gnupg2 + notify: replace apparmor profile snap.thunderbird.thunderbird + +- name: patch thunderbird apparmor profile + lineinfile: + line: " #include <abstractions/gnupg2>" + state: present + insertafter: " #include <abstractions/openssl>" + path: /var/lib/snapd/apparmor/profiles/snap.thunderbird.thunderbird + notify: replace apparmor profile snap.thunderbird.thunderbird |