From ae034ef584f13a7b3ddc911bdb4b99d5796a383f Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 11 Dec 2020 20:14:18 +0100
Subject: ws/base: hide ntfs disks

---
 roles/ws/base/defaults/main.yml                    |  3 +++
 roles/ws/base/tasks/hide-ntfs-disks.yml            | 18 ++++++++++++++++++
 roles/ws/base/tasks/main.yml                       |  5 +++++
 roles/ws/base/templates/hide-ntfs-disks.service.j2 | 10 ++++++++++
 roles/ws/base/templates/hide-ntfs-disks.sh.j2      | 13 +++++++++++++
 5 files changed, 49 insertions(+)
 create mode 100644 roles/ws/base/tasks/hide-ntfs-disks.yml
 create mode 100644 roles/ws/base/templates/hide-ntfs-disks.service.j2
 create mode 100644 roles/ws/base/templates/hide-ntfs-disks.sh.j2

diff --git a/roles/ws/base/defaults/main.yml b/roles/ws/base/defaults/main.yml
index 2af4d3db..af028ab9 100644
--- a/roles/ws/base/defaults/main.yml
+++ b/roles/ws/base/defaults/main.yml
@@ -7,3 +7,6 @@ ws_base_extra_packages: []
 #   #!/bin/bash
 #   xrandr --output HDMI-1 --mode 1920x1080 --primary
 #   exit 0
+
+# ws_base_hide_ntfs_disks:
+#  - /dev/disk/by-id/ata-blub_foo-part1
diff --git a/roles/ws/base/tasks/hide-ntfs-disks.yml b/roles/ws/base/tasks/hide-ntfs-disks.yml
new file mode 100644
index 00000000..78845177
--- /dev/null
+++ b/roles/ws/base/tasks/hide-ntfs-disks.yml
@@ -0,0 +1,18 @@
+---
+- name: install script to hide ntfs partitions
+  template:
+    src: hide-ntfs-disks.sh.j2
+    dest: /usr/local/bin/hide-ntfs-disks.sh
+    mode: 0755
+
+- name: install systemd unit to hide ntfs partitions
+  template:
+    src: hide-ntfs-disks.service.j2
+    dest: /etc/systemd/system/hide-ntfs-disks.service
+
+- name: hide ntfs partitions
+  systemd:
+    name: hide-ntfs-disks.service
+    daemon_reload: yes
+    enabled: yes
+    state: started
diff --git a/roles/ws/base/tasks/main.yml b/roles/ws/base/tasks/main.yml
index 9073d342..bf30fc04 100644
--- a/roles/ws/base/tasks/main.yml
+++ b/roles/ws/base/tasks/main.yml
@@ -87,6 +87,11 @@
     state: present
 
 
+- name: hide ntfs disks
+  when: ws_base_hide_ntfs_disks is defined
+  import_tasks: hide-ntfs-disks.yml
+
+
 - name: install xrandr setup script
   when: ws_base_xrandr_setup_script is defined
   block:
diff --git a/roles/ws/base/templates/hide-ntfs-disks.service.j2 b/roles/ws/base/templates/hide-ntfs-disks.service.j2
new file mode 100644
index 00000000..669c9d8f
--- /dev/null
+++ b/roles/ws/base/templates/hide-ntfs-disks.service.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=Hide NTFS Disks from nosy users
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/hide-ntfs-disks.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/ws/base/templates/hide-ntfs-disks.sh.j2 b/roles/ws/base/templates/hide-ntfs-disks.sh.j2
new file mode 100644
index 00000000..898e7f3b
--- /dev/null
+++ b/roles/ws/base/templates/hide-ntfs-disks.sh.j2
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+MOUNT_BASE_D="/media/.ntfs"
+rm -rf "$MOUNT_BASE_D"
+mkdir -p "$MOUNT_BASE_D"
+chmod 0700 "$MOUNT_BASE_D"
+
+{% for disk in ws_base_hide_ntfs_disks %}
+
+name="$(readlink -f '{{ disk }}' | xargs basename)"
+mkdir -p "$MOUNT_BASE_D/$name"
+/bin/mount -o no_def_opts,user_id=0,group_id=0,ro "{{ disk }}" "$MOUNT_BASE_D/$name"
+{% endfor %}
-- 
cgit v1.2.3