feat(workstation): improved installation for authenticator and added the...

2023-11-21 16:53:13 +00:00 · 2023-11-21 16:53:13 +00:00 · 9faf348aa7
commit 9faf348aa7
parent 726b7668f9
2 changed files with 54 additions and 10 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/workstation/tasks/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/workstation/tasks/main.yml
@ -142,31 +142,54 @@
    - { src: "../templates/.config/terminator", dest: "{{ getent_passwd[workstation_user_account][4] }}/.config" }
    - { src: "../templates/.config/vlc", dest: "{{ getent_passwd[workstation_user_account][4] }}/.config" }

+- name: '[authenticator] find if binary is already installed'
+  ansible.builtin.file:
+    path: /opt/yubico-authenticator/authenticator
+  register: authenticator_stat
+  changed_when: false
+  failed_when: false
+
 - name: '[yubico] install authenticator'
  become: true
+  when: authenticator_stat.state is match("absent")
  block:
-    - name: '[yubico] fetch latest authenticator source'
-      ansible.builtin.get_url:
-        url: https://developers.yubico.com/yubioath-flutter/Releases/yubico-authenticator-latest-linux.tar.gz
-        dest: /tmp/yubico-authenticator-latest-linux.tar.gz
-        mode: '0640'
-
    - name: '[yubico] prepare target directory'
-      file:
-        path: /opt/yubico-authenticator
+      ansible.builtin.file:
+        path: "{{ item }}"
        owner: "{{ workstation_user_account }}"
        group: "{{ workstation_user_account }}"
        mode: '0750'
        state: directory
+      loop:
+        - /tmp/yubico-unarchive
+        - /opt/yubico-authenticator

    - name: '[yubico] extract data'
      ansible.builtin.unarchive:
-        src: /tmp/yubico-authenticator-latest-linux.tar.gz
+        src: https://developers.yubico.com/yubioath-flutter/Releases/yubico-authenticator-latest-linux.tar.gz
        remote_src: true
+        dest: /tmp/yubico-unarchive
+        owner: "{{ workstation_user_account }}"
+        group: "{{ workstation_user_account }}"
+
+    - name: '[yubico] find extracted directory'
+      ansible.builtin.command:
+        cmd: find /tmp/yubico-unarchive -mindepth 1 -maxdepth 1
+      register: yubico_extract_path
+      changed_when: false
+
+    - name: '[yubico] move extracted data to final dir'
+      copy:
+        remote_src: true
+        src: "{{ yubico_extract_path.stdout }}/"
        dest: /opt/yubico-authenticator
        owner: "{{ workstation_user_account }}"
        group: "{{ workstation_user_account }}"
-        creates: /opt/yubico-authenticator/authenticator
+
+    - name: '[yubico] cleanup'
+      ansible.builtin.file:
+        path: /tmp/yubico-unarchive
+        state: absent

    - name: '[yubico] create shell wrapper'
      ansible.builtin.template:
@ -178,4 +201,17 @@
      vars:
        application: "/opt/yubico-authenticator/authenticator"

+    - name: '[yubico] create desktop entry'
+      template:
+        src: ../templates/desktop_app.j2
+        dest: "{{ getent_passwd[workstation_user_account][4] }}/.local/share/applications/authenticator.desktop"
+        mode: '0600'
+        owner: "{{ workstation_user_account }}"
+        group: "{{ workstation_user_account }}"
+      vars:
+        application:
+          nodisplay: false
+          exec_cmd: "{{ getent_passwd[workstation_user_account][4] }}/.local/bin/authenticator"
+          name: "Authenticator"
+
 - include_tasks: window_manager.yml
--- a/collections/ansible_collections/nullified/infrastructure/roles/workstation/templates/desktop_app.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/workstation/templates/desktop_app.j2
@ -0,0 +1,8 @@
+[Desktop Entry]
+Encoding=UTF-8
+Version=1.0
+Type=Application
+NoDisplay={{ application.nodisplay }}
+Exec={{ application.exec_cmd }}
+Name={{ application.name }}
+Comment={{ application.comment | default(application.name) }}