From aeef01114349ce6cbfae17d1c5be547d950bdc75 Mon Sep 17 00:00:00 2001 From: Fabio Scotto di Santolo Date: Fri, 10 Apr 2026 18:22:19 +0200 Subject: [PATCH] Remove iCloud keyring bootstrap tasks --- ansible/inventory/group_vars/desktop.yml | 1 - .../profile_desktop_common/tasks/main.yml | 110 ------------------ 2 files changed, 111 deletions(-) diff --git a/ansible/inventory/group_vars/desktop.yml b/ansible/inventory/group_vars/desktop.yml index 13c0163..e80923f 100644 --- a/ansible/inventory/group_vars/desktop.yml +++ b/ansible/inventory/group_vars/desktop.yml @@ -1,5 +1,4 @@ --- -desktop_manage_icloud_keyring: false desktop_protonmail_bridge_cert_path: ~/.var/app/ch.protonmail.protonmail-bridge/config/protonmail/bridge-v3/cert.pem desktop_sessions_enabled: diff --git a/ansible/roles/profile_desktop_common/tasks/main.yml b/ansible/roles/profile_desktop_common/tasks/main.yml index 2dc3033..9d9d961 100644 --- a/ansible/roles/profile_desktop_common/tasks/main.yml +++ b/ansible/roles/profile_desktop_common/tasks/main.yml @@ -335,116 +335,6 @@ - "{{ user_home }}/Maildir/iCloudAccount" - "{{ user_home }}/Maildir/ProtonMailAccount" -- name: Bootstrap iCloud keyring secret from Ansible vault - tags: [dotfiles, dotfiles:desktop, gnome] - when: desktop_manage_icloud_keyring | default(false) - block: - - name: Store iCloud mail password in GNOME Keyring - ansible.builtin.getent: - database: passwd - key: "{{ username }}" - - - name: Set desktop user runtime UID - ansible.builtin.set_fact: - desktop_user_uid: "{{ ansible_facts.getent_passwd[username][1] }}" - - - name: Check whether desktop user DBus session address file exists - ansible.builtin.stat: - path: "{{ user_home }}/.dbus-session-bus-address" - register: desktop_user_bus_address_file - - - name: Read desktop user DBus session address - ansible.builtin.slurp: - src: "{{ user_home }}/.dbus-session-bus-address" - register: desktop_user_bus_address_raw - when: - - (vault_icloud_mail_password | default('')) | length > 0 - - desktop_user_bus_address_file.stat.exists - - - name: Set desktop user DBus session address - ansible.builtin.set_fact: - desktop_user_bus_address: >- - {{ desktop_user_bus_address_raw.content | b64decode | trim }} - when: - - (vault_icloud_mail_password | default('')) | length > 0 - - desktop_user_bus_address_file.stat.exists - - - name: Check whether GNOME Keyring default collection is available - ansible.builtin.command: - cmd: >- - gdbus call --session - --dest org.freedesktop.secrets - --object-path /org/freedesktop/secrets - --method org.freedesktop.Secret.Service.ReadAlias default - become: true - become_user: "{{ username }}" - environment: - HOME: "{{ user_home }}" - XDG_RUNTIME_DIR: "/run/user/{{ desktop_user_uid }}" - DBUS_SESSION_BUS_ADDRESS: "{{ desktop_user_bus_address }}" - register: icloud_keyring_default_alias - failed_when: false - changed_when: false - when: - - (vault_icloud_mail_password | default('')) | length > 0 - - desktop_user_bus_address | default('') | length > 0 - - - name: Set GNOME Keyring default collection path - ansible.builtin.set_fact: - icloud_keyring_default_alias_path: >- - {{ - ( - icloud_keyring_default_alias.stdout - | default('') - | regex_findall("objectpath '([^']+)'") - | first - ) - | default('') - }} - when: - - (vault_icloud_mail_password | default('')) | length > 0 - - desktop_user_bus_address | default('') | length > 0 - - icloud_keyring_default_alias.rc | default(1) == 0 - - - name: Store iCloud mail password in GNOME Keyring - ansible.builtin.command: - cmd: secret-tool store --label="iCloud Mail" icloud-mail icloud - stdin: "{{ vault_icloud_mail_password }}" - stdin_add_newline: false - become: true - become_user: "{{ username }}" - environment: - HOME: "{{ user_home }}" - XDG_RUNTIME_DIR: "/run/user/{{ desktop_user_uid }}" - DBUS_SESSION_BUS_ADDRESS: "{{ desktop_user_bus_address }}" - register: icloud_keyring_store - failed_when: false - changed_when: icloud_keyring_store.rc == 0 - no_log: true - when: - - (vault_icloud_mail_password | default('')) | length > 0 - - desktop_user_bus_address | default('') | length > 0 - - icloud_keyring_default_alias.rc | default(1) == 0 - - (icloud_keyring_default_alias_path | default('')) | length > 0 - - (icloud_keyring_default_alias_path | default('')) != '/' - - - name: Warn when iCloud keyring storage is skipped - ansible.builtin.debug: - msg: >- - Unable to store iCloud password in GNOME Keyring automatically. - {% if (desktop_user_bus_address | default('')) | length == 0 %} - No saved DBus session address was found in {{ user_home }}/.dbus-session-bus-address. - {% elif icloud_keyring_default_alias.rc | default(1) != 0 %} - The Secret Service default alias could not be queried for {{ username }}. - {% elif (icloud_keyring_default_alias_path | default('')) == '/' %} - The Secret Service default alias is unset, so the login keyring is not initialized. - {% endif %} - Ensure a graphical user session is active, the login keyring exists and is unlocked, then run: - secret-tool store --label="iCloud Mail" icloud-mail icloud - when: - - (vault_icloud_mail_password | default('')) | length > 0 - - icloud_keyring_store.rc | default(1) != 0 - - name: Clone st repository tags: [packages] ansible.builtin.git: