From 1da2e625b5bed57326461efd80742912fb3182b2 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Wed, 8 Jul 2020 00:41:31 -0500
Subject: [PATCH 1/3] Remove 99x11-common_start This seems like a bad idea at
 first, but then you realize that the moment a user's .xsessionrc or .xinitrc
 gets sourced in, 99% of the time they exec themselves

---
 roles/desktop/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/desktop/tasks/main.yml b/roles/desktop/tasks/main.yml
index 3364012..767a860 100644
--- a/roles/desktop/tasks/main.yml
+++ b/roles/desktop/tasks/main.yml
@@ -17,6 +17,8 @@
       loop:
         # Works around a bug where this causes failed logins
         - "/etc/X11/Xsession.d/70im-config_launch"
+        # Works around SDDM never actually sourcing a user's xsessionrc
+        - "/etc/X11/Xsession.d/99x11-common_start"
     - name: Copy system configs
       template:
         src: "{{ item.src }}"

From 41225985fd72be129ff4c581481ae76770b3ca79 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Wed, 8 Jul 2020 00:45:14 -0500
Subject: [PATCH 2/3] Ensure Ansible user has the right perms This was causing
 issues when I migrated home directories across machines

---
 roles/common/tasks/ansibleuser.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/common/tasks/ansibleuser.yml b/roles/common/tasks/ansibleuser.yml
index 2cfc2d3..5a0b6c2 100644
--- a/roles/common/tasks/ansibleuser.yml
+++ b/roles/common/tasks/ansibleuser.yml
@@ -9,6 +9,12 @@
         password_lock: yes
         system: yes
       become: yes
+    - name: Ensure perms on Ansible user home
+      file:
+        path: "/home/ansible"
+        mode: "0700"
+        owner: ansible
+        group: ansible
     - name: Add Ansible key to user
       authorized_key:
         user: ansible

From ead19311c22595af053dae280f4dc8d8639a2e8a Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Wed, 8 Jul 2020 00:47:13 -0500
Subject: [PATCH 3/3] Also ensure Ansible owns EVERYTHING in their home dir

---
 roles/common/tasks/ansibleuser.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/common/tasks/ansibleuser.yml b/roles/common/tasks/ansibleuser.yml
index 5a0b6c2..152f08d 100644
--- a/roles/common/tasks/ansibleuser.yml
+++ b/roles/common/tasks/ansibleuser.yml
@@ -13,8 +13,12 @@
       file:
         path: "/home/ansible"
         mode: "0700"
+    - name: Ensure ownership of Ansible user home
+      file:
+        path: "/home/ansible"
         owner: ansible
         group: ansible
+        recurse: yes
     - name: Add Ansible key to user
       authorized_key:
         user: ansible