Break workstation role in sub-roles

6 files changed, 151 insertions, 0 deletions

diff --git a/roles/_workstation/sysconf/tasks/_archlinux.yml b/roles/_workstation/sysconf/tasks/_archlinux.yml
new file mode 100644
index 0000000..07dbe41
--- /dev/null
+++ b/roles/_workstation/sysconf/tasks/_archlinux.yml
@@ -0,0 +1,13 @@
+
+# workstation ~~ roles/_workstation/sysconf/tasks/_archlinux.yml
+# init archlinux based workstation
+
+---
+
+- name: ensure Xorg subdirectory for configuration exists
+  file:
+    path: /etc/X11/xorg.conf.d
+    owner: root
+    mode: 0644
+    state: directory
+
diff --git a/roles/_workstation/sysconf/tasks/_openbsd.yml b/roles/_workstation/sysconf/tasks/_openbsd.yml
new file mode 100644
index 0000000..504e751
--- /dev/null
+++ b/roles/_workstation/sysconf/tasks/_openbsd.yml
@@ -0,0 +1,71 @@
+
+# workstation ~~ roles/workstation/tasks/main.yml
+# init openbsd based workstation
+
+---
+
+- name: ensure wsconsctl config file exists
+  file:
+    path: /etc/wsconsctl.conf
+    owner: root
+    group: wheel
+    mode: 0644
+    state: touch
+
+- name: append configuration to wsconsctl
+  lineinfile:
+    path: /etc/wsconsctl.conf
+    regexp: "^{{ item[0] }}"
+    line: "{{ item[0] }}={{ item[1] }}"
+  loop:
+    - [screen.brightness, 80]
+    - [keyboard.repeat.del1, 180]
+    - [keyboard.repeat.deln, 50]
+    - [keyboard.bell.volume, 0]
+    - [mouse.tp.tapping, 1]
+
+- name: ensure Xorg subdirectory for configuration exists
+  file:
+    path: /etc/X11/xorg.conf.d
+    owner: root
+    mode: 0644
+    state: directory
+
+- name: generate system wide configurations
+  template:
+    src: "{{ item }}"
+    dest: "/{{ item | regex_replace('-', '/') }}"
+  loop:
+    - etc-X11-xorg.conf.d-intel.conf
+    - etc-apm-hibernate
+    - etc-apm-suspend
+
+- name: ensure sysctl configuration file exists
+  file:
+    path: /etc/sysctl.conf
+    owner: root
+    mode: 0644
+
+- name: ensure sysctl memory optimizations
+  blockinfile:
+    path: /etc/sysctl.conf
+    block: |
+      kern.shminfo.shmall=3145728
+      kern.shminfo.shmmax=1073741823
+      kern.shminfo.shmmni=1024
+      kern.shminfo.shmseg=1024
+      kern.seminfo.semmns=4096
+      kern.seminfo.semmni=1024
+    marker: "# memory {mark} - managed by Ansible"
+
+- name: ensure sysctl process optimizations
+  blockinfile:
+    path: /etc/sysctl.conf
+    block: |
+      kern.maxfiles=102400
+      kern.maxproc=32768
+      kern.maxfiles=65535
+      kern.bufcachepercent=90
+      kern.maxvnodes=262144
+      kern.somaxconn=2048
+    marker: "# process - {mark} managed by Ansible"
diff --git a/roles/_workstation/sysconf/tasks/main.yml b/roles/_workstation/sysconf/tasks/main.yml
new file mode 100644
index 0000000..2a6f4a4
--- /dev/null
+++ b/roles/_workstation/sysconf/tasks/main.yml
@@ -0,0 +1,54 @@
+
+# workstation ~~ roles/workstation/tasks/main.yml
+# init workstation
+
+---
+
+- name: retrieve BECOME method
+  stat: path=/usr/bin/doas 
+  register: ws_become
+
+- name: retrieve original user
+  shell: logname
+  register: ws_user
+
+- name: retrieve host facts
+  set_fact:
+    ansible_become_method: "{{ 'doas' if ws_become.stat.exists else 'sudo' }}"
+    ansible_become_user: root
+    ws_user: "{{ ws_user.stdout }}"
+
+- name: include distribution specific task
+  include_tasks: "_{{ ansible_distribution | lower }}.yml"
+  ignore_errors: true
+
+- name: generate doas configuration
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit persist keepenv {{ ws_user }} as root"
+    line: "permit persist keepenv {{ ws_user }} as root"
+    owner: root
+    mode: 0644
+    create: true
+
+- name: start and enable pcscd service
+  service:
+    name: pcscd
+    state: started
+    enabled: true
+
+- name: check sudo binary path
+  shell: which sudo
+  register: sudo
+  ignore_errors: true
+
+- name: uninstall sudo binary
+  package:
+    name: sudo
+    state: absent
+  when: sudo.rc == 0
+  register: sudo
+  ignore_errors: true
+
+- name: setup dotfiles from upstream and user script
+  meta: end_host
diff --git a/roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf b/roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf
new file mode 100644
index 0000000..5d73c65
--- /dev/null
+++ b/roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf
@@ -0,0 +1,9 @@
+
+# disable tearscreen for Xenocara on OpenBSD
+# managed by Ansible
+
+Section "Device"
+	Identifier "drm"
+	Driver "intel"
+	Option "TearFree" "true"
+EndSection
diff --git a/roles/_workstation/sysconf/templates/etc-apm-hibernate b/roles/_workstation/sysconf/templates/etc-apm-hibernate
new file mode 120000
index 0000000..a07e961
--- /dev/null
+++ b/roles/_workstation/sysconf/templates/etc-apm-hibernate
@@ -0,0 +1 @@
+etc-apm-suspend
\ No newline at end of file
diff --git a/roles/_workstation/sysconf/templates/etc-apm-suspend b/roles/_workstation/sysconf/templates/etc-apm-suspend
new file mode 100755
index 0000000..9d36537
--- /dev/null
+++ b/roles/_workstation/sysconf/templates/etc-apm-suspend
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+pkill -USR1 xidle