Break workstation role in sub-roles

8 files changed, 280 insertions, 0 deletions

diff --git a/roles/_workstation/packages/tasks/main.yml b/roles/_workstation/packages/tasks/main.yml
new file mode 100644
index 0000000..798eafa
--- /dev/null
+++ b/roles/_workstation/packages/tasks/main.yml
@@ -0,0 +1,49 @@
+
+# workstation ~~ roles/_workstation/packages/tasks/main.yml
+# install packages for all distributions
+
+---
+
+- name: install packages for Archlinux
+  shell: |
+    pacman --noconfirm --needed -Sy {{ item | join(" ") }}
+  loop:
+    - "{{ pkgs_common }}"
+    - "{{ pkgs_archlinux }}"
+  no_log: true
+  register: out
+  ignore_errors: true
+  when: ansible_distribution == "Archlinux"
+
+- name: install packages for OpenBSD
+  shell: pkg_add -z {{ item | join(" ") }}
+  loop:
+    - "{{ pkgs_common }}"
+    - "{{ pkgs_openbsd }}"
+  no_log: true
+  register: out
+  ignore_errors: true
+  when: ansible_distribution == "OpenBSD"
+
+- name: packages installation output
+  debug:
+    msg: |
+      {% for item in out.results %}
+      - {{ item.cmd }}
+      {% for type in ["stdout_lines", "stderr_lines"] if item[type] %}
+      -- {{ type }}
+      {% for line in item[type] %}
+      --- {{ line }}
+      {% endfor %}
+      {% endfor %}
+      {% endfor %}
+  when: out is defined
+
+- name: show installation informations
+  debug:
+    msg: |
+      {% if out is defined %}
+      Installed all packages for system : {{ ansible_distribution }}
+      {% else %}
+      No installation methode for system : {{ ansible_distribution }}. Please patch and commit.
+      {% endif %}
diff --git a/roles/_workstation/packages/vars/main.yml b/roles/_workstation/packages/vars/main.yml
new file mode 100644
index 0000000..a94de67
--- /dev/null
+++ b/roles/_workstation/packages/vars/main.yml
@@ -0,0 +1,80 @@
+
+# roles/_workstation/packages/vars/main.yml
+#
+
+---
+
+pkgs_common:
+  # desktop (backup over dwm)
+  - bemenu
+  - i3status
+  # editor
+  - neovim
+  # files
+  - curl
+  - git
+  - syncthing
+  - tar
+  - unzip
+  - wget
+  - zip
+  # lang
+  - ansible
+  - go
+  - rust
+  # multimedia
+  - cmus
+  - feh
+  - firefox 
+  - mpv
+  - qutebrowser 
+  - vlc
+  - weechat
+  # tools
+  - gnupg
+  - htop
+  - ipmitool
+  - tor
+  - zsh
+
+pkgs_archlinux:
+  # desktop
+  - i3-wm
+  # editor
+  - emacs
+  # sys
+  - opendoas
+  # python
+  - python-jedi
+  - python-neovim
+  - python-pip
+  - python-requests
+  # net
+  - wireguard-dkms
+
+pkgs_openbsd:
+  # desktop
+  - i3
+  # devel
+  - automake--%1.16
+  - clang-tools-extra
+  - cmake
+  - gmake
+  - free
+  # editor
+  - emacs--no_x11%emacs
+  # net
+  - tor-browser
+  - torsocks
+  - wireguard-tools
+  # multimedia
+  - weechat-lua
+  - weechat-python
+  # python
+  - py3-jedi
+  - py3-neovim
+  - py3-pip
+  - py3-requests
+  # security
+  - pcsc-lite
+  - pcsc-tools
diff --git a/roles/_workstation/sysconf/tasks/_archlinux.yml b/roles/_workstation/sysconf/tasks/_archlinux.yml
new file mode 100644
index 0000000..07dbe41
--- /dev/null
+++ b/roles/_workstation/sysconf/tasks/_archlinux.yml
@@ -0,0 +1,13 @@
+
+# workstation ~~ roles/_workstation/sysconf/tasks/_archlinux.yml
+# init archlinux based workstation
+
+---
+
+- name: ensure Xorg subdirectory for configuration exists
+  file:
+    path: /etc/X11/xorg.conf.d
+    owner: root
+    mode: 0644
+    state: directory
+
diff --git a/roles/_workstation/sysconf/tasks/_openbsd.yml b/roles/_workstation/sysconf/tasks/_openbsd.yml
new file mode 100644
index 0000000..504e751
--- /dev/null
+++ b/roles/_workstation/sysconf/tasks/_openbsd.yml
@@ -0,0 +1,71 @@
+
+# workstation ~~ roles/workstation/tasks/main.yml
+# init openbsd based workstation
+
+---
+
+- name: ensure wsconsctl config file exists
+  file:
+    path: /etc/wsconsctl.conf
+    owner: root
+    group: wheel
+    mode: 0644
+    state: touch
+
+- name: append configuration to wsconsctl
+  lineinfile:
+    path: /etc/wsconsctl.conf
+    regexp: "^{{ item[0] }}"
+    line: "{{ item[0] }}={{ item[1] }}"
+  loop:
+    - [screen.brightness, 80]
+    - [keyboard.repeat.del1, 180]
+    - [keyboard.repeat.deln, 50]
+    - [keyboard.bell.volume, 0]
+    - [mouse.tp.tapping, 1]
+
+- name: ensure Xorg subdirectory for configuration exists
+  file:
+    path: /etc/X11/xorg.conf.d
+    owner: root
+    mode: 0644
+    state: directory
+
+- name: generate system wide configurations
+  template:
+    src: "{{ item }}"
+    dest: "/{{ item | regex_replace('-', '/') }}"
+  loop:
+    - etc-X11-xorg.conf.d-intel.conf
+    - etc-apm-hibernate
+    - etc-apm-suspend
+
+- name: ensure sysctl configuration file exists
+  file:
+    path: /etc/sysctl.conf
+    owner: root
+    mode: 0644
+
+- name: ensure sysctl memory optimizations
+  blockinfile:
+    path: /etc/sysctl.conf
+    block: |
+      kern.shminfo.shmall=3145728
+      kern.shminfo.shmmax=1073741823
+      kern.shminfo.shmmni=1024
+      kern.shminfo.shmseg=1024
+      kern.seminfo.semmns=4096
+      kern.seminfo.semmni=1024
+    marker: "# memory {mark} - managed by Ansible"
+
+- name: ensure sysctl process optimizations
+  blockinfile:
+    path: /etc/sysctl.conf
+    block: |
+      kern.maxfiles=102400
+      kern.maxproc=32768
+      kern.maxfiles=65535
+      kern.bufcachepercent=90
+      kern.maxvnodes=262144
+      kern.somaxconn=2048
+    marker: "# process - {mark} managed by Ansible"
diff --git a/roles/_workstation/sysconf/tasks/main.yml b/roles/_workstation/sysconf/tasks/main.yml
new file mode 100644
index 0000000..2a6f4a4
--- /dev/null
+++ b/roles/_workstation/sysconf/tasks/main.yml
@@ -0,0 +1,54 @@
+
+# workstation ~~ roles/workstation/tasks/main.yml
+# init workstation
+
+---
+
+- name: retrieve BECOME method
+  stat: path=/usr/bin/doas 
+  register: ws_become
+
+- name: retrieve original user
+  shell: logname
+  register: ws_user
+
+- name: retrieve host facts
+  set_fact:
+    ansible_become_method: "{{ 'doas' if ws_become.stat.exists else 'sudo' }}"
+    ansible_become_user: root
+    ws_user: "{{ ws_user.stdout }}"
+
+- name: include distribution specific task
+  include_tasks: "_{{ ansible_distribution | lower }}.yml"
+  ignore_errors: true
+
+- name: generate doas configuration
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit persist keepenv {{ ws_user }} as root"
+    line: "permit persist keepenv {{ ws_user }} as root"
+    owner: root
+    mode: 0644
+    create: true
+
+- name: start and enable pcscd service
+  service:
+    name: pcscd
+    state: started
+    enabled: true
+
+- name: check sudo binary path
+  shell: which sudo
+  register: sudo
+  ignore_errors: true
+
+- name: uninstall sudo binary
+  package:
+    name: sudo
+    state: absent
+  when: sudo.rc == 0
+  register: sudo
+  ignore_errors: true
+
+- name: setup dotfiles from upstream and user script
+  meta: end_host
diff --git a/roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf b/roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf
new file mode 100644
index 0000000..5d73c65
--- /dev/null
+++ b/roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf
@@ -0,0 +1,9 @@
+
+# disable tearscreen for Xenocara on OpenBSD
+# managed by Ansible
+
+Section "Device"
+	Identifier "drm"
+	Driver "intel"
+	Option "TearFree" "true"
+EndSection
diff --git a/roles/_workstation/sysconf/templates/etc-apm-hibernate b/roles/_workstation/sysconf/templates/etc-apm-hibernate
new file mode 120000
index 0000000..a07e961
--- /dev/null
+++ b/roles/_workstation/sysconf/templates/etc-apm-hibernate
@@ -0,0 +1 @@
+etc-apm-suspend
\ No newline at end of file
diff --git a/roles/_workstation/sysconf/templates/etc-apm-suspend b/roles/_workstation/sysconf/templates/etc-apm-suspend
new file mode 100755
index 0000000..9d36537
--- /dev/null
+++ b/roles/_workstation/sysconf/templates/etc-apm-suspend
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+pkill -USR1 xidle