diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2021-08-16 14:58:34 +0200 |
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2021-08-23 15:54:50 +0200 |
| commit | 35d536c4f1f02c0ddabaf7ffa9498d05db2823f1 (patch) | |
| tree | 708894d9939c3334c5251519dca95126403497bd /roles/workstation | |
| parent | c2994b1f3220dc92f2faddb50ad355f44db9f44a (diff) | |
| download | infrastructure-35d536c4f1f02c0ddabaf7ffa9498d05db2823f1.tar.gz | |
roles/workstation: Monolithic role for workstation
Diffstat (limited to 'roles/workstation')
| -rw-r--r-- | roles/workstation/defaults/main.yml | 35 | ||||
| -rw-r--r-- | roles/workstation/tasks/_archlinux.yml | 10 | ||||
| -rw-r--r-- | roles/workstation/tasks/main.yml | 13 | ||||
| -rw-r--r-- | roles/workstation/tasks/pkgs.yml | 7 | ||||
| -rw-r--r-- | roles/workstation/tasks/sysconf.yml | 43 |
5 files changed, 108 insertions, 0 deletions
diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml new file mode 100644 index 0000000..7973c1d --- /dev/null +++ b/roles/workstation/defaults/main.yml @@ -0,0 +1,35 @@ +ws_user: qwd +ws_pip: + - +ws_pkgs: + common: + - feh + - git + - gnupg + - htop + - ipmitool + - mpv + - neovim + - rtorrent + - syncthing + - tar + - tor + - unzip + - wget + - zip + - zsh + - dmenu + + archlinux: + - acpi + - docker + - docker-compose + - opendoas + - pcsc-tools + - wireguard-tools + - pipewire + - pipewire-pulse + + openbsd: + - pcsc-lite + - pcsc-tools diff --git a/roles/workstation/tasks/_archlinux.yml b/roles/workstation/tasks/_archlinux.yml new file mode 100644 index 0000000..329372c --- /dev/null +++ b/roles/workstation/tasks/_archlinux.yml @@ -0,0 +1,10 @@ +- name: append current user to system groups + user: + name: "{{ ws_user }}" + groups: "{{ item }}" + append: true + loop: + - docker + - wheel + - video + - audio diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml new file mode 100644 index 0000000..e7c08b9 --- /dev/null +++ b/roles/workstation/tasks/main.yml @@ -0,0 +1,13 @@ +- name: verify running as root + fail: + msg: playbook must be run as root + when: ansible_user_id != "root" + + +- name: include packages + include_tasks: pkgs.yml + tags: pkgs + +- name: include sysconf + include_tasks: sysconf.yml + tags: sysconf diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml new file mode 100644 index 0000000..8c2354e --- /dev/null +++ b/roles/workstation/tasks/pkgs.yml @@ -0,0 +1,7 @@ +- name: install distribution packages + package: + name: "{{ item }}" + state: present + loop: + - "{{ ws_pkgs['common'] }}" + - "{{ ws_pkgs[ansible_distribution | lower] }}" diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml new file mode 100644 index 0000000..c8c5ffd --- /dev/null +++ b/roles/workstation/tasks/sysconf.yml @@ -0,0 +1,43 @@ +- name: include operating system sensible task + include_tasks: "_{{ ansible_distribution | lower }}.yml" + tags: sysconf + +- name: generate doas configuration + lineinfile: + path: /etc/doas.conf + regexp: "^permit persist keepenv {{ ws_user }} as root" + line: "permit persist keepenv {{ ws_user }} as root" + create: true + mode: "0644" + owner: 0 + group: 0 + +- name: allow reboot/shutdown/hibernate with doas + lineinfile: + path: /etc/doas.conf + regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}" + line: "permit nopass {{ ws_user }} as root cmd {{ item }}" + loop: + - zzz + - ZZZ + - reboot + - shutdown + +- name: start and enable pcscd service + service: + name: pcscd + state: started + enabled: true + +- name: check sudo binary path + shell: which sudo + register: result + failed_when: false + +- name: uninstall sudo binary + package: + name: sudo + state: absent + when: result.rc == 0 + register: sudo + ignore_errors: true |