aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--files/pubkeys/ws-xps01.pub2
-rw-r--r--roles/workstation/defaults/main.yml15
-rw-r--r--roles/workstation/tasks/_openbsd.yml69
-rw-r--r--roles/workstation/tasks/main.yml1
-rw-r--r--roles/workstation/tasks/sysconf.yml5
-rwxr-xr-xroles/workstation/templates/_openbsd/apm-hibernate5
-rwxr-xr-xroles/workstation/templates/_openbsd/apm-resume16
-rwxr-xr-xroles/workstation/templates/_openbsd/apm-suspend5
-rw-r--r--roles/workstation/templates/_openbsd/xorg-intel.conf9
9 files changed, 118 insertions, 9 deletions
diff --git a/files/pubkeys/ws-xps01.pub b/files/pubkeys/ws-xps01.pub
index a52a967..f3e0843 100644
--- a/files/pubkeys/ws-xps01.pub
+++ b/files/pubkeys/ws-xps01.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJJB1ANBSbI2DVXZTVC9psQOnuC1HN+xHwoyQIMDhQA qwd@ws-xps01
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5Glu+oWM9TyD/4BSsysMzwTeJi8kO7tGPPIZTaCp8G qwd@ws-xps01
diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml
index 3935e13..8beac23 100644
--- a/roles/workstation/defaults/main.yml
+++ b/roles/workstation/defaults/main.yml
@@ -1,26 +1,28 @@
ws_user: qwd
-ws_pip_pkgs:
- -
+
ws_pipx_pkgs:
- wal
+
ws_pkgs:
common:
+ - dmenu
- feh
+ - fzf
- git
- gnupg
- htop
- ipmitool
- mpv
- neovim
+ - qutebrowser
- rtorrent
- syncthing
- - tar
- tor
+ - tor-browser
- unzip
- wget
- zip
- zsh
- - dmenu
archlinux:
- acpi
@@ -28,11 +30,14 @@ ws_pkgs:
- docker-compose
- opendoas
- pcsc-tools
- - wireguard-tools
- pipewire
- pipewire-pulse
+ - tar
+ - wireguard-tools
- xorg-xwayland
openbsd:
- pcsc-lite
- pcsc-tools
+ - py3-pip
+ - wireguard-tools
diff --git a/roles/workstation/tasks/_openbsd.yml b/roles/workstation/tasks/_openbsd.yml
new file mode 100644
index 0000000..e1de610
--- /dev/null
+++ b/roles/workstation/tasks/_openbsd.yml
@@ -0,0 +1,69 @@
+- name: ensure wsconsctl config file exists
+ file:
+ path: /etc/wsconsctl.conf
+ state: touch
+
+- name: append configuration to wsconsctl
+ lineinfile:
+ path: /etc/wsconsctl.conf
+ regexp: "^{{ item[0] }}"
+ line: "{{ item[0] }}={{ item[1] }}"
+ create: true
+ owner: 0
+ group: 0
+ mode: 0644
+ loop:
+ - [screen.brightness, 80]
+ - [keyboard.repeat.del1, 180]
+ - [keyboard.repeat.deln, 50]
+ - [keyboard.bell.volume, 0]
+ - [mouse.tp.tapping, 1]
+
+- name: ensure Xorg subdirectory for configuration exists
+ file:
+ path: /etc/X11/xorg.conf.d
+ owner: 0
+ group: 0
+ mode: 0644
+ state: directory
+
+- name: generate system wide configurations
+ template:
+ src: "{{ item[0] }}"
+ dest: "{{ item[1] }}"
+ mode: preserve
+ loop:
+ - [xorg-intel.conf, /etc/X11/xorg.conf.d]
+ - [apm-hibernate, /etc/apm/hibernate]
+ - [apm-suspend, /etc/apm/suspend]
+ - [apm-resume, /etc/apm/resume]
+
+- name: ensure sysctl configuration file exists
+ file:
+ path: /etc/sysctl.conf
+ owner: root
+ mode: 0644
+
+- name: ensure sysctl memory optimizations
+ blockinfile:
+ path: /etc/sysctl.conf
+ block: |
+ kern.shminfo.shmall=3145728
+ kern.shminfo.shmmax=1073741823
+ kern.shminfo.shmmni=1024
+ kern.shminfo.shmseg=1024
+ kern.seminfo.semmns=4096
+ kern.seminfo.semmni=1024
+ marker: "# memory {mark} - managed by Ansible"
+
+- name: ensure sysctl process optimizations
+ blockinfile:
+ path: /etc/sysctl.conf
+ block: |
+ kern.maxfiles=102400
+ kern.maxproc=32768
+ kern.maxfiles=65535
+ kern.bufcachepercent=90
+ kern.maxvnodes=262144
+ kern.somaxconn=2048
+ marker: "# process - {mark} managed by Ansible"
diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
index e7c08b9..85f2db3 100644
--- a/roles/workstation/tasks/main.yml
+++ b/roles/workstation/tasks/main.yml
@@ -3,7 +3,6 @@
msg: playbook must be run as root
when: ansible_user_id != "root"
-
- name: include packages
include_tasks: pkgs.yml
tags: pkgs
diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml
index c8c5ffd..2d36f2b 100644
--- a/roles/workstation/tasks/sysconf.yml
+++ b/roles/workstation/tasks/sysconf.yml
@@ -8,7 +8,7 @@
regexp: "^permit persist keepenv {{ ws_user }} as root"
line: "permit persist keepenv {{ ws_user }} as root"
create: true
- mode: "0644"
+ mode: 0644
owner: 0
group: 0
@@ -18,10 +18,11 @@
regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}"
line: "permit nopass {{ ws_user }} as root cmd {{ item }}"
loop:
- - zzz
- ZZZ
+ - mount
- reboot
- shutdown
+ - zzz
- name: start and enable pcscd service
service:
diff --git a/roles/workstation/templates/_openbsd/apm-hibernate b/roles/workstation/templates/_openbsd/apm-hibernate
new file mode 100755
index 0000000..ef90fed
--- /dev/null
+++ b/roles/workstation/templates/_openbsd/apm-hibernate
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -x -e
+
+pkill -USR1 xidle
diff --git a/roles/workstation/templates/_openbsd/apm-resume b/roles/workstation/templates/_openbsd/apm-resume
new file mode 100755
index 0000000..18397b4
--- /dev/null
+++ b/roles/workstation/templates/_openbsd/apm-resume
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -x -e
+
+sleep 3
+
+sh /etc/netstart iwn0
+
+wg_interfaces=$(find /etc/wireguard -type f | sed 's/\.conf$//g')
+for wg_interface in ${wg_interfaces}; do
+ wg_interface=$(basename "${wg_interface}")
+ wg-quick down "${wg_interface}"
+ wg-quick up "${wg_interface}"
+done
+
+rcctl -d restart pcscd
diff --git a/roles/workstation/templates/_openbsd/apm-suspend b/roles/workstation/templates/_openbsd/apm-suspend
new file mode 100755
index 0000000..ef90fed
--- /dev/null
+++ b/roles/workstation/templates/_openbsd/apm-suspend
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -x -e
+
+pkill -USR1 xidle
diff --git a/roles/workstation/templates/_openbsd/xorg-intel.conf b/roles/workstation/templates/_openbsd/xorg-intel.conf
new file mode 100644
index 0000000..5d73c65
--- /dev/null
+++ b/roles/workstation/templates/_openbsd/xorg-intel.conf
@@ -0,0 +1,9 @@
+
+# disable tearscreen for Xenocara on OpenBSD
+# managed by Ansible
+
+Section "Device"
+ Identifier "drm"
+ Driver "intel"
+ Option "TearFree" "true"
+EndSection
remember that computers suck.