diff options
-rw-r--r-- | files/pubkeys/ws-xps01.pub | 2 | ||||
-rw-r--r-- | roles/workstation/defaults/main.yml | 15 | ||||
-rw-r--r-- | roles/workstation/tasks/_openbsd.yml | 69 | ||||
-rw-r--r-- | roles/workstation/tasks/main.yml | 1 | ||||
-rw-r--r-- | roles/workstation/tasks/sysconf.yml | 5 | ||||
-rwxr-xr-x | roles/workstation/templates/_openbsd/apm-hibernate | 5 | ||||
-rwxr-xr-x | roles/workstation/templates/_openbsd/apm-resume | 16 | ||||
-rwxr-xr-x | roles/workstation/templates/_openbsd/apm-suspend | 5 | ||||
-rw-r--r-- | roles/workstation/templates/_openbsd/xorg-intel.conf | 9 |
9 files changed, 118 insertions, 9 deletions
diff --git a/files/pubkeys/ws-xps01.pub b/files/pubkeys/ws-xps01.pub index a52a967..f3e0843 100644 --- a/files/pubkeys/ws-xps01.pub +++ b/files/pubkeys/ws-xps01.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJJB1ANBSbI2DVXZTVC9psQOnuC1HN+xHwoyQIMDhQA qwd@ws-xps01 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5Glu+oWM9TyD/4BSsysMzwTeJi8kO7tGPPIZTaCp8G qwd@ws-xps01 diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml index 3935e13..8beac23 100644 --- a/roles/workstation/defaults/main.yml +++ b/roles/workstation/defaults/main.yml @@ -1,26 +1,28 @@ ws_user: qwd -ws_pip_pkgs: - - + ws_pipx_pkgs: - wal + ws_pkgs: common: + - dmenu - feh + - fzf - git - gnupg - htop - ipmitool - mpv - neovim + - qutebrowser - rtorrent - syncthing - - tar - tor + - tor-browser - unzip - wget - zip - zsh - - dmenu archlinux: - acpi @@ -28,11 +30,14 @@ ws_pkgs: - docker-compose - opendoas - pcsc-tools - - wireguard-tools - pipewire - pipewire-pulse + - tar + - wireguard-tools - xorg-xwayland openbsd: - pcsc-lite - pcsc-tools + - py3-pip + - wireguard-tools diff --git a/roles/workstation/tasks/_openbsd.yml b/roles/workstation/tasks/_openbsd.yml new file mode 100644 index 0000000..e1de610 --- /dev/null +++ b/roles/workstation/tasks/_openbsd.yml @@ -0,0 +1,69 @@ +- name: ensure wsconsctl config file exists + file: + path: /etc/wsconsctl.conf + state: touch + +- name: append configuration to wsconsctl + lineinfile: + path: /etc/wsconsctl.conf + regexp: "^{{ item[0] }}" + line: "{{ item[0] }}={{ item[1] }}" + create: true + owner: 0 + group: 0 + mode: 0644 + loop: + - [screen.brightness, 80] + - [keyboard.repeat.del1, 180] + - [keyboard.repeat.deln, 50] + - [keyboard.bell.volume, 0] + - [mouse.tp.tapping, 1] + +- name: ensure Xorg subdirectory for configuration exists + file: + path: /etc/X11/xorg.conf.d + owner: 0 + group: 0 + mode: 0644 + state: directory + +- name: generate system wide configurations + template: + src: "{{ item[0] }}" + dest: "{{ item[1] }}" + mode: preserve + loop: + - [xorg-intel.conf, /etc/X11/xorg.conf.d] + - [apm-hibernate, /etc/apm/hibernate] + - [apm-suspend, /etc/apm/suspend] + - [apm-resume, /etc/apm/resume] + +- name: ensure sysctl configuration file exists + file: + path: /etc/sysctl.conf + owner: root + mode: 0644 + +- name: ensure sysctl memory optimizations + blockinfile: + path: /etc/sysctl.conf + block: | + kern.shminfo.shmall=3145728 + kern.shminfo.shmmax=1073741823 + kern.shminfo.shmmni=1024 + kern.shminfo.shmseg=1024 + kern.seminfo.semmns=4096 + kern.seminfo.semmni=1024 + marker: "# memory {mark} - managed by Ansible" + +- name: ensure sysctl process optimizations + blockinfile: + path: /etc/sysctl.conf + block: | + kern.maxfiles=102400 + kern.maxproc=32768 + kern.maxfiles=65535 + kern.bufcachepercent=90 + kern.maxvnodes=262144 + kern.somaxconn=2048 + marker: "# process - {mark} managed by Ansible" diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml index e7c08b9..85f2db3 100644 --- a/roles/workstation/tasks/main.yml +++ b/roles/workstation/tasks/main.yml @@ -3,7 +3,6 @@ msg: playbook must be run as root when: ansible_user_id != "root" - - name: include packages include_tasks: pkgs.yml tags: pkgs diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml index c8c5ffd..2d36f2b 100644 --- a/roles/workstation/tasks/sysconf.yml +++ b/roles/workstation/tasks/sysconf.yml @@ -8,7 +8,7 @@ regexp: "^permit persist keepenv {{ ws_user }} as root" line: "permit persist keepenv {{ ws_user }} as root" create: true - mode: "0644" + mode: 0644 owner: 0 group: 0 @@ -18,10 +18,11 @@ regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}" line: "permit nopass {{ ws_user }} as root cmd {{ item }}" loop: - - zzz - ZZZ + - mount - reboot - shutdown + - zzz - name: start and enable pcscd service service: diff --git a/roles/workstation/templates/_openbsd/apm-hibernate b/roles/workstation/templates/_openbsd/apm-hibernate new file mode 100755 index 0000000..ef90fed --- /dev/null +++ b/roles/workstation/templates/_openbsd/apm-hibernate @@ -0,0 +1,5 @@ +#!/bin/sh + +set -x -e + +pkill -USR1 xidle diff --git a/roles/workstation/templates/_openbsd/apm-resume b/roles/workstation/templates/_openbsd/apm-resume new file mode 100755 index 0000000..18397b4 --- /dev/null +++ b/roles/workstation/templates/_openbsd/apm-resume @@ -0,0 +1,16 @@ +#!/bin/sh + +set -x -e + +sleep 3 + +sh /etc/netstart iwn0 + +wg_interfaces=$(find /etc/wireguard -type f | sed 's/\.conf$//g') +for wg_interface in ${wg_interfaces}; do + wg_interface=$(basename "${wg_interface}") + wg-quick down "${wg_interface}" + wg-quick up "${wg_interface}" +done + +rcctl -d restart pcscd diff --git a/roles/workstation/templates/_openbsd/apm-suspend b/roles/workstation/templates/_openbsd/apm-suspend new file mode 100755 index 0000000..ef90fed --- /dev/null +++ b/roles/workstation/templates/_openbsd/apm-suspend @@ -0,0 +1,5 @@ +#!/bin/sh + +set -x -e + +pkill -USR1 xidle diff --git a/roles/workstation/templates/_openbsd/xorg-intel.conf b/roles/workstation/templates/_openbsd/xorg-intel.conf new file mode 100644 index 0000000..5d73c65 --- /dev/null +++ b/roles/workstation/templates/_openbsd/xorg-intel.conf @@ -0,0 +1,9 @@ + +# disable tearscreen for Xenocara on OpenBSD +# managed by Ansible + +Section "Device" + Identifier "drm" + Driver "intel" + Option "TearFree" "true" +EndSection |