aboutsummaryrefslogtreecommitdiffstats
path: root/roles/_workstation/sysconf/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/_workstation/sysconf/tasks')
-rw-r--r--roles/_workstation/sysconf/tasks/_archlinux.yml13
-rw-r--r--roles/_workstation/sysconf/tasks/_openbsd.yml71
-rw-r--r--roles/_workstation/sysconf/tasks/main.yml54
3 files changed, 138 insertions, 0 deletions
diff --git a/roles/_workstation/sysconf/tasks/_archlinux.yml b/roles/_workstation/sysconf/tasks/_archlinux.yml
new file mode 100644
index 0000000..07dbe41
--- /dev/null
+++ b/roles/_workstation/sysconf/tasks/_archlinux.yml
@@ -0,0 +1,13 @@
+
+# workstation ~~ roles/_workstation/sysconf/tasks/_archlinux.yml
+# init archlinux based workstation
+
+---
+
+- name: ensure Xorg subdirectory for configuration exists
+ file:
+ path: /etc/X11/xorg.conf.d
+ owner: root
+ mode: 0644
+ state: directory
+
diff --git a/roles/_workstation/sysconf/tasks/_openbsd.yml b/roles/_workstation/sysconf/tasks/_openbsd.yml
new file mode 100644
index 0000000..504e751
--- /dev/null
+++ b/roles/_workstation/sysconf/tasks/_openbsd.yml
@@ -0,0 +1,71 @@
+
+# workstation ~~ roles/workstation/tasks/main.yml
+# init openbsd based workstation
+
+---
+
+- name: ensure wsconsctl config file exists
+ file:
+ path: /etc/wsconsctl.conf
+ owner: root
+ group: wheel
+ mode: 0644
+ state: touch
+
+- name: append configuration to wsconsctl
+ lineinfile:
+ path: /etc/wsconsctl.conf
+ regexp: "^{{ item[0] }}"
+ line: "{{ item[0] }}={{ item[1] }}"
+ loop:
+ - [screen.brightness, 80]
+ - [keyboard.repeat.del1, 180]
+ - [keyboard.repeat.deln, 50]
+ - [keyboard.bell.volume, 0]
+ - [mouse.tp.tapping, 1]
+
+- name: ensure Xorg subdirectory for configuration exists
+ file:
+ path: /etc/X11/xorg.conf.d
+ owner: root
+ mode: 0644
+ state: directory
+
+- name: generate system wide configurations
+ template:
+ src: "{{ item }}"
+ dest: "/{{ item | regex_replace('-', '/') }}"
+ loop:
+ - etc-X11-xorg.conf.d-intel.conf
+ - etc-apm-hibernate
+ - etc-apm-suspend
+
+- name: ensure sysctl configuration file exists
+ file:
+ path: /etc/sysctl.conf
+ owner: root
+ mode: 0644
+
+- name: ensure sysctl memory optimizations
+ blockinfile:
+ path: /etc/sysctl.conf
+ block: |
+ kern.shminfo.shmall=3145728
+ kern.shminfo.shmmax=1073741823
+ kern.shminfo.shmmni=1024
+ kern.shminfo.shmseg=1024
+ kern.seminfo.semmns=4096
+ kern.seminfo.semmni=1024
+ marker: "# memory {mark} - managed by Ansible"
+
+- name: ensure sysctl process optimizations
+ blockinfile:
+ path: /etc/sysctl.conf
+ block: |
+ kern.maxfiles=102400
+ kern.maxproc=32768
+ kern.maxfiles=65535
+ kern.bufcachepercent=90
+ kern.maxvnodes=262144
+ kern.somaxconn=2048
+ marker: "# process - {mark} managed by Ansible"
diff --git a/roles/_workstation/sysconf/tasks/main.yml b/roles/_workstation/sysconf/tasks/main.yml
new file mode 100644
index 0000000..2a6f4a4
--- /dev/null
+++ b/roles/_workstation/sysconf/tasks/main.yml
@@ -0,0 +1,54 @@
+
+# workstation ~~ roles/workstation/tasks/main.yml
+# init workstation
+
+---
+
+- name: retrieve BECOME method
+ stat: path=/usr/bin/doas
+ register: ws_become
+
+- name: retrieve original user
+ shell: logname
+ register: ws_user
+
+- name: retrieve host facts
+ set_fact:
+ ansible_become_method: "{{ 'doas' if ws_become.stat.exists else 'sudo' }}"
+ ansible_become_user: root
+ ws_user: "{{ ws_user.stdout }}"
+
+- name: include distribution specific task
+ include_tasks: "_{{ ansible_distribution | lower }}.yml"
+ ignore_errors: true
+
+- name: generate doas configuration
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit persist keepenv {{ ws_user }} as root"
+ line: "permit persist keepenv {{ ws_user }} as root"
+ owner: root
+ mode: 0644
+ create: true
+
+- name: start and enable pcscd service
+ service:
+ name: pcscd
+ state: started
+ enabled: true
+
+- name: check sudo binary path
+ shell: which sudo
+ register: sudo
+ ignore_errors: true
+
+- name: uninstall sudo binary
+ package:
+ name: sudo
+ state: absent
+ when: sudo.rc == 0
+ register: sudo
+ ignore_errors: true
+
+- name: setup dotfiles from upstream and user script
+ meta: end_host
remember that computers suck.