From 35d536c4f1f02c0ddabaf7ffa9498d05db2823f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Mon, 16 Aug 2021 14:58:34 +0200
Subject: roles/workstation: Monolithic role for workstation
---
playbooks/workstation.yml | 18 +----------
roles/_workstation/env/tasks/main.yml | 6 ----
roles/_workstation/packages/defaults/main.yml | 43 ++++++++-------------------
roles/workstation/defaults/main.yml | 35 ++++++++++++++++++++++
roles/workstation/tasks/_archlinux.yml | 10 +++++++
roles/workstation/tasks/main.yml | 13 ++++++++
roles/workstation/tasks/pkgs.yml | 7 +++++
roles/workstation/tasks/sysconf.yml | 43 +++++++++++++++++++++++++++
8 files changed, 122 insertions(+), 53 deletions(-)
create mode 100644 roles/workstation/defaults/main.yml
create mode 100644 roles/workstation/tasks/_archlinux.yml
create mode 100644 roles/workstation/tasks/main.yml
create mode 100644 roles/workstation/tasks/pkgs.yml
create mode 100644 roles/workstation/tasks/sysconf.yml
diff --git a/playbooks/workstation.yml b/playbooks/workstation.yml
index 1b1acc3..7dd6b94 100644
--- a/playbooks/workstation.yml
+++ b/playbooks/workstation.yml
@@ -1,19 +1,3 @@
-
-# workstation ~~ playbooks/workstation.yml
-# wokrstation initialization
-
----
-
- hosts: localhost
roles:
- - role: _workstation/env
- tags: env, always
-
- - role: _workstation/sshdns
- tags: sshdns
-
- - role: _workstation/packages
- tags: packages
-
- - role: _workstation/sysconf
- tags: sysconf
+ - role: workstation
diff --git a/roles/_workstation/env/tasks/main.yml b/roles/_workstation/env/tasks/main.yml
index ff9acd2..7575922 100644
--- a/roles/_workstation/env/tasks/main.yml
+++ b/roles/_workstation/env/tasks/main.yml
@@ -1,9 +1,3 @@
-
-# _workstation/env ~~ roles/_workstation/env/tasks/main.yml
-# useful env. variables for workstation
-
----
-
- name: retrieve BECOME method
stat: path=/usr/bin/doas
register: _workstation_env_become
diff --git a/roles/_workstation/packages/defaults/main.yml b/roles/_workstation/packages/defaults/main.yml
index e855d74..8a55d1b 100644
--- a/roles/_workstation/packages/defaults/main.yml
+++ b/roles/_workstation/packages/defaults/main.yml
@@ -6,35 +6,38 @@
pkgs:
common:
- # desktop (backup over dwm)
+ # desktop
- bemenu
- i3status
- dmenu
+
# editor
- neovim
+
# files
- curl
- git
- - lowdown
- syncthing
- tar
- unzip
- wget
- zip
+
# lang
- ansible
- go
- rust
+
# multimedia
- cmus
- feh
- - firefox
- mpv
- syncthing
- - qutebrowser
+ - qutebrowser
- rtorrent
- vlc
- weechat
+
# tools
- gnupg
- gopass
@@ -57,8 +60,7 @@ pkgs:
archlinux:
# desktop
- i3-wm
- # editor
- # sys
+
# python
- python-jedi
- python-neovim
@@ -68,48 +70,29 @@ pkgs:
openbsd:
# desktop
- i3
+
# devel
- automake--%1.16
- clang-tools-extra
- cmake
- gmake
- free
- # editor
- - emacs--no_x11%emacs
+
# net
- tor-browser
- torsocks
- wireguard-tools
+
# multimedia
- weechat-lua
- weechat-python
+
# python
- py3-jedi
- py3-neovim
- py3-pip
- py3-requests
+
# security
- pcsc-lite
- pcsc-tools
-
- void:
- - alsa-plugins-pulseaudio
- - base-devel
- - gnupg2
- - gnupg2-scdaemon
- - seatd
- - pcsclite
- - pcsc-ccid
- - python3-jedi
- - python3-neovim
- - python3-pip
- - python3-requests
- - terminus-font
- # x11
- - xorg-server-devel
- - libX11-devel
- - libXft-devel
- - libXinerama-devel
- # wayland
- - wlroots-devel
- - libinput-devel
diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml
new file mode 100644
index 0000000..7973c1d
--- /dev/null
+++ b/roles/workstation/defaults/main.yml
@@ -0,0 +1,35 @@
+ws_user: qwd
+ws_pip:
+ -
+ws_pkgs:
+ common:
+ - feh
+ - git
+ - gnupg
+ - htop
+ - ipmitool
+ - mpv
+ - neovim
+ - rtorrent
+ - syncthing
+ - tar
+ - tor
+ - unzip
+ - wget
+ - zip
+ - zsh
+ - dmenu
+
+ archlinux:
+ - acpi
+ - docker
+ - docker-compose
+ - opendoas
+ - pcsc-tools
+ - wireguard-tools
+ - pipewire
+ - pipewire-pulse
+
+ openbsd:
+ - pcsc-lite
+ - pcsc-tools
diff --git a/roles/workstation/tasks/_archlinux.yml b/roles/workstation/tasks/_archlinux.yml
new file mode 100644
index 0000000..329372c
--- /dev/null
+++ b/roles/workstation/tasks/_archlinux.yml
@@ -0,0 +1,10 @@
+- name: append current user to system groups
+ user:
+ name: "{{ ws_user }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - docker
+ - wheel
+ - video
+ - audio
diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
new file mode 100644
index 0000000..e7c08b9
--- /dev/null
+++ b/roles/workstation/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: verify running as root
+ fail:
+ msg: playbook must be run as root
+ when: ansible_user_id != "root"
+
+
+- name: include packages
+ include_tasks: pkgs.yml
+ tags: pkgs
+
+- name: include sysconf
+ include_tasks: sysconf.yml
+ tags: sysconf
diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml
new file mode 100644
index 0000000..8c2354e
--- /dev/null
+++ b/roles/workstation/tasks/pkgs.yml
@@ -0,0 +1,7 @@
+- name: install distribution packages
+ package:
+ name: "{{ item }}"
+ state: present
+ loop:
+ - "{{ ws_pkgs['common'] }}"
+ - "{{ ws_pkgs[ansible_distribution | lower] }}"
diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml
new file mode 100644
index 0000000..c8c5ffd
--- /dev/null
+++ b/roles/workstation/tasks/sysconf.yml
@@ -0,0 +1,43 @@
+- name: include operating system sensible task
+ include_tasks: "_{{ ansible_distribution | lower }}.yml"
+ tags: sysconf
+
+- name: generate doas configuration
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit persist keepenv {{ ws_user }} as root"
+ line: "permit persist keepenv {{ ws_user }} as root"
+ create: true
+ mode: "0644"
+ owner: 0
+ group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}"
+ line: "permit nopass {{ ws_user }} as root cmd {{ item }}"
+ loop:
+ - zzz
+ - ZZZ
+ - reboot
+ - shutdown
+
+- name: start and enable pcscd service
+ service:
+ name: pcscd
+ state: started
+ enabled: true
+
+- name: check sudo binary path
+ shell: which sudo
+ register: result
+ failed_when: false
+
+- name: uninstall sudo binary
+ package:
+ name: sudo
+ state: absent
+ when: result.rc == 0
+ register: sudo
+ ignore_errors: true
--
cgit v1.2.3