From 35d536c4f1f02c0ddabaf7ffa9498d05db2823f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Mon, 16 Aug 2021 14:58:34 +0200 Subject: roles/workstation: Monolithic role for workstation --- roles/workstation/tasks/_archlinux.yml | 10 ++++++++ roles/workstation/tasks/main.yml | 13 ++++++++++ roles/workstation/tasks/pkgs.yml | 7 ++++++ roles/workstation/tasks/sysconf.yml | 43 ++++++++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+) create mode 100644 roles/workstation/tasks/_archlinux.yml create mode 100644 roles/workstation/tasks/main.yml create mode 100644 roles/workstation/tasks/pkgs.yml create mode 100644 roles/workstation/tasks/sysconf.yml (limited to 'roles/workstation/tasks') diff --git a/roles/workstation/tasks/_archlinux.yml b/roles/workstation/tasks/_archlinux.yml new file mode 100644 index 0000000..329372c --- /dev/null +++ b/roles/workstation/tasks/_archlinux.yml @@ -0,0 +1,10 @@ +- name: append current user to system groups + user: + name: "{{ ws_user }}" + groups: "{{ item }}" + append: true + loop: + - docker + - wheel + - video + - audio diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml new file mode 100644 index 0000000..e7c08b9 --- /dev/null +++ b/roles/workstation/tasks/main.yml @@ -0,0 +1,13 @@ +- name: verify running as root + fail: + msg: playbook must be run as root + when: ansible_user_id != "root" + + +- name: include packages + include_tasks: pkgs.yml + tags: pkgs + +- name: include sysconf + include_tasks: sysconf.yml + tags: sysconf diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml new file mode 100644 index 0000000..8c2354e --- /dev/null +++ b/roles/workstation/tasks/pkgs.yml @@ -0,0 +1,7 @@ +- name: install distribution packages + package: + name: "{{ item }}" + state: present + loop: + - "{{ ws_pkgs['common'] }}" + - "{{ ws_pkgs[ansible_distribution | lower] }}" diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml new file mode 100644 index 0000000..c8c5ffd --- /dev/null +++ b/roles/workstation/tasks/sysconf.yml @@ -0,0 +1,43 @@ +- name: include operating system sensible task + include_tasks: "_{{ ansible_distribution | lower }}.yml" + tags: sysconf + +- name: generate doas configuration + lineinfile: + path: /etc/doas.conf + regexp: "^permit persist keepenv {{ ws_user }} as root" + line: "permit persist keepenv {{ ws_user }} as root" + create: true + mode: "0644" + owner: 0 + group: 0 + +- name: allow reboot/shutdown/hibernate with doas + lineinfile: + path: /etc/doas.conf + regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}" + line: "permit nopass {{ ws_user }} as root cmd {{ item }}" + loop: + - zzz + - ZZZ + - reboot + - shutdown + +- name: start and enable pcscd service + service: + name: pcscd + state: started + enabled: true + +- name: check sudo binary path + shell: which sudo + register: result + failed_when: false + +- name: uninstall sudo binary + package: + name: sudo + state: absent + when: result.rc == 0 + register: sudo + ignore_errors: true -- cgit v1.2.3