From 0b2fc8a4bb8aa868222e8df1f5d454047e3c1df5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Mon, 16 Aug 2021 14:58:34 +0200
Subject: roles/workstation: Monolithic role for workstation
---
roles/workstation/defaults/main.yml | 35 +++++++++++++++++++++++++++
roles/workstation/tasks/_archlinux.yml | 10 ++++++++
roles/workstation/tasks/main.yml | 13 ++++++++++
roles/workstation/tasks/pkgs.yml | 7 ++++++
roles/workstation/tasks/sysconf.yml | 43 ++++++++++++++++++++++++++++++++++
5 files changed, 108 insertions(+)
create mode 100644 roles/workstation/defaults/main.yml
create mode 100644 roles/workstation/tasks/_archlinux.yml
create mode 100644 roles/workstation/tasks/main.yml
create mode 100644 roles/workstation/tasks/pkgs.yml
create mode 100644 roles/workstation/tasks/sysconf.yml
(limited to 'roles/workstation')
diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml
new file mode 100644
index 0000000..7973c1d
--- /dev/null
+++ b/roles/workstation/defaults/main.yml
@@ -0,0 +1,35 @@
+ws_user: qwd
+ws_pip:
+ -
+ws_pkgs:
+ common:
+ - feh
+ - git
+ - gnupg
+ - htop
+ - ipmitool
+ - mpv
+ - neovim
+ - rtorrent
+ - syncthing
+ - tar
+ - tor
+ - unzip
+ - wget
+ - zip
+ - zsh
+ - dmenu
+
+ archlinux:
+ - acpi
+ - docker
+ - docker-compose
+ - opendoas
+ - pcsc-tools
+ - wireguard-tools
+ - pipewire
+ - pipewire-pulse
+
+ openbsd:
+ - pcsc-lite
+ - pcsc-tools
diff --git a/roles/workstation/tasks/_archlinux.yml b/roles/workstation/tasks/_archlinux.yml
new file mode 100644
index 0000000..329372c
--- /dev/null
+++ b/roles/workstation/tasks/_archlinux.yml
@@ -0,0 +1,10 @@
+- name: append current user to system groups
+ user:
+ name: "{{ ws_user }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - docker
+ - wheel
+ - video
+ - audio
diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
new file mode 100644
index 0000000..e7c08b9
--- /dev/null
+++ b/roles/workstation/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: verify running as root
+ fail:
+ msg: playbook must be run as root
+ when: ansible_user_id != "root"
+
+
+- name: include packages
+ include_tasks: pkgs.yml
+ tags: pkgs
+
+- name: include sysconf
+ include_tasks: sysconf.yml
+ tags: sysconf
diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml
new file mode 100644
index 0000000..8c2354e
--- /dev/null
+++ b/roles/workstation/tasks/pkgs.yml
@@ -0,0 +1,7 @@
+- name: install distribution packages
+ package:
+ name: "{{ item }}"
+ state: present
+ loop:
+ - "{{ ws_pkgs['common'] }}"
+ - "{{ ws_pkgs[ansible_distribution | lower] }}"
diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml
new file mode 100644
index 0000000..c8c5ffd
--- /dev/null
+++ b/roles/workstation/tasks/sysconf.yml
@@ -0,0 +1,43 @@
+- name: include operating system sensible task
+ include_tasks: "_{{ ansible_distribution | lower }}.yml"
+ tags: sysconf
+
+- name: generate doas configuration
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit persist keepenv {{ ws_user }} as root"
+ line: "permit persist keepenv {{ ws_user }} as root"
+ create: true
+ mode: "0644"
+ owner: 0
+ group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}"
+ line: "permit nopass {{ ws_user }} as root cmd {{ item }}"
+ loop:
+ - zzz
+ - ZZZ
+ - reboot
+ - shutdown
+
+- name: start and enable pcscd service
+ service:
+ name: pcscd
+ state: started
+ enabled: true
+
+- name: check sudo binary path
+ shell: which sudo
+ register: result
+ failed_when: false
+
+- name: uninstall sudo binary
+ package:
+ name: sudo
+ state: absent
+ when: result.rc == 0
+ register: sudo
+ ignore_errors: true
--
cgit v1.2.3