From 5acdc00aaf6c65c1353cc02a59f33e0d6ba9a281 Mon Sep 17 00:00:00 2001 From: binary Date: Sat, 27 Feb 2021 10:30:33 +0100 Subject: Break workstation role in sub-roles --- roles/_workstation/packages/tasks/main.yml | 49 +++++++++++ roles/_workstation/packages/vars/main.yml | 80 +++++++++++++++++ roles/_workstation/sysconf/tasks/_archlinux.yml | 13 +++ roles/_workstation/sysconf/tasks/_openbsd.yml | 71 ++++++++++++++++ roles/_workstation/sysconf/tasks/main.yml | 54 ++++++++++++ .../templates/etc-X11-xorg.conf.d-intel.conf | 9 ++ .../sysconf/templates/etc-apm-hibernate | 1 + .../_workstation/sysconf/templates/etc-apm-suspend | 3 + roles/workstation/tasks/_archlinux.yml | 49 ----------- roles/workstation/tasks/_openbsd.yml | 99 ---------------------- roles/workstation/tasks/main.yml | 48 ----------- .../templates/etc-X11-xorg.conf.d-intel.conf | 9 -- roles/workstation/templates/etc-apm-hibernate | 1 - roles/workstation/templates/etc-apm-suspend | 3 - roles/workstation/vars/main.yml | 80 ----------------- 15 files changed, 280 insertions(+), 289 deletions(-) create mode 100644 roles/_workstation/packages/tasks/main.yml create mode 100644 roles/_workstation/packages/vars/main.yml create mode 100644 roles/_workstation/sysconf/tasks/_archlinux.yml create mode 100644 roles/_workstation/sysconf/tasks/_openbsd.yml create mode 100644 roles/_workstation/sysconf/tasks/main.yml create mode 100644 roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf create mode 120000 roles/_workstation/sysconf/templates/etc-apm-hibernate create mode 100755 roles/_workstation/sysconf/templates/etc-apm-suspend delete mode 100644 roles/workstation/tasks/_archlinux.yml delete mode 100644 roles/workstation/tasks/_openbsd.yml delete mode 100644 roles/workstation/tasks/main.yml delete mode 100644 roles/workstation/templates/etc-X11-xorg.conf.d-intel.conf delete mode 120000 roles/workstation/templates/etc-apm-hibernate delete mode 100755 roles/workstation/templates/etc-apm-suspend delete mode 100644 roles/workstation/vars/main.yml (limited to 'roles') diff --git a/roles/_workstation/packages/tasks/main.yml b/roles/_workstation/packages/tasks/main.yml new file mode 100644 index 0000000..798eafa --- /dev/null +++ b/roles/_workstation/packages/tasks/main.yml @@ -0,0 +1,49 @@ + +# workstation ~~ roles/_workstation/packages/tasks/main.yml +# install packages for all distributions + +--- + +- name: install packages for Archlinux + shell: | + pacman --noconfirm --needed -Sy {{ item | join(" ") }} + loop: + - "{{ pkgs_common }}" + - "{{ pkgs_archlinux }}" + no_log: true + register: out + ignore_errors: true + when: ansible_distribution == "Archlinux" + +- name: install packages for OpenBSD + shell: pkg_add -z {{ item | join(" ") }} + loop: + - "{{ pkgs_common }}" + - "{{ pkgs_openbsd }}" + no_log: true + register: out + ignore_errors: true + when: ansible_distribution == "OpenBSD" + +- name: packages installation output + debug: + msg: | + {% for item in out.results %} + - {{ item.cmd }} + {% for type in ["stdout_lines", "stderr_lines"] if item[type] %} + -- {{ type }} + {% for line in item[type] %} + --- {{ line }} + {% endfor %} + {% endfor %} + {% endfor %} + when: out is defined + +- name: show installation informations + debug: + msg: | + {% if out is defined %} + Installed all packages for system : {{ ansible_distribution }} + {% else %} + No installation methode for system : {{ ansible_distribution }}. Please patch and commit. + {% endif %} diff --git a/roles/_workstation/packages/vars/main.yml b/roles/_workstation/packages/vars/main.yml new file mode 100644 index 0000000..a94de67 --- /dev/null +++ b/roles/_workstation/packages/vars/main.yml @@ -0,0 +1,80 @@ + +# roles/_workstation/packages/vars/main.yml +# + +--- + +pkgs_common: + # desktop (backup over dwm) + - bemenu + - i3status + # editor + - neovim + # files + - curl + - git + - syncthing + - tar + - unzip + - wget + - zip + # lang + - ansible + - go + - rust + # multimedia + - cmus + - feh + - firefox + - mpv + - qutebrowser + - vlc + - weechat + # tools + - gnupg + - htop + - ipmitool + - tor + - zsh + +pkgs_archlinux: + # desktop + - i3-wm + # editor + - emacs + # sys + - opendoas + # python + - python-jedi + - python-neovim + - python-pip + - python-requests + # net + - wireguard-dkms + +pkgs_openbsd: + # desktop + - i3 + # devel + - automake--%1.16 + - clang-tools-extra + - cmake + - gmake + - free + # editor + - emacs--no_x11%emacs + # net + - tor-browser + - torsocks + - wireguard-tools + # multimedia + - weechat-lua + - weechat-python + # python + - py3-jedi + - py3-neovim + - py3-pip + - py3-requests + # security + - pcsc-lite + - pcsc-tools diff --git a/roles/_workstation/sysconf/tasks/_archlinux.yml b/roles/_workstation/sysconf/tasks/_archlinux.yml new file mode 100644 index 0000000..07dbe41 --- /dev/null +++ b/roles/_workstation/sysconf/tasks/_archlinux.yml @@ -0,0 +1,13 @@ + +# workstation ~~ roles/_workstation/sysconf/tasks/_archlinux.yml +# init archlinux based workstation + +--- + +- name: ensure Xorg subdirectory for configuration exists + file: + path: /etc/X11/xorg.conf.d + owner: root + mode: 0644 + state: directory + diff --git a/roles/_workstation/sysconf/tasks/_openbsd.yml b/roles/_workstation/sysconf/tasks/_openbsd.yml new file mode 100644 index 0000000..504e751 --- /dev/null +++ b/roles/_workstation/sysconf/tasks/_openbsd.yml @@ -0,0 +1,71 @@ + +# workstation ~~ roles/workstation/tasks/main.yml +# init openbsd based workstation + +--- + +- name: ensure wsconsctl config file exists + file: + path: /etc/wsconsctl.conf + owner: root + group: wheel + mode: 0644 + state: touch + +- name: append configuration to wsconsctl + lineinfile: + path: /etc/wsconsctl.conf + regexp: "^{{ item[0] }}" + line: "{{ item[0] }}={{ item[1] }}" + loop: + - [screen.brightness, 80] + - [keyboard.repeat.del1, 180] + - [keyboard.repeat.deln, 50] + - [keyboard.bell.volume, 0] + - [mouse.tp.tapping, 1] + +- name: ensure Xorg subdirectory for configuration exists + file: + path: /etc/X11/xorg.conf.d + owner: root + mode: 0644 + state: directory + +- name: generate system wide configurations + template: + src: "{{ item }}" + dest: "/{{ item | regex_replace('-', '/') }}" + loop: + - etc-X11-xorg.conf.d-intel.conf + - etc-apm-hibernate + - etc-apm-suspend + +- name: ensure sysctl configuration file exists + file: + path: /etc/sysctl.conf + owner: root + mode: 0644 + +- name: ensure sysctl memory optimizations + blockinfile: + path: /etc/sysctl.conf + block: | + kern.shminfo.shmall=3145728 + kern.shminfo.shmmax=1073741823 + kern.shminfo.shmmni=1024 + kern.shminfo.shmseg=1024 + kern.seminfo.semmns=4096 + kern.seminfo.semmni=1024 + marker: "# memory {mark} - managed by Ansible" + +- name: ensure sysctl process optimizations + blockinfile: + path: /etc/sysctl.conf + block: | + kern.maxfiles=102400 + kern.maxproc=32768 + kern.maxfiles=65535 + kern.bufcachepercent=90 + kern.maxvnodes=262144 + kern.somaxconn=2048 + marker: "# process - {mark} managed by Ansible" diff --git a/roles/_workstation/sysconf/tasks/main.yml b/roles/_workstation/sysconf/tasks/main.yml new file mode 100644 index 0000000..2a6f4a4 --- /dev/null +++ b/roles/_workstation/sysconf/tasks/main.yml @@ -0,0 +1,54 @@ + +# workstation ~~ roles/workstation/tasks/main.yml +# init workstation + +--- + +- name: retrieve BECOME method + stat: path=/usr/bin/doas + register: ws_become + +- name: retrieve original user + shell: logname + register: ws_user + +- name: retrieve host facts + set_fact: + ansible_become_method: "{{ 'doas' if ws_become.stat.exists else 'sudo' }}" + ansible_become_user: root + ws_user: "{{ ws_user.stdout }}" + +- name: include distribution specific task + include_tasks: "_{{ ansible_distribution | lower }}.yml" + ignore_errors: true + +- name: generate doas configuration + lineinfile: + path: /etc/doas.conf + regexp: "^permit persist keepenv {{ ws_user }} as root" + line: "permit persist keepenv {{ ws_user }} as root" + owner: root + mode: 0644 + create: true + +- name: start and enable pcscd service + service: + name: pcscd + state: started + enabled: true + +- name: check sudo binary path + shell: which sudo + register: sudo + ignore_errors: true + +- name: uninstall sudo binary + package: + name: sudo + state: absent + when: sudo.rc == 0 + register: sudo + ignore_errors: true + +- name: setup dotfiles from upstream and user script + meta: end_host diff --git a/roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf b/roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf new file mode 100644 index 0000000..5d73c65 --- /dev/null +++ b/roles/_workstation/sysconf/templates/etc-X11-xorg.conf.d-intel.conf @@ -0,0 +1,9 @@ + +# disable tearscreen for Xenocara on OpenBSD +# managed by Ansible + +Section "Device" + Identifier "drm" + Driver "intel" + Option "TearFree" "true" +EndSection diff --git a/roles/_workstation/sysconf/templates/etc-apm-hibernate b/roles/_workstation/sysconf/templates/etc-apm-hibernate new file mode 120000 index 0000000..a07e961 --- /dev/null +++ b/roles/_workstation/sysconf/templates/etc-apm-hibernate @@ -0,0 +1 @@ +etc-apm-suspend \ No newline at end of file diff --git a/roles/_workstation/sysconf/templates/etc-apm-suspend b/roles/_workstation/sysconf/templates/etc-apm-suspend new file mode 100755 index 0000000..9d36537 --- /dev/null +++ b/roles/_workstation/sysconf/templates/etc-apm-suspend @@ -0,0 +1,3 @@ +#!/bin/sh + +pkill -USR1 xidle diff --git a/roles/workstation/tasks/_archlinux.yml b/roles/workstation/tasks/_archlinux.yml deleted file mode 100644 index 06110df..0000000 --- a/roles/workstation/tasks/_archlinux.yml +++ /dev/null @@ -1,49 +0,0 @@ - -# workstation ~~ roles/workstation/tasks/_archlinux.yml -# init archlinux based workstation - ---- - -- name: refresh packages list - shell: pacman -Sy - tags: pkgs - -- name: install packages - shell: | - pacman --noconfirm --needed -S {{ item | join(" ") }} - loop: - - "{{ pkgs_common }}" - - "{{ pkgs_archlinux }}" - register: out - tags: pkgs - -- name: packages installation output - debug: - msg: | - {% for item in out.results %} - - {{ item.cmd }} - {% for type in ["stdout_lines", "stderr_lines"] if item[type] %} - -- {{ type }} - {% for line in item[type] %} - --- {{ line }} - {% endfor %} - {% endfor %} - {% endfor %} - when: out is defined - -- name: check doas installation - stat: path=/usr/bin/doas - register: doas - -- name: ensure Xorg subdirectory for configuration exists - file: - path: /etc/X11/xorg.conf.d - owner: root - mode: 0644 - state: directory - -- name: start and enable pcscd service - service: - name: pcscd - state: started - enabled: true diff --git a/roles/workstation/tasks/_openbsd.yml b/roles/workstation/tasks/_openbsd.yml deleted file mode 100644 index 0811ba2..0000000 --- a/roles/workstation/tasks/_openbsd.yml +++ /dev/null @@ -1,99 +0,0 @@ - -# workstation ~~ roles/workstation/tasks/main.yml -# init openbsd based workstation - ---- - -- name: install packages - shell: pkg_add -z {{ item | join(" ") }} - loop: - - "{{ pkgs_common }}" - - "{{ pkgs_openbsd }}" - register: out - tags: pkgs - -- name: packages installation output - debug: - msg: | - {% for item in out.results %} - - {{ item.cmd }} - {% for type in ["stdout_lines", "stderr_lines"] if item[type] %} - -- {{ type }} - {% for line in item[type] %} - --- {{ line }} - {% endfor %} - {% endfor %} - {% endfor %} - when: out is defined - -- name: ensure wsconsctl config file exists - file: - path: /etc/wsconsctl.conf - owner: root - group: wheel - mode: 0644 - state: touch - -- name: append configuration to wsconsctl - lineinfile: - path: /etc/wsconsctl.conf - regexp: "^{{ item[0] }}" - line: "{{ item[0] }}={{ item[1] }}" - loop: - - [screen.brightness, 80] - - [keyboard.repeat.del1, 180] - - [keyboard.repeat.deln, 50] - - [keyboard.bell.volume, 0] - - [mouse.tp.tapping, 1] - -- name: ensure Xorg subdirectory for configuration exists - file: - path: /etc/X11/xorg.conf.d - owner: root - mode: 0644 - state: directory - -- name: generate system wide configurations - template: - src: "{{ item }}" - dest: "/{{ item | regex_replace('-', '/') }}" - loop: - - etc-X11-xorg.conf.d-intel.conf - - etc-apm-hibernate - - etc-apm-suspend - -- name: ensure sysctl configuration file exists - file: - path: /etc/sysctl.conf - owner: root - mode: 0644 - -- name: ensure sysctl memory optimizations - blockinfile: - path: /etc/sysctl.conf - block: | - kern.shminfo.shmall=3145728 - kern.shminfo.shmmax=1073741823 - kern.shminfo.shmmni=1024 - kern.shminfo.shmseg=1024 - kern.seminfo.semmns=4096 - kern.seminfo.semmni=1024 - marker: "# memory {mark} - managed by Ansible" - -- name: ensure sysctl process optimizations - blockinfile: - path: /etc/sysctl.conf - block: | - kern.maxfiles=102400 - kern.maxproc=32768 - kern.maxfiles=65535 - kern.bufcachepercent=90 - kern.maxvnodes=262144 - kern.somaxconn=2048 - marker: "# process - {mark} managed by Ansible" - -- name: start and enable pcscd service - service: - name: pcscd - state: started - enabled: true diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml deleted file mode 100644 index 6b8d28f..0000000 --- a/roles/workstation/tasks/main.yml +++ /dev/null @@ -1,48 +0,0 @@ - -# workstation ~~ roles/workstation/tasks/main.yml -# init workstation - ---- - -- name: retrieve BECOME method - stat: path=/usr/bin/doas - register: ws_become - -- name: retrieve original user - shell: logname - register: ws_user - -- name: retrieve host facts - set_fact: - ansible_become_method: "{{ 'doas' if ws_become.stat.exists else 'sudo' }}" - ansible_become_user: root - ws_user: "{{ ws_user.stdout }}" - -- name: include distribution specific task - include_tasks: "_{{ ansible_distribution | lower }}.yml" - ignore_errors: true - -- name: generate doas configuration - lineinfile: - path: /etc/doas.conf - regexp: "^permit persist keepenv {{ ws_user }} as root" - line: "permit persist keepenv {{ ws_user }} as root" - owner: root - mode: 0644 - create: true - -- name: check sudo binary path - shell: which sudo - register: sudo - ignore_errors: true - -- name: uninstall sudo binary - package: - name: sudo - state: absent - when: sudo.rc == 0 - register: sudo - ignore_errors: true - -- name: setup dotfiles from upstream and user script - meta: end_host diff --git a/roles/workstation/templates/etc-X11-xorg.conf.d-intel.conf b/roles/workstation/templates/etc-X11-xorg.conf.d-intel.conf deleted file mode 100644 index 5d73c65..0000000 --- a/roles/workstation/templates/etc-X11-xorg.conf.d-intel.conf +++ /dev/null @@ -1,9 +0,0 @@ - -# disable tearscreen for Xenocara on OpenBSD -# managed by Ansible - -Section "Device" - Identifier "drm" - Driver "intel" - Option "TearFree" "true" -EndSection diff --git a/roles/workstation/templates/etc-apm-hibernate b/roles/workstation/templates/etc-apm-hibernate deleted file mode 120000 index a07e961..0000000 --- a/roles/workstation/templates/etc-apm-hibernate +++ /dev/null @@ -1 +0,0 @@ -etc-apm-suspend \ No newline at end of file diff --git a/roles/workstation/templates/etc-apm-suspend b/roles/workstation/templates/etc-apm-suspend deleted file mode 100755 index 9d36537..0000000 --- a/roles/workstation/templates/etc-apm-suspend +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -pkill -USR1 xidle diff --git a/roles/workstation/vars/main.yml b/roles/workstation/vars/main.yml deleted file mode 100644 index 5a7329c..0000000 --- a/roles/workstation/vars/main.yml +++ /dev/null @@ -1,80 +0,0 @@ - -# roles/workstation/vars/main.yml -# - ---- - -pkgs_common: - # desktop (backup over dwm) - - bemenu - - i3status - # editor - - neovim - # files - - curl - - git - - syncthing - - tar - - unzip - - wget - - zip - # lang - - ansible - - go - - rust - # multimedia - - cmus - - feh - - firefox - - mpv - - qutebrowser - - vlc - - weechat - # tools - - gnupg - - htop - - ipmitool - - tor - - zsh - -pkgs_archlinux: - # desktop - - i3-wm - # editor - - emacs - # sys - - opendoas - # python - - python-jedi - - python-neovim - - python-pip - - python-requests - # net - - wireguard-dkms - -pkgs_openbsd: - # desktop - - i3 - # devel - - automake--%1.16 - - clang-tools-extra - - cmake - - gmake - - free - # editor - - emacs--no_x11%emacs - # net - - tor-browser - - torsocks - - wireguard-tools - # multimedia - - weechat-lua - - weechat-python - # python - - py3-jedi - - py3-neovim - - py3-pip - - py3-requests - # security - - pcsc-lite - - pcsc-tools -- cgit v1.2.3