chore: explode workstation role in subroles

author: Romain Gonçalves <me@rgoncalves.se> 2022-12-10 21:17:16 +0100
committer: Romain Gonçalves <me@rgoncalves.se> 2022-12-12 22:04:27 +0100
commit: 7c1f7039170a25f192d87235476179f7cfe01a85 (patch)
tree: fc8e77b7176fa730b30b20081e76f2527371e9a3
parent: 21fc0867dc42128434e5c46ca684d9a966184b8a (diff)
download: infrastructure-7c1f7039170a25f192d87235476179f7cfe01a85.tar.gz
51 files changed, 350 insertions, 259 deletions
diff --git a/roles/workstation/templates/apm-hibernate b/roles/_workstation/apm/files/hibernate
index ef90fed..c625aee 100755..100644
--- a/roles/workstation/templates/apm-hibernate
+++ b/roles/_workstation/apm/files/hibernate
@@ -1,4 +1,5 @@
 #!/bin/sh
+# Managed by Ansible
 
 set -x -e
 
diff --git a/roles/workstation/templates/apm-resume b/roles/_workstation/apm/files/resume
index 18397b4..686f7e1 100755..100644
--- a/roles/workstation/templates/apm-resume
+++ b/roles/_workstation/apm/files/resume
@@ -1,4 +1,5 @@
 #!/bin/sh
+# Managed by Ansible
 
 set -x -e
 
diff --git a/roles/workstation/templates/apm-suspend b/roles/_workstation/apm/files/suspend
index ef90fed..c625aee 100755..100644
--- a/roles/workstation/templates/apm-suspend
+++ b/roles/_workstation/apm/files/suspend
@@ -1,4 +1,5 @@
 #!/bin/sh
+# Managed by Ansible
 
 set -x -e
 
diff --git a/roles/_workstation/apm/tasks/main.yml b/roles/_workstation/apm/tasks/main.yml
new file mode 100644
index 0000000..72c5d2a
--- /dev/null
+++ b/roles/_workstation/apm/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: create apm configuration directory
+  ansible.builtin.file:
+    path: "{{ apm_configuration_dir }}"
+    state: directory
+    owner: 0
+    group: 0
+    mode: 0755
+
+- name: copy apm configurations
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "{{ apm_configuration_dir }}/{{ item }}"
+    mode: 0755
+    owner: 0
+    group: 0
+  loop:
+    - hibernate
+    - suspend
+    - resume
diff --git a/roles/_workstation/basegroups/defaults/main.yml b/roles/_workstation/basegroups/defaults/main.yml
new file mode 100644
index 0000000..40644c5
--- /dev/null
+++ b/roles/_workstation/basegroups/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+basegroups_workstation_user: null
diff --git a/roles/_workstation/basegroups/tasks/main.yml b/roles/_workstation/basegroups/tasks/main.yml
new file mode 100644
index 0000000..a52899e
--- /dev/null
+++ b/roles/_workstation/basegroups/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+
+- name: append current user to system groups
+  ansible.builtin.user:
+    name: "{{ basegroups_workstation_user }}"
+    groups: "{{ item }}"
+    append: true
+  loop:
+    - wheel
+    - video
+    - audio
diff --git a/roles/workstation/defaults/main.yml b/roles/_workstation/basetools/defaults/main.yml
index 3707288..740a870 100644
--- a/roles/workstation/defaults/main.yml
+++ b/roles/_workstation/basetools/defaults/main.yml
@@ -1,15 +1,7 @@
-workstation_user: qwd
+---
 
-workstation_docker_group: docker
-
-workstation_hosts_file: /etc/hosts
-workstation_hosts_url: http://sbc.io/hosts/alternates/fakenews-gambling-porn/hosts
-
-workstation_yay_repo: https://aur.archlinux.org/yay-bin.git
-workstation_yay_dir: /tmp/yay
-
-workstation_pkgs: []
-workstation_pkgs_common:
+basetools_distribution_packages: []
+basetools_common_packages:
   - ansible
   - ansible-lint
   - calcurse
diff --git a/roles/_workstation/basetools/tasks/main.yml b/roles/_workstation/basetools/tasks/main.yml
new file mode 100644
index 0000000..f53d213
--- /dev/null
+++ b/roles/_workstation/basetools/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: include per-os vars
+  ansible.builtin.include_vars:
+    file: "os_{{ ansible_distribution | lower }}.yml"
+
+- name: install distribution packages
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - "{{ basetools_common_packages }}"
+    - "{{ basetools_distribution_packages }}"
diff --git a/roles/workstation/vars/os_archlinux.yml b/roles/_workstation/basetools/vars/os_archlinux.yml
index 5c19257..e98db93 100644
--- a/roles/workstation/vars/os_archlinux.yml
+++ b/roles/_workstation/basetools/vars/os_archlinux.yml
@@ -1,4 +1,6 @@
-workstation_pkgs:
+---
+
+basetools_distribution_packages:
   - acpi
   - alsa-tools
   - base-devel
@@ -27,7 +29,6 @@ workstation_pkgs:
   - opendoas
   - pamixer
   - pavucontrol
-  - pcsc-tools
   - pdfjs-legacy
   - postgresql
   - pyenv
@@ -53,15 +54,8 @@ workstation_pkgs:
   - vi
   - wireguard-tools
   - wireplumber
-  - xf86-input-synaptics
-  - xorg-apps
-  - xorg-server
-  - xorg-xinit
-  - xorg-xwayland
-  - xsecurelock
   - yadm
   - yarn
   - yt-dlp
-  - yubikey-manager
   - zathura-pdf-mupdf
   - zk
diff --git a/roles/workstation/vars/os_openbsd.yml b/roles/_workstation/basetools/vars/os_openbsd.yml
index da3d206..e8623c5 100644
--- a/roles/workstation/vars/os_openbsd.yml
+++ b/roles/_workstation/basetools/vars/os_openbsd.yml
@@ -1,9 +1,9 @@
-workstation_pkgs:
+---
+
+basetools_distribution_packages:
   - docker-cli
   - gomuks
   - mozilla-firefox
-  - pcsc-lite
-  - pcsc-tools
   - py-httpie
   - py3-neovim
   - py3-netaddr
diff --git a/roles/workstation/tasks/cronie.yml b/roles/_workstation/cronie/tasks/main.yml
index faa1095..faa1095 100644
--- a/roles/workstation/tasks/cronie.yml
+++ b/roles/_workstation/cronie/tasks/main.yml
diff --git a/roles/_workstation/doas/defaults/main.yml b/roles/_workstation/doas/defaults/main.yml
new file mode 100644
index 0000000..9585cd1
--- /dev/null
+++ b/roles/_workstation/doas/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+doas_workstation_user: null
+doas_configuration_file: /etc/doas.conf
diff --git a/roles/workstation/tasks/doas.yml b/roles/_workstation/doas/tasks/main.yml
index e47fa35..e65a510 100644
--- a/roles/workstation/tasks/doas.yml
+++ b/roles/_workstation/doas/tasks/main.yml
@@ -1,8 +1,8 @@
 - name: generate doas configuration
   ansible.builtin.lineinfile:
-    path: /etc/doas.conf
-    regexp: "^permit persist keepenv {{ workstation_user }} as root"
-    line: "permit persist keepenv {{ workstation_user }} as root"
+    path: "{{ doas_configuration_file }}"
+    regexp: "^permit persist keepenv {{ doas_workstation_user }} as root"
+    line: "permit persist keepenv {{ doas_workstation_user }} as root"
     create: true
     mode: 0644
     owner: 0
@@ -10,9 +10,9 @@
 
 - name: allow reboot/shutdown/hibernate with doas
   ansible.builtin.lineinfile:
-    path: /etc/doas.conf
-    regexp: "^permit nopass {{ workstation_user }} as root cmd {{ item }}"
-    line: "permit nopass {{ workstation_user }} as root cmd {{ item }}"
+    path: "{{ doas_configuration_file }}"
+    regexp: "^permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
+    line: "permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
   loop:
     - ZZZ
     - mount
diff --git a/roles/_workstation/dockerd/defaults/main.yml b/roles/_workstation/dockerd/defaults/main.yml
new file mode 100644
index 0000000..d9ac1e8
--- /dev/null
+++ b/roles/_workstation/dockerd/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+dockerd_workstation_user: null
+dockerd_group: docker
+dockerd_configuration_dir: /etc/docker
diff --git a/roles/workstation/templates/docker-daemon.json.j2 b/roles/_workstation/dockerd/files/daemon.json
index 2952d24..2952d24 100644
--- a/roles/workstation/templates/docker-daemon.json.j2
+++ b/roles/_workstation/dockerd/files/daemon.json
diff --git a/roles/workstation/tasks/dockerd.yml b/roles/_workstation/dockerd/tasks/main.yml
index c0dfd33..76d70d6 100644
--- a/roles/workstation/tasks/dockerd.yml
+++ b/roles/_workstation/dockerd/tasks/main.yml
@@ -7,22 +7,22 @@
 
 - name: append current user to docker group
   ansible.builtin.user:
-    name: "{{ workstation_user }}"
-    groups: "{{ workstation_docker_group }}"
+    name: "{{ dockerd_workstation_user }}"
+    groups: "{{ dockerd_group }}"
     append: true
 
 - name: create docker directory
   ansible.builtin.file:
-    path: /etc/docker
+    path: "{{ dockerd_configuration_dir }}"
     state: directory
     owner: 0
     group: 0
     mode: 0755
 
 - name: configure default network for docker containers
-  ansible.builtin.template:
-    src: docker-daemon.json.j2
-    dest: /etc/docker/daemon.json
+  ansible.builtin.copy:
+    src: daemon.json
+    dest: "{{ dockerd_configuration_dir }}/daemon.json"
     owner: 0
     group: 0
     mode: 0600
diff --git a/roles/_workstation/hosts/defaults/main.yml b/roles/_workstation/hosts/defaults/main.yml
new file mode 100644
index 0000000..64ae72d
--- /dev/null
+++ b/roles/_workstation/hosts/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+hosts_file: /etc/hosts
+hosts_url: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts
+# hosts_url: http://sbc.io/hosts/alternates/fakenews-gambling-porn/hosts
diff --git a/roles/_workstation/hosts/tasks/main.yml b/roles/_workstation/hosts/tasks/main.yml
new file mode 100644
index 0000000..20e247e
--- /dev/null
+++ b/roles/_workstation/hosts/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+
+- name: retrieve hosts file
+  ansible.builtin.get_url:
+    url: "{{ hosts_url }}"
+    dest: "{{ hosts_file }}"
+    mode: 0644
+    owner: 0
+    group: 0
diff --git a/roles/_workstation/kernel/defaults/main.yml b/roles/_workstation/kernel/defaults/main.yml
new file mode 100644
index 0000000..6ef2ad2
--- /dev/null
+++ b/roles/_workstation/kernel/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+kernel_sysctl_configuration_file: /etc/sysctl.conf
diff --git a/roles/_workstation/kernel/tasks/main.yml b/roles/_workstation/kernel/tasks/main.yml
new file mode 100644
index 0000000..3dc1e60
--- /dev/null
+++ b/roles/_workstation/kernel/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+
+- name: create sysctl configuration file
+  ansible.builtin.file:
+    path: "{{ kernel_sysctl_configuration_file }}"
+    owner: 0
+    group: 0
+    mode: 0644
+
+- name: apply memory optimizations
+  ansible.builtin.blockinfile:
+    path: "{{ kernel_sysctl_configuration_file }}"
+    block: |
+      kern.shminfo.shmall=3145728
+      kern.shminfo.shmmax=1073741823
+      kern.shminfo.shmmni=1024
+      kern.shminfo.shmseg=1024
+      kern.seminfo.semmns=4096
+      kern.seminfo.semmni=1024
+    marker_begin: "memory - BEGIN"
+    marker_end: "memory - END"
+
+- name: apply process optimizations
+  ansible.builtin.blockinfile:
+    path: "{{ kernel_sysctl_configuration_file }}"
+    block: |
+      kern.maxfiles=102400
+      kern.maxproc=32768
+      kern.maxfiles=65535
+      kern.bufcachepercent=90
+      kern.maxvnodes=262144
+      kern.somaxconn=2048
+    marker_begin: "process - BEGIN"
+    marker_end: "process - END"
diff --git a/roles/_workstation/libvirt/defaults/main.yml b/roles/_workstation/libvirt/defaults/main.yml
new file mode 100644
index 0000000..0eae412
--- /dev/null
+++ b/roles/_workstation/libvirt/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+libvirt_workstation_user: null
diff --git a/roles/workstation/tasks/libvirt.yml b/roles/_workstation/libvirt/tasks/main.yml
index 554f800..91b74a2 100644
--- a/roles/workstation/tasks/libvirt.yml
+++ b/roles/_workstation/libvirt/tasks/main.yml
@@ -1,5 +1,8 @@
+---
+
 - name: install iptables-nft
-  ansible.builtin.shell: yes | pacman --noprogressbar --needed --sync iptables-nft
+  ansible.builtin.shell: yes
+    | pacman --noprogressbar --needed --sync iptables-nft
   when: ansible_distribution == "Archlinux"
 
 - name: install libvirt
@@ -13,7 +16,7 @@
 
 - name: append current user to virt groups
   ansible.builtin.user:
-    name: "{{ workstation_user }}"
+    name: "{{ libvirt_workstation_user }}"
     groups: "{{ item }}"
     append: true
   loop:
diff --git a/roles/_workstation/pipewire/defaults/main.yml b/roles/_workstation/pipewire/defaults/main.yml
new file mode 100644
index 0000000..ab0e912
--- /dev/null
+++ b/roles/_workstation/pipewire/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+pipewire_workstation_user: null
diff --git a/roles/workstation/tasks/pipewire.yml b/roles/_workstation/pipewire/tasks/main.yml
index 1fc83a9..6465e18 100644
--- a/roles/workstation/tasks/pipewire.yml
+++ b/roles/_workstation/pipewire/tasks/main.yml
@@ -1,3 +1,5 @@
+---
+
 - name: install pipewire
   ansible.builtin.package:
     name:
@@ -15,7 +17,7 @@
     state: started
   become: true
   become_method: su
-  become_user: "{{ workstation_user }}"
+  become_user: "{{ pipewire_workstation_user }}"
   loop:
     - pipewire
     - pipewire-pulse
diff --git a/roles/_workstation/resolv/defaults/main.yml b/roles/_workstation/resolv/defaults/main.yml
new file mode 100644
index 0000000..72733be
--- /dev/null
+++ b/roles/_workstation/resolv/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+
+resolv_configuration_file: /etc/resolv.conf
+
+resolv_dns_servers:
+  - ip: 1.1.1.1
+    file: "{{ resolv_configuration_file }}.head"
+  - ip: 8.8.8.8
+    file: "{{ resolv_configuration_file }}.tail"
diff --git a/roles/_workstation/resolv/tasks/main.yml b/roles/_workstation/resolv/tasks/main.yml
new file mode 100644
index 0000000..41d3216
--- /dev/null
+++ b/roles/_workstation/resolv/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: generate configuration files
+  ansible.builtin.copy:
+    content: "nameserver {{ item.ip }}\n"
+    dest: "{{ item.file }}"
+    mode: "0644"
+    owner: 0
+    group: 0
+  loop: "{{ resolv_dns_servers }}"
diff --git a/roles/_workstation/shell/defaults/main.yml b/roles/_workstation/shell/defaults/main.yml
new file mode 100644
index 0000000..9863165
--- /dev/null
+++ b/roles/_workstation/shell/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+shell_workstation_user: null
diff --git a/roles/_workstation/shell/tasks/main.yml b/roles/_workstation/shell/tasks/main.yml
new file mode 100644
index 0000000..66191e5
--- /dev/null
+++ b/roles/_workstation/shell/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- name: install zsh
+  ansible.builtin.package:
+    name: zsh
+    state: present
+
+- name: retrieve zsh path  # noqa no-changed-when command-instead-of-shell
+  ansible.builtin.shell: command -v zsh
+  register: shell_zsh_path
+
+- name: ensure zsh is used for workstation user
+  ansible.builtin.user:
+    name: "{{ shell_workstation_user }}"
+    shell: "{{ shell_zsh_path.stdout_lines[0] }}"
diff --git a/roles/_workstation/smartcard/defaults/main.yml b/roles/_workstation/smartcard/defaults/main.yml
new file mode 100644
index 0000000..013489e
--- /dev/null
+++ b/roles/_workstation/smartcard/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+smartcard_packages: null
diff --git a/roles/_workstation/smartcard/tasks/main.yml b/roles/_workstation/smartcard/tasks/main.yml
new file mode 100644
index 0000000..7e85436
--- /dev/null
+++ b/roles/_workstation/smartcard/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+
+- name: include per-os vars
+  ansible.builtin.include_vars:
+    file: "os_{{ ansible_distribution | lower }}.yml"
+
+- name: install pcsc package
+  ansible.builtin.package:
+    name: "{{ smartcard_packages }}"
+    state: present
+
+- name: start and enable pcscd service
+  ansible.builtin.service:
+    name: pcscd
+    state: started
+    enabled: true
diff --git a/roles/_workstation/smartcard/vars/os_archlinux.yml b/roles/_workstation/smartcard/vars/os_archlinux.yml
new file mode 100644
index 0000000..2f121b6
--- /dev/null
+++ b/roles/_workstation/smartcard/vars/os_archlinux.yml
@@ -0,0 +1,6 @@
+---
+
+smartcard_packages:
+  - pcsclite
+  - pcsc-tools
+  - yubikey-manager
diff --git a/roles/_workstation/smartcard/vars/os_openbsd.yml b/roles/_workstation/smartcard/vars/os_openbsd.yml
new file mode 100644
index 0000000..de37248
--- /dev/null
+++ b/roles/_workstation/smartcard/vars/os_openbsd.yml
@@ -0,0 +1,5 @@
+---
+
+smartcard_packages:
+  - pcsc-lite
+  - pcsc-tools
diff --git a/roles/workstation/tasks/tlp.yml b/roles/_workstation/tlp/tasks/main.yml
index 4782741..60b2fc0 100644
--- a/roles/workstation/tasks/tlp.yml
+++ b/roles/_workstation/tlp/tasks/main.yml
@@ -1,3 +1,5 @@
+---
+
 - name: install tlp
   ansible.builtin.package:
     name: tlp
diff --git a/roles/_workstation/wscons/defaults/main.yml b/roles/_workstation/wscons/defaults/main.yml
new file mode 100644
index 0000000..04f1b30
--- /dev/null
+++ b/roles/_workstation/wscons/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+wscons_configuration_file: /etc/wsconsctl.conf
diff --git a/roles/_workstation/wscons/tasks/main.yml b/roles/_workstation/wscons/tasks/main.yml
new file mode 100644
index 0000000..e07b7fa
--- /dev/null
+++ b/roles/_workstation/wscons/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+
+- name: append configuration to wsconsctl
+  ansible.builtin.lineinfile:
+    path: "{{ wscons_configuration_file }}"
+    regexp: "^{{ item[0] }}"
+    line: "{{ item[0] }}={{ item[1] }}"
+    create: true
+    owner: 0
+    group: 0
+    mode: 0644
+  loop:
+    - [screen.brightness, 80]
+    - [keyboard.repeat.del1, 180]
+    - [keyboard.repeat.deln, 50]
+    - [keyboard.bell.volume, 0]
+    - [mouse.tp.tapping, 1]
diff --git a/roles/_workstation/xorg/defaults/main.yml b/roles/_workstation/xorg/defaults/main.yml
new file mode 100644
index 0000000..0378393
--- /dev/null
+++ b/roles/_workstation/xorg/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+xorg_configuration_dir: /etc/X11/xorg.conf.d
diff --git a/roles/workstation/templates/xorg-intel.conf b/roles/_workstation/xorg/files/intel.conf
index 5d73c65..bb2f490 100644
--- a/roles/workstation/templates/xorg-intel.conf
+++ b/roles/_workstation/xorg/files/intel.conf
@@ -1,6 +1,5 @@
-
-# disable tearscreen for Xenocara on OpenBSD
 # managed by Ansible
+# disable tearscreen for Xenocara on OpenBSD
 
 Section "Device"
 	Identifier "drm"
diff --git a/roles/_workstation/xorg/tasks/main.yml b/roles/_workstation/xorg/tasks/main.yml
new file mode 100644
index 0000000..f07daba
--- /dev/null
+++ b/roles/_workstation/xorg/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- name: install xorg and X11 packages
+  ansible.builtin.package:
+    name:
+      - xf86-input-synaptics
+      - xorg-apps
+      - xorg-server
+      - xorg-xinit
+      - xorg-xwayland
+      - xsecurelock
+    state: present
+  when: ansible_distribution in ["Archlinux"]
+
+- name: create Xorg configuration subdirectory
+  ansible.builtin.file:
+    path: "{{ xorg_configuration_dir }}"
+    owner: 0
+    group: 0
+    mode: 0644
+    state: directory
+
+- name: copy xorg configuration
+  ansible.builtin.copy:
+    src: intel.conf
+    dest: "{{ xorg_configuration_dir }}/"
+    mode: 0644
+    owner: 0
+    group: 0
diff --git a/roles/_workstation/yay/defaults/main.yml b/roles/_workstation/yay/defaults/main.yml
new file mode 100644
index 0000000..0c26b92
--- /dev/null
+++ b/roles/_workstation/yay/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+yay_repository_url: https://aur.archlinux.org/yay-bin.git
+yay_repository_local_dir: /tmp/yay
+yay_workstation_user: null
diff --git a/roles/_workstation/yay/tasks/main.yml b/roles/_workstation/yay/tasks/main.yml
new file mode 100644
index 0000000..30f67f2
--- /dev/null
+++ b/roles/_workstation/yay/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: clone yay repository
+  ansible.builtin.git:
+    repo: "{{ yay_repository_url }}"
+    dest: "{{ yay_repository_local_dir }}"
+    version: origin/master
+  become: true
+  become_user: "{{ yay_workstation_user }}"
+
+- name: make yay package  # noqa: no-changed-when
+  ansible.builtin.command:
+    cmd: makepkg -fs
+    chdir: "{{ yay_repository_local_dir }}"
+  become: true
+  become_user: "{{ yay_workstation_user }}"
+
+- name: install yay package  # noqa: no-changed-when
+  ansible.builtin.shell:
+    cmd: pacman --noconfirm -U *.zst
+    chdir: "{{ yay_repository_local_dir }}"
diff --git a/roles/workstation/tasks/hosts.yml b/roles/workstation/tasks/hosts.yml
deleted file mode 100644
index 7cc261a..0000000
--- a/roles/workstation/tasks/hosts.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-- name: retrieve hosts file
-  ansible.builtin.get_url:
-    url: "{{ workstation_hosts_url }}"
-    dest: "{{ workstation_hosts_file }}"
-    mode: '0644'
-    owner: 0
-    group: 0
diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
deleted file mode 100644
index 1c4c463..0000000
--- a/roles/workstation/tasks/main.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-- name: include specific distribution variables
-  ansible.builtin.include_vars: "os_{{ ansible_distribution | lower }}.yml"
-
-- name: include packages
-  ansible.builtin.include_tasks: pkgs.yml
-
-- name: include operating system setup
-  ansible.builtin.include_tasks: "os_{{ ansible_distribution | lower }}.yml"
-
-- name: include shell setup
-  ansible.builtin.include_tasks: shell.yml
-
-- name: include doas setup
-  ansible.builtin.include_tasks: doas.yml
-
-- name: include smartcard setup
-  ansible.builtin.include_tasks: smartcard.yml
-
-- name: include ssh setup
-  ansible.builtin.include_tasks:
-    file: ssh.yml
-  args:
-    apply:
-      become: true
-      become_user: "{{ workstation_user }}"
-
-- name: include hosts setup
-  ansible.builtin.include_tasks:
-    file: hosts.yml
diff --git a/roles/workstation/tasks/os_archlinux.yml b/roles/workstation/tasks/os_archlinux.yml
deleted file mode 100644
index f45433a..0000000
--- a/roles/workstation/tasks/os_archlinux.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-- name: include battery optimization
-  ansible.builtin.include_tasks: tlp.yml
-  when: ansible_form_factor in ["Laptop", "Notebook"]
-
-- name: include cronie setup
-  ansible.builtin.include_tasks: cronie.yml
-
-- name: include virtualization setup
-  ansible.builtin.include_tasks: libvirt.yml
-
-- name: include dockerd setup
-  ansible.builtin.include_tasks: dockerd.yml
-
-- name: include pipewire
-  ansible.builtin.include_tasks: pipewire.yml
-
-- name: retrieve installed packages
-  ansible.builtin.package_facts:
-  register: package_facts
-
-- name: include yay
-  ansible.builtin.include_tasks: yay.yml
-  when:
-    - "'yay' not in package_facts.ansible_facts.packages"
-    - "'yay-bin' not in package_facts.ansible_facts.packages"
-
-- name: append current user to system groups
-  ansible.builtin.user:
-    name: "{{ workstation_user }}"
-    groups: "{{ item }}"
-    append: true
-  loop:
-    - wheel
-    - video
-    - audio
diff --git a/roles/workstation/tasks/os_openbsd.yml b/roles/workstation/tasks/os_openbsd.yml
deleted file mode 100644
index 21f3bb1..0000000
--- a/roles/workstation/tasks/os_openbsd.yml
+++ /dev/null
@@ -1,72 +0,0 @@
-- name: ensure wsconsctl config file exists
-  ansible.builtin.file:
-    path: /etc/wsconsctl.conf
-    state: touch
-    owner: 0
-    group: 0
-    mode: 0644
-
-- name: append configuration to wsconsctl
-  ansible.builtin.lineinfile:
-    path: /etc/wsconsctl.conf
-    regexp: "^{{ item[0] }}"
-    line: "{{ item[0] }}={{ item[1] }}"
-    create: true
-    owner: 0
-    group: 0
-    mode: 0644
-  loop:
-    - [screen.brightness, 80]
-    - [keyboard.repeat.del1, 180]
-    - [keyboard.repeat.deln, 50]
-    - [keyboard.bell.volume, 0]
-    - [mouse.tp.tapping, 1]
-
-- name: ensure Xorg subdirectory for configuration exists
-  ansible.builtin.file:
-    path: /etc/X11/xorg.conf.d
-    owner: 0
-    group: 0
-    mode: 0644
-    state: directory
-
-- name: generate system wide configurations
-  ansible.builtin.template:
-    src: "{{ item[0] }}"
-    dest: "{{ item[1] }}"
-    mode: preserve
-  loop:
-    - [xorg-intel.conf, /etc/X11/xorg.conf.d]
-    - [apm-hibernate, /etc/apm/hibernate]
-    - [apm-suspend, /etc/apm/suspend]
-    - [apm-resume, /etc/apm/resume]
-
-- name: ensure sysctl configuration file exists
-  ansible.builtin.file:
-    path: /etc/sysctl.conf
-    owner: root
-    mode: 0644
-
-- name: ensure sysctl memory optimizations
-  ansible.builtin.blockinfile:
-    path: /etc/sysctl.conf
-    block: |
-      kern.shminfo.shmall=3145728
-      kern.shminfo.shmmax=1073741823
-      kern.shminfo.shmmni=1024
-      kern.shminfo.shmseg=1024
-      kern.seminfo.semmns=4096
-      kern.seminfo.semmni=1024
-    marker: "# memory {mark} - managed by Ansible"
-
-- name: ensure sysctl process optimizations
-  ansible.builtin.blockinfile:
-    path: /etc/sysctl.conf
-    block: |
-      kern.maxfiles=102400
-      kern.maxproc=32768
-      kern.maxfiles=65535
-      kern.bufcachepercent=90
-      kern.maxvnodes=262144
-      kern.somaxconn=2048
-    marker: "# process - {mark} managed by Ansible"
diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml
deleted file mode 100644
index 674ccc4..0000000
--- a/roles/workstation/tasks/pkgs.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-- name: install distribution packages
-  ansible.builtin.package:
-    name: "{{ item }}"
-    state: present
-  loop:
-    - "{{ workstation_pkgs_common }}"
-    - "{{ workstation_pkgs }}"
diff --git a/roles/workstation/tasks/shell.yml b/roles/workstation/tasks/shell.yml
deleted file mode 100644
index dc11ca4..0000000
--- a/roles/workstation/tasks/shell.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- name: retrieve zsh path  # noqa no-changed-when command-instead-of-shell
-  ansible.builtin.shell: command -v zsh
-  register: zsh_path
-
-- name: ensure zsh is used for workstation user
-  ansible.builtin.user:
-    name: "{{ workstation_user }}"
-    shell: "{{ zsh_path.stdout_lines[0] }}"
diff --git a/roles/workstation/tasks/smartcard.yml b/roles/workstation/tasks/smartcard.yml
deleted file mode 100644
index 926770a..0000000
--- a/roles/workstation/tasks/smartcard.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: start and enable pcscd service
-  ansible.builtin.service:
-    name: pcscd
-    state: started
-    enabled: true
diff --git a/roles/workstation/tasks/ssh.yml b/roles/workstation/tasks/ssh.yml
deleted file mode 100644
index d09c7f8..0000000
--- a/roles/workstation/tasks/ssh.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-- name: create ssh directory
-  ansible.builtin.file:
-    path: "/home/{{ workstation_user }}/{{ item }}"
-    owner: "{{ workstation_user }}"
-    group: "{{ workstation_user }}"
-    state: directory
-    mode: 0700
-  loop:
-    - .ssh
-    - .ssh/config.d
-
-- name: generate ssh configuration
-  ansible.builtin.template:
-    src: ssh.config.j2
-    dest: "/home/{{ workstation_user }}/.ssh/config.d/dns.config"
-    owner: "{{ workstation_user }}"
-    group: "{{ workstation_user }}"
-    mode: 0600
diff --git a/roles/workstation/tasks/yay.yml b/roles/workstation/tasks/yay.yml
deleted file mode 100644
index 8581bfd..0000000
--- a/roles/workstation/tasks/yay.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-- name: clone yay repository
-  ansible.builtin.git:
-    repo: "{{ workstation_yay_repo }}"
-    dest: "{{ workstation_yay_dir }}"
-    version: origin/master
-  become: true
-  become_user: "{{ workstation_user }}"
-
-- name: make yay package  # noqa: no-changed-when
-  # possible ambiguous replacement: command : ansible.builtin.command | community.ciscosmb.command | community.routeros.command
-  ansible.builtin.command:
-    cmd: makepkg -fs
-    chdir: "{{ workstation_yay_dir }}"
-  become: true
-  become_user: "{{ workstation_user }}"
-
-- name: install yay package  # noqa: no-changed-when
-  ansible.builtin.shell:
-    cmd: pacman --noconfirm -U *.zst
-    chdir: "{{ workstation_yay_dir }}"
diff --git a/roles/workstation/templates/ssh.config.j2 b/roles/workstation/templates/ssh.config.j2
deleted file mode 100644
index 2a3a903..0000000
--- a/roles/workstation/templates/ssh.config.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-# managed by Ansible
-{% import 'macros.j2' as macros with context %}
-
-{% call(h) macros.loop_valid_hosts("all") %}
-{% set command = "pgrep wg && ! ping -c 1 -w 1 %s" % h.__ip.external %}
-Match originalHost {{ h.inventory_hostname }} exec "{{ command }}"
-	HostName {{ h.__ip.internal }}
-{% if h.ansible_port is defined %}
-	Port {{ h.ansible_port }}
-{% endif %}
-Match originalHost {{ h.inventory_hostname }}
-	HostName {{ h.__ip.external }}
-{% if h.ansible_port is defined %}
-	Port {{ h.ansible_port }}
-{% endif %}
-
-{% endcall %}
diff --git a/site.workstation.yml b/site.workstation.yml
index e9a3409..1e618c3 100644
--- a/site.workstation.yml
+++ b/site.workstation.yml
@@ -1,10 +1,65 @@
+---
+
 - hosts: localhost
 
+  vars:
+    _workstation_user: qwd
+    basegroups_workstation_user: "{{_workstation_user }}"
+    doas_workstation_user: "{{ _workstation_user }}"
+    dockerd_workstation_user: "{{ _workstation_user }}"
+    libvirt_workstation_user: "{{ _workstation_user }}"
+    pipewire_workstation_user: "{{ _workstation_user }}"
+    shell_workstation_user: "{{ _workstation_user }}"
+    yay_workstation_user: "{{ _workstation_user }}"
+
   pre_tasks:
     - name: verify running as root
       ansible.builtin.fail:
       when: ansible_user_id != "root"
       tags: always
+    - name: retrieve installed packages
+      ansible.builtin.package_facts:
+      register: package_facts
 
   roles:
-    - role: workstation
+    - role: _workstation/basetools
+      when: ansible_distribution in ["Archlinux", "OpenBSD"]
+    - role: _workstation/basegroups
+      when: ansible_distribution in ["Archlinux"]
+    - role: _workstation/wscons
+      when: ansible_distribution in ["OpenBSD"]
+
+    - role: _workstation/shell
+    - role: _workstation/hosts
+    - role: _workstation/doas
+
+    - role: _workstation/yay
+      when:
+        - ansible_distribution in ["Archlinux"]
+        - "'yay' not in package_facts.ansible_facts.packages"
+        - "'yay-bin' not in package_facts.ansible_facts.packages"
+
+    - role: _workstation/xorg
+      when: ansible_distribution in ["Archlinux", "OpenBSD"]
+
+    - role: _workstation/smartcard
+      when: ansible_distribution in ["Archlinux", "OpenBSD"]
+    - role: _workstation/pipewire
+      when: ansible_distribution in ["Archlinux"]
+    - role: _workstation/cronie
+      when: ansible_distribution in ["Archlinux"]
+    - role: _workstation/libvirt
+      when: ansible_distribution in ["Archlinux"]
+    - role: _workstation/dockerd
+      when: ansible_distribution in ["Archlinux"]
+    - role: _workstation/resolv
+      when: ansible_distribution in ["Archlinux"]
+
+    - role: _workstation/tlp
+      when:
+        - ansible_distribution in ["Archlinux"]
+        - ansible_form_factor in ["Laptop", "Notebook"]
+    - role: _workstation/apm
+      when: ansible_distribution in ["OpenBSD"]
+    - role: _workstation/kernel
+      when: ansible_distribution in ["OpenBSD"]
author	Romain Gonçalves <me@rgoncalves.se>	2022-12-10 21:17:16 +0100
committer	Romain Gonçalves <me@rgoncalves.se>	2022-12-12 22:04:27 +0100
commit	7c1f7039170a25f192d87235476179f7cfe01a85 (patch)
tree	fc8e77b7176fa730b30b20081e76f2527371e9a3
parent	21fc0867dc42128434e5c46ca684d9a966184b8a (diff)
download	infrastructure-7c1f7039170a25f192d87235476179f7cfe01a85.tar.gz