3 files changed, 72 insertions, 3 deletions

diff --git a/roles/workstation/tasks/_openbsd.yml b/roles/workstation/tasks/_openbsd.yml
new file mode 100644
index 0000000..e1de610
--- /dev/null
+++ b/roles/workstation/tasks/_openbsd.yml
@@ -0,0 +1,69 @@
+- name: ensure wsconsctl config file exists
+  file:
+    path: /etc/wsconsctl.conf
+    state: touch
+
+- name: append configuration to wsconsctl
+  lineinfile:
+    path: /etc/wsconsctl.conf
+    regexp: "^{{ item[0] }}"
+    line: "{{ item[0] }}={{ item[1] }}"
+    create: true
+    owner: 0
+    group: 0
+    mode: 0644
+  loop:
+    - [screen.brightness, 80]
+    - [keyboard.repeat.del1, 180]
+    - [keyboard.repeat.deln, 50]
+    - [keyboard.bell.volume, 0]
+    - [mouse.tp.tapping, 1]
+
+- name: ensure Xorg subdirectory for configuration exists
+  file:
+    path: /etc/X11/xorg.conf.d
+    owner: 0
+    group: 0
+    mode: 0644
+    state: directory
+
+- name: generate system wide configurations
+  template:
+    src: "{{ item[0] }}"
+    dest: "{{ item[1] }}"
+    mode: preserve
+  loop:
+    - [xorg-intel.conf, /etc/X11/xorg.conf.d]
+    - [apm-hibernate, /etc/apm/hibernate]
+    - [apm-suspend, /etc/apm/suspend]
+    - [apm-resume, /etc/apm/resume]
+
+- name: ensure sysctl configuration file exists
+  file:
+    path: /etc/sysctl.conf
+    owner: root
+    mode: 0644
+
+- name: ensure sysctl memory optimizations
+  blockinfile:
+    path: /etc/sysctl.conf
+    block: |
+      kern.shminfo.shmall=3145728
+      kern.shminfo.shmmax=1073741823
+      kern.shminfo.shmmni=1024
+      kern.shminfo.shmseg=1024
+      kern.seminfo.semmns=4096
+      kern.seminfo.semmni=1024
+    marker: "# memory {mark} - managed by Ansible"
+
+- name: ensure sysctl process optimizations
+  blockinfile:
+    path: /etc/sysctl.conf
+    block: |
+      kern.maxfiles=102400
+      kern.maxproc=32768
+      kern.maxfiles=65535
+      kern.bufcachepercent=90
+      kern.maxvnodes=262144
+      kern.somaxconn=2048
+    marker: "# process - {mark} managed by Ansible"
diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
index e7c08b9..85f2db3 100644
--- a/roles/workstation/tasks/main.yml
+++ b/roles/workstation/tasks/main.yml
@@ -3,7 +3,6 @@
     msg: playbook must be run as root
   when: ansible_user_id != "root"
 
-
 - name: include packages
   include_tasks: pkgs.yml
   tags: pkgs
diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml
index c8c5ffd..2d36f2b 100644
--- a/roles/workstation/tasks/sysconf.yml
+++ b/roles/workstation/tasks/sysconf.yml
@@ -8,7 +8,7 @@
     regexp: "^permit persist keepenv {{ ws_user }} as root"
     line: "permit persist keepenv {{ ws_user }} as root"
     create: true
-    mode: "0644"
+    mode: 0644
     owner: 0
     group: 0
 
@@ -18,10 +18,11 @@
     regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}"
     line: "permit nopass {{ ws_user }} as root cmd {{ item }}"
   loop:
-    - zzz
     - ZZZ
+    - mount
     - reboot
     - shutdown
+    - zzz
 
 - name: start and enable pcscd service
   service: