From 0b2fc8a4bb8aa868222e8df1f5d454047e3c1df5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Mon, 16 Aug 2021 14:58:34 +0200
Subject: roles/workstation: Monolithic role for workstation

---
 playbooks/workstation.yml                     | 18 +----------
 roles/_workstation/env/tasks/main.yml         |  6 ----
 roles/_workstation/packages/defaults/main.yml | 43 ++++++++-------------------
 roles/workstation/defaults/main.yml           | 35 ++++++++++++++++++++++
 roles/workstation/tasks/_archlinux.yml        | 10 +++++++
 roles/workstation/tasks/main.yml              | 13 ++++++++
 roles/workstation/tasks/pkgs.yml              |  7 +++++
 roles/workstation/tasks/sysconf.yml           | 43 +++++++++++++++++++++++++++
 8 files changed, 122 insertions(+), 53 deletions(-)
 create mode 100644 roles/workstation/defaults/main.yml
 create mode 100644 roles/workstation/tasks/_archlinux.yml
 create mode 100644 roles/workstation/tasks/main.yml
 create mode 100644 roles/workstation/tasks/pkgs.yml
 create mode 100644 roles/workstation/tasks/sysconf.yml

diff --git a/playbooks/workstation.yml b/playbooks/workstation.yml
index 1b1acc3..7dd6b94 100644
--- a/playbooks/workstation.yml
+++ b/playbooks/workstation.yml
@@ -1,19 +1,3 @@
-
-# workstation ~~ playbooks/workstation.yml
-# wokrstation initialization
-
----
-
 - hosts: localhost
   roles:
-    - role: _workstation/env
-      tags: env, always
-
-    - role: _workstation/sshdns
-      tags: sshdns
-
-    - role: _workstation/packages
-      tags: packages
-
-    - role: _workstation/sysconf
-      tags: sysconf
+    - role: workstation
diff --git a/roles/_workstation/env/tasks/main.yml b/roles/_workstation/env/tasks/main.yml
index ff9acd2..7575922 100644
--- a/roles/_workstation/env/tasks/main.yml
+++ b/roles/_workstation/env/tasks/main.yml
@@ -1,9 +1,3 @@
-
-# _workstation/env ~~ roles/_workstation/env/tasks/main.yml
-# useful env. variables for workstation
-
----
-
 - name: retrieve BECOME method
   stat: path=/usr/bin/doas 
   register: _workstation_env_become
diff --git a/roles/_workstation/packages/defaults/main.yml b/roles/_workstation/packages/defaults/main.yml
index e855d74..8a55d1b 100644
--- a/roles/_workstation/packages/defaults/main.yml
+++ b/roles/_workstation/packages/defaults/main.yml
@@ -6,35 +6,38 @@
 
 pkgs:
   common:
-    # desktop (backup over dwm)
+    # desktop
     - bemenu
     - i3status
     - dmenu
+
     # editor
     - neovim
+
     # files
     - curl
     - git
-    - lowdown
     - syncthing
     - tar
     - unzip
     - wget
     - zip
+
     # lang
     - ansible
     - go
     - rust
+
     # multimedia
     - cmus
     - feh
-    - firefox 
     - mpv
     - syncthing
-    - qutebrowser 
+    - qutebrowser
     - rtorrent
     - vlc
     - weechat
+
     # tools
     - gnupg
     - gopass
@@ -57,8 +60,7 @@ pkgs:
   archlinux:
     # desktop
     - i3-wm
-    # editor
-    # sys
+
     # python
     - python-jedi
     - python-neovim
@@ -68,48 +70,29 @@ pkgs:
   openbsd:
     # desktop
     - i3
+
     # devel
     - automake--%1.16
     - clang-tools-extra
     - cmake
     - gmake
     - free
-    # editor
-    - emacs--no_x11%emacs
+
     # net
     - tor-browser
     - torsocks
     - wireguard-tools
+
     # multimedia
     - weechat-lua
     - weechat-python
+
     # python
     - py3-jedi
     - py3-neovim
     - py3-pip
     - py3-requests
+
     # security
     - pcsc-lite
     - pcsc-tools
-
-  void:
-    - alsa-plugins-pulseaudio
-    - base-devel
-    - gnupg2
-    - gnupg2-scdaemon
-    - seatd
-    - pcsclite
-    - pcsc-ccid
-    - python3-jedi
-    - python3-neovim
-    - python3-pip
-    - python3-requests
-    - terminus-font
-    # x11
-    - xorg-server-devel
-    - libX11-devel
-    - libXft-devel
-    - libXinerama-devel
-    # wayland
-    - wlroots-devel
-    - libinput-devel
diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml
new file mode 100644
index 0000000..7973c1d
--- /dev/null
+++ b/roles/workstation/defaults/main.yml
@@ -0,0 +1,35 @@
+ws_user: qwd
+ws_pip:
+  - 
+ws_pkgs:
+  common:
+    - feh
+    - git
+    - gnupg
+    - htop
+    - ipmitool
+    - mpv
+    - neovim
+    - rtorrent
+    - syncthing
+    - tar
+    - tor
+    - unzip
+    - wget
+    - zip
+    - zsh
+    - dmenu
+
+  archlinux:
+    - acpi
+    - docker
+    - docker-compose
+    - opendoas
+    - pcsc-tools
+    - wireguard-tools
+    - pipewire
+    - pipewire-pulse
+
+  openbsd:
+    - pcsc-lite
+    - pcsc-tools
diff --git a/roles/workstation/tasks/_archlinux.yml b/roles/workstation/tasks/_archlinux.yml
new file mode 100644
index 0000000..329372c
--- /dev/null
+++ b/roles/workstation/tasks/_archlinux.yml
@@ -0,0 +1,10 @@
+- name: append current user to system groups
+  user:
+    name: "{{ ws_user }}"
+    groups: "{{ item }}"
+    append: true
+  loop:
+    - docker
+    - wheel
+    - video
+    - audio
diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
new file mode 100644
index 0000000..e7c08b9
--- /dev/null
+++ b/roles/workstation/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: verify running as root
+  fail:
+    msg: playbook must be run as root
+  when: ansible_user_id != "root"
+
+
+- name: include packages
+  include_tasks: pkgs.yml
+  tags: pkgs
+
+- name: include sysconf
+  include_tasks: sysconf.yml
+  tags: sysconf
diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml
new file mode 100644
index 0000000..8c2354e
--- /dev/null
+++ b/roles/workstation/tasks/pkgs.yml
@@ -0,0 +1,7 @@
+- name: install distribution packages
+  package:
+    name: "{{ item }}"
+    state: present
+  loop: 
+    - "{{ ws_pkgs['common'] }}"
+    - "{{ ws_pkgs[ansible_distribution | lower] }}"
diff --git a/roles/workstation/tasks/sysconf.yml b/roles/workstation/tasks/sysconf.yml
new file mode 100644
index 0000000..c8c5ffd
--- /dev/null
+++ b/roles/workstation/tasks/sysconf.yml
@@ -0,0 +1,43 @@
+- name: include operating system sensible task
+  include_tasks: "_{{ ansible_distribution | lower }}.yml"
+  tags: sysconf
+
+- name: generate doas configuration
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit persist keepenv {{ ws_user }} as root"
+    line: "permit persist keepenv {{ ws_user }} as root"
+    create: true
+    mode: "0644"
+    owner: 0
+    group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+  lineinfile:
+    path: /etc/doas.conf
+    regexp: "^permit nopass {{ ws_user }} as root cmd {{ item }}"
+    line: "permit nopass {{ ws_user }} as root cmd {{ item }}"
+  loop:
+    - zzz
+    - ZZZ
+    - reboot
+    - shutdown
+
+- name: start and enable pcscd service
+  service:
+    name: pcscd
+    state: started
+    enabled: true
+
+- name: check sudo binary path
+  shell: which sudo
+  register: result
+  failed_when: false
+
+- name: uninstall sudo binary
+  package:
+    name: sudo
+    state: absent
+  when: result.rc == 0
+  register: sudo
+  ignore_errors: true
-- 
cgit v1.2.3


From f6fd9f47d7591c9a02afb591eacb24414d1cf258 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Mon, 23 Aug 2021 15:09:51 +0200
Subject: workstation: Scaffold pip for userland only

---
 roles/workstation/defaults/main.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml
index 7973c1d..3935e13 100644
--- a/roles/workstation/defaults/main.yml
+++ b/roles/workstation/defaults/main.yml
@@ -1,6 +1,8 @@
 ws_user: qwd
-ws_pip:
+ws_pip_pkgs:
   - 
+ws_pipx_pkgs:
+  - wal
 ws_pkgs:
   common:
     - feh
@@ -29,6 +31,7 @@ ws_pkgs:
     - wireguard-tools
     - pipewire
     - pipewire-pulse
+    - xorg-xwayland
 
   openbsd:
     - pcsc-lite
-- 
cgit v1.2.3