diff options
author | Romain Gonçalves <me@rgoncalves.se> | 2022-12-10 21:17:16 +0100 |
---|---|---|
committer | Romain Gonçalves <me@rgoncalves.se> | 2022-12-12 22:04:27 +0100 |
commit | 7c1f7039170a25f192d87235476179f7cfe01a85 (patch) | |
tree | fc8e77b7176fa730b30b20081e76f2527371e9a3 | |
parent | 21fc0867dc42128434e5c46ca684d9a966184b8a (diff) | |
download | rules-7c1f7039170a25f192d87235476179f7cfe01a85.tar.gz |
chore: explode workstation role in subroles
51 files changed, 350 insertions, 259 deletions
diff --git a/roles/workstation/templates/apm-hibernate b/roles/_workstation/apm/files/hibernate index ef90fed..c625aee 100755..100644 --- a/roles/workstation/templates/apm-hibernate +++ b/roles/_workstation/apm/files/hibernate @@ -1,4 +1,5 @@ #!/bin/sh +# Managed by Ansible set -x -e diff --git a/roles/workstation/templates/apm-resume b/roles/_workstation/apm/files/resume index 18397b4..686f7e1 100755..100644 --- a/roles/workstation/templates/apm-resume +++ b/roles/_workstation/apm/files/resume @@ -1,4 +1,5 @@ #!/bin/sh +# Managed by Ansible set -x -e diff --git a/roles/workstation/templates/apm-suspend b/roles/_workstation/apm/files/suspend index ef90fed..c625aee 100755..100644 --- a/roles/workstation/templates/apm-suspend +++ b/roles/_workstation/apm/files/suspend @@ -1,4 +1,5 @@ #!/bin/sh +# Managed by Ansible set -x -e diff --git a/roles/_workstation/apm/tasks/main.yml b/roles/_workstation/apm/tasks/main.yml new file mode 100644 index 0000000..72c5d2a --- /dev/null +++ b/roles/_workstation/apm/tasks/main.yml @@ -0,0 +1,21 @@ +--- + +- name: create apm configuration directory + ansible.builtin.file: + path: "{{ apm_configuration_dir }}" + state: directory + owner: 0 + group: 0 + mode: 0755 + +- name: copy apm configurations + ansible.builtin.copy: + src: "{{ item }}" + dest: "{{ apm_configuration_dir }}/{{ item }}" + mode: 0755 + owner: 0 + group: 0 + loop: + - hibernate + - suspend + - resume diff --git a/roles/_workstation/basegroups/defaults/main.yml b/roles/_workstation/basegroups/defaults/main.yml new file mode 100644 index 0000000..40644c5 --- /dev/null +++ b/roles/_workstation/basegroups/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +basegroups_workstation_user: null diff --git a/roles/_workstation/basegroups/tasks/main.yml b/roles/_workstation/basegroups/tasks/main.yml new file mode 100644 index 0000000..a52899e --- /dev/null +++ b/roles/_workstation/basegroups/tasks/main.yml @@ -0,0 +1,11 @@ +--- + +- name: append current user to system groups + ansible.builtin.user: + name: "{{ basegroups_workstation_user }}" + groups: "{{ item }}" + append: true + loop: + - wheel + - video + - audio diff --git a/roles/workstation/defaults/main.yml b/roles/_workstation/basetools/defaults/main.yml index 3707288..740a870 100644 --- a/roles/workstation/defaults/main.yml +++ b/roles/_workstation/basetools/defaults/main.yml @@ -1,15 +1,7 @@ -workstation_user: qwd +--- -workstation_docker_group: docker - -workstation_hosts_file: /etc/hosts -workstation_hosts_url: http://sbc.io/hosts/alternates/fakenews-gambling-porn/hosts - -workstation_yay_repo: https://aur.archlinux.org/yay-bin.git -workstation_yay_dir: /tmp/yay - -workstation_pkgs: [] -workstation_pkgs_common: +basetools_distribution_packages: [] +basetools_common_packages: - ansible - ansible-lint - calcurse diff --git a/roles/_workstation/basetools/tasks/main.yml b/roles/_workstation/basetools/tasks/main.yml new file mode 100644 index 0000000..f53d213 --- /dev/null +++ b/roles/_workstation/basetools/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +- name: include per-os vars + ansible.builtin.include_vars: + file: "os_{{ ansible_distribution | lower }}.yml" + +- name: install distribution packages + ansible.builtin.package: + name: "{{ item }}" + state: present + loop: + - "{{ basetools_common_packages }}" + - "{{ basetools_distribution_packages }}" diff --git a/roles/workstation/vars/os_archlinux.yml b/roles/_workstation/basetools/vars/os_archlinux.yml index 5c19257..e98db93 100644 --- a/roles/workstation/vars/os_archlinux.yml +++ b/roles/_workstation/basetools/vars/os_archlinux.yml @@ -1,4 +1,6 @@ -workstation_pkgs: +--- + +basetools_distribution_packages: - acpi - alsa-tools - base-devel @@ -27,7 +29,6 @@ workstation_pkgs: - opendoas - pamixer - pavucontrol - - pcsc-tools - pdfjs-legacy - postgresql - pyenv @@ -53,15 +54,8 @@ workstation_pkgs: - vi - wireguard-tools - wireplumber - - xf86-input-synaptics - - xorg-apps - - xorg-server - - xorg-xinit - - xorg-xwayland - - xsecurelock - yadm - yarn - yt-dlp - - yubikey-manager - zathura-pdf-mupdf - zk diff --git a/roles/workstation/vars/os_openbsd.yml b/roles/_workstation/basetools/vars/os_openbsd.yml index da3d206..e8623c5 100644 --- a/roles/workstation/vars/os_openbsd.yml +++ b/roles/_workstation/basetools/vars/os_openbsd.yml @@ -1,9 +1,9 @@ -workstation_pkgs: +--- + +basetools_distribution_packages: - docker-cli - gomuks - mozilla-firefox - - pcsc-lite - - pcsc-tools - py-httpie - py3-neovim - py3-netaddr diff --git a/roles/workstation/tasks/cronie.yml b/roles/_workstation/cronie/tasks/main.yml index faa1095..faa1095 100644 --- a/roles/workstation/tasks/cronie.yml +++ b/roles/_workstation/cronie/tasks/main.yml diff --git a/roles/_workstation/doas/defaults/main.yml b/roles/_workstation/doas/defaults/main.yml new file mode 100644 index 0000000..9585cd1 --- /dev/null +++ b/roles/_workstation/doas/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +doas_workstation_user: null +doas_configuration_file: /etc/doas.conf diff --git a/roles/workstation/tasks/doas.yml b/roles/_workstation/doas/tasks/main.yml index e47fa35..e65a510 100644 --- a/roles/workstation/tasks/doas.yml +++ b/roles/_workstation/doas/tasks/main.yml @@ -1,8 +1,8 @@ - name: generate doas configuration ansible.builtin.lineinfile: - path: /etc/doas.conf - regexp: "^permit persist keepenv {{ workstation_user }} as root" - line: "permit persist keepenv {{ workstation_user }} as root" + path: "{{ doas_configuration_file }}" + regexp: "^permit persist keepenv {{ doas_workstation_user }} as root" + line: "permit persist keepenv {{ doas_workstation_user }} as root" create: true mode: 0644 owner: 0 @@ -10,9 +10,9 @@ - name: allow reboot/shutdown/hibernate with doas ansible.builtin.lineinfile: - path: /etc/doas.conf - regexp: "^permit nopass {{ workstation_user }} as root cmd {{ item }}" - line: "permit nopass {{ workstation_user }} as root cmd {{ item }}" + path: "{{ doas_configuration_file }}" + regexp: "^permit nopass {{ doas_workstation_user }} as root cmd {{ item }}" + line: "permit nopass {{ doas_workstation_user }} as root cmd {{ item }}" loop: - ZZZ - mount diff --git a/roles/_workstation/dockerd/defaults/main.yml b/roles/_workstation/dockerd/defaults/main.yml new file mode 100644 index 0000000..d9ac1e8 --- /dev/null +++ b/roles/_workstation/dockerd/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +dockerd_workstation_user: null +dockerd_group: docker +dockerd_configuration_dir: /etc/docker diff --git a/roles/workstation/templates/docker-daemon.json.j2 b/roles/_workstation/dockerd/files/daemon.json index 2952d24..2952d24 100644 --- a/roles/workstation/templates/docker-daemon.json.j2 +++ b/roles/_workstation/dockerd/files/daemon.json diff --git a/roles/workstation/tasks/dockerd.yml b/roles/_workstation/dockerd/tasks/main.yml index c0dfd33..76d70d6 100644 --- a/roles/workstation/tasks/dockerd.yml +++ b/roles/_workstation/dockerd/tasks/main.yml @@ -7,22 +7,22 @@ - name: append current user to docker group ansible.builtin.user: - name: "{{ workstation_user }}" - groups: "{{ workstation_docker_group }}" + name: "{{ dockerd_workstation_user }}" + groups: "{{ dockerd_group }}" append: true - name: create docker directory ansible.builtin.file: - path: /etc/docker + path: "{{ dockerd_configuration_dir }}" state: directory owner: 0 group: 0 mode: 0755 - name: configure default network for docker containers - ansible.builtin.template: - src: docker-daemon.json.j2 - dest: /etc/docker/daemon.json + ansible.builtin.copy: + src: daemon.json + dest: "{{ dockerd_configuration_dir }}/daemon.json" owner: 0 group: 0 mode: 0600 diff --git a/roles/_workstation/hosts/defaults/main.yml b/roles/_workstation/hosts/defaults/main.yml new file mode 100644 index 0000000..64ae72d --- /dev/null +++ b/roles/_workstation/hosts/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +hosts_file: /etc/hosts +hosts_url: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts +# hosts_url: http://sbc.io/hosts/alternates/fakenews-gambling-porn/hosts diff --git a/roles/_workstation/hosts/tasks/main.yml b/roles/_workstation/hosts/tasks/main.yml new file mode 100644 index 0000000..20e247e --- /dev/null +++ b/roles/_workstation/hosts/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +- name: retrieve hosts file + ansible.builtin.get_url: + url: "{{ hosts_url }}" + dest: "{{ hosts_file }}" + mode: 0644 + owner: 0 + group: 0 diff --git a/roles/_workstation/kernel/defaults/main.yml b/roles/_workstation/kernel/defaults/main.yml new file mode 100644 index 0000000..6ef2ad2 --- /dev/null +++ b/roles/_workstation/kernel/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +kernel_sysctl_configuration_file: /etc/sysctl.conf diff --git a/roles/_workstation/kernel/tasks/main.yml b/roles/_workstation/kernel/tasks/main.yml new file mode 100644 index 0000000..3dc1e60 --- /dev/null +++ b/roles/_workstation/kernel/tasks/main.yml @@ -0,0 +1,34 @@ +--- + +- name: create sysctl configuration file + ansible.builtin.file: + path: "{{ kernel_sysctl_configuration_file }}" + owner: 0 + group: 0 + mode: 0644 + +- name: apply memory optimizations + ansible.builtin.blockinfile: + path: "{{ kernel_sysctl_configuration_file }}" + block: | + kern.shminfo.shmall=3145728 + kern.shminfo.shmmax=1073741823 + kern.shminfo.shmmni=1024 + kern.shminfo.shmseg=1024 + kern.seminfo.semmns=4096 + kern.seminfo.semmni=1024 + marker_begin: "memory - BEGIN" + marker_end: "memory - END" + +- name: apply process optimizations + ansible.builtin.blockinfile: + path: "{{ kernel_sysctl_configuration_file }}" + block: | + kern.maxfiles=102400 + kern.maxproc=32768 + kern.maxfiles=65535 + kern.bufcachepercent=90 + kern.maxvnodes=262144 + kern.somaxconn=2048 + marker_begin: "process - BEGIN" + marker_end: "process - END" diff --git a/roles/_workstation/libvirt/defaults/main.yml b/roles/_workstation/libvirt/defaults/main.yml new file mode 100644 index 0000000..0eae412 --- /dev/null +++ b/roles/_workstation/libvirt/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +libvirt_workstation_user: null diff --git a/roles/workstation/tasks/libvirt.yml b/roles/_workstation/libvirt/tasks/main.yml index 554f800..91b74a2 100644 --- a/roles/workstation/tasks/libvirt.yml +++ b/roles/_workstation/libvirt/tasks/main.yml @@ -1,5 +1,8 @@ +--- + - name: install iptables-nft - ansible.builtin.shell: yes | pacman --noprogressbar --needed --sync iptables-nft + ansible.builtin.shell: yes + | pacman --noprogressbar --needed --sync iptables-nft when: ansible_distribution == "Archlinux" - name: install libvirt @@ -13,7 +16,7 @@ - name: append current user to virt groups ansible.builtin.user: - name: "{{ workstation_user }}" + name: "{{ libvirt_workstation_user }}" groups: "{{ item }}" append: true loop: diff --git a/roles/_workstation/pipewire/defaults/main.yml b/roles/_workstation/pipewire/defaults/main.yml new file mode 100644 index 0000000..ab0e912 --- /dev/null +++ b/roles/_workstation/pipewire/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +pipewire_workstation_user: null diff --git a/roles/workstation/tasks/pipewire.yml b/roles/_workstation/pipewire/tasks/main.yml index 1fc83a9..6465e18 100644 --- a/roles/workstation/tasks/pipewire.yml +++ b/roles/_workstation/pipewire/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - name: install pipewire ansible.builtin.package: name: @@ -15,7 +17,7 @@ state: started become: true become_method: su - become_user: "{{ workstation_user }}" + become_user: "{{ pipewire_workstation_user }}" loop: - pipewire - pipewire-pulse diff --git a/roles/_workstation/resolv/defaults/main.yml b/roles/_workstation/resolv/defaults/main.yml new file mode 100644 index 0000000..72733be --- /dev/null +++ b/roles/_workstation/resolv/defaults/main.yml @@ -0,0 +1,9 @@ +--- + +resolv_configuration_file: /etc/resolv.conf + +resolv_dns_servers: + - ip: 1.1.1.1 + file: "{{ resolv_configuration_file }}.head" + - ip: 8.8.8.8 + file: "{{ resolv_configuration_file }}.tail" diff --git a/roles/_workstation/resolv/tasks/main.yml b/roles/_workstation/resolv/tasks/main.yml new file mode 100644 index 0000000..41d3216 --- /dev/null +++ b/roles/_workstation/resolv/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- name: generate configuration files + ansible.builtin.copy: + content: "nameserver {{ item.ip }}\n" + dest: "{{ item.file }}" + mode: "0644" + owner: 0 + group: 0 + loop: "{{ resolv_dns_servers }}" diff --git a/roles/_workstation/shell/defaults/main.yml b/roles/_workstation/shell/defaults/main.yml new file mode 100644 index 0000000..9863165 --- /dev/null +++ b/roles/_workstation/shell/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +shell_workstation_user: null diff --git a/roles/_workstation/shell/tasks/main.yml b/roles/_workstation/shell/tasks/main.yml new file mode 100644 index 0000000..66191e5 --- /dev/null +++ b/roles/_workstation/shell/tasks/main.yml @@ -0,0 +1,15 @@ +--- + +- name: install zsh + ansible.builtin.package: + name: zsh + state: present + +- name: retrieve zsh path # noqa no-changed-when command-instead-of-shell + ansible.builtin.shell: command -v zsh + register: shell_zsh_path + +- name: ensure zsh is used for workstation user + ansible.builtin.user: + name: "{{ shell_workstation_user }}" + shell: "{{ shell_zsh_path.stdout_lines[0] }}" diff --git a/roles/_workstation/smartcard/defaults/main.yml b/roles/_workstation/smartcard/defaults/main.yml new file mode 100644 index 0000000..013489e --- /dev/null +++ b/roles/_workstation/smartcard/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +smartcard_packages: null diff --git a/roles/_workstation/smartcard/tasks/main.yml b/roles/_workstation/smartcard/tasks/main.yml new file mode 100644 index 0000000..7e85436 --- /dev/null +++ b/roles/_workstation/smartcard/tasks/main.yml @@ -0,0 +1,16 @@ +--- + +- name: include per-os vars + ansible.builtin.include_vars: + file: "os_{{ ansible_distribution | lower }}.yml" + +- name: install pcsc package + ansible.builtin.package: + name: "{{ smartcard_packages }}" + state: present + +- name: start and enable pcscd service + ansible.builtin.service: + name: pcscd + state: started + enabled: true diff --git a/roles/_workstation/smartcard/vars/os_archlinux.yml b/roles/_workstation/smartcard/vars/os_archlinux.yml new file mode 100644 index 0000000..2f121b6 --- /dev/null +++ b/roles/_workstation/smartcard/vars/os_archlinux.yml @@ -0,0 +1,6 @@ +--- + +smartcard_packages: + - pcsclite + - pcsc-tools + - yubikey-manager diff --git a/roles/_workstation/smartcard/vars/os_openbsd.yml b/roles/_workstation/smartcard/vars/os_openbsd.yml new file mode 100644 index 0000000..de37248 --- /dev/null +++ b/roles/_workstation/smartcard/vars/os_openbsd.yml @@ -0,0 +1,5 @@ +--- + +smartcard_packages: + - pcsc-lite + - pcsc-tools diff --git a/roles/workstation/tasks/tlp.yml b/roles/_workstation/tlp/tasks/main.yml index 4782741..60b2fc0 100644 --- a/roles/workstation/tasks/tlp.yml +++ b/roles/_workstation/tlp/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - name: install tlp ansible.builtin.package: name: tlp diff --git a/roles/_workstation/wscons/defaults/main.yml b/roles/_workstation/wscons/defaults/main.yml new file mode 100644 index 0000000..04f1b30 --- /dev/null +++ b/roles/_workstation/wscons/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +wscons_configuration_file: /etc/wsconsctl.conf diff --git a/roles/_workstation/wscons/tasks/main.yml b/roles/_workstation/wscons/tasks/main.yml new file mode 100644 index 0000000..e07b7fa --- /dev/null +++ b/roles/_workstation/wscons/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- name: append configuration to wsconsctl + ansible.builtin.lineinfile: + path: "{{ wscons_configuration_file }}" + regexp: "^{{ item[0] }}" + line: "{{ item[0] }}={{ item[1] }}" + create: true + owner: 0 + group: 0 + mode: 0644 + loop: + - [screen.brightness, 80] + - [keyboard.repeat.del1, 180] + - [keyboard.repeat.deln, 50] + - [keyboard.bell.volume, 0] + - [mouse.tp.tapping, 1] diff --git a/roles/_workstation/xorg/defaults/main.yml b/roles/_workstation/xorg/defaults/main.yml new file mode 100644 index 0000000..0378393 --- /dev/null +++ b/roles/_workstation/xorg/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +xorg_configuration_dir: /etc/X11/xorg.conf.d diff --git a/roles/workstation/templates/xorg-intel.conf b/roles/_workstation/xorg/files/intel.conf index 5d73c65..bb2f490 100644 --- a/roles/workstation/templates/xorg-intel.conf +++ b/roles/_workstation/xorg/files/intel.conf @@ -1,6 +1,5 @@ - -# disable tearscreen for Xenocara on OpenBSD # managed by Ansible +# disable tearscreen for Xenocara on OpenBSD Section "Device" Identifier "drm" diff --git a/roles/_workstation/xorg/tasks/main.yml b/roles/_workstation/xorg/tasks/main.yml new file mode 100644 index 0000000..f07daba --- /dev/null +++ b/roles/_workstation/xorg/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- name: install xorg and X11 packages + ansible.builtin.package: + name: + - xf86-input-synaptics + - xorg-apps + - xorg-server + - xorg-xinit + - xorg-xwayland + - xsecurelock + state: present + when: ansible_distribution in ["Archlinux"] + +- name: create Xorg configuration subdirectory + ansible.builtin.file: + path: "{{ xorg_configuration_dir }}" + owner: 0 + group: 0 + mode: 0644 + state: directory + +- name: copy xorg configuration + ansible.builtin.copy: + src: intel.conf + dest: "{{ xorg_configuration_dir }}/" + mode: 0644 + owner: 0 + group: 0 diff --git a/roles/_workstation/yay/defaults/main.yml b/roles/_workstation/yay/defaults/main.yml new file mode 100644 index 0000000..0c26b92 --- /dev/null +++ b/roles/_workstation/yay/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +yay_repository_url: https://aur.archlinux.org/yay-bin.git +yay_repository_local_dir: /tmp/yay +yay_workstation_user: null diff --git a/roles/_workstation/yay/tasks/main.yml b/roles/_workstation/yay/tasks/main.yml new file mode 100644 index 0000000..30f67f2 --- /dev/null +++ b/roles/_workstation/yay/tasks/main.yml @@ -0,0 +1,21 @@ +--- + +- name: clone yay repository + ansible.builtin.git: + repo: "{{ yay_repository_url }}" + dest: "{{ yay_repository_local_dir }}" + version: origin/master + become: true + become_user: "{{ yay_workstation_user }}" + +- name: make yay package # noqa: no-changed-when + ansible.builtin.command: + cmd: makepkg -fs + chdir: "{{ yay_repository_local_dir }}" + become: true + become_user: "{{ yay_workstation_user }}" + +- name: install yay package # noqa: no-changed-when + ansible.builtin.shell: + cmd: pacman --noconfirm -U *.zst + chdir: "{{ yay_repository_local_dir }}" diff --git a/roles/workstation/tasks/hosts.yml b/roles/workstation/tasks/hosts.yml deleted file mode 100644 index 7cc261a..0000000 --- a/roles/workstation/tasks/hosts.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: retrieve hosts file - ansible.builtin.get_url: - url: "{{ workstation_hosts_url }}" - dest: "{{ workstation_hosts_file }}" - mode: '0644' - owner: 0 - group: 0 diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml deleted file mode 100644 index 1c4c463..0000000 --- a/roles/workstation/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ -- name: include specific distribution variables - ansible.builtin.include_vars: "os_{{ ansible_distribution | lower }}.yml" - -- name: include packages - ansible.builtin.include_tasks: pkgs.yml - -- name: include operating system setup - ansible.builtin.include_tasks: "os_{{ ansible_distribution | lower }}.yml" - -- name: include shell setup - ansible.builtin.include_tasks: shell.yml - -- name: include doas setup - ansible.builtin.include_tasks: doas.yml - -- name: include smartcard setup - ansible.builtin.include_tasks: smartcard.yml - -- name: include ssh setup - ansible.builtin.include_tasks: - file: ssh.yml - args: - apply: - become: true - become_user: "{{ workstation_user }}" - -- name: include hosts setup - ansible.builtin.include_tasks: - file: hosts.yml diff --git a/roles/workstation/tasks/os_archlinux.yml b/roles/workstation/tasks/os_archlinux.yml deleted file mode 100644 index f45433a..0000000 --- a/roles/workstation/tasks/os_archlinux.yml +++ /dev/null @@ -1,35 +0,0 @@ -- name: include battery optimization - ansible.builtin.include_tasks: tlp.yml - when: ansible_form_factor in ["Laptop", "Notebook"] - -- name: include cronie setup - ansible.builtin.include_tasks: cronie.yml - -- name: include virtualization setup - ansible.builtin.include_tasks: libvirt.yml - -- name: include dockerd setup - ansible.builtin.include_tasks: dockerd.yml - -- name: include pipewire - ansible.builtin.include_tasks: pipewire.yml - -- name: retrieve installed packages - ansible.builtin.package_facts: - register: package_facts - -- name: include yay - ansible.builtin.include_tasks: yay.yml - when: - - "'yay' not in package_facts.ansible_facts.packages" - - "'yay-bin' not in package_facts.ansible_facts.packages" - -- name: append current user to system groups - ansible.builtin.user: - name: "{{ workstation_user }}" - groups: "{{ item }}" - append: true - loop: - - wheel - - video - - audio diff --git a/roles/workstation/tasks/os_openbsd.yml b/roles/workstation/tasks/os_openbsd.yml deleted file mode 100644 index 21f3bb1..0000000 --- a/roles/workstation/tasks/os_openbsd.yml +++ /dev/null @@ -1,72 +0,0 @@ -- name: ensure wsconsctl config file exists - ansible.builtin.file: - path: /etc/wsconsctl.conf - state: touch - owner: 0 - group: 0 - mode: 0644 - -- name: append configuration to wsconsctl - ansible.builtin.lineinfile: - path: /etc/wsconsctl.conf - regexp: "^{{ item[0] }}" - line: "{{ item[0] }}={{ item[1] }}" - create: true - owner: 0 - group: 0 - mode: 0644 - loop: - - [screen.brightness, 80] - - [keyboard.repeat.del1, 180] - - [keyboard.repeat.deln, 50] - - [keyboard.bell.volume, 0] - - [mouse.tp.tapping, 1] - -- name: ensure Xorg subdirectory for configuration exists - ansible.builtin.file: - path: /etc/X11/xorg.conf.d - owner: 0 - group: 0 - mode: 0644 - state: directory - -- name: generate system wide configurations - ansible.builtin.template: - src: "{{ item[0] }}" - dest: "{{ item[1] }}" - mode: preserve - loop: - - [xorg-intel.conf, /etc/X11/xorg.conf.d] - - [apm-hibernate, /etc/apm/hibernate] - - [apm-suspend, /etc/apm/suspend] - - [apm-resume, /etc/apm/resume] - -- name: ensure sysctl configuration file exists - ansible.builtin.file: - path: /etc/sysctl.conf - owner: root - mode: 0644 - -- name: ensure sysctl memory optimizations - ansible.builtin.blockinfile: - path: /etc/sysctl.conf - block: | - kern.shminfo.shmall=3145728 - kern.shminfo.shmmax=1073741823 - kern.shminfo.shmmni=1024 - kern.shminfo.shmseg=1024 - kern.seminfo.semmns=4096 - kern.seminfo.semmni=1024 - marker: "# memory {mark} - managed by Ansible" - -- name: ensure sysctl process optimizations - ansible.builtin.blockinfile: - path: /etc/sysctl.conf - block: | - kern.maxfiles=102400 - kern.maxproc=32768 - kern.maxfiles=65535 - kern.bufcachepercent=90 - kern.maxvnodes=262144 - kern.somaxconn=2048 - marker: "# process - {mark} managed by Ansible" diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml deleted file mode 100644 index 674ccc4..0000000 --- a/roles/workstation/tasks/pkgs.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: install distribution packages - ansible.builtin.package: - name: "{{ item }}" - state: present - loop: - - "{{ workstation_pkgs_common }}" - - "{{ workstation_pkgs }}" diff --git a/roles/workstation/tasks/shell.yml b/roles/workstation/tasks/shell.yml deleted file mode 100644 index dc11ca4..0000000 --- a/roles/workstation/tasks/shell.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: retrieve zsh path # noqa no-changed-when command-instead-of-shell - ansible.builtin.shell: command -v zsh - register: zsh_path - -- name: ensure zsh is used for workstation user - ansible.builtin.user: - name: "{{ workstation_user }}" - shell: "{{ zsh_path.stdout_lines[0] }}" diff --git a/roles/workstation/tasks/smartcard.yml b/roles/workstation/tasks/smartcard.yml deleted file mode 100644 index 926770a..0000000 --- a/roles/workstation/tasks/smartcard.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: start and enable pcscd service - ansible.builtin.service: - name: pcscd - state: started - enabled: true diff --git a/roles/workstation/tasks/ssh.yml b/roles/workstation/tasks/ssh.yml deleted file mode 100644 index d09c7f8..0000000 --- a/roles/workstation/tasks/ssh.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: create ssh directory - ansible.builtin.file: - path: "/home/{{ workstation_user }}/{{ item }}" - owner: "{{ workstation_user }}" - group: "{{ workstation_user }}" - state: directory - mode: 0700 - loop: - - .ssh - - .ssh/config.d - -- name: generate ssh configuration - ansible.builtin.template: - src: ssh.config.j2 - dest: "/home/{{ workstation_user }}/.ssh/config.d/dns.config" - owner: "{{ workstation_user }}" - group: "{{ workstation_user }}" - mode: 0600 diff --git a/roles/workstation/tasks/yay.yml b/roles/workstation/tasks/yay.yml deleted file mode 100644 index 8581bfd..0000000 --- a/roles/workstation/tasks/yay.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: clone yay repository - ansible.builtin.git: - repo: "{{ workstation_yay_repo }}" - dest: "{{ workstation_yay_dir }}" - version: origin/master - become: true - become_user: "{{ workstation_user }}" - -- name: make yay package # noqa: no-changed-when - # possible ambiguous replacement: command : ansible.builtin.command | community.ciscosmb.command | community.routeros.command - ansible.builtin.command: - cmd: makepkg -fs - chdir: "{{ workstation_yay_dir }}" - become: true - become_user: "{{ workstation_user }}" - -- name: install yay package # noqa: no-changed-when - ansible.builtin.shell: - cmd: pacman --noconfirm -U *.zst - chdir: "{{ workstation_yay_dir }}" diff --git a/roles/workstation/templates/ssh.config.j2 b/roles/workstation/templates/ssh.config.j2 deleted file mode 100644 index 2a3a903..0000000 --- a/roles/workstation/templates/ssh.config.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# managed by Ansible -{% import 'macros.j2' as macros with context %} - -{% call(h) macros.loop_valid_hosts("all") %} -{% set command = "pgrep wg && ! ping -c 1 -w 1 %s" % h.__ip.external %} -Match originalHost {{ h.inventory_hostname }} exec "{{ command }}" - HostName {{ h.__ip.internal }} -{% if h.ansible_port is defined %} - Port {{ h.ansible_port }} -{% endif %} -Match originalHost {{ h.inventory_hostname }} - HostName {{ h.__ip.external }} -{% if h.ansible_port is defined %} - Port {{ h.ansible_port }} -{% endif %} - -{% endcall %} diff --git a/site.workstation.yml b/site.workstation.yml index e9a3409..1e618c3 100644 --- a/site.workstation.yml +++ b/site.workstation.yml @@ -1,10 +1,65 @@ +--- + - hosts: localhost + vars: + _workstation_user: qwd + basegroups_workstation_user: "{{_workstation_user }}" + doas_workstation_user: "{{ _workstation_user }}" + dockerd_workstation_user: "{{ _workstation_user }}" + libvirt_workstation_user: "{{ _workstation_user }}" + pipewire_workstation_user: "{{ _workstation_user }}" + shell_workstation_user: "{{ _workstation_user }}" + yay_workstation_user: "{{ _workstation_user }}" + pre_tasks: - name: verify running as root ansible.builtin.fail: when: ansible_user_id != "root" tags: always + - name: retrieve installed packages + ansible.builtin.package_facts: + register: package_facts roles: - - role: workstation + - role: _workstation/basetools + when: ansible_distribution in ["Archlinux", "OpenBSD"] + - role: _workstation/basegroups + when: ansible_distribution in ["Archlinux"] + - role: _workstation/wscons + when: ansible_distribution in ["OpenBSD"] + + - role: _workstation/shell + - role: _workstation/hosts + - role: _workstation/doas + + - role: _workstation/yay + when: + - ansible_distribution in ["Archlinux"] + - "'yay' not in package_facts.ansible_facts.packages" + - "'yay-bin' not in package_facts.ansible_facts.packages" + + - role: _workstation/xorg + when: ansible_distribution in ["Archlinux", "OpenBSD"] + + - role: _workstation/smartcard + when: ansible_distribution in ["Archlinux", "OpenBSD"] + - role: _workstation/pipewire + when: ansible_distribution in ["Archlinux"] + - role: _workstation/cronie + when: ansible_distribution in ["Archlinux"] + - role: _workstation/libvirt + when: ansible_distribution in ["Archlinux"] + - role: _workstation/dockerd + when: ansible_distribution in ["Archlinux"] + - role: _workstation/resolv + when: ansible_distribution in ["Archlinux"] + + - role: _workstation/tlp + when: + - ansible_distribution in ["Archlinux"] + - ansible_form_factor in ["Laptop", "Notebook"] + - role: _workstation/apm + when: ansible_distribution in ["OpenBSD"] + - role: _workstation/kernel + when: ansible_distribution in ["OpenBSD"] |