aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2022-12-10 21:17:16 +0100
committerRomain Gonçalves <me@rgoncalves.se>2022-12-12 22:04:27 +0100
commit7c1f7039170a25f192d87235476179f7cfe01a85 (patch)
treefc8e77b7176fa730b30b20081e76f2527371e9a3
parent21fc0867dc42128434e5c46ca684d9a966184b8a (diff)
downloadrules-7c1f7039170a25f192d87235476179f7cfe01a85.tar.gz
chore: explode workstation role in subroles
-rw-r--r--[-rwxr-xr-x]roles/_workstation/apm/files/hibernate (renamed from roles/workstation/templates/apm-hibernate)1
-rw-r--r--[-rwxr-xr-x]roles/_workstation/apm/files/resume (renamed from roles/workstation/templates/apm-resume)1
-rw-r--r--[-rwxr-xr-x]roles/_workstation/apm/files/suspend (renamed from roles/workstation/templates/apm-suspend)1
-rw-r--r--roles/_workstation/apm/tasks/main.yml21
-rw-r--r--roles/_workstation/basegroups/defaults/main.yml3
-rw-r--r--roles/_workstation/basegroups/tasks/main.yml11
-rw-r--r--roles/_workstation/basetools/defaults/main.yml (renamed from roles/workstation/defaults/main.yml)14
-rw-r--r--roles/_workstation/basetools/tasks/main.yml13
-rw-r--r--roles/_workstation/basetools/vars/os_archlinux.yml (renamed from roles/workstation/vars/os_archlinux.yml)12
-rw-r--r--roles/_workstation/basetools/vars/os_openbsd.yml (renamed from roles/workstation/vars/os_openbsd.yml)6
-rw-r--r--roles/_workstation/cronie/tasks/main.yml (renamed from roles/workstation/tasks/cronie.yml)0
-rw-r--r--roles/_workstation/doas/defaults/main.yml4
-rw-r--r--roles/_workstation/doas/tasks/main.yml (renamed from roles/workstation/tasks/doas.yml)12
-rw-r--r--roles/_workstation/dockerd/defaults/main.yml5
-rw-r--r--roles/_workstation/dockerd/files/daemon.json (renamed from roles/workstation/templates/docker-daemon.json.j2)0
-rw-r--r--roles/_workstation/dockerd/tasks/main.yml (renamed from roles/workstation/tasks/dockerd.yml)12
-rw-r--r--roles/_workstation/hosts/defaults/main.yml5
-rw-r--r--roles/_workstation/hosts/tasks/main.yml9
-rw-r--r--roles/_workstation/kernel/defaults/main.yml3
-rw-r--r--roles/_workstation/kernel/tasks/main.yml34
-rw-r--r--roles/_workstation/libvirt/defaults/main.yml3
-rw-r--r--roles/_workstation/libvirt/tasks/main.yml (renamed from roles/workstation/tasks/libvirt.yml)7
-rw-r--r--roles/_workstation/pipewire/defaults/main.yml3
-rw-r--r--roles/_workstation/pipewire/tasks/main.yml (renamed from roles/workstation/tasks/pipewire.yml)4
-rw-r--r--roles/_workstation/resolv/defaults/main.yml9
-rw-r--r--roles/_workstation/resolv/tasks/main.yml10
-rw-r--r--roles/_workstation/shell/defaults/main.yml3
-rw-r--r--roles/_workstation/shell/tasks/main.yml15
-rw-r--r--roles/_workstation/smartcard/defaults/main.yml3
-rw-r--r--roles/_workstation/smartcard/tasks/main.yml16
-rw-r--r--roles/_workstation/smartcard/vars/os_archlinux.yml6
-rw-r--r--roles/_workstation/smartcard/vars/os_openbsd.yml5
-rw-r--r--roles/_workstation/tlp/tasks/main.yml (renamed from roles/workstation/tasks/tlp.yml)2
-rw-r--r--roles/_workstation/wscons/defaults/main.yml3
-rw-r--r--roles/_workstation/wscons/tasks/main.yml17
-rw-r--r--roles/_workstation/xorg/defaults/main.yml3
-rw-r--r--roles/_workstation/xorg/files/intel.conf (renamed from roles/workstation/templates/xorg-intel.conf)3
-rw-r--r--roles/_workstation/xorg/tasks/main.yml29
-rw-r--r--roles/_workstation/yay/defaults/main.yml5
-rw-r--r--roles/_workstation/yay/tasks/main.yml21
-rw-r--r--roles/workstation/tasks/hosts.yml7
-rw-r--r--roles/workstation/tasks/main.yml29
-rw-r--r--roles/workstation/tasks/os_archlinux.yml35
-rw-r--r--roles/workstation/tasks/os_openbsd.yml72
-rw-r--r--roles/workstation/tasks/pkgs.yml7
-rw-r--r--roles/workstation/tasks/shell.yml8
-rw-r--r--roles/workstation/tasks/smartcard.yml5
-rw-r--r--roles/workstation/tasks/ssh.yml18
-rw-r--r--roles/workstation/tasks/yay.yml20
-rw-r--r--roles/workstation/templates/ssh.config.j217
-rw-r--r--site.workstation.yml57
51 files changed, 350 insertions, 259 deletions
diff --git a/roles/workstation/templates/apm-hibernate b/roles/_workstation/apm/files/hibernate
index ef90fed..c625aee 100755..100644
--- a/roles/workstation/templates/apm-hibernate
+++ b/roles/_workstation/apm/files/hibernate
@@ -1,4 +1,5 @@
#!/bin/sh
+# Managed by Ansible
set -x -e
diff --git a/roles/workstation/templates/apm-resume b/roles/_workstation/apm/files/resume
index 18397b4..686f7e1 100755..100644
--- a/roles/workstation/templates/apm-resume
+++ b/roles/_workstation/apm/files/resume
@@ -1,4 +1,5 @@
#!/bin/sh
+# Managed by Ansible
set -x -e
diff --git a/roles/workstation/templates/apm-suspend b/roles/_workstation/apm/files/suspend
index ef90fed..c625aee 100755..100644
--- a/roles/workstation/templates/apm-suspend
+++ b/roles/_workstation/apm/files/suspend
@@ -1,4 +1,5 @@
#!/bin/sh
+# Managed by Ansible
set -x -e
diff --git a/roles/_workstation/apm/tasks/main.yml b/roles/_workstation/apm/tasks/main.yml
new file mode 100644
index 0000000..72c5d2a
--- /dev/null
+++ b/roles/_workstation/apm/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: create apm configuration directory
+ ansible.builtin.file:
+ path: "{{ apm_configuration_dir }}"
+ state: directory
+ owner: 0
+ group: 0
+ mode: 0755
+
+- name: copy apm configurations
+ ansible.builtin.copy:
+ src: "{{ item }}"
+ dest: "{{ apm_configuration_dir }}/{{ item }}"
+ mode: 0755
+ owner: 0
+ group: 0
+ loop:
+ - hibernate
+ - suspend
+ - resume
diff --git a/roles/_workstation/basegroups/defaults/main.yml b/roles/_workstation/basegroups/defaults/main.yml
new file mode 100644
index 0000000..40644c5
--- /dev/null
+++ b/roles/_workstation/basegroups/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+basegroups_workstation_user: null
diff --git a/roles/_workstation/basegroups/tasks/main.yml b/roles/_workstation/basegroups/tasks/main.yml
new file mode 100644
index 0000000..a52899e
--- /dev/null
+++ b/roles/_workstation/basegroups/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+
+- name: append current user to system groups
+ ansible.builtin.user:
+ name: "{{ basegroups_workstation_user }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - wheel
+ - video
+ - audio
diff --git a/roles/workstation/defaults/main.yml b/roles/_workstation/basetools/defaults/main.yml
index 3707288..740a870 100644
--- a/roles/workstation/defaults/main.yml
+++ b/roles/_workstation/basetools/defaults/main.yml
@@ -1,15 +1,7 @@
-workstation_user: qwd
+---
-workstation_docker_group: docker
-
-workstation_hosts_file: /etc/hosts
-workstation_hosts_url: http://sbc.io/hosts/alternates/fakenews-gambling-porn/hosts
-
-workstation_yay_repo: https://aur.archlinux.org/yay-bin.git
-workstation_yay_dir: /tmp/yay
-
-workstation_pkgs: []
-workstation_pkgs_common:
+basetools_distribution_packages: []
+basetools_common_packages:
- ansible
- ansible-lint
- calcurse
diff --git a/roles/_workstation/basetools/tasks/main.yml b/roles/_workstation/basetools/tasks/main.yml
new file mode 100644
index 0000000..f53d213
--- /dev/null
+++ b/roles/_workstation/basetools/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: include per-os vars
+ ansible.builtin.include_vars:
+ file: "os_{{ ansible_distribution | lower }}.yml"
+
+- name: install distribution packages
+ ansible.builtin.package:
+ name: "{{ item }}"
+ state: present
+ loop:
+ - "{{ basetools_common_packages }}"
+ - "{{ basetools_distribution_packages }}"
diff --git a/roles/workstation/vars/os_archlinux.yml b/roles/_workstation/basetools/vars/os_archlinux.yml
index 5c19257..e98db93 100644
--- a/roles/workstation/vars/os_archlinux.yml
+++ b/roles/_workstation/basetools/vars/os_archlinux.yml
@@ -1,4 +1,6 @@
-workstation_pkgs:
+---
+
+basetools_distribution_packages:
- acpi
- alsa-tools
- base-devel
@@ -27,7 +29,6 @@ workstation_pkgs:
- opendoas
- pamixer
- pavucontrol
- - pcsc-tools
- pdfjs-legacy
- postgresql
- pyenv
@@ -53,15 +54,8 @@ workstation_pkgs:
- vi
- wireguard-tools
- wireplumber
- - xf86-input-synaptics
- - xorg-apps
- - xorg-server
- - xorg-xinit
- - xorg-xwayland
- - xsecurelock
- yadm
- yarn
- yt-dlp
- - yubikey-manager
- zathura-pdf-mupdf
- zk
diff --git a/roles/workstation/vars/os_openbsd.yml b/roles/_workstation/basetools/vars/os_openbsd.yml
index da3d206..e8623c5 100644
--- a/roles/workstation/vars/os_openbsd.yml
+++ b/roles/_workstation/basetools/vars/os_openbsd.yml
@@ -1,9 +1,9 @@
-workstation_pkgs:
+---
+
+basetools_distribution_packages:
- docker-cli
- gomuks
- mozilla-firefox
- - pcsc-lite
- - pcsc-tools
- py-httpie
- py3-neovim
- py3-netaddr
diff --git a/roles/workstation/tasks/cronie.yml b/roles/_workstation/cronie/tasks/main.yml
index faa1095..faa1095 100644
--- a/roles/workstation/tasks/cronie.yml
+++ b/roles/_workstation/cronie/tasks/main.yml
diff --git a/roles/_workstation/doas/defaults/main.yml b/roles/_workstation/doas/defaults/main.yml
new file mode 100644
index 0000000..9585cd1
--- /dev/null
+++ b/roles/_workstation/doas/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+doas_workstation_user: null
+doas_configuration_file: /etc/doas.conf
diff --git a/roles/workstation/tasks/doas.yml b/roles/_workstation/doas/tasks/main.yml
index e47fa35..e65a510 100644
--- a/roles/workstation/tasks/doas.yml
+++ b/roles/_workstation/doas/tasks/main.yml
@@ -1,8 +1,8 @@
- name: generate doas configuration
ansible.builtin.lineinfile:
- path: /etc/doas.conf
- regexp: "^permit persist keepenv {{ workstation_user }} as root"
- line: "permit persist keepenv {{ workstation_user }} as root"
+ path: "{{ doas_configuration_file }}"
+ regexp: "^permit persist keepenv {{ doas_workstation_user }} as root"
+ line: "permit persist keepenv {{ doas_workstation_user }} as root"
create: true
mode: 0644
owner: 0
@@ -10,9 +10,9 @@
- name: allow reboot/shutdown/hibernate with doas
ansible.builtin.lineinfile:
- path: /etc/doas.conf
- regexp: "^permit nopass {{ workstation_user }} as root cmd {{ item }}"
- line: "permit nopass {{ workstation_user }} as root cmd {{ item }}"
+ path: "{{ doas_configuration_file }}"
+ regexp: "^permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
+ line: "permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
loop:
- ZZZ
- mount
diff --git a/roles/_workstation/dockerd/defaults/main.yml b/roles/_workstation/dockerd/defaults/main.yml
new file mode 100644
index 0000000..d9ac1e8
--- /dev/null
+++ b/roles/_workstation/dockerd/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+dockerd_workstation_user: null
+dockerd_group: docker
+dockerd_configuration_dir: /etc/docker
diff --git a/roles/workstation/templates/docker-daemon.json.j2 b/roles/_workstation/dockerd/files/daemon.json
index 2952d24..2952d24 100644
--- a/roles/workstation/templates/docker-daemon.json.j2
+++ b/roles/_workstation/dockerd/files/daemon.json
diff --git a/roles/workstation/tasks/dockerd.yml b/roles/_workstation/dockerd/tasks/main.yml
index c0dfd33..76d70d6 100644
--- a/roles/workstation/tasks/dockerd.yml
+++ b/roles/_workstation/dockerd/tasks/main.yml
@@ -7,22 +7,22 @@
- name: append current user to docker group
ansible.builtin.user:
- name: "{{ workstation_user }}"
- groups: "{{ workstation_docker_group }}"
+ name: "{{ dockerd_workstation_user }}"
+ groups: "{{ dockerd_group }}"
append: true
- name: create docker directory
ansible.builtin.file:
- path: /etc/docker
+ path: "{{ dockerd_configuration_dir }}"
state: directory
owner: 0
group: 0
mode: 0755
- name: configure default network for docker containers
- ansible.builtin.template:
- src: docker-daemon.json.j2
- dest: /etc/docker/daemon.json
+ ansible.builtin.copy:
+ src: daemon.json
+ dest: "{{ dockerd_configuration_dir }}/daemon.json"
owner: 0
group: 0
mode: 0600
diff --git a/roles/_workstation/hosts/defaults/main.yml b/roles/_workstation/hosts/defaults/main.yml
new file mode 100644
index 0000000..64ae72d
--- /dev/null
+++ b/roles/_workstation/hosts/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+hosts_file: /etc/hosts
+hosts_url: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts
+# hosts_url: http://sbc.io/hosts/alternates/fakenews-gambling-porn/hosts
diff --git a/roles/_workstation/hosts/tasks/main.yml b/roles/_workstation/hosts/tasks/main.yml
new file mode 100644
index 0000000..20e247e
--- /dev/null
+++ b/roles/_workstation/hosts/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+
+- name: retrieve hosts file
+ ansible.builtin.get_url:
+ url: "{{ hosts_url }}"
+ dest: "{{ hosts_file }}"
+ mode: 0644
+ owner: 0
+ group: 0
diff --git a/roles/_workstation/kernel/defaults/main.yml b/roles/_workstation/kernel/defaults/main.yml
new file mode 100644
index 0000000..6ef2ad2
--- /dev/null
+++ b/roles/_workstation/kernel/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+kernel_sysctl_configuration_file: /etc/sysctl.conf
diff --git a/roles/_workstation/kernel/tasks/main.yml b/roles/_workstation/kernel/tasks/main.yml
new file mode 100644
index 0000000..3dc1e60
--- /dev/null
+++ b/roles/_workstation/kernel/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+
+- name: create sysctl configuration file
+ ansible.builtin.file:
+ path: "{{ kernel_sysctl_configuration_file }}"
+ owner: 0
+ group: 0
+ mode: 0644
+
+- name: apply memory optimizations
+ ansible.builtin.blockinfile:
+ path: "{{ kernel_sysctl_configuration_file }}"
+ block: |
+ kern.shminfo.shmall=3145728
+ kern.shminfo.shmmax=1073741823
+ kern.shminfo.shmmni=1024
+ kern.shminfo.shmseg=1024
+ kern.seminfo.semmns=4096
+ kern.seminfo.semmni=1024
+ marker_begin: "memory - BEGIN"
+ marker_end: "memory - END"
+
+- name: apply process optimizations
+ ansible.builtin.blockinfile:
+ path: "{{ kernel_sysctl_configuration_file }}"
+ block: |
+ kern.maxfiles=102400
+ kern.maxproc=32768
+ kern.maxfiles=65535
+ kern.bufcachepercent=90
+ kern.maxvnodes=262144
+ kern.somaxconn=2048
+ marker_begin: "process - BEGIN"
+ marker_end: "process - END"
diff --git a/roles/_workstation/libvirt/defaults/main.yml b/roles/_workstation/libvirt/defaults/main.yml
new file mode 100644
index 0000000..0eae412
--- /dev/null
+++ b/roles/_workstation/libvirt/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+libvirt_workstation_user: null
diff --git a/roles/workstation/tasks/libvirt.yml b/roles/_workstation/libvirt/tasks/main.yml
index 554f800..91b74a2 100644
--- a/roles/workstation/tasks/libvirt.yml
+++ b/roles/_workstation/libvirt/tasks/main.yml
@@ -1,5 +1,8 @@
+---
+
- name: install iptables-nft
- ansible.builtin.shell: yes | pacman --noprogressbar --needed --sync iptables-nft
+ ansible.builtin.shell: yes
+ | pacman --noprogressbar --needed --sync iptables-nft
when: ansible_distribution == "Archlinux"
- name: install libvirt
@@ -13,7 +16,7 @@
- name: append current user to virt groups
ansible.builtin.user:
- name: "{{ workstation_user }}"
+ name: "{{ libvirt_workstation_user }}"
groups: "{{ item }}"
append: true
loop:
diff --git a/roles/_workstation/pipewire/defaults/main.yml b/roles/_workstation/pipewire/defaults/main.yml
new file mode 100644
index 0000000..ab0e912
--- /dev/null
+++ b/roles/_workstation/pipewire/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+pipewire_workstation_user: null
diff --git a/roles/workstation/tasks/pipewire.yml b/roles/_workstation/pipewire/tasks/main.yml
index 1fc83a9..6465e18 100644
--- a/roles/workstation/tasks/pipewire.yml
+++ b/roles/_workstation/pipewire/tasks/main.yml
@@ -1,3 +1,5 @@
+---
+
- name: install pipewire
ansible.builtin.package:
name:
@@ -15,7 +17,7 @@
state: started
become: true
become_method: su
- become_user: "{{ workstation_user }}"
+ become_user: "{{ pipewire_workstation_user }}"
loop:
- pipewire
- pipewire-pulse
diff --git a/roles/_workstation/resolv/defaults/main.yml b/roles/_workstation/resolv/defaults/main.yml
new file mode 100644
index 0000000..72733be
--- /dev/null
+++ b/roles/_workstation/resolv/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+
+resolv_configuration_file: /etc/resolv.conf
+
+resolv_dns_servers:
+ - ip: 1.1.1.1
+ file: "{{ resolv_configuration_file }}.head"
+ - ip: 8.8.8.8
+ file: "{{ resolv_configuration_file }}.tail"
diff --git a/roles/_workstation/resolv/tasks/main.yml b/roles/_workstation/resolv/tasks/main.yml
new file mode 100644
index 0000000..41d3216
--- /dev/null
+++ b/roles/_workstation/resolv/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: generate configuration files
+ ansible.builtin.copy:
+ content: "nameserver {{ item.ip }}\n"
+ dest: "{{ item.file }}"
+ mode: "0644"
+ owner: 0
+ group: 0
+ loop: "{{ resolv_dns_servers }}"
diff --git a/roles/_workstation/shell/defaults/main.yml b/roles/_workstation/shell/defaults/main.yml
new file mode 100644
index 0000000..9863165
--- /dev/null
+++ b/roles/_workstation/shell/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+shell_workstation_user: null
diff --git a/roles/_workstation/shell/tasks/main.yml b/roles/_workstation/shell/tasks/main.yml
new file mode 100644
index 0000000..66191e5
--- /dev/null
+++ b/roles/_workstation/shell/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- name: install zsh
+ ansible.builtin.package:
+ name: zsh
+ state: present
+
+- name: retrieve zsh path # noqa no-changed-when command-instead-of-shell
+ ansible.builtin.shell: command -v zsh
+ register: shell_zsh_path
+
+- name: ensure zsh is used for workstation user
+ ansible.builtin.user:
+ name: "{{ shell_workstation_user }}"
+ shell: "{{ shell_zsh_path.stdout_lines[0] }}"
diff --git a/roles/_workstation/smartcard/defaults/main.yml b/roles/_workstation/smartcard/defaults/main.yml
new file mode 100644
index 0000000..013489e
--- /dev/null
+++ b/roles/_workstation/smartcard/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+smartcard_packages: null
diff --git a/roles/_workstation/smartcard/tasks/main.yml b/roles/_workstation/smartcard/tasks/main.yml
new file mode 100644
index 0000000..7e85436
--- /dev/null
+++ b/roles/_workstation/smartcard/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+
+- name: include per-os vars
+ ansible.builtin.include_vars:
+ file: "os_{{ ansible_distribution | lower }}.yml"
+
+- name: install pcsc package
+ ansible.builtin.package:
+ name: "{{ smartcard_packages }}"
+ state: present
+
+- name: start and enable pcscd service
+ ansible.builtin.service:
+ name: pcscd
+ state: started
+ enabled: true
diff --git a/roles/_workstation/smartcard/vars/os_archlinux.yml b/roles/_workstation/smartcard/vars/os_archlinux.yml
new file mode 100644
index 0000000..2f121b6
--- /dev/null
+++ b/roles/_workstation/smartcard/vars/os_archlinux.yml
@@ -0,0 +1,6 @@
+---
+
+smartcard_packages:
+ - pcsclite
+ - pcsc-tools
+ - yubikey-manager
diff --git a/roles/_workstation/smartcard/vars/os_openbsd.yml b/roles/_workstation/smartcard/vars/os_openbsd.yml
new file mode 100644
index 0000000..de37248
--- /dev/null
+++ b/roles/_workstation/smartcard/vars/os_openbsd.yml
@@ -0,0 +1,5 @@
+---
+
+smartcard_packages:
+ - pcsc-lite
+ - pcsc-tools
diff --git a/roles/workstation/tasks/tlp.yml b/roles/_workstation/tlp/tasks/main.yml
index 4782741..60b2fc0 100644
--- a/roles/workstation/tasks/tlp.yml
+++ b/roles/_workstation/tlp/tasks/main.yml
@@ -1,3 +1,5 @@
+---
+
- name: install tlp
ansible.builtin.package:
name: tlp
diff --git a/roles/_workstation/wscons/defaults/main.yml b/roles/_workstation/wscons/defaults/main.yml
new file mode 100644
index 0000000..04f1b30
--- /dev/null
+++ b/roles/_workstation/wscons/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+wscons_configuration_file: /etc/wsconsctl.conf
diff --git a/roles/_workstation/wscons/tasks/main.yml b/roles/_workstation/wscons/tasks/main.yml
new file mode 100644
index 0000000..e07b7fa
--- /dev/null
+++ b/roles/_workstation/wscons/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+
+- name: append configuration to wsconsctl
+ ansible.builtin.lineinfile:
+ path: "{{ wscons_configuration_file }}"
+ regexp: "^{{ item[0] }}"
+ line: "{{ item[0] }}={{ item[1] }}"
+ create: true
+ owner: 0
+ group: 0
+ mode: 0644
+ loop:
+ - [screen.brightness, 80]
+ - [keyboard.repeat.del1, 180]
+ - [keyboard.repeat.deln, 50]
+ - [keyboard.bell.volume, 0]
+ - [mouse.tp.tapping, 1]
diff --git a/roles/_workstation/xorg/defaults/main.yml b/roles/_workstation/xorg/defaults/main.yml
new file mode 100644
index 0000000..0378393
--- /dev/null
+++ b/roles/_workstation/xorg/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+xorg_configuration_dir: /etc/X11/xorg.conf.d
diff --git a/roles/workstation/templates/xorg-intel.conf b/roles/_workstation/xorg/files/intel.conf
index 5d73c65..bb2f490 100644
--- a/roles/workstation/templates/xorg-intel.conf
+++ b/roles/_workstation/xorg/files/intel.conf
@@ -1,6 +1,5 @@
-
-# disable tearscreen for Xenocara on OpenBSD
# managed by Ansible
+# disable tearscreen for Xenocara on OpenBSD
Section "Device"
Identifier "drm"
diff --git a/roles/_workstation/xorg/tasks/main.yml b/roles/_workstation/xorg/tasks/main.yml
new file mode 100644
index 0000000..f07daba
--- /dev/null
+++ b/roles/_workstation/xorg/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- name: install xorg and X11 packages
+ ansible.builtin.package:
+ name:
+ - xf86-input-synaptics
+ - xorg-apps
+ - xorg-server
+ - xorg-xinit
+ - xorg-xwayland
+ - xsecurelock
+ state: present
+ when: ansible_distribution in ["Archlinux"]
+
+- name: create Xorg configuration subdirectory
+ ansible.builtin.file:
+ path: "{{ xorg_configuration_dir }}"
+ owner: 0
+ group: 0
+ mode: 0644
+ state: directory
+
+- name: copy xorg configuration
+ ansible.builtin.copy:
+ src: intel.conf
+ dest: "{{ xorg_configuration_dir }}/"
+ mode: 0644
+ owner: 0
+ group: 0
diff --git a/roles/_workstation/yay/defaults/main.yml b/roles/_workstation/yay/defaults/main.yml
new file mode 100644
index 0000000..0c26b92
--- /dev/null
+++ b/roles/_workstation/yay/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+yay_repository_url: https://aur.archlinux.org/yay-bin.git
+yay_repository_local_dir: /tmp/yay
+yay_workstation_user: null
diff --git a/roles/_workstation/yay/tasks/main.yml b/roles/_workstation/yay/tasks/main.yml
new file mode 100644
index 0000000..30f67f2
--- /dev/null
+++ b/roles/_workstation/yay/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: clone yay repository
+ ansible.builtin.git:
+ repo: "{{ yay_repository_url }}"
+ dest: "{{ yay_repository_local_dir }}"
+ version: origin/master
+ become: true
+ become_user: "{{ yay_workstation_user }}"
+
+- name: make yay package # noqa: no-changed-when
+ ansible.builtin.command:
+ cmd: makepkg -fs
+ chdir: "{{ yay_repository_local_dir }}"
+ become: true
+ become_user: "{{ yay_workstation_user }}"
+
+- name: install yay package # noqa: no-changed-when
+ ansible.builtin.shell:
+ cmd: pacman --noconfirm -U *.zst
+ chdir: "{{ yay_repository_local_dir }}"
diff --git a/roles/workstation/tasks/hosts.yml b/roles/workstation/tasks/hosts.yml
deleted file mode 100644
index 7cc261a..0000000
--- a/roles/workstation/tasks/hosts.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-- name: retrieve hosts file
- ansible.builtin.get_url:
- url: "{{ workstation_hosts_url }}"
- dest: "{{ workstation_hosts_file }}"
- mode: '0644'
- owner: 0
- group: 0
diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
deleted file mode 100644
index 1c4c463..0000000
--- a/roles/workstation/tasks/main.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-- name: include specific distribution variables
- ansible.builtin.include_vars: "os_{{ ansible_distribution | lower }}.yml"
-
-- name: include packages
- ansible.builtin.include_tasks: pkgs.yml
-
-- name: include operating system setup
- ansible.builtin.include_tasks: "os_{{ ansible_distribution | lower }}.yml"
-
-- name: include shell setup
- ansible.builtin.include_tasks: shell.yml
-
-- name: include doas setup
- ansible.builtin.include_tasks: doas.yml
-
-- name: include smartcard setup
- ansible.builtin.include_tasks: smartcard.yml
-
-- name: include ssh setup
- ansible.builtin.include_tasks:
- file: ssh.yml
- args:
- apply:
- become: true
- become_user: "{{ workstation_user }}"
-
-- name: include hosts setup
- ansible.builtin.include_tasks:
- file: hosts.yml
diff --git a/roles/workstation/tasks/os_archlinux.yml b/roles/workstation/tasks/os_archlinux.yml
deleted file mode 100644
index f45433a..0000000
--- a/roles/workstation/tasks/os_archlinux.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-- name: include battery optimization
- ansible.builtin.include_tasks: tlp.yml
- when: ansible_form_factor in ["Laptop", "Notebook"]
-
-- name: include cronie setup
- ansible.builtin.include_tasks: cronie.yml
-
-- name: include virtualization setup
- ansible.builtin.include_tasks: libvirt.yml
-
-- name: include dockerd setup
- ansible.builtin.include_tasks: dockerd.yml
-
-- name: include pipewire
- ansible.builtin.include_tasks: pipewire.yml
-
-- name: retrieve installed packages
- ansible.builtin.package_facts:
- register: package_facts
-
-- name: include yay
- ansible.builtin.include_tasks: yay.yml
- when:
- - "'yay' not in package_facts.ansible_facts.packages"
- - "'yay-bin' not in package_facts.ansible_facts.packages"
-
-- name: append current user to system groups
- ansible.builtin.user:
- name: "{{ workstation_user }}"
- groups: "{{ item }}"
- append: true
- loop:
- - wheel
- - video
- - audio
diff --git a/roles/workstation/tasks/os_openbsd.yml b/roles/workstation/tasks/os_openbsd.yml
deleted file mode 100644
index 21f3bb1..0000000
--- a/roles/workstation/tasks/os_openbsd.yml
+++ /dev/null
@@ -1,72 +0,0 @@
-- name: ensure wsconsctl config file exists
- ansible.builtin.file:
- path: /etc/wsconsctl.conf
- state: touch
- owner: 0
- group: 0
- mode: 0644
-
-- name: append configuration to wsconsctl
- ansible.builtin.lineinfile:
- path: /etc/wsconsctl.conf
- regexp: "^{{ item[0] }}"
- line: "{{ item[0] }}={{ item[1] }}"
- create: true
- owner: 0
- group: 0
- mode: 0644
- loop:
- - [screen.brightness, 80]
- - [keyboard.repeat.del1, 180]
- - [keyboard.repeat.deln, 50]
- - [keyboard.bell.volume, 0]
- - [mouse.tp.tapping, 1]
-
-- name: ensure Xorg subdirectory for configuration exists
- ansible.builtin.file:
- path: /etc/X11/xorg.conf.d
- owner: 0
- group: 0
- mode: 0644
- state: directory
-
-- name: generate system wide configurations
- ansible.builtin.template:
- src: "{{ item[0] }}"
- dest: "{{ item[1] }}"
- mode: preserve
- loop:
- - [xorg-intel.conf, /etc/X11/xorg.conf.d]
- - [apm-hibernate, /etc/apm/hibernate]
- - [apm-suspend, /etc/apm/suspend]
- - [apm-resume, /etc/apm/resume]
-
-- name: ensure sysctl configuration file exists
- ansible.builtin.file:
- path: /etc/sysctl.conf
- owner: root
- mode: 0644
-
-- name: ensure sysctl memory optimizations
- ansible.builtin.blockinfile:
- path: /etc/sysctl.conf
- block: |
- kern.shminfo.shmall=3145728
- kern.shminfo.shmmax=1073741823
- kern.shminfo.shmmni=1024
- kern.shminfo.shmseg=1024
- kern.seminfo.semmns=4096
- kern.seminfo.semmni=1024
- marker: "# memory {mark} - managed by Ansible"
-
-- name: ensure sysctl process optimizations
- ansible.builtin.blockinfile:
- path: /etc/sysctl.conf
- block: |
- kern.maxfiles=102400
- kern.maxproc=32768
- kern.maxfiles=65535
- kern.bufcachepercent=90
- kern.maxvnodes=262144
- kern.somaxconn=2048
- marker: "# process - {mark} managed by Ansible"
diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml
deleted file mode 100644
index 674ccc4..0000000
--- a/roles/workstation/tasks/pkgs.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-- name: install distribution packages
- ansible.builtin.package:
- name: "{{ item }}"
- state: present
- loop:
- - "{{ workstation_pkgs_common }}"
- - "{{ workstation_pkgs }}"
diff --git a/roles/workstation/tasks/shell.yml b/roles/workstation/tasks/shell.yml
deleted file mode 100644
index dc11ca4..0000000
--- a/roles/workstation/tasks/shell.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- name: retrieve zsh path # noqa no-changed-when command-instead-of-shell
- ansible.builtin.shell: command -v zsh
- register: zsh_path
-
-- name: ensure zsh is used for workstation user
- ansible.builtin.user:
- name: "{{ workstation_user }}"
- shell: "{{ zsh_path.stdout_lines[0] }}"
diff --git a/roles/workstation/tasks/smartcard.yml b/roles/workstation/tasks/smartcard.yml
deleted file mode 100644
index 926770a..0000000
--- a/roles/workstation/tasks/smartcard.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: start and enable pcscd service
- ansible.builtin.service:
- name: pcscd
- state: started
- enabled: true
diff --git a/roles/workstation/tasks/ssh.yml b/roles/workstation/tasks/ssh.yml
deleted file mode 100644
index d09c7f8..0000000
--- a/roles/workstation/tasks/ssh.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-- name: create ssh directory
- ansible.builtin.file:
- path: "/home/{{ workstation_user }}/{{ item }}"
- owner: "{{ workstation_user }}"
- group: "{{ workstation_user }}"
- state: directory
- mode: 0700
- loop:
- - .ssh
- - .ssh/config.d
-
-- name: generate ssh configuration
- ansible.builtin.template:
- src: ssh.config.j2
- dest: "/home/{{ workstation_user }}/.ssh/config.d/dns.config"
- owner: "{{ workstation_user }}"
- group: "{{ workstation_user }}"
- mode: 0600
diff --git a/roles/workstation/tasks/yay.yml b/roles/workstation/tasks/yay.yml
deleted file mode 100644
index 8581bfd..0000000
--- a/roles/workstation/tasks/yay.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-- name: clone yay repository
- ansible.builtin.git:
- repo: "{{ workstation_yay_repo }}"
- dest: "{{ workstation_yay_dir }}"
- version: origin/master
- become: true
- become_user: "{{ workstation_user }}"
-
-- name: make yay package # noqa: no-changed-when
- # possible ambiguous replacement: command : ansible.builtin.command | community.ciscosmb.command | community.routeros.command
- ansible.builtin.command:
- cmd: makepkg -fs
- chdir: "{{ workstation_yay_dir }}"
- become: true
- become_user: "{{ workstation_user }}"
-
-- name: install yay package # noqa: no-changed-when
- ansible.builtin.shell:
- cmd: pacman --noconfirm -U *.zst
- chdir: "{{ workstation_yay_dir }}"
diff --git a/roles/workstation/templates/ssh.config.j2 b/roles/workstation/templates/ssh.config.j2
deleted file mode 100644
index 2a3a903..0000000
--- a/roles/workstation/templates/ssh.config.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-# managed by Ansible
-{% import 'macros.j2' as macros with context %}
-
-{% call(h) macros.loop_valid_hosts("all") %}
-{% set command = "pgrep wg && ! ping -c 1 -w 1 %s" % h.__ip.external %}
-Match originalHost {{ h.inventory_hostname }} exec "{{ command }}"
- HostName {{ h.__ip.internal }}
-{% if h.ansible_port is defined %}
- Port {{ h.ansible_port }}
-{% endif %}
-Match originalHost {{ h.inventory_hostname }}
- HostName {{ h.__ip.external }}
-{% if h.ansible_port is defined %}
- Port {{ h.ansible_port }}
-{% endif %}
-
-{% endcall %}
diff --git a/site.workstation.yml b/site.workstation.yml
index e9a3409..1e618c3 100644
--- a/site.workstation.yml
+++ b/site.workstation.yml
@@ -1,10 +1,65 @@
+---
+
- hosts: localhost
+ vars:
+ _workstation_user: qwd
+ basegroups_workstation_user: "{{_workstation_user }}"
+ doas_workstation_user: "{{ _workstation_user }}"
+ dockerd_workstation_user: "{{ _workstation_user }}"
+ libvirt_workstation_user: "{{ _workstation_user }}"
+ pipewire_workstation_user: "{{ _workstation_user }}"
+ shell_workstation_user: "{{ _workstation_user }}"
+ yay_workstation_user: "{{ _workstation_user }}"
+
pre_tasks:
- name: verify running as root
ansible.builtin.fail:
when: ansible_user_id != "root"
tags: always
+ - name: retrieve installed packages
+ ansible.builtin.package_facts:
+ register: package_facts
roles:
- - role: workstation
+ - role: _workstation/basetools
+ when: ansible_distribution in ["Archlinux", "OpenBSD"]
+ - role: _workstation/basegroups
+ when: ansible_distribution in ["Archlinux"]
+ - role: _workstation/wscons
+ when: ansible_distribution in ["OpenBSD"]
+
+ - role: _workstation/shell
+ - role: _workstation/hosts
+ - role: _workstation/doas
+
+ - role: _workstation/yay
+ when:
+ - ansible_distribution in ["Archlinux"]
+ - "'yay' not in package_facts.ansible_facts.packages"
+ - "'yay-bin' not in package_facts.ansible_facts.packages"
+
+ - role: _workstation/xorg
+ when: ansible_distribution in ["Archlinux", "OpenBSD"]
+
+ - role: _workstation/smartcard
+ when: ansible_distribution in ["Archlinux", "OpenBSD"]
+ - role: _workstation/pipewire
+ when: ansible_distribution in ["Archlinux"]
+ - role: _workstation/cronie
+ when: ansible_distribution in ["Archlinux"]
+ - role: _workstation/libvirt
+ when: ansible_distribution in ["Archlinux"]
+ - role: _workstation/dockerd
+ when: ansible_distribution in ["Archlinux"]
+ - role: _workstation/resolv
+ when: ansible_distribution in ["Archlinux"]
+
+ - role: _workstation/tlp
+ when:
+ - ansible_distribution in ["Archlinux"]
+ - ansible_form_factor in ["Laptop", "Notebook"]
+ - role: _workstation/apm
+ when: ansible_distribution in ["OpenBSD"]
+ - role: _workstation/kernel
+ when: ansible_distribution in ["OpenBSD"]
remember that computers suck.