aboutsummaryrefslogtreecommitdiffstats
path: root/roles/_workstation
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2022-12-10 21:17:16 +0100
committerRomain Gonçalves <me@rgoncalves.se>2022-12-12 22:04:27 +0100
commit7c1f7039170a25f192d87235476179f7cfe01a85 (patch)
treefc8e77b7176fa730b30b20081e76f2527371e9a3 /roles/_workstation
parent21fc0867dc42128434e5c46ca684d9a966184b8a (diff)
downloadrules-7c1f7039170a25f192d87235476179f7cfe01a85.tar.gz
chore: explode workstation role in subroles
Diffstat (limited to 'roles/_workstation')
-rw-r--r--roles/_workstation/apm/files/hibernate6
-rw-r--r--roles/_workstation/apm/files/resume17
-rw-r--r--roles/_workstation/apm/files/suspend6
-rw-r--r--roles/_workstation/apm/tasks/main.yml21
-rw-r--r--roles/_workstation/basegroups/defaults/main.yml3
-rw-r--r--roles/_workstation/basegroups/tasks/main.yml11
-rw-r--r--roles/_workstation/basetools/defaults/main.yml53
-rw-r--r--roles/_workstation/basetools/tasks/main.yml13
-rw-r--r--roles/_workstation/basetools/vars/os_archlinux.yml61
-rw-r--r--roles/_workstation/basetools/vars/os_openbsd.yml12
-rw-r--r--roles/_workstation/cronie/tasks/main.yml10
-rw-r--r--roles/_workstation/doas/defaults/main.yml4
-rw-r--r--roles/_workstation/doas/tasks/main.yml34
-rw-r--r--roles/_workstation/dockerd/defaults/main.yml5
-rw-r--r--roles/_workstation/dockerd/files/daemon.json8
-rw-r--r--roles/_workstation/dockerd/tasks/main.yml28
-rw-r--r--roles/_workstation/hosts/defaults/main.yml5
-rw-r--r--roles/_workstation/hosts/tasks/main.yml9
-rw-r--r--roles/_workstation/kernel/defaults/main.yml3
-rw-r--r--roles/_workstation/kernel/tasks/main.yml34
-rw-r--r--roles/_workstation/libvirt/defaults/main.yml3
-rw-r--r--roles/_workstation/libvirt/tasks/main.yml24
-rw-r--r--roles/_workstation/pipewire/defaults/main.yml3
-rw-r--r--roles/_workstation/pipewire/tasks/main.yml24
-rw-r--r--roles/_workstation/resolv/defaults/main.yml9
-rw-r--r--roles/_workstation/resolv/tasks/main.yml10
-rw-r--r--roles/_workstation/shell/defaults/main.yml3
-rw-r--r--roles/_workstation/shell/tasks/main.yml15
-rw-r--r--roles/_workstation/smartcard/defaults/main.yml3
-rw-r--r--roles/_workstation/smartcard/tasks/main.yml16
-rw-r--r--roles/_workstation/smartcard/vars/os_archlinux.yml6
-rw-r--r--roles/_workstation/smartcard/vars/os_openbsd.yml5
-rw-r--r--roles/_workstation/tlp/tasks/main.yml12
-rw-r--r--roles/_workstation/wscons/defaults/main.yml3
-rw-r--r--roles/_workstation/wscons/tasks/main.yml17
-rw-r--r--roles/_workstation/xorg/defaults/main.yml3
-rw-r--r--roles/_workstation/xorg/files/intel.conf8
-rw-r--r--roles/_workstation/xorg/tasks/main.yml29
-rw-r--r--roles/_workstation/yay/defaults/main.yml5
-rw-r--r--roles/_workstation/yay/tasks/main.yml21
40 files changed, 562 insertions, 0 deletions
diff --git a/roles/_workstation/apm/files/hibernate b/roles/_workstation/apm/files/hibernate
new file mode 100644
index 0000000..c625aee
--- /dev/null
+++ b/roles/_workstation/apm/files/hibernate
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Managed by Ansible
+
+set -x -e
+
+pkill -USR1 xidle
diff --git a/roles/_workstation/apm/files/resume b/roles/_workstation/apm/files/resume
new file mode 100644
index 0000000..686f7e1
--- /dev/null
+++ b/roles/_workstation/apm/files/resume
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Managed by Ansible
+
+set -x -e
+
+sleep 3
+
+sh /etc/netstart iwn0
+
+wg_interfaces=$(find /etc/wireguard -type f | sed 's/\.conf$//g')
+for wg_interface in ${wg_interfaces}; do
+ wg_interface=$(basename "${wg_interface}")
+ wg-quick down "${wg_interface}"
+ wg-quick up "${wg_interface}"
+done
+
+rcctl -d restart pcscd
diff --git a/roles/_workstation/apm/files/suspend b/roles/_workstation/apm/files/suspend
new file mode 100644
index 0000000..c625aee
--- /dev/null
+++ b/roles/_workstation/apm/files/suspend
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Managed by Ansible
+
+set -x -e
+
+pkill -USR1 xidle
diff --git a/roles/_workstation/apm/tasks/main.yml b/roles/_workstation/apm/tasks/main.yml
new file mode 100644
index 0000000..72c5d2a
--- /dev/null
+++ b/roles/_workstation/apm/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: create apm configuration directory
+ ansible.builtin.file:
+ path: "{{ apm_configuration_dir }}"
+ state: directory
+ owner: 0
+ group: 0
+ mode: 0755
+
+- name: copy apm configurations
+ ansible.builtin.copy:
+ src: "{{ item }}"
+ dest: "{{ apm_configuration_dir }}/{{ item }}"
+ mode: 0755
+ owner: 0
+ group: 0
+ loop:
+ - hibernate
+ - suspend
+ - resume
diff --git a/roles/_workstation/basegroups/defaults/main.yml b/roles/_workstation/basegroups/defaults/main.yml
new file mode 100644
index 0000000..40644c5
--- /dev/null
+++ b/roles/_workstation/basegroups/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+basegroups_workstation_user: null
diff --git a/roles/_workstation/basegroups/tasks/main.yml b/roles/_workstation/basegroups/tasks/main.yml
new file mode 100644
index 0000000..a52899e
--- /dev/null
+++ b/roles/_workstation/basegroups/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+
+- name: append current user to system groups
+ ansible.builtin.user:
+ name: "{{ basegroups_workstation_user }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - wheel
+ - video
+ - audio
diff --git a/roles/_workstation/basetools/defaults/main.yml b/roles/_workstation/basetools/defaults/main.yml
new file mode 100644
index 0000000..740a870
--- /dev/null
+++ b/roles/_workstation/basetools/defaults/main.yml
@@ -0,0 +1,53 @@
+---
+
+basetools_distribution_packages: []
+basetools_common_packages:
+ - ansible
+ - ansible-lint
+ - calcurse
+ - cmus
+ - dmenu
+ - dunst
+ - entr
+ - feh
+ - fzf
+ - git
+ - git-crypt
+ - glances
+ - gnupg
+ - go
+ - gopass
+ - htop
+ - httpie
+ - inotify-tools
+ - ipmitool
+ - ipython
+ - isync
+ - jq
+ - lowdown
+ - lynx
+ - mpv
+ - neomutt
+ - neovim
+ - newsboat
+ - nmap
+ - parallel
+ - qutebrowser
+ - rsync
+ - rtorrent
+ - rust
+ - scrot
+ - syncthing
+ - terminus-font
+ - tig
+ - tor
+ - tree
+ - unzip
+ - vlc
+ - weechat
+ - wget
+ - wkhtmltopdf
+ - xclip
+ - zathura
+ - zip
+ - zsh
diff --git a/roles/_workstation/basetools/tasks/main.yml b/roles/_workstation/basetools/tasks/main.yml
new file mode 100644
index 0000000..f53d213
--- /dev/null
+++ b/roles/_workstation/basetools/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: include per-os vars
+ ansible.builtin.include_vars:
+ file: "os_{{ ansible_distribution | lower }}.yml"
+
+- name: install distribution packages
+ ansible.builtin.package:
+ name: "{{ item }}"
+ state: present
+ loop:
+ - "{{ basetools_common_packages }}"
+ - "{{ basetools_distribution_packages }}"
diff --git a/roles/_workstation/basetools/vars/os_archlinux.yml b/roles/_workstation/basetools/vars/os_archlinux.yml
new file mode 100644
index 0000000..e98db93
--- /dev/null
+++ b/roles/_workstation/basetools/vars/os_archlinux.yml
@@ -0,0 +1,61 @@
+---
+
+basetools_distribution_packages:
+ - acpi
+ - alsa-tools
+ - base-devel
+ - bc
+ - bind
+ - diffoscope
+ - clang
+ - easyeffects
+ - entr
+ - firefox
+ - go
+ - go-tools
+ - gopls
+ - httpie
+ - imagemagick
+ - inetutils
+ - libvirt
+ - light
+ - luarocks
+ - man-db
+ - nfs-utils
+ - noto-fonts-emoji
+ - npm
+ - obs-studio
+ - openbsd-netcat
+ - opendoas
+ - pamixer
+ - pavucontrol
+ - pdfjs-legacy
+ - postgresql
+ - pyenv
+ - python-debugpy
+ - python-netaddr
+ - python-nodeenv
+ - python-pip
+ - python-pipx
+ - python-poetry
+ - python-pynvim
+ - python-qrencode
+ - qemu
+ - shellcheck
+ - signify
+ - sshuttle
+ - strace
+ - stylua
+ - tar
+ - tmux
+ - torbrowser-launcher
+ - traceroute
+ - unrar
+ - vi
+ - wireguard-tools
+ - wireplumber
+ - yadm
+ - yarn
+ - yt-dlp
+ - zathura-pdf-mupdf
+ - zk
diff --git a/roles/_workstation/basetools/vars/os_openbsd.yml b/roles/_workstation/basetools/vars/os_openbsd.yml
new file mode 100644
index 0000000..e8623c5
--- /dev/null
+++ b/roles/_workstation/basetools/vars/os_openbsd.yml
@@ -0,0 +1,12 @@
+---
+
+basetools_distribution_packages:
+ - docker-cli
+ - gomuks
+ - mozilla-firefox
+ - py-httpie
+ - py3-neovim
+ - py3-netaddr
+ - py3-pip
+ - tor-browser
+ - wireguard-tools
diff --git a/roles/_workstation/cronie/tasks/main.yml b/roles/_workstation/cronie/tasks/main.yml
new file mode 100644
index 0000000..faa1095
--- /dev/null
+++ b/roles/_workstation/cronie/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: install cronie
+ ansible.builtin.package:
+ name: cronie
+ state: present
+
+- name: enable and restart cronie
+ ansible.builtin.service:
+ name: cronie
+ state: restarted
+ enabled: true
diff --git a/roles/_workstation/doas/defaults/main.yml b/roles/_workstation/doas/defaults/main.yml
new file mode 100644
index 0000000..9585cd1
--- /dev/null
+++ b/roles/_workstation/doas/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+doas_workstation_user: null
+doas_configuration_file: /etc/doas.conf
diff --git a/roles/_workstation/doas/tasks/main.yml b/roles/_workstation/doas/tasks/main.yml
new file mode 100644
index 0000000..e65a510
--- /dev/null
+++ b/roles/_workstation/doas/tasks/main.yml
@@ -0,0 +1,34 @@
+- name: generate doas configuration
+ ansible.builtin.lineinfile:
+ path: "{{ doas_configuration_file }}"
+ regexp: "^permit persist keepenv {{ doas_workstation_user }} as root"
+ line: "permit persist keepenv {{ doas_workstation_user }} as root"
+ create: true
+ mode: 0644
+ owner: 0
+ group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+ ansible.builtin.lineinfile:
+ path: "{{ doas_configuration_file }}"
+ regexp: "^permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
+ line: "permit nopass {{ doas_workstation_user }} as root cmd {{ item }}"
+ loop:
+ - ZZZ
+ - mount
+ - reboot
+ - shutdown
+ - zzz
+
+- name: check sudo binary path # noqa no-changed-when
+ ansible.builtin.command: command -v sudo
+ register: result
+ failed_when: false
+
+- name: uninstall sudo binary
+ ansible.builtin.package:
+ name: sudo
+ state: absent
+ when: result.rc == 0
+ register: sudo
+ ignore_errors: true
diff --git a/roles/_workstation/dockerd/defaults/main.yml b/roles/_workstation/dockerd/defaults/main.yml
new file mode 100644
index 0000000..d9ac1e8
--- /dev/null
+++ b/roles/_workstation/dockerd/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+dockerd_workstation_user: null
+dockerd_group: docker
+dockerd_configuration_dir: /etc/docker
diff --git a/roles/_workstation/dockerd/files/daemon.json b/roles/_workstation/dockerd/files/daemon.json
new file mode 100644
index 0000000..2952d24
--- /dev/null
+++ b/roles/_workstation/dockerd/files/daemon.json
@@ -0,0 +1,8 @@
+{
+ "default-address-pools" : [
+ {
+ "base" : "172.240.0.0/16",
+ "size" : 24
+ }
+ ]
+}
diff --git a/roles/_workstation/dockerd/tasks/main.yml b/roles/_workstation/dockerd/tasks/main.yml
new file mode 100644
index 0000000..76d70d6
--- /dev/null
+++ b/roles/_workstation/dockerd/tasks/main.yml
@@ -0,0 +1,28 @@
+- name: install docker
+ ansible.builtin.package:
+ name:
+ - docker
+ - docker-compose
+ state: present
+
+- name: append current user to docker group
+ ansible.builtin.user:
+ name: "{{ dockerd_workstation_user }}"
+ groups: "{{ dockerd_group }}"
+ append: true
+
+- name: create docker directory
+ ansible.builtin.file:
+ path: "{{ dockerd_configuration_dir }}"
+ state: directory
+ owner: 0
+ group: 0
+ mode: 0755
+
+- name: configure default network for docker containers
+ ansible.builtin.copy:
+ src: daemon.json
+ dest: "{{ dockerd_configuration_dir }}/daemon.json"
+ owner: 0
+ group: 0
+ mode: 0600
diff --git a/roles/_workstation/hosts/defaults/main.yml b/roles/_workstation/hosts/defaults/main.yml
new file mode 100644
index 0000000..64ae72d
--- /dev/null
+++ b/roles/_workstation/hosts/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+hosts_file: /etc/hosts
+hosts_url: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts
+# hosts_url: http://sbc.io/hosts/alternates/fakenews-gambling-porn/hosts
diff --git a/roles/_workstation/hosts/tasks/main.yml b/roles/_workstation/hosts/tasks/main.yml
new file mode 100644
index 0000000..20e247e
--- /dev/null
+++ b/roles/_workstation/hosts/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+
+- name: retrieve hosts file
+ ansible.builtin.get_url:
+ url: "{{ hosts_url }}"
+ dest: "{{ hosts_file }}"
+ mode: 0644
+ owner: 0
+ group: 0
diff --git a/roles/_workstation/kernel/defaults/main.yml b/roles/_workstation/kernel/defaults/main.yml
new file mode 100644
index 0000000..6ef2ad2
--- /dev/null
+++ b/roles/_workstation/kernel/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+kernel_sysctl_configuration_file: /etc/sysctl.conf
diff --git a/roles/_workstation/kernel/tasks/main.yml b/roles/_workstation/kernel/tasks/main.yml
new file mode 100644
index 0000000..3dc1e60
--- /dev/null
+++ b/roles/_workstation/kernel/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+
+- name: create sysctl configuration file
+ ansible.builtin.file:
+ path: "{{ kernel_sysctl_configuration_file }}"
+ owner: 0
+ group: 0
+ mode: 0644
+
+- name: apply memory optimizations
+ ansible.builtin.blockinfile:
+ path: "{{ kernel_sysctl_configuration_file }}"
+ block: |
+ kern.shminfo.shmall=3145728
+ kern.shminfo.shmmax=1073741823
+ kern.shminfo.shmmni=1024
+ kern.shminfo.shmseg=1024
+ kern.seminfo.semmns=4096
+ kern.seminfo.semmni=1024
+ marker_begin: "memory - BEGIN"
+ marker_end: "memory - END"
+
+- name: apply process optimizations
+ ansible.builtin.blockinfile:
+ path: "{{ kernel_sysctl_configuration_file }}"
+ block: |
+ kern.maxfiles=102400
+ kern.maxproc=32768
+ kern.maxfiles=65535
+ kern.bufcachepercent=90
+ kern.maxvnodes=262144
+ kern.somaxconn=2048
+ marker_begin: "process - BEGIN"
+ marker_end: "process - END"
diff --git a/roles/_workstation/libvirt/defaults/main.yml b/roles/_workstation/libvirt/defaults/main.yml
new file mode 100644
index 0000000..0eae412
--- /dev/null
+++ b/roles/_workstation/libvirt/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+libvirt_workstation_user: null
diff --git a/roles/_workstation/libvirt/tasks/main.yml b/roles/_workstation/libvirt/tasks/main.yml
new file mode 100644
index 0000000..91b74a2
--- /dev/null
+++ b/roles/_workstation/libvirt/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+
+- name: install iptables-nft
+ ansible.builtin.shell: yes
+ | pacman --noprogressbar --needed --sync iptables-nft
+ when: ansible_distribution == "Archlinux"
+
+- name: install libvirt
+ ansible.builtin.package:
+ name:
+ - cdrtools
+ - dnsmasq
+ - ebtables
+ - libvirt
+ state: present
+
+- name: append current user to virt groups
+ ansible.builtin.user:
+ name: "{{ libvirt_workstation_user }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - kvm
+ - libvirt
diff --git a/roles/_workstation/pipewire/defaults/main.yml b/roles/_workstation/pipewire/defaults/main.yml
new file mode 100644
index 0000000..ab0e912
--- /dev/null
+++ b/roles/_workstation/pipewire/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+pipewire_workstation_user: null
diff --git a/roles/_workstation/pipewire/tasks/main.yml b/roles/_workstation/pipewire/tasks/main.yml
new file mode 100644
index 0000000..6465e18
--- /dev/null
+++ b/roles/_workstation/pipewire/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+
+- name: install pipewire
+ ansible.builtin.package:
+ name:
+ - pipewire
+ - pipewire-alsa
+ - pipewire-pulse
+ - mda.lv2
+ state: present
+
+- name: enable and start pipewire
+ ansible.builtin.systemd:
+ name: "{{ item }}"
+ scope: user
+ enabled: true
+ state: started
+ become: true
+ become_method: su
+ become_user: "{{ pipewire_workstation_user }}"
+ loop:
+ - pipewire
+ - pipewire-pulse
+ when: ansible_service_mgr == "systemd"
diff --git a/roles/_workstation/resolv/defaults/main.yml b/roles/_workstation/resolv/defaults/main.yml
new file mode 100644
index 0000000..72733be
--- /dev/null
+++ b/roles/_workstation/resolv/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+
+resolv_configuration_file: /etc/resolv.conf
+
+resolv_dns_servers:
+ - ip: 1.1.1.1
+ file: "{{ resolv_configuration_file }}.head"
+ - ip: 8.8.8.8
+ file: "{{ resolv_configuration_file }}.tail"
diff --git a/roles/_workstation/resolv/tasks/main.yml b/roles/_workstation/resolv/tasks/main.yml
new file mode 100644
index 0000000..41d3216
--- /dev/null
+++ b/roles/_workstation/resolv/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: generate configuration files
+ ansible.builtin.copy:
+ content: "nameserver {{ item.ip }}\n"
+ dest: "{{ item.file }}"
+ mode: "0644"
+ owner: 0
+ group: 0
+ loop: "{{ resolv_dns_servers }}"
diff --git a/roles/_workstation/shell/defaults/main.yml b/roles/_workstation/shell/defaults/main.yml
new file mode 100644
index 0000000..9863165
--- /dev/null
+++ b/roles/_workstation/shell/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+shell_workstation_user: null
diff --git a/roles/_workstation/shell/tasks/main.yml b/roles/_workstation/shell/tasks/main.yml
new file mode 100644
index 0000000..66191e5
--- /dev/null
+++ b/roles/_workstation/shell/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- name: install zsh
+ ansible.builtin.package:
+ name: zsh
+ state: present
+
+- name: retrieve zsh path # noqa no-changed-when command-instead-of-shell
+ ansible.builtin.shell: command -v zsh
+ register: shell_zsh_path
+
+- name: ensure zsh is used for workstation user
+ ansible.builtin.user:
+ name: "{{ shell_workstation_user }}"
+ shell: "{{ shell_zsh_path.stdout_lines[0] }}"
diff --git a/roles/_workstation/smartcard/defaults/main.yml b/roles/_workstation/smartcard/defaults/main.yml
new file mode 100644
index 0000000..013489e
--- /dev/null
+++ b/roles/_workstation/smartcard/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+smartcard_packages: null
diff --git a/roles/_workstation/smartcard/tasks/main.yml b/roles/_workstation/smartcard/tasks/main.yml
new file mode 100644
index 0000000..7e85436
--- /dev/null
+++ b/roles/_workstation/smartcard/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+
+- name: include per-os vars
+ ansible.builtin.include_vars:
+ file: "os_{{ ansible_distribution | lower }}.yml"
+
+- name: install pcsc package
+ ansible.builtin.package:
+ name: "{{ smartcard_packages }}"
+ state: present
+
+- name: start and enable pcscd service
+ ansible.builtin.service:
+ name: pcscd
+ state: started
+ enabled: true
diff --git a/roles/_workstation/smartcard/vars/os_archlinux.yml b/roles/_workstation/smartcard/vars/os_archlinux.yml
new file mode 100644
index 0000000..2f121b6
--- /dev/null
+++ b/roles/_workstation/smartcard/vars/os_archlinux.yml
@@ -0,0 +1,6 @@
+---
+
+smartcard_packages:
+ - pcsclite
+ - pcsc-tools
+ - yubikey-manager
diff --git a/roles/_workstation/smartcard/vars/os_openbsd.yml b/roles/_workstation/smartcard/vars/os_openbsd.yml
new file mode 100644
index 0000000..de37248
--- /dev/null
+++ b/roles/_workstation/smartcard/vars/os_openbsd.yml
@@ -0,0 +1,5 @@
+---
+
+smartcard_packages:
+ - pcsc-lite
+ - pcsc-tools
diff --git a/roles/_workstation/tlp/tasks/main.yml b/roles/_workstation/tlp/tasks/main.yml
new file mode 100644
index 0000000..60b2fc0
--- /dev/null
+++ b/roles/_workstation/tlp/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+
+- name: install tlp
+ ansible.builtin.package:
+ name: tlp
+ state: present
+
+- name: enable and start tlp
+ ansible.builtin.service:
+ name: tlp
+ state: started
+ enabled: true
diff --git a/roles/_workstation/wscons/defaults/main.yml b/roles/_workstation/wscons/defaults/main.yml
new file mode 100644
index 0000000..04f1b30
--- /dev/null
+++ b/roles/_workstation/wscons/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+wscons_configuration_file: /etc/wsconsctl.conf
diff --git a/roles/_workstation/wscons/tasks/main.yml b/roles/_workstation/wscons/tasks/main.yml
new file mode 100644
index 0000000..e07b7fa
--- /dev/null
+++ b/roles/_workstation/wscons/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+
+- name: append configuration to wsconsctl
+ ansible.builtin.lineinfile:
+ path: "{{ wscons_configuration_file }}"
+ regexp: "^{{ item[0] }}"
+ line: "{{ item[0] }}={{ item[1] }}"
+ create: true
+ owner: 0
+ group: 0
+ mode: 0644
+ loop:
+ - [screen.brightness, 80]
+ - [keyboard.repeat.del1, 180]
+ - [keyboard.repeat.deln, 50]
+ - [keyboard.bell.volume, 0]
+ - [mouse.tp.tapping, 1]
diff --git a/roles/_workstation/xorg/defaults/main.yml b/roles/_workstation/xorg/defaults/main.yml
new file mode 100644
index 0000000..0378393
--- /dev/null
+++ b/roles/_workstation/xorg/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+xorg_configuration_dir: /etc/X11/xorg.conf.d
diff --git a/roles/_workstation/xorg/files/intel.conf b/roles/_workstation/xorg/files/intel.conf
new file mode 100644
index 0000000..bb2f490
--- /dev/null
+++ b/roles/_workstation/xorg/files/intel.conf
@@ -0,0 +1,8 @@
+# managed by Ansible
+# disable tearscreen for Xenocara on OpenBSD
+
+Section "Device"
+ Identifier "drm"
+ Driver "intel"
+ Option "TearFree" "true"
+EndSection
diff --git a/roles/_workstation/xorg/tasks/main.yml b/roles/_workstation/xorg/tasks/main.yml
new file mode 100644
index 0000000..f07daba
--- /dev/null
+++ b/roles/_workstation/xorg/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- name: install xorg and X11 packages
+ ansible.builtin.package:
+ name:
+ - xf86-input-synaptics
+ - xorg-apps
+ - xorg-server
+ - xorg-xinit
+ - xorg-xwayland
+ - xsecurelock
+ state: present
+ when: ansible_distribution in ["Archlinux"]
+
+- name: create Xorg configuration subdirectory
+ ansible.builtin.file:
+ path: "{{ xorg_configuration_dir }}"
+ owner: 0
+ group: 0
+ mode: 0644
+ state: directory
+
+- name: copy xorg configuration
+ ansible.builtin.copy:
+ src: intel.conf
+ dest: "{{ xorg_configuration_dir }}/"
+ mode: 0644
+ owner: 0
+ group: 0
diff --git a/roles/_workstation/yay/defaults/main.yml b/roles/_workstation/yay/defaults/main.yml
new file mode 100644
index 0000000..0c26b92
--- /dev/null
+++ b/roles/_workstation/yay/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+yay_repository_url: https://aur.archlinux.org/yay-bin.git
+yay_repository_local_dir: /tmp/yay
+yay_workstation_user: null
diff --git a/roles/_workstation/yay/tasks/main.yml b/roles/_workstation/yay/tasks/main.yml
new file mode 100644
index 0000000..30f67f2
--- /dev/null
+++ b/roles/_workstation/yay/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: clone yay repository
+ ansible.builtin.git:
+ repo: "{{ yay_repository_url }}"
+ dest: "{{ yay_repository_local_dir }}"
+ version: origin/master
+ become: true
+ become_user: "{{ yay_workstation_user }}"
+
+- name: make yay package # noqa: no-changed-when
+ ansible.builtin.command:
+ cmd: makepkg -fs
+ chdir: "{{ yay_repository_local_dir }}"
+ become: true
+ become_user: "{{ yay_workstation_user }}"
+
+- name: install yay package # noqa: no-changed-when
+ ansible.builtin.shell:
+ cmd: pacman --noconfirm -U *.zst
+ chdir: "{{ yay_repository_local_dir }}"
remember that computers suck.