aboutsummaryrefslogtreecommitdiffstats
path: root/roles/workstation
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2022-12-10 21:17:16 +0100
committerRomain Gonçalves <me@rgoncalves.se>2022-12-12 22:04:27 +0100
commit7c1f7039170a25f192d87235476179f7cfe01a85 (patch)
treefc8e77b7176fa730b30b20081e76f2527371e9a3 /roles/workstation
parent21fc0867dc42128434e5c46ca684d9a966184b8a (diff)
downloadrules-7c1f7039170a25f192d87235476179f7cfe01a85.tar.gz
chore: explode workstation role in subroles
Diffstat (limited to 'roles/workstation')
-rw-r--r--roles/workstation/defaults/main.yml61
-rw-r--r--roles/workstation/tasks/cronie.yml10
-rw-r--r--roles/workstation/tasks/doas.yml34
-rw-r--r--roles/workstation/tasks/dockerd.yml28
-rw-r--r--roles/workstation/tasks/hosts.yml7
-rw-r--r--roles/workstation/tasks/libvirt.yml21
-rw-r--r--roles/workstation/tasks/main.yml29
-rw-r--r--roles/workstation/tasks/os_archlinux.yml35
-rw-r--r--roles/workstation/tasks/os_openbsd.yml72
-rw-r--r--roles/workstation/tasks/pipewire.yml22
-rw-r--r--roles/workstation/tasks/pkgs.yml7
-rw-r--r--roles/workstation/tasks/shell.yml8
-rw-r--r--roles/workstation/tasks/smartcard.yml5
-rw-r--r--roles/workstation/tasks/ssh.yml18
-rw-r--r--roles/workstation/tasks/tlp.yml10
-rw-r--r--roles/workstation/tasks/yay.yml20
-rwxr-xr-xroles/workstation/templates/apm-hibernate5
-rwxr-xr-xroles/workstation/templates/apm-resume16
-rwxr-xr-xroles/workstation/templates/apm-suspend5
-rw-r--r--roles/workstation/templates/docker-daemon.json.j28
-rw-r--r--roles/workstation/templates/ssh.config.j217
-rw-r--r--roles/workstation/templates/xorg-intel.conf9
-rw-r--r--roles/workstation/vars/os_archlinux.yml67
-rw-r--r--roles/workstation/vars/os_openbsd.yml12
24 files changed, 0 insertions, 526 deletions
diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml
deleted file mode 100644
index 3707288..0000000
--- a/roles/workstation/defaults/main.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-workstation_user: qwd
-
-workstation_docker_group: docker
-
-workstation_hosts_file: /etc/hosts
-workstation_hosts_url: http://sbc.io/hosts/alternates/fakenews-gambling-porn/hosts
-
-workstation_yay_repo: https://aur.archlinux.org/yay-bin.git
-workstation_yay_dir: /tmp/yay
-
-workstation_pkgs: []
-workstation_pkgs_common:
- - ansible
- - ansible-lint
- - calcurse
- - cmus
- - dmenu
- - dunst
- - entr
- - feh
- - fzf
- - git
- - git-crypt
- - glances
- - gnupg
- - go
- - gopass
- - htop
- - httpie
- - inotify-tools
- - ipmitool
- - ipython
- - isync
- - jq
- - lowdown
- - lynx
- - mpv
- - neomutt
- - neovim
- - newsboat
- - nmap
- - parallel
- - qutebrowser
- - rsync
- - rtorrent
- - rust
- - scrot
- - syncthing
- - terminus-font
- - tig
- - tor
- - tree
- - unzip
- - vlc
- - weechat
- - wget
- - wkhtmltopdf
- - xclip
- - zathura
- - zip
- - zsh
diff --git a/roles/workstation/tasks/cronie.yml b/roles/workstation/tasks/cronie.yml
deleted file mode 100644
index faa1095..0000000
--- a/roles/workstation/tasks/cronie.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-- name: install cronie
- ansible.builtin.package:
- name: cronie
- state: present
-
-- name: enable and restart cronie
- ansible.builtin.service:
- name: cronie
- state: restarted
- enabled: true
diff --git a/roles/workstation/tasks/doas.yml b/roles/workstation/tasks/doas.yml
deleted file mode 100644
index e47fa35..0000000
--- a/roles/workstation/tasks/doas.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-- name: generate doas configuration
- ansible.builtin.lineinfile:
- path: /etc/doas.conf
- regexp: "^permit persist keepenv {{ workstation_user }} as root"
- line: "permit persist keepenv {{ workstation_user }} as root"
- create: true
- mode: 0644
- owner: 0
- group: 0
-
-- name: allow reboot/shutdown/hibernate with doas
- ansible.builtin.lineinfile:
- path: /etc/doas.conf
- regexp: "^permit nopass {{ workstation_user }} as root cmd {{ item }}"
- line: "permit nopass {{ workstation_user }} as root cmd {{ item }}"
- loop:
- - ZZZ
- - mount
- - reboot
- - shutdown
- - zzz
-
-- name: check sudo binary path # noqa no-changed-when
- ansible.builtin.command: command -v sudo
- register: result
- failed_when: false
-
-- name: uninstall sudo binary
- ansible.builtin.package:
- name: sudo
- state: absent
- when: result.rc == 0
- register: sudo
- ignore_errors: true
diff --git a/roles/workstation/tasks/dockerd.yml b/roles/workstation/tasks/dockerd.yml
deleted file mode 100644
index c0dfd33..0000000
--- a/roles/workstation/tasks/dockerd.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-- name: install docker
- ansible.builtin.package:
- name:
- - docker
- - docker-compose
- state: present
-
-- name: append current user to docker group
- ansible.builtin.user:
- name: "{{ workstation_user }}"
- groups: "{{ workstation_docker_group }}"
- append: true
-
-- name: create docker directory
- ansible.builtin.file:
- path: /etc/docker
- state: directory
- owner: 0
- group: 0
- mode: 0755
-
-- name: configure default network for docker containers
- ansible.builtin.template:
- src: docker-daemon.json.j2
- dest: /etc/docker/daemon.json
- owner: 0
- group: 0
- mode: 0600
diff --git a/roles/workstation/tasks/hosts.yml b/roles/workstation/tasks/hosts.yml
deleted file mode 100644
index 7cc261a..0000000
--- a/roles/workstation/tasks/hosts.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-- name: retrieve hosts file
- ansible.builtin.get_url:
- url: "{{ workstation_hosts_url }}"
- dest: "{{ workstation_hosts_file }}"
- mode: '0644'
- owner: 0
- group: 0
diff --git a/roles/workstation/tasks/libvirt.yml b/roles/workstation/tasks/libvirt.yml
deleted file mode 100644
index 554f800..0000000
--- a/roles/workstation/tasks/libvirt.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-- name: install iptables-nft
- ansible.builtin.shell: yes | pacman --noprogressbar --needed --sync iptables-nft
- when: ansible_distribution == "Archlinux"
-
-- name: install libvirt
- ansible.builtin.package:
- name:
- - cdrtools
- - dnsmasq
- - ebtables
- - libvirt
- state: present
-
-- name: append current user to virt groups
- ansible.builtin.user:
- name: "{{ workstation_user }}"
- groups: "{{ item }}"
- append: true
- loop:
- - kvm
- - libvirt
diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
deleted file mode 100644
index 1c4c463..0000000
--- a/roles/workstation/tasks/main.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-- name: include specific distribution variables
- ansible.builtin.include_vars: "os_{{ ansible_distribution | lower }}.yml"
-
-- name: include packages
- ansible.builtin.include_tasks: pkgs.yml
-
-- name: include operating system setup
- ansible.builtin.include_tasks: "os_{{ ansible_distribution | lower }}.yml"
-
-- name: include shell setup
- ansible.builtin.include_tasks: shell.yml
-
-- name: include doas setup
- ansible.builtin.include_tasks: doas.yml
-
-- name: include smartcard setup
- ansible.builtin.include_tasks: smartcard.yml
-
-- name: include ssh setup
- ansible.builtin.include_tasks:
- file: ssh.yml
- args:
- apply:
- become: true
- become_user: "{{ workstation_user }}"
-
-- name: include hosts setup
- ansible.builtin.include_tasks:
- file: hosts.yml
diff --git a/roles/workstation/tasks/os_archlinux.yml b/roles/workstation/tasks/os_archlinux.yml
deleted file mode 100644
index f45433a..0000000
--- a/roles/workstation/tasks/os_archlinux.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-- name: include battery optimization
- ansible.builtin.include_tasks: tlp.yml
- when: ansible_form_factor in ["Laptop", "Notebook"]
-
-- name: include cronie setup
- ansible.builtin.include_tasks: cronie.yml
-
-- name: include virtualization setup
- ansible.builtin.include_tasks: libvirt.yml
-
-- name: include dockerd setup
- ansible.builtin.include_tasks: dockerd.yml
-
-- name: include pipewire
- ansible.builtin.include_tasks: pipewire.yml
-
-- name: retrieve installed packages
- ansible.builtin.package_facts:
- register: package_facts
-
-- name: include yay
- ansible.builtin.include_tasks: yay.yml
- when:
- - "'yay' not in package_facts.ansible_facts.packages"
- - "'yay-bin' not in package_facts.ansible_facts.packages"
-
-- name: append current user to system groups
- ansible.builtin.user:
- name: "{{ workstation_user }}"
- groups: "{{ item }}"
- append: true
- loop:
- - wheel
- - video
- - audio
diff --git a/roles/workstation/tasks/os_openbsd.yml b/roles/workstation/tasks/os_openbsd.yml
deleted file mode 100644
index 21f3bb1..0000000
--- a/roles/workstation/tasks/os_openbsd.yml
+++ /dev/null
@@ -1,72 +0,0 @@
-- name: ensure wsconsctl config file exists
- ansible.builtin.file:
- path: /etc/wsconsctl.conf
- state: touch
- owner: 0
- group: 0
- mode: 0644
-
-- name: append configuration to wsconsctl
- ansible.builtin.lineinfile:
- path: /etc/wsconsctl.conf
- regexp: "^{{ item[0] }}"
- line: "{{ item[0] }}={{ item[1] }}"
- create: true
- owner: 0
- group: 0
- mode: 0644
- loop:
- - [screen.brightness, 80]
- - [keyboard.repeat.del1, 180]
- - [keyboard.repeat.deln, 50]
- - [keyboard.bell.volume, 0]
- - [mouse.tp.tapping, 1]
-
-- name: ensure Xorg subdirectory for configuration exists
- ansible.builtin.file:
- path: /etc/X11/xorg.conf.d
- owner: 0
- group: 0
- mode: 0644
- state: directory
-
-- name: generate system wide configurations
- ansible.builtin.template:
- src: "{{ item[0] }}"
- dest: "{{ item[1] }}"
- mode: preserve
- loop:
- - [xorg-intel.conf, /etc/X11/xorg.conf.d]
- - [apm-hibernate, /etc/apm/hibernate]
- - [apm-suspend, /etc/apm/suspend]
- - [apm-resume, /etc/apm/resume]
-
-- name: ensure sysctl configuration file exists
- ansible.builtin.file:
- path: /etc/sysctl.conf
- owner: root
- mode: 0644
-
-- name: ensure sysctl memory optimizations
- ansible.builtin.blockinfile:
- path: /etc/sysctl.conf
- block: |
- kern.shminfo.shmall=3145728
- kern.shminfo.shmmax=1073741823
- kern.shminfo.shmmni=1024
- kern.shminfo.shmseg=1024
- kern.seminfo.semmns=4096
- kern.seminfo.semmni=1024
- marker: "# memory {mark} - managed by Ansible"
-
-- name: ensure sysctl process optimizations
- ansible.builtin.blockinfile:
- path: /etc/sysctl.conf
- block: |
- kern.maxfiles=102400
- kern.maxproc=32768
- kern.maxfiles=65535
- kern.bufcachepercent=90
- kern.maxvnodes=262144
- kern.somaxconn=2048
- marker: "# process - {mark} managed by Ansible"
diff --git a/roles/workstation/tasks/pipewire.yml b/roles/workstation/tasks/pipewire.yml
deleted file mode 100644
index 1fc83a9..0000000
--- a/roles/workstation/tasks/pipewire.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-- name: install pipewire
- ansible.builtin.package:
- name:
- - pipewire
- - pipewire-alsa
- - pipewire-pulse
- - mda.lv2
- state: present
-
-- name: enable and start pipewire
- ansible.builtin.systemd:
- name: "{{ item }}"
- scope: user
- enabled: true
- state: started
- become: true
- become_method: su
- become_user: "{{ workstation_user }}"
- loop:
- - pipewire
- - pipewire-pulse
- when: ansible_service_mgr == "systemd"
diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml
deleted file mode 100644
index 674ccc4..0000000
--- a/roles/workstation/tasks/pkgs.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-- name: install distribution packages
- ansible.builtin.package:
- name: "{{ item }}"
- state: present
- loop:
- - "{{ workstation_pkgs_common }}"
- - "{{ workstation_pkgs }}"
diff --git a/roles/workstation/tasks/shell.yml b/roles/workstation/tasks/shell.yml
deleted file mode 100644
index dc11ca4..0000000
--- a/roles/workstation/tasks/shell.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- name: retrieve zsh path # noqa no-changed-when command-instead-of-shell
- ansible.builtin.shell: command -v zsh
- register: zsh_path
-
-- name: ensure zsh is used for workstation user
- ansible.builtin.user:
- name: "{{ workstation_user }}"
- shell: "{{ zsh_path.stdout_lines[0] }}"
diff --git a/roles/workstation/tasks/smartcard.yml b/roles/workstation/tasks/smartcard.yml
deleted file mode 100644
index 926770a..0000000
--- a/roles/workstation/tasks/smartcard.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: start and enable pcscd service
- ansible.builtin.service:
- name: pcscd
- state: started
- enabled: true
diff --git a/roles/workstation/tasks/ssh.yml b/roles/workstation/tasks/ssh.yml
deleted file mode 100644
index d09c7f8..0000000
--- a/roles/workstation/tasks/ssh.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-- name: create ssh directory
- ansible.builtin.file:
- path: "/home/{{ workstation_user }}/{{ item }}"
- owner: "{{ workstation_user }}"
- group: "{{ workstation_user }}"
- state: directory
- mode: 0700
- loop:
- - .ssh
- - .ssh/config.d
-
-- name: generate ssh configuration
- ansible.builtin.template:
- src: ssh.config.j2
- dest: "/home/{{ workstation_user }}/.ssh/config.d/dns.config"
- owner: "{{ workstation_user }}"
- group: "{{ workstation_user }}"
- mode: 0600
diff --git a/roles/workstation/tasks/tlp.yml b/roles/workstation/tasks/tlp.yml
deleted file mode 100644
index 4782741..0000000
--- a/roles/workstation/tasks/tlp.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-- name: install tlp
- ansible.builtin.package:
- name: tlp
- state: present
-
-- name: enable and start tlp
- ansible.builtin.service:
- name: tlp
- state: started
- enabled: true
diff --git a/roles/workstation/tasks/yay.yml b/roles/workstation/tasks/yay.yml
deleted file mode 100644
index 8581bfd..0000000
--- a/roles/workstation/tasks/yay.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-- name: clone yay repository
- ansible.builtin.git:
- repo: "{{ workstation_yay_repo }}"
- dest: "{{ workstation_yay_dir }}"
- version: origin/master
- become: true
- become_user: "{{ workstation_user }}"
-
-- name: make yay package # noqa: no-changed-when
- # possible ambiguous replacement: command : ansible.builtin.command | community.ciscosmb.command | community.routeros.command
- ansible.builtin.command:
- cmd: makepkg -fs
- chdir: "{{ workstation_yay_dir }}"
- become: true
- become_user: "{{ workstation_user }}"
-
-- name: install yay package # noqa: no-changed-when
- ansible.builtin.shell:
- cmd: pacman --noconfirm -U *.zst
- chdir: "{{ workstation_yay_dir }}"
diff --git a/roles/workstation/templates/apm-hibernate b/roles/workstation/templates/apm-hibernate
deleted file mode 100755
index ef90fed..0000000
--- a/roles/workstation/templates/apm-hibernate
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-set -x -e
-
-pkill -USR1 xidle
diff --git a/roles/workstation/templates/apm-resume b/roles/workstation/templates/apm-resume
deleted file mode 100755
index 18397b4..0000000
--- a/roles/workstation/templates/apm-resume
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-set -x -e
-
-sleep 3
-
-sh /etc/netstart iwn0
-
-wg_interfaces=$(find /etc/wireguard -type f | sed 's/\.conf$//g')
-for wg_interface in ${wg_interfaces}; do
- wg_interface=$(basename "${wg_interface}")
- wg-quick down "${wg_interface}"
- wg-quick up "${wg_interface}"
-done
-
-rcctl -d restart pcscd
diff --git a/roles/workstation/templates/apm-suspend b/roles/workstation/templates/apm-suspend
deleted file mode 100755
index ef90fed..0000000
--- a/roles/workstation/templates/apm-suspend
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-set -x -e
-
-pkill -USR1 xidle
diff --git a/roles/workstation/templates/docker-daemon.json.j2 b/roles/workstation/templates/docker-daemon.json.j2
deleted file mode 100644
index 2952d24..0000000
--- a/roles/workstation/templates/docker-daemon.json.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "default-address-pools" : [
- {
- "base" : "172.240.0.0/16",
- "size" : 24
- }
- ]
-}
diff --git a/roles/workstation/templates/ssh.config.j2 b/roles/workstation/templates/ssh.config.j2
deleted file mode 100644
index 2a3a903..0000000
--- a/roles/workstation/templates/ssh.config.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-# managed by Ansible
-{% import 'macros.j2' as macros with context %}
-
-{% call(h) macros.loop_valid_hosts("all") %}
-{% set command = "pgrep wg && ! ping -c 1 -w 1 %s" % h.__ip.external %}
-Match originalHost {{ h.inventory_hostname }} exec "{{ command }}"
- HostName {{ h.__ip.internal }}
-{% if h.ansible_port is defined %}
- Port {{ h.ansible_port }}
-{% endif %}
-Match originalHost {{ h.inventory_hostname }}
- HostName {{ h.__ip.external }}
-{% if h.ansible_port is defined %}
- Port {{ h.ansible_port }}
-{% endif %}
-
-{% endcall %}
diff --git a/roles/workstation/templates/xorg-intel.conf b/roles/workstation/templates/xorg-intel.conf
deleted file mode 100644
index 5d73c65..0000000
--- a/roles/workstation/templates/xorg-intel.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-
-# disable tearscreen for Xenocara on OpenBSD
-# managed by Ansible
-
-Section "Device"
- Identifier "drm"
- Driver "intel"
- Option "TearFree" "true"
-EndSection
diff --git a/roles/workstation/vars/os_archlinux.yml b/roles/workstation/vars/os_archlinux.yml
deleted file mode 100644
index 5c19257..0000000
--- a/roles/workstation/vars/os_archlinux.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-workstation_pkgs:
- - acpi
- - alsa-tools
- - base-devel
- - bc
- - bind
- - diffoscope
- - clang
- - easyeffects
- - entr
- - firefox
- - go
- - go-tools
- - gopls
- - httpie
- - imagemagick
- - inetutils
- - libvirt
- - light
- - luarocks
- - man-db
- - nfs-utils
- - noto-fonts-emoji
- - npm
- - obs-studio
- - openbsd-netcat
- - opendoas
- - pamixer
- - pavucontrol
- - pcsc-tools
- - pdfjs-legacy
- - postgresql
- - pyenv
- - python-debugpy
- - python-netaddr
- - python-nodeenv
- - python-pip
- - python-pipx
- - python-poetry
- - python-pynvim
- - python-qrencode
- - qemu
- - shellcheck
- - signify
- - sshuttle
- - strace
- - stylua
- - tar
- - tmux
- - torbrowser-launcher
- - traceroute
- - unrar
- - vi
- - wireguard-tools
- - wireplumber
- - xf86-input-synaptics
- - xorg-apps
- - xorg-server
- - xorg-xinit
- - xorg-xwayland
- - xsecurelock
- - yadm
- - yarn
- - yt-dlp
- - yubikey-manager
- - zathura-pdf-mupdf
- - zk
diff --git a/roles/workstation/vars/os_openbsd.yml b/roles/workstation/vars/os_openbsd.yml
deleted file mode 100644
index da3d206..0000000
--- a/roles/workstation/vars/os_openbsd.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-workstation_pkgs:
- - docker-cli
- - gomuks
- - mozilla-firefox
- - pcsc-lite
- - pcsc-tools
- - py-httpie
- - py3-neovim
- - py3-netaddr
- - py3-pip
- - tor-browser
- - wireguard-tools
remember that computers suck.