aboutsummaryrefslogtreecommitdiffstats
path: root/roles/workstation/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/workstation/tasks')
-rw-r--r--roles/workstation/tasks/doas.yml34
-rw-r--r--roles/workstation/tasks/main.yml19
-rw-r--r--roles/workstation/tasks/os_archlinux.yml35
-rw-r--r--roles/workstation/tasks/os_openbsd.yml72
-rw-r--r--roles/workstation/tasks/pkgs.yml7
-rw-r--r--roles/workstation/tasks/shell.yml8
-rw-r--r--roles/workstation/tasks/smartcard.yml5
-rw-r--r--roles/workstation/tasks/tlp.yml10
8 files changed, 190 insertions, 0 deletions
diff --git a/roles/workstation/tasks/doas.yml b/roles/workstation/tasks/doas.yml
new file mode 100644
index 0000000..bc72d7f
--- /dev/null
+++ b/roles/workstation/tasks/doas.yml
@@ -0,0 +1,34 @@
+- name: generate doas configuration
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit persist keepenv {{ workstation_user }} as root"
+ line: "permit persist keepenv {{ workstation_user }} as root"
+ create: true
+ mode: 0644
+ owner: 0
+ group: 0
+
+- name: allow reboot/shutdown/hibernate with doas
+ lineinfile:
+ path: /etc/doas.conf
+ regexp: "^permit nopass {{ workstation_user }} as root cmd {{ item }}"
+ line: "permit nopass {{ workstation_user }} as root cmd {{ item }}"
+ loop:
+ - ZZZ
+ - mount
+ - reboot
+ - shutdown
+ - zzz
+
+- name: check sudo binary path # noqa no-changed-when
+ command: command -v sudo
+ register: result
+ failed_when: false
+
+- name: uninstall sudo binary
+ package:
+ name: sudo
+ state: absent
+ when: result.rc == 0
+ register: sudo
+ ignore_errors: true
diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml
new file mode 100644
index 0000000..f981545
--- /dev/null
+++ b/roles/workstation/tasks/main.yml
@@ -0,0 +1,19 @@
+- name: include packages
+ include_tasks: pkgs.yml
+ tags: task_pkgs
+
+- name: include operating system setup
+ include_tasks: "os_{{ ansible_distribution | lower }}.yml"
+ tags: task_system
+
+- name: include shell setup
+ include_tasks: shell.yml
+ tags: task_shell
+
+- name: include doas setup
+ include_tasks: doas.yml
+ tags: task_doas
+
+- name: include smartcard setup
+ include_tasks: smartcard.yml
+ tags: task_smartcard
diff --git a/roles/workstation/tasks/os_archlinux.yml b/roles/workstation/tasks/os_archlinux.yml
new file mode 100644
index 0000000..40b264b
--- /dev/null
+++ b/roles/workstation/tasks/os_archlinux.yml
@@ -0,0 +1,35 @@
+- name: append current user to system groups
+ user:
+ name: "{{ workstation_user }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - docker
+ - wheel
+ - video
+ - audio
+
+- name: enable and start pipewire
+ systemd:
+ name: "{{ item }}"
+ scope: user
+ enabled: true
+ state: started
+ become: true
+ become_method: su
+ become_user: "{{ workstation_user }}"
+ loop:
+ - pipewire
+ - pipewire-pulse
+ - pipewire-media-session
+ when: ansible_service_mgr == "systemd"
+
+- name: ensure that dhcpcd is started
+ service:
+ name: dhcpcd
+ state: started
+ enabled: true
+
+- name: enable battery optimization
+ include_tasks: tlp.yml
+ when: ansible_form_factor in ["Laptop", "Notebook"]
diff --git a/roles/workstation/tasks/os_openbsd.yml b/roles/workstation/tasks/os_openbsd.yml
new file mode 100644
index 0000000..d007263
--- /dev/null
+++ b/roles/workstation/tasks/os_openbsd.yml
@@ -0,0 +1,72 @@
+- name: ensure wsconsctl config file exists
+ file:
+ path: /etc/wsconsctl.conf
+ state: touch
+ owner: 0
+ group: 0
+ mode: 0644
+
+- name: append configuration to wsconsctl
+ lineinfile:
+ path: /etc/wsconsctl.conf
+ regexp: "^{{ item[0] }}"
+ line: "{{ item[0] }}={{ item[1] }}"
+ create: true
+ owner: 0
+ group: 0
+ mode: 0644
+ loop:
+ - [screen.brightness, 80]
+ - [keyboard.repeat.del1, 180]
+ - [keyboard.repeat.deln, 50]
+ - [keyboard.bell.volume, 0]
+ - [mouse.tp.tapping, 1]
+
+- name: ensure Xorg subdirectory for configuration exists
+ file:
+ path: /etc/X11/xorg.conf.d
+ owner: 0
+ group: 0
+ mode: 0644
+ state: directory
+
+- name: generate system wide configurations
+ template:
+ src: "{{ item[0] }}"
+ dest: "{{ item[1] }}"
+ mode: preserve
+ loop:
+ - [xorg-intel.conf, /etc/X11/xorg.conf.d]
+ - [apm-hibernate, /etc/apm/hibernate]
+ - [apm-suspend, /etc/apm/suspend]
+ - [apm-resume, /etc/apm/resume]
+
+- name: ensure sysctl configuration file exists
+ file:
+ path: /etc/sysctl.conf
+ owner: root
+ mode: 0644
+
+- name: ensure sysctl memory optimizations
+ blockinfile:
+ path: /etc/sysctl.conf
+ block: |
+ kern.shminfo.shmall=3145728
+ kern.shminfo.shmmax=1073741823
+ kern.shminfo.shmmni=1024
+ kern.shminfo.shmseg=1024
+ kern.seminfo.semmns=4096
+ kern.seminfo.semmni=1024
+ marker: "# memory {mark} - managed by Ansible"
+
+- name: ensure sysctl process optimizations
+ blockinfile:
+ path: /etc/sysctl.conf
+ block: |
+ kern.maxfiles=102400
+ kern.maxproc=32768
+ kern.maxfiles=65535
+ kern.bufcachepercent=90
+ kern.maxvnodes=262144
+ kern.somaxconn=2048
+ marker: "# process - {mark} managed by Ansible"
diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml
new file mode 100644
index 0000000..fd8a65a
--- /dev/null
+++ b/roles/workstation/tasks/pkgs.yml
@@ -0,0 +1,7 @@
+- name: install distribution packages
+ package:
+ name: "{{ item }}"
+ state: present
+ loop:
+ - "{{ workstation_pkgs['common'] }}"
+ - "{{ workstation_pkgs[ansible_distribution | lower] }}"
diff --git a/roles/workstation/tasks/shell.yml b/roles/workstation/tasks/shell.yml
new file mode 100644
index 0000000..42b134c
--- /dev/null
+++ b/roles/workstation/tasks/shell.yml
@@ -0,0 +1,8 @@
+- name: retrieve zsh path # noqa no-changed-when command-instead-of-shell
+ shell: command -v zsh
+ register: zsh_path
+
+- name: ensure zsh is used for workstation user
+ user:
+ name: "{{ workstation_user }}"
+ shell: "{{ zsh_path.stdout_lines[0] }}"
diff --git a/roles/workstation/tasks/smartcard.yml b/roles/workstation/tasks/smartcard.yml
new file mode 100644
index 0000000..ed79c92
--- /dev/null
+++ b/roles/workstation/tasks/smartcard.yml
@@ -0,0 +1,5 @@
+- name: start and enable pcscd service
+ service:
+ name: pcscd
+ state: started
+ enabled: true
diff --git a/roles/workstation/tasks/tlp.yml b/roles/workstation/tasks/tlp.yml
new file mode 100644
index 0000000..788f523
--- /dev/null
+++ b/roles/workstation/tasks/tlp.yml
@@ -0,0 +1,10 @@
+- name: install tlp
+ package:
+ name: tlp
+ state: present
+
+- name: enable and start tlp
+ service:
+ name: tlp
+ state: started
+ enabled: true
remember that computers suck.