From 5c2e3443bedf0ef6a34888ea30361af7da314748 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Sat, 4 Dec 2021 14:01:47 +0000 Subject: roles: Add workstation role --- roles/workstation/tasks/doas.yml | 34 +++++++++++++++ roles/workstation/tasks/main.yml | 19 +++++++++ roles/workstation/tasks/os_archlinux.yml | 35 ++++++++++++++++ roles/workstation/tasks/os_openbsd.yml | 72 ++++++++++++++++++++++++++++++++ roles/workstation/tasks/pkgs.yml | 7 ++++ roles/workstation/tasks/shell.yml | 8 ++++ roles/workstation/tasks/smartcard.yml | 5 +++ roles/workstation/tasks/tlp.yml | 10 +++++ 8 files changed, 190 insertions(+) create mode 100644 roles/workstation/tasks/doas.yml create mode 100644 roles/workstation/tasks/main.yml create mode 100644 roles/workstation/tasks/os_archlinux.yml create mode 100644 roles/workstation/tasks/os_openbsd.yml create mode 100644 roles/workstation/tasks/pkgs.yml create mode 100644 roles/workstation/tasks/shell.yml create mode 100644 roles/workstation/tasks/smartcard.yml create mode 100644 roles/workstation/tasks/tlp.yml (limited to 'roles/workstation/tasks') diff --git a/roles/workstation/tasks/doas.yml b/roles/workstation/tasks/doas.yml new file mode 100644 index 0000000..bc72d7f --- /dev/null +++ b/roles/workstation/tasks/doas.yml @@ -0,0 +1,34 @@ +- name: generate doas configuration + lineinfile: + path: /etc/doas.conf + regexp: "^permit persist keepenv {{ workstation_user }} as root" + line: "permit persist keepenv {{ workstation_user }} as root" + create: true + mode: 0644 + owner: 0 + group: 0 + +- name: allow reboot/shutdown/hibernate with doas + lineinfile: + path: /etc/doas.conf + regexp: "^permit nopass {{ workstation_user }} as root cmd {{ item }}" + line: "permit nopass {{ workstation_user }} as root cmd {{ item }}" + loop: + - ZZZ + - mount + - reboot + - shutdown + - zzz + +- name: check sudo binary path # noqa no-changed-when + command: command -v sudo + register: result + failed_when: false + +- name: uninstall sudo binary + package: + name: sudo + state: absent + when: result.rc == 0 + register: sudo + ignore_errors: true diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml new file mode 100644 index 0000000..f981545 --- /dev/null +++ b/roles/workstation/tasks/main.yml @@ -0,0 +1,19 @@ +- name: include packages + include_tasks: pkgs.yml + tags: task_pkgs + +- name: include operating system setup + include_tasks: "os_{{ ansible_distribution | lower }}.yml" + tags: task_system + +- name: include shell setup + include_tasks: shell.yml + tags: task_shell + +- name: include doas setup + include_tasks: doas.yml + tags: task_doas + +- name: include smartcard setup + include_tasks: smartcard.yml + tags: task_smartcard diff --git a/roles/workstation/tasks/os_archlinux.yml b/roles/workstation/tasks/os_archlinux.yml new file mode 100644 index 0000000..40b264b --- /dev/null +++ b/roles/workstation/tasks/os_archlinux.yml @@ -0,0 +1,35 @@ +- name: append current user to system groups + user: + name: "{{ workstation_user }}" + groups: "{{ item }}" + append: true + loop: + - docker + - wheel + - video + - audio + +- name: enable and start pipewire + systemd: + name: "{{ item }}" + scope: user + enabled: true + state: started + become: true + become_method: su + become_user: "{{ workstation_user }}" + loop: + - pipewire + - pipewire-pulse + - pipewire-media-session + when: ansible_service_mgr == "systemd" + +- name: ensure that dhcpcd is started + service: + name: dhcpcd + state: started + enabled: true + +- name: enable battery optimization + include_tasks: tlp.yml + when: ansible_form_factor in ["Laptop", "Notebook"] diff --git a/roles/workstation/tasks/os_openbsd.yml b/roles/workstation/tasks/os_openbsd.yml new file mode 100644 index 0000000..d007263 --- /dev/null +++ b/roles/workstation/tasks/os_openbsd.yml @@ -0,0 +1,72 @@ +- name: ensure wsconsctl config file exists + file: + path: /etc/wsconsctl.conf + state: touch + owner: 0 + group: 0 + mode: 0644 + +- name: append configuration to wsconsctl + lineinfile: + path: /etc/wsconsctl.conf + regexp: "^{{ item[0] }}" + line: "{{ item[0] }}={{ item[1] }}" + create: true + owner: 0 + group: 0 + mode: 0644 + loop: + - [screen.brightness, 80] + - [keyboard.repeat.del1, 180] + - [keyboard.repeat.deln, 50] + - [keyboard.bell.volume, 0] + - [mouse.tp.tapping, 1] + +- name: ensure Xorg subdirectory for configuration exists + file: + path: /etc/X11/xorg.conf.d + owner: 0 + group: 0 + mode: 0644 + state: directory + +- name: generate system wide configurations + template: + src: "{{ item[0] }}" + dest: "{{ item[1] }}" + mode: preserve + loop: + - [xorg-intel.conf, /etc/X11/xorg.conf.d] + - [apm-hibernate, /etc/apm/hibernate] + - [apm-suspend, /etc/apm/suspend] + - [apm-resume, /etc/apm/resume] + +- name: ensure sysctl configuration file exists + file: + path: /etc/sysctl.conf + owner: root + mode: 0644 + +- name: ensure sysctl memory optimizations + blockinfile: + path: /etc/sysctl.conf + block: | + kern.shminfo.shmall=3145728 + kern.shminfo.shmmax=1073741823 + kern.shminfo.shmmni=1024 + kern.shminfo.shmseg=1024 + kern.seminfo.semmns=4096 + kern.seminfo.semmni=1024 + marker: "# memory {mark} - managed by Ansible" + +- name: ensure sysctl process optimizations + blockinfile: + path: /etc/sysctl.conf + block: | + kern.maxfiles=102400 + kern.maxproc=32768 + kern.maxfiles=65535 + kern.bufcachepercent=90 + kern.maxvnodes=262144 + kern.somaxconn=2048 + marker: "# process - {mark} managed by Ansible" diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml new file mode 100644 index 0000000..fd8a65a --- /dev/null +++ b/roles/workstation/tasks/pkgs.yml @@ -0,0 +1,7 @@ +- name: install distribution packages + package: + name: "{{ item }}" + state: present + loop: + - "{{ workstation_pkgs['common'] }}" + - "{{ workstation_pkgs[ansible_distribution | lower] }}" diff --git a/roles/workstation/tasks/shell.yml b/roles/workstation/tasks/shell.yml new file mode 100644 index 0000000..42b134c --- /dev/null +++ b/roles/workstation/tasks/shell.yml @@ -0,0 +1,8 @@ +- name: retrieve zsh path # noqa no-changed-when command-instead-of-shell + shell: command -v zsh + register: zsh_path + +- name: ensure zsh is used for workstation user + user: + name: "{{ workstation_user }}" + shell: "{{ zsh_path.stdout_lines[0] }}" diff --git a/roles/workstation/tasks/smartcard.yml b/roles/workstation/tasks/smartcard.yml new file mode 100644 index 0000000..ed79c92 --- /dev/null +++ b/roles/workstation/tasks/smartcard.yml @@ -0,0 +1,5 @@ +- name: start and enable pcscd service + service: + name: pcscd + state: started + enabled: true diff --git a/roles/workstation/tasks/tlp.yml b/roles/workstation/tasks/tlp.yml new file mode 100644 index 0000000..788f523 --- /dev/null +++ b/roles/workstation/tasks/tlp.yml @@ -0,0 +1,10 @@ +- name: install tlp + package: + name: tlp + state: present + +- name: enable and start tlp + service: + name: tlp + state: started + enabled: true -- cgit v1.2.3