-
Notifications
You must be signed in to change notification settings - Fork 1
/
fedora38-workstation.yml
167 lines (146 loc) · 4.71 KB
/
fedora38-workstation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
---
- name: Fedora 38 Workstation
hosts: localhost
vars:
flatpak_method: system
non_root_user: admiller
rpmfusion_free: yes
rpmfusion_nonfree: no
tasks:
- name: Package Install - Fedora
ansible.builtin.yum:
state: installed
name: "{{ packages_fedora }}"
- name: Package Install - Common
ansible.builtin.yum:
state: installed
name: "{{ packages_common }}"
- name: Package Install - gnome
ansible.builtin.yum:
state: installed
name:
- vinagre
- gnome-tweaks
- NetworkManager-openvpn-gnome
- gnome-shell-extension-windowsNavigator
- gnome-shell-extension-system-monitor-applet
- name: Setup RPM Fusion Free
ansible.builtin.import_role:
name: robertdebock.rpmfusion
- name: Package Install | RPM Fusion Free
ansible.builtin.yum:
state: installed
name:
- ffmpeg
- ffmpeg-libs
- libavcodec-freeworld
- name: import flatpak app task set
ansible.builtin.import_tasks: include_tasks/flatpak_install.yml
- name: install SourceCode Pro patched Nerd Fonts
ansible.builtin.import_tasks: include_tasks/nerdfonts.yml
- name: Setup CSB Repo
ansible.builtin.template:
src: templates/rhel8-csb.repo.j2
dest: /etc/yum.repos.d/rhel8-csb.repo
- name: Package Install - CSB RHEL8 Repo
ansible.builtin.yum:
state: installed
name:
- oneplay-gstreamer-codecs-pack
- redhat-internal-openvpn-profiles
- redhat-internal-NetworkManager-openvpn-profiles
- redhat-internal-NetworkManager-openvpn-profiles-non-gnome
- redhat-internal-wireless-config
- redhat-internal-cert-install
- name: Add GitHub CLI Repo
ansible.builtin.shell: dnf config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo
args:
creates: /etc/yum.repos.d/gh-cli.repo
- name: Package Install - GitHub CLI
ansible.builtin.yum:
state: installed
name:
- gh
- name: Ensure SELinux Enforcing
ansible.posix.selinux:
policy: targeted
state: enforcing
- name: Enable container_manage_cgroup for running systemd in podman containers
ansible.posix.seboolean:
name: container_manage_cgroup
state: true
persistent: true
# don't do this anymore, no longer needed
# - name: Set laptop specific configurations
# when: ansible_form_factor in mobile_form_factors
# block:
# - name: Apply iwlwifi settings
# copy:
# src: files/iwlwifi.conf
# dest: /etc/modprobe.d/iwlwifi.conf
#
#
- name: Disable ssh and rpcbind because reasons
ansible.builtin.systemd:
name: "{{ item }}"
state: stopped
masked: true
enabled: false
loop:
- sshd
- rpcbind
# - name: Ensure various ports are not open
# ansible.posix.firewalld:
# service: "{{ item }}"
# permanent: yes
# immediate: yes
# state: disabled
# loop:
# - cockpit
# - ssh
- name: Allow non-root user access to libvirt via polkit
ansible.builtin.template:
src: templates/non_root_user_libvirt_polkit.j2
dest: /etc/polkit-1/rules.d/50-org.libvirt.unix.manage.rules
notify:
- reload polkit
- name: Allow non-root user access to NetworkManager
ansible.builtin.template:
src: templates/network_manager_polkit.j2
dest: /etc/polkit-1/rules.d/10-network-manager.pkla
notify:
- reload polkit
- name: Make sure non_root_user user is in mock
ansible.builtin.user:
name: "{{ non_root_user }}"
groups: mock
append: yes
- name: enable journald persistent storage
ansible.builtin.file:
path: /var/log/journal
state: directory
- name: workaround suspend issue on starlite mk3 laptop
block:
- name: install workaroundsuspend.service
ansible.builtin.copy:
src: files/starlite_mk3_suspendfix.service
dest: /etc/systemd/system/workaroundsuspend.service
- name: enable custom systemd unit
ansible.builtin.systemd:
name: workaroundsuspend.service
daemon_reload: true
enabled: true
state: started
when: ansible_hostname == 'starlite'
handlers:
- name: reload polkit
ansible.builtin.service:
name: polkit
state: restarted
- name: User Stuff
hosts: localhost
become_user: admiller
become: true
tasks:
- name: import user dev stuff
ansible.builtin.import_tasks: include_tasks/user_stuff.yml