diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..b9f03df --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "roles"] + path = roles + url = https://git.foo.sh/ansible-software.git diff --git a/deploy.yml b/deploy.yml index 496f685..92c74cf 100644 --- a/deploy.yml +++ b/deploy.yml @@ -6,6 +6,15 @@ become: true become_method: sudo + roles: + - cups + - git + - google-chrome + - kerberos + - ldap + - mutt + - spotify + tasks: - name: "remove unneeded packages" package: @@ -27,157 +36,3 @@ path: /etc/default/grub regexp: "^GRUB_TIMEOUT=" state: absent - - - name: "enable google chrome repository" - yum_repository: - name: google-chrome - baseurl: http://dl.google.com/linux/chrome/rpm/stable/x86_64 - description: Google Chrome - gpgcheck: true - gpgkey: https://dl.google.com/linux/linux_signing_key.pub - enabled: true - - name: "install google chrome" - package: - name: google-chrome - state: present - - name: "create google chrome policy directories" - file: - path: "{{ item }}" - state: directory - mode: 0755 - owner: root - group: root - with_items: - - /etc/opt/chrome/policies/managed - - /etc/opt/chrome/policies/recommended - - name: "install google chrome managed settings" - copy: - dest: /etc/opt/chrome/policies/managed/defaults.json - content: | - { - "HomepageLocation": "https://www.foo.sh", - "PasswordManagerEnabled": false, - } - mode: 0644 - owner: root - group: root - - name: "install google chrome recommended settings" - copy: - dest: /etc/opt/chrome/policies/recommended/defaults.json - content: | - { - "RestoreOnStartup": 1, - "ImportHistory": false - } - mode: 0644 - owner: root - group: root - - - name: "enable spotify repository" - yum_repository: - name: spotify - baseurl: https://negativo17.org/repos/spotify/fedora-$releasever/x86_64/ - description: Spotify - gpgcheck: true - gpgkey: https://negativo17.org/repos/RPM-GPG-KEY-slaanesh - enabled: true - - name: "install spotify" - package: - name: spotify - state: present - - - name: "install generic tools" - package: - name: "{{ item }}" - state: present - with_items: - - dia - - elinks - - geteltorito - - gimp - - krb5-workstation - - mutt - - openldap-clients - - setroubleshoot - - thunderbird - - - name: "install extra packages for development" - package: - name: "{{ item }}" - state: present - with_items: - - black - - emacs - - htop - - iftop - - iotop - - python3-ansible-lint - - ShellCheck - - strace - - yamllint - - vim-enhanced - - wireshark - - - name: "install virtualization packages" - package: - name: "{{ item }}" - state: present - with_items: - - libvirt - - podman - - virt-install - - virt-manager - - - name: configure libvirtd socket permissions - lineinfile: - path: /etc/libvirt/libvirtd.conf - regexp: "^#?unix_sock_group = .*" - line: 'unix_sock_group = "wheel"' - - - name: enable libvirtd service - service: - name: libvirtd - enabled: true - state: started - - - name: "configure mutt" - copy: - dest: /etc/Muttrc.local - content: | - set use_8bitmime - set hostname=foo.sh - set imap_authenticators="gssapi:plain" - set spoolfile=imaps://${USER}@mail.foo.sh/INBOX - set folder=imaps://${USER}@mail.foo.sh - mode: 0644 - owner: root - group: root - - - name: "configure ldap client" - copy: - dest: /etc/openldap/ldap.conf - content: | - BASE dc=foo,dc=sh - URI ldaps://ldap.foo.sh - mode: 0644 - owner: root - group: root - - - name: "configure kerberos client" - copy: - dest: /etc/krb5.conf.d/foo.sh.conf - content: | - [libdefaults] - default_realm = FOO.SH - - [domain_realm] - foo.sh = FOO.SH - .foo.sh = FOO.SH - - [realms] - FOO.SH = { - kdc = https://id.foo.sh/KdcProxy - } - mode: 0644 - owner: root - group: root diff --git a/roles b/roles new file mode 160000 index 0000000..fd3743f --- /dev/null +++ b/roles @@ -0,0 +1 @@ +Subproject commit fd3743f293783c9ec17fae7fd18d58b988b6fe9f