commit f9b5769d6c995baa8380b9452a7133067cc77c03
Author: Timo Makinen <root@foo.sh>
Date:   Mon Mar 9 20:31:16 2020 +0000

    initial commit

diff --git a/deploy.sh b/deploy.sh
new file mode 100755
index 0000000..bcd42ae
--- /dev/null
+++ b/deploy.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# run sudo to cache creds
+sudo /bin/true
+
+# update modules and check depencies
+git pull
+rpm -q ansible > /dev/null || sudo yum -y install ansible
+
+# run playbook
+ansible-playbook deploy.yml
diff --git a/deploy.yml b/deploy.yml
new file mode 100644
index 0000000..b5d34c7
--- /dev/null
+++ b/deploy.yml
@@ -0,0 +1,182 @@
+---
+
+- name: "deploy workstation"
+  hosts: localhost
+  connection: local
+  become: true
+  become_method: sudo
+
+  tasks:
+  - name: "remove unneeded packages"
+    package:
+      name: "{{ item }}"
+      state: absent
+    with_items:
+      - abrt
+      - mlocate
+
+  - name: "install rpmfusion repositories"
+    package:
+      name: "{{ item }}"
+      state: installed
+    with_items:
+      - "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version}}.noarch.rpm"
+      - "https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version}}.noarch.rpm"
+  # - name: "enable rpmfusion free repository"
+  #   command: dnf config-manager --enable-repo=rpmfusion-free
+  # - name: "enable rpmfusion nonfree repository"
+  #   command: dnf config-manager --enable-repo=rpmfusion-nonfree
+
+  - name: "hide grub menu during boot"
+    lineinfile:
+      path: /etc/default/grub
+      line: "{{ item }}"
+    with_items:
+      - GRUB_HIDDEN_TIMEOUT=1
+      - GRUB_HIDDEN_TIMEOUT_QUIET=true
+  - name: "remove grub default timeout"
+    lineinfile:
+      path: /etc/default/grub
+      regexp: "^GRUB_TIMEOUT="
+      state: absent
+
+  - name: "enable google chrome repository"
+    yum_repository:
+      name: google-chrome
+      baseurl: http://dl.google.com/linux/chrome/rpm/stable/x86_64
+      description: Google Chrome
+      gpgcheck: true
+      gpgkey: https://dl.google.com/linux/linux_signing_key.pub
+      enabled: true
+  - name: "install google chrome"
+    package:
+      name: google-chrome
+      state: present
+  - name: "create google chrome policy directories"
+    file:
+      path: "{{ item }}"
+      state: directory
+      mode: 0755
+      owner: root
+      group: root
+    with_items:
+      - /etc/opt/chrome/policies/managed
+      - /etc/opt/chrome/policies/recommended
+  - name: "install google chrome managed settings"
+    copy:
+      dest: /etc/opt/chrome/policies/managed/defaults.json
+      content: |
+        {
+          "HomepageLocation": "https://www.foo.sh",
+          "PasswordManagerEnabled": false,
+        }
+      mode: 0644
+      owner: root
+      group: root
+  - name: "install google chrome recommended settings"
+    copy:
+      dest: /etc/opt/chrome/policies/recommended/defaults.json
+      content: |
+        {
+          "RestoreOnStartup": 1,
+          "ImportHistory": false
+        }
+      mode: 0644
+      owner: root
+      group: root
+
+  - name: "enable spotify repository"
+    yum_repository:
+      name: spotify
+      baseurl: https://negativo17.org/repos/spotify/fedora-$releasever/x86_64/
+      description: Spotify
+      gpgcheck: true
+      gpgkey: https://negativo17.org/repos/RPM-GPG-KEY-slaanesh
+      enabled: true
+  - name: "install spotify"
+    package:
+      name: spotify
+      state: present
+
+  - name: "install generic tools"
+    package:
+      name: "{{ item }}"
+      state: present
+    with_items:
+      - dia
+      - elinks
+      - geteltorito
+      - gimp
+      - krb5-workstation
+      - mutt
+      - openldap-clients
+      - setroubleshoot
+      - thunderbird
+
+  - name: "install extra packages for development"
+    package:
+      name: "{{ item }}"
+      state: present
+    with_items:
+      - black
+      - emacs
+      - htop
+      - iftop
+      - iotop
+      - python3-ansible-lint
+      - ShellCheck
+      - strace
+      - yamllint
+      - vim-enhanced
+      - wireshark
+
+  - name: "install virtualization packages"
+    package:
+      name: "{{ item }}"
+      state: present
+    with_items:
+      - libvirt
+      - podman
+      - virt-install
+
+  - name: "configure mutt"
+    copy:
+      dest: /etc/Muttrc.local
+      content: |
+        set use_8bitmime
+        set hostname=foo.sh
+        set imap_authenticators="gssapi:plain"
+        set spoolfile=imaps://${USER}@mail.foo.sh/INBOX
+        set folder=imaps://${USER}@mail.foo.sh
+      mode: 0644
+      owner: root
+      group: root
+
+  - name: "configure ldap client"
+    copy:
+      dest: /etc/openldap/ldap.conf
+      content: |
+        BASE dc=foo,dc=sh
+        URI ldaps://ldap.foo.sh
+      mode: 0644
+      owner: root
+      group: root
+
+  - name: "configure kerberos client"
+    copy:
+      dest: /etc/krb5.conf.d/foo.sh.conf
+      content: |
+        [libdefaults]
+        default_realm = FOO.SH
+
+        [domain_realm]
+        foo.sh = FOO.SH
+        .foo.sh = FOO.SH
+
+        [realms]
+        FOO.SH = {
+          kdc = https://id.foo.sh/KdcProxy
+        }
+      mode: 0644
+      owner: root
+      group: root