foo.sh/ansible-desktop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
Timo Makinen 2020-03-09 20:31:16 +00:00
commit f9b5769d6c
2 changed files with 193 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
deploy.sh Executable file
View file

@ -0,0 +1,11 @@
#!/bin/bash
# run sudo to cache creds
sudo /bin/true
# update modules and check depencies
git pull
rpm -q ansible > /dev/null || sudo yum -y install ansible
# run playbook
ansible-playbook deploy.yml

182
deploy.yml Normal file
View file

@ -0,0 +1,182 @@
---
- name: "deploy workstation"
hosts: localhost
connection: local
become: true
become_method: sudo
tasks:
- name: "remove unneeded packages"
package:
name: "{{ item }}"
state: absent
with_items:
- abrt
- mlocate
- name: "install rpmfusion repositories"
package:
name: "{{ item }}"
state: installed
with_items:
- "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version}}.noarch.rpm"
- "https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version}}.noarch.rpm"
# - name: "enable rpmfusion free repository"
# command: dnf config-manager --enable-repo=rpmfusion-free
# - name: "enable rpmfusion nonfree repository"
# command: dnf config-manager --enable-repo=rpmfusion-nonfree
- name: "hide grub menu during boot"
lineinfile:
path: /etc/default/grub
line: "{{ item }}"
with_items:
- GRUB_HIDDEN_TIMEOUT=1
- GRUB_HIDDEN_TIMEOUT_QUIET=true
- name: "remove grub default timeout"
lineinfile:
path: /etc/default/grub
regexp: "^GRUB_TIMEOUT="
state: absent
- name: "enable google chrome repository"
yum_repository:
name: google-chrome
baseurl: http://dl.google.com/linux/chrome/rpm/stable/x86_64
description: Google Chrome
gpgcheck: true
gpgkey: https://dl.google.com/linux/linux_signing_key.pub
enabled: true
- name: "install google chrome"
package:
name: google-chrome
state: present
- name: "create google chrome policy directories"
file:
path: "{{ item }}"
state: directory
mode: 0755
owner: root
group: root
with_items:
- /etc/opt/chrome/policies/managed
- /etc/opt/chrome/policies/recommended
- name: "install google chrome managed settings"
copy:
dest: /etc/opt/chrome/policies/managed/defaults.json
content: |
{
"HomepageLocation": "https://www.foo.sh",
"PasswordManagerEnabled": false,
}
mode: 0644
owner: root
group: root
- name: "install google chrome recommended settings"
copy:
dest: /etc/opt/chrome/policies/recommended/defaults.json
content: |
{
"RestoreOnStartup": 1,
"ImportHistory": false
}
mode: 0644
owner: root
group: root
- name: "enable spotify repository"
yum_repository:
name: spotify
baseurl: https://negativo17.org/repos/spotify/fedora-$releasever/x86_64/
description: Spotify
gpgcheck: true
gpgkey: https://negativo17.org/repos/RPM-GPG-KEY-slaanesh
enabled: true
- name: "install spotify"
package:
name: spotify
state: present
- name: "install generic tools"
package:
name: "{{ item }}"
state: present
with_items:
- dia
- elinks
- geteltorito
- gimp
- krb5-workstation
- mutt
- openldap-clients
- setroubleshoot
- thunderbird
- name: "install extra packages for development"
package:
name: "{{ item }}"
state: present
with_items:
- black
- emacs
- htop
- iftop
- iotop
- python3-ansible-lint
- ShellCheck
- strace
- yamllint
- vim-enhanced
- wireshark
- name: "install virtualization packages"
package:
name: "{{ item }}"
state: present
with_items:
- libvirt
- podman
- virt-install
- name: "configure mutt"
copy:
dest: /etc/Muttrc.local
content: |
set use_8bitmime
set hostname=foo.sh
set imap_authenticators="gssapi:plain"
set spoolfile=imaps://${USER}@mail.foo.sh/INBOX
set folder=imaps://${USER}@mail.foo.sh
mode: 0644
owner: root
group: root
- name: "configure ldap client"
copy:
dest: /etc/openldap/ldap.conf
content: |
BASE dc=foo,dc=sh
URI ldaps://ldap.foo.sh
mode: 0644
owner: root
group: root
- name: "configure kerberos client"
copy:
dest: /etc/krb5.conf.d/foo.sh.conf
content: |
[libdefaults]
default_realm = FOO.SH
[domain_realm]
foo.sh = FOO.SH
.foo.sh = FOO.SH
[realms]
FOO.SH = {
kdc = https://id.foo.sh/KdcProxy
}
mode: 0644
owner: root
group: root