--- - name: "deploy workstation" hosts: localhost connection: local become: true become_method: sudo tasks: - name: "remove unneeded packages" package: name: "{{ item }}" state: absent with_items: - abrt - mlocate - name: "hide grub menu during boot" lineinfile: path: /etc/default/grub line: "{{ item }}" with_items: - GRUB_HIDDEN_TIMEOUT=1 - GRUB_HIDDEN_TIMEOUT_QUIET=true - name: "remove grub default timeout" lineinfile: path: /etc/default/grub regexp: "^GRUB_TIMEOUT=" state: absent - name: "enable google chrome repository" yum_repository: name: google-chrome baseurl: http://dl.google.com/linux/chrome/rpm/stable/x86_64 description: Google Chrome gpgcheck: true gpgkey: https://dl.google.com/linux/linux_signing_key.pub enabled: true - name: "install google chrome" package: name: google-chrome state: present - name: "create google chrome policy directories" file: path: "{{ item }}" state: directory mode: 0755 owner: root group: root with_items: - /etc/opt/chrome/policies/managed - /etc/opt/chrome/policies/recommended - name: "install google chrome managed settings" copy: dest: /etc/opt/chrome/policies/managed/defaults.json content: | { "HomepageLocation": "https://www.foo.sh", "PasswordManagerEnabled": false, } mode: 0644 owner: root group: root - name: "install google chrome recommended settings" copy: dest: /etc/opt/chrome/policies/recommended/defaults.json content: | { "RestoreOnStartup": 1, "ImportHistory": false } mode: 0644 owner: root group: root - name: "enable spotify repository" yum_repository: name: spotify baseurl: https://negativo17.org/repos/spotify/fedora-$releasever/x86_64/ description: Spotify gpgcheck: true gpgkey: https://negativo17.org/repos/RPM-GPG-KEY-slaanesh enabled: true - name: "install spotify" package: name: spotify state: present - name: "install generic tools" package: name: "{{ item }}" state: present with_items: - dia - elinks - geteltorito - gimp - krb5-workstation - mutt - openldap-clients - setroubleshoot - thunderbird - name: "install extra packages for development" package: name: "{{ item }}" state: present with_items: - black - emacs - htop - iftop - iotop - python3-ansible-lint - ShellCheck - strace - yamllint - vim-enhanced - wireshark - name: "install virtualization packages" package: name: "{{ item }}" state: present with_items: - libvirt - podman - virt-install - virt-manager - name: configure libvirtd socket permissions lineinfile: path: /etc/libvirt/libvirtd.conf regexp: "^#?unix_sock_group = .*" line: 'unix_sock_group = "wheel"' - name: enable libvirtd service service: name: libvirtd enabled: true state: started - name: "configure mutt" copy: dest: /etc/Muttrc.local content: | set use_8bitmime set hostname=foo.sh set imap_authenticators="gssapi:plain" set spoolfile=imaps://${USER}@mail.foo.sh/INBOX set folder=imaps://${USER}@mail.foo.sh mode: 0644 owner: root group: root - name: "configure ldap client" copy: dest: /etc/openldap/ldap.conf content: | BASE dc=foo,dc=sh URI ldaps://ldap.foo.sh mode: 0644 owner: root group: root - name: "configure kerberos client" copy: dest: /etc/krb5.conf.d/foo.sh.conf content: | [libdefaults] default_realm = FOO.SH [domain_realm] foo.sh = FOO.SH .foo.sh = FOO.SH [realms] FOO.SH = { kdc = https://id.foo.sh/KdcProxy } mode: 0644 owner: root group: root