183 lines
4.1 KiB
YAML
183 lines
4.1 KiB
YAML
---
|
|
|
|
- name: "deploy workstation"
|
|
hosts: localhost
|
|
connection: local
|
|
become: true
|
|
become_method: sudo
|
|
|
|
tasks:
|
|
- name: "remove unneeded packages"
|
|
package:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- abrt
|
|
- mlocate
|
|
|
|
- name: "hide grub menu during boot"
|
|
lineinfile:
|
|
path: /etc/default/grub
|
|
line: "{{ item }}"
|
|
with_items:
|
|
- GRUB_HIDDEN_TIMEOUT=1
|
|
- GRUB_HIDDEN_TIMEOUT_QUIET=true
|
|
- name: "remove grub default timeout"
|
|
lineinfile:
|
|
path: /etc/default/grub
|
|
regexp: "^GRUB_TIMEOUT="
|
|
state: absent
|
|
|
|
- name: "enable google chrome repository"
|
|
yum_repository:
|
|
name: google-chrome
|
|
baseurl: http://dl.google.com/linux/chrome/rpm/stable/x86_64
|
|
description: Google Chrome
|
|
gpgcheck: true
|
|
gpgkey: https://dl.google.com/linux/linux_signing_key.pub
|
|
enabled: true
|
|
- name: "install google chrome"
|
|
package:
|
|
name: google-chrome
|
|
state: present
|
|
- name: "create google chrome policy directories"
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- /etc/opt/chrome/policies/managed
|
|
- /etc/opt/chrome/policies/recommended
|
|
- name: "install google chrome managed settings"
|
|
copy:
|
|
dest: /etc/opt/chrome/policies/managed/defaults.json
|
|
content: |
|
|
{
|
|
"HomepageLocation": "https://www.foo.sh",
|
|
"PasswordManagerEnabled": false,
|
|
}
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
- name: "install google chrome recommended settings"
|
|
copy:
|
|
dest: /etc/opt/chrome/policies/recommended/defaults.json
|
|
content: |
|
|
{
|
|
"RestoreOnStartup": 1,
|
|
"ImportHistory": false
|
|
}
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
|
|
- name: "enable spotify repository"
|
|
yum_repository:
|
|
name: spotify
|
|
baseurl: https://negativo17.org/repos/spotify/fedora-$releasever/x86_64/
|
|
description: Spotify
|
|
gpgcheck: true
|
|
gpgkey: https://negativo17.org/repos/RPM-GPG-KEY-slaanesh
|
|
enabled: true
|
|
- name: "install spotify"
|
|
package:
|
|
name: spotify
|
|
state: present
|
|
|
|
- name: "install generic tools"
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- dia
|
|
- elinks
|
|
- geteltorito
|
|
- gimp
|
|
- krb5-workstation
|
|
- mutt
|
|
- openldap-clients
|
|
- setroubleshoot
|
|
- thunderbird
|
|
|
|
- name: "install extra packages for development"
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- black
|
|
- emacs
|
|
- htop
|
|
- iftop
|
|
- iotop
|
|
- python3-ansible-lint
|
|
- ShellCheck
|
|
- strace
|
|
- yamllint
|
|
- vim-enhanced
|
|
- wireshark
|
|
|
|
- name: "install virtualization packages"
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- libvirt
|
|
- podman
|
|
- virt-install
|
|
- virt-manager
|
|
|
|
- name: configure libvirtd socket permissions
|
|
lineinfile:
|
|
path: /etc/libvirt/libvirtd.conf
|
|
regexp: "^#?unix_sock_group = .*"
|
|
line: 'unix_sock_group = "wheel"'
|
|
|
|
- name: enable libvirtd service
|
|
service:
|
|
name: libvirtd
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: "configure mutt"
|
|
copy:
|
|
dest: /etc/Muttrc.local
|
|
content: |
|
|
set use_8bitmime
|
|
set hostname=foo.sh
|
|
set imap_authenticators="gssapi:plain"
|
|
set spoolfile=imaps://${USER}@mail.foo.sh/INBOX
|
|
set folder=imaps://${USER}@mail.foo.sh
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
|
|
- name: "configure ldap client"
|
|
copy:
|
|
dest: /etc/openldap/ldap.conf
|
|
content: |
|
|
BASE dc=foo,dc=sh
|
|
URI ldaps://ldap.foo.sh
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
|
|
- name: "configure kerberos client"
|
|
copy:
|
|
dest: /etc/krb5.conf.d/foo.sh.conf
|
|
content: |
|
|
[libdefaults]
|
|
default_realm = FOO.SH
|
|
|
|
[domain_realm]
|
|
foo.sh = FOO.SH
|
|
.foo.sh = FOO.SH
|
|
|
|
[realms]
|
|
FOO.SH = {
|
|
kdc = https://id.foo.sh/KdcProxy
|
|
}
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|