consolidating fedora setup

roles/backup_vps_base/tasks/main.yml

@@ -1,31 +1,6 @@
 ---
-- name: Ensure backup user exists
+- name: Ensure admin user exists
   user:
-    name: "{{ backup_user }}"
+    name: "{{ admin_user }}"
     state: present
     shell: /bin/bash
-
-- name: Create .ssh directory
-  file:
-    path: /home/{{ backup_user }}/.ssh
-    state: directory
-    owner: "{{ backup_user }}"
-    group: "{{ backup_user }}"
-    mode: '0700'
-
-- name: Copy public key to authorized_keys
-  copy:
-    src: "{{ public_key_path }}"
-    dest: /home/{{ backup_user }}/.ssh/authorized_keys
-    owner: "{{ backup_user }}"
-    group: "{{ backup_user }}"
-    mode: '0600'
-
-- name: Create backups dir for mount point
-  file:
-    path: "{{ mount_point }}"
-    state: directory
-    owner: "{{ backup_user }}"
-    group: "{{ backup_user }}"
-    mode: '0755'
-  when: mount_device is defined and mount_device != ""

roles/fedora_base/handlers/main.yml

@@ -1,5 +0,0 @@
----
-- name: Restart NetworkManager
-  service:
-    name: NetworkManager
-    state: restarted

roles/fedora_base/tasks/main.yml

@@ -1,55 +0,0 @@
----
-- name: Create groups
-  group:
-    name: "{{ item }}"
-    state: present
-  loop: "{{ init_groups }}"
-
-- name: Ensure Users are Configured Correctly
-  user:
-    name: "{{ item.value.name }}"
-    group: "{{ item.value.group }}"
-    groups: "{{ item.value.groups }}"
-    state: "{{ item.value.state }}"
-    create_home: "{{ item.value.create_home }}"
-    shell: "{{ item.value.shell }}"
-  loop: "{{ init_users | dict2items }}"
-
-- name: Create or ensure presence of custom home directories
-  file:
-    path: /home/opal/{{ item }}
-    state: directory
-    mode: '0755'
-    owner: opal
-    group: opal
-  loop: "{{ create_directories }}"
-
-- name: Remove default home directories if present
-  file:
-    path: /home/opal/{{ item }}
-    state: absent
-  loop: "{{ remove_directories }}"
-
-# SSH Initial Setup
-- name: Create/Ensure ~/.ssh directories
-  file:
-    path: "/home/{{ item.value.name }}/.ssh"
-    state: directory
-    mode: 0700
-    owner: "{{ item.value.name }}"
-    group: "{{ item.value.group }}"
-  loop: "{{ init_users | dict2items }}"
-
-- name: Ensure systemd-timesyncd is enabled
-  systemd:
-    name: systemd-timesyncd
-    enabled: yes
-
-- name: Ensure systemd-timesyncd is started
-  systemd:
-    name: systemd-timesyncd
-    state: started
-
-- name: Set RTC to UTC
-  command:
-    cmd: timedatectl set-local-rtc 0

roles/fedora_base/templates/NetworkManager.conf.j2

@@ -1,6 +0,0 @@
-# MANAGED BY ANSIBLE #
-[main]
-plugins=ifupdown,keyfile
-
-[ifupdown]
-managed=true

roles/fedora_base/templates/resolv.conf.j2

@@ -1,4 +0,0 @@
-# This file is managed by Ansible #
-nameserver 1.1.1.2
-nameserver 1.0.0.2
-nameserver 2606:4700:4700:0:0:0:0:1112

roles/fedora_base/vars/main.yml

@@ -1,33 +0,0 @@
----
-init_groups:
-  - wheel
-
-remove_directories:
-  - Templates
-  - Videos
-  - Documents
-  - Music
-  - Downloads
-  - Pictures
-  - Public
-  - Desktop
-
-create_directories:
-  - documents
-  - music
-  - downloads
-  - pictures
-  - scripts
-  - projects
-  - src
-  - .config
-
-init_users:
-  opal:
-    name: opal
-    group: opal
-    groups: 
-      - wheel
-    state: present
-    shell: /bin/bash
-    create_home: true

roles/fedora_git/tasks/main.yml

@@ -1,16 +0,0 @@
----
-- name: doom emacs repo
-  become: yes
-  become_user: opal
-  git:
-    repo: "{{ doom_emacs_repo }}"
-    dest: "{{ doom_emacs_dest }}"
-    update: no
-
-- name: et-book font repo
-  become: yes
-  become_user: opal
-  git:
-    repo: "{{ etbook_repo }}"
-    dest: "{{ etbook_dest }}"
-    update: no

roles/fedora_git/vars/main.yml

@@ -1,6 +0,0 @@
----
-doom_emacs_repo: https://github.com/doomemacs/doomemacs
-doom_emacs_dest: ~/.config/emacs
-
-etbook_repo: https://github.com/edwardtufte/et-book
-etbook_dest: ~/.local/share/fonts

roles/fedora_pkg/tasks/main.yml

@@ -1,48 +0,0 @@
----
-- name: Upgrade all packages
-  dnf5:
-    name: "*"
-    state: latest
-
-- name: Enable guix repo for extra guile packages
-  copr:
-    host: copr.fedorainfracloud.org
-    state: enabled
-    name: "{{ item }}"
-  loop: "{{ copr_repos }}"
-
-- name: Install window manager packages
-  package:
-    name: "{{ item }}"
-    state: present
-  loop: "{{ wm_packages }}"
-
-- name: Install UI/Font packages
-  dnf5:
-    name: "{{ item }}"
-    state: present
-  loop: "{{ ui_packages }}"
-
-- name: Install general packages
-  package:
-    name: "{{ item }}"
-    state: present
-  loop: "{{ general_packages }}"
-
-- name: Install Doom Emacs dependency packages
-  dnf5:
-    name: "{{ item }}"
-    state: present
-  loop: "{{ doom_dep_packages }}"
-
-- name: Add Flathub repository
-  flatpak_remote:
-    name: flathub
-    state: present
-    flatpakrepo_url: "https://flathub.org/repo/flathub.flatpakrepo"
-
-- name: Install Flatpak packages
-  flatpak:
-    name: "{{ item }}"
-    state: present
-  loop: "{{ flatpak_packages }}"

roles/fedora_pkg/vars/main.yml

@@ -1,82 +0,0 @@
----
-copr_repos:
-  - swayfx/swayfx
-  - dariqq/guile-libraries
-
-wm_packages:
-  - swayfx
-  - swayidle
-  - swaylock
-  - alacritty
-  - waybar
-  - dunst
-  - pipewire
-  - polkit-kde-agent-1
-  - grim
-  - grimshot
-  - brightnessctl
-  - wlsunset
-  - wlogout
-  - xwayland-run
-  - wdisplays
-  - bemenu
-  - wtype
-
-ui_packages:
-  - papirus-icon-theme
-  - arc-kde
-  - breeze-cursor-theme
-  - qt5ct
-  - qt6ct
-  - fontawesome-fonts-all
-  - google-noto-sans-cjk-fonts
-  - google-noto-color-emoji-fonts
-  - google-noto-emoji-fonts
-  - terminus-fonts
-
-general_packages:
-  - emacs
-  - syncthing
-  - gopass
-  - cups
-  - keychain
-  - tldr
-  - exa
-  - gnupg2
-  - trash-cli
-  - htop
-  - mpv
-  - udiskie
-  - pavucontrol
-  - flatpak
-  - blueman
-  - beets
-  - unrar-free
-  - unzip
-  - lximage-qt
-  - screen
-  - playerctl # for waybar music notification
-  - simple-scan
-  - wireguard-tools
-  - dnf-automatic
-  - translate-shell
-  - guile-json
-
-flatpak_packages:
-  - net.ankiweb.Anki
-  - org.torproject.torbrowser-launcher
-
-doom_dep_packages:
-  - fd-find
-  - ripgrep
-  - libtool     # Needed to compile vterm in Doom Emacs
-  - cmake       # Needed to compile vterm in Doom Emacs
-  - discount    # Markdown Compiler
-  - ShellCheck  # Shell linter for Doom Emacs
-  - python3-pyflakes
-  - python3-isort
-  - micropipenv
-  - python3-nose2
-  - python3-nose
-  - python3-pytest
-  - python3-lsp-black

roles/fedora_security/handlers/main.yml

@@ -1,5 +0,0 @@
----
-- name: Restart clamd
-  systemd:
-    name: clamd@scan
-    state: restarted

roles/fedora_security/tasks/main.yml

@@ -1,56 +0,0 @@
----
-- name: Set default firewalld zone to home
-  command:
-    cmd: firewall-cmd --set-default-zone=home
-
-- name: Change interface to home zone
-  command:
-    cmd: firewall-cmd --zone=home --change-interface={{ network_interface }}
-
-- name: Add allowed services to home zone
-  firewalld:
-    service: "{{ item }}"
-    zone: home
-    permanent: yes
-    state: enabled
-  loop: "{{ allowed_services }}"
-
-- name: Enable logging for denied packets
-  command:
-    cmd: firewall-cmd --set-log-denied=all
-
-- name: Reload firewalld
-  systemd:
-    name: firewalld
-    state: reloaded
-
-- name: Ensure SELinux is enabled and in enforcing mode
-  selinux:
-    policy: targeted
-    state: enforcing
-
-- name: Set SELinux to enforcing in config file
-  replace:
-    path: /etc/selinux/config
-    regexp: '^SELINUX=.*'
-    replace: 'SELINUX=enforcing'
-
-- name: Install dnf-automatic for automatic security updates
-  package:
-    name: dnf-automatic
-    state: present
-
-- name: Configure dnf-automatic
-  template:
-    src: dnf-automatic.conf.j2
-    dest: /etc/dnf/automatic.conf
-    owner: root
-    group: root
-    mode: '0644'
-
-- name: Enable and start dnf-automatic timer
-  systemd:
-    name: dnf-automatic.timer
-    enabled: true
-    state: started
-

roles/fedora_security/vars/main.yml

@@ -1,6 +0,0 @@
----
-network_interface: wlp0s20f3
-allowed_services:
-  - ssh
-  - dhcpv6-client
-  - mdns

roles/fedora_setup/tasks/main.yml

@@ -0,0 +1,197 @@
+---
+# Packages and Updates
+- name: Start dnf5-makecache timer
+  systemd:
+    name: dnf5-makecache.timer
+    enabled: true
+    state: started
+  tags:
+    - packages
+
+- name: Enable COPR repositories
+  command:
+    cmd: dnf5 copr enable -y {{ item }}
+    creates: "/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:{{ item | replace('/', ':') }}.repo"
+  loop: "{{ copr_repos }}"
+  tags:
+    - packages
+
+- name: Add LibreWolf repository
+  get_url:
+    url: https://repo.librewolf.net/librewolf.repo
+    dest: /etc/yum.repos.d/librewolf.repo
+    mode: '0644'
+  tags:
+    - packages
+
+- name: Upgrade all packages
+  dnf5:
+    name: "*"
+    state: latest
+  tags:
+    - packages
+
+- name: Install packages
+  package:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ packages }}"
+  tags:
+    - packages
+
+- name: Setup Flatpak and install packages
+  block:
+    - name: Add Flathub repository
+      flatpak_remote:
+        name: flathub
+        state: present
+        flatpakrepo_url: "https://flathub.org/repo/flathub.flatpakrepo"
+
+    - name: Install Flatpak packages
+      flatpak:
+        name: "{{ item }}"
+        state: present
+      loop: "{{ flatpak_packages }}"
+  tags:
+    - packages
+
+# Base System Setup
+- name: Create groups
+  group:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ init_groups }}"
+  tags:
+    - base
+
+- name: Ensure Users are Configured Correctly
+  user:
+    name: "{{ item.value.name }}"
+    group: "{{ item.value.group }}"
+    groups: "{{ item.value.groups }}"
+    state: "{{ item.value.state }}"
+    create_home: "{{ item.value.create_home }}"
+    shell: "{{ item.value.shell }}"
+  loop: "{{ init_users | dict2items }}"
+  tags:
+    - base
+
+- name: Create or ensure presence of custom home directories
+  file:
+    path: /home/opal/{{ item }}
+    state: directory
+    mode: '0755'
+    owner: opal
+    group: opal
+  loop: "{{ create_directories }}"
+  tags:
+    - base
+
+- name: Remove default home directories if present
+  file:
+    path: /home/opal/{{ item }}
+    state: absent
+  loop: "{{ remove_directories }}"
+  tags:
+    - base
+
+- name: Create/Ensure ~/.ssh directories
+  file:
+    path: "/home/{{ item.value.name }}/.ssh"
+    state: directory
+    mode: '0700'
+    owner: "{{ item.value.name }}"
+    group: "{{ item.value.group }}"
+  loop: "{{ init_users | dict2items }}"
+  tags:
+    - base
+
+# Security Setup
+- name: Set default firewalld zone to home
+  firewalld:
+    zone: home
+    state: enabled
+    permanent: true
+  tags:
+    - security
+
+- name: Bind primary network interface to home zone
+  firewalld:
+    interface: "{{ network_interface }}"
+    zone: home
+    state: enabled
+    permanent: true
+    immediate: true
+  tags:
+    - security
+
+- name: Bind WireGuard interface to trusted zone
+  firewalld:
+    interface: wg0
+    zone: trusted
+    state: enabled
+    permanent: true
+    immediate: true
+  tags:
+    - security
+
+- name: Allow essential services in home zone
+  firewalld:
+    service: "{{ item }}"
+    zone: home
+    state: enabled
+    permanent: true
+    immediate: true
+  loop: "{{ allowed_services }}"
+  tags:
+    - security
+
+- name: Enable logging of denied packets
+  command:
+    cmd: firewall-cmd --set-log-denied=all
+  tags:
+    - security
+
+- name: Ensure SELinux is enabled and configured persistently
+  selinux:
+    policy: targeted
+    state: enforcing
+    configfile: /etc/selinux/config
+  tags:
+    - security
+
+# DNF Automatic Security Updates
+- name: Install dnf-automatic for automatic security updates
+  package:
+    name: dnf-automatic
+    state: present
+  tags:
+    - updates
+
+- name: Configure dnf-automatic
+  template:
+    src: dnf-automatic.conf.j2
+    dest: /etc/dnf/automatic.conf
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+    - updates
+
+- name: Enable and start dnf-automatic timer
+  systemd:
+    name: dnf-automatic.timer
+    enabled: true
+    state: started
+  tags:
+    - updates
+
+# Git Config
+- name: Set global Git configuration
+  git_config:
+    name: "{{ item.name }}"
+    scope: global
+    value: "{{ item.value }}"
+  loop: "{{ git_global_config }}"
+  tags:
+    - base

roles/fedora_setup/vars/main.yml

@@ -0,0 +1,119 @@
+---
+copr_repos:
+  - swayfx/swayfx
+
+packages:
+  - swayfx
+  - swayidle
+  - swaylock
+  - swaybg
+  - feh
+  - alacritty
+  - dunst
+  - pipewire
+  - grim
+  - grimshot
+  - brightnessctl
+  - wlsunset
+  - wlogout
+  - xwayland-run
+  - wdisplays
+  - bemenu
+  - wtype
+  - papirus-icon-theme
+  - breeze-cursor-theme
+  - google-noto-color-emoji-fonts
+  - google-noto-sans-cjk-fonts
+  - google-noto-emoji-fonts
+  - google-noto-sans-brahmi-fonts
+  - syncthing
+  - gopass
+  - cups
+  - keychain
+  - tldr
+  - gnupg2
+  - trash-cli
+  - htop
+  - mpv
+  - udiskie
+  - pavucontrol
+  - flatpak
+  - bluez
+  - bluez-tools
+  - blueman
+  - beets
+  - unrar-free
+  - unzip
+  - lf
+  - playerctl
+  - screen
+  - wireguard-tools
+  - dnf-automatic
+  - translate-shell
+  - newsboat
+  - mpd
+  - ncmpcpp
+  - asunder
+  - qutebrowser
+  - librewolf
+  - nicotine
+
+flatpak_packages:
+  - net.ankiweb.Anki
+  - org.torproject.torbrowser-launcher
+  - org.signal.Signal
+  - com.brave.Browser
+  - io.mpv.Mpv
+
+init_groups:
+  - wheel
+
+remove_directories:
+  - Templates
+  - Videos
+  - Documents
+  - Music
+  - Downloads
+  - Pictures
+  - Public
+  - Desktop
+
+create_directories:
+  - docs
+  - docs/todo
+  - music
+  - dls
+  - pics
+  - code
+  - code/src
+  - .config
+  - .local
+  - .local/share
+  - .local/bin
+
+init_users:
+  opal:
+    name: opal
+    group: opal
+    groups: 
+      - wheel
+    state: present
+    shell: /bin/yash
+    create_home: true
+
+network_interface: "{{ ansible_default_ipv4.interface }}"
+
+allowed_services:
+  - ssh
+  - dhcpv6-client
+  - mdns
+
+git_global_config:
+  - name: user.name
+    value: "Ryan"
+  - name: user.email
+    value: "ry.orlando@proton.me"
+  - name: init.defaultBranch
+    value: "master"
+  - name: pull.rebase
+    value: "true"

scripts/fedora_postbootstrap.sh

@@ -0,0 +1,46 @@
+#!/bin/sh
+# post_bootstrap.sh - Setup SSH, GPG, and pull private repositories after initial Ansible bootstrap.
+
+set -e
+
+echo "[*] Starting post-bootstrap setup..."
+
+# Start ssh-agent and add your SSH key
+if [ -f "$HOME/.ssh/id_ed25519" ]; then
+    echo "[*] Starting ssh-agent..."
+    eval "$(ssh-agent -s)"
+    ssh-add "$HOME/.ssh/id_ed25519"
+else
+    echo "[!] No SSH private key found at ~/.ssh/id_ed25519. Skipping ssh-add."
+fi
+
+# Launch GPG agent
+echo "[*] Launching gpg-agent..."
+gpgconf --launch gpg-agent
+
+# Clone gopass store if not already present
+if [ ! -d "$HOME/.local/share/gopass/stores/root/.git" ]; then
+    echo "[*] Cloning gopass password store..."
+    mkdir -p "$HOME/.local/share/gopass/stores"
+    git clone git@yourgit:gopass-store.git "$HOME/.local/share/gopass/stores/root"
+    gopass fsck
+    gopass sync
+else
+    echo "[*] Gopass store already exists. Skipping clone."
+fi
+
+# Clone bookmarks repo if not already present
+if [ ! -d "$HOME/bookmarks/.git" ]; then
+    echo "[*] Cloning bookmarks repository..."
+    git clone git@yourgit:bookmarks.git "$HOME/bookmarks"
+else
+    echo "[*] Bookmarks repo already exists. Skipping clone."
+fi
+
+# Git global config (safe to rerun, idempotent)
+echo "[*] Setting git global defaults..."
+git config --global init.defaultBranch master
+git config --global pull.rebase false
+
+echo "[*] Post-bootstrap setup complete."
+