--- # Packages and Updates - name: Start dnf5-makecache timer systemd: name: dnf5-makecache.timer enabled: true state: started tags: - packages - name: Enable COPR repositories command: cmd: dnf5 copr enable -y {{ item }} creates: "/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:{{ item | replace('/', ':') }}.repo" loop: "{{ copr_repos }}" tags: - packages - name: Add LibreWolf repository get_url: url: https://repo.librewolf.net/librewolf.repo dest: /etc/yum.repos.d/librewolf.repo mode: '0644' tags: - packages - name: Upgrade all packages dnf5: name: "*" state: latest tags: - packages - name: Install packages package: name: "{{ item }}" state: present loop: "{{ packages }}" tags: - packages - name: Setup Flatpak and install packages block: - name: Add Flathub repository flatpak_remote: name: flathub state: present flatpakrepo_url: "https://flathub.org/repo/flathub.flatpakrepo" - name: Install Flatpak packages flatpak: name: "{{ item }}" state: present loop: "{{ flatpak_packages }}" tags: - packages ## RPM Fusion - name: Install RPM Fusion Free Repository package: name: "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm" state: present - name: Install RPM Fusion Nonfree Repository package: name: "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm" state: present - name: Install Multimedia Group Packages package: name: "@multimedia" state: present - name: Install Sound and Video Group Packages package: name: "@sound-and-video" state: present - name: Install Additional Multimedia Codecs package: name: - gstreamer1-plugins-bad-free - gstreamer1-plugins-good - gstreamer1-plugins-ugly - gstreamer1-plugins-base - gstreamer1-plugin-openh264 - gstreamer1-libav - lame state: present - name: Swap ffmpeg-free with full ffmpeg command: dnf5 swap ffmpeg-free ffmpeg --allowerasing args: warn: false # Base System Setup - name: Create groups group: name: "{{ item }}" state: present loop: "{{ init_groups }}" tags: - base - name: Ensure Users are Configured Correctly user: name: "{{ item.value.name }}" group: "{{ item.value.group }}" groups: "{{ item.value.groups }}" state: "{{ item.value.state }}" create_home: "{{ item.value.create_home }}" shell: "{{ item.value.shell }}" loop: "{{ init_users | dict2items }}" tags: - base - name: Create or ensure presence of custom home directories file: path: /home/opal/{{ item }} state: directory mode: '0755' owner: opal group: opal loop: "{{ create_directories }}" tags: - base - name: Remove default home directories if present file: path: /home/opal/{{ item }} state: absent loop: "{{ remove_directories }}" tags: - base - name: Create/Ensure ~/.ssh directories file: path: "/home/{{ item.value.name }}/.ssh" state: directory mode: '0700' owner: "{{ item.value.name }}" group: "{{ item.value.group }}" loop: "{{ init_users | dict2items }}" tags: - base - name: Ensure SELinux is enabled and configured persistently selinux: policy: targeted state: enforcing configfile: /etc/selinux/config tags: - security # DNF Automatic Security Updates - name: Install dnf-automatic for automatic security updates package: name: dnf-automatic state: present tags: - updates - name: Configure dnf-automatic template: src: dnf-automatic.conf.j2 dest: /etc/dnf/automatic.conf owner: root group: root mode: '0644' tags: - updates - name: Enable and start dnf-automatic timer systemd: name: dnf-automatic.timer enabled: true state: started tags: - updates # Git Config - name: Set global Git configuration become: yes become_user: opal git_config: name: "{{ item.name }}" scope: global value: "{{ item.value }}" loop: "{{ git_global_config }}" tags: git - name: Install ET Book fonts copy: src: fonts dest: "{{ lookup('env', 'HOME') }}/.local/share/fonts/" mode: '0644' directory_mode: '0755' tags: fonts - name: Configure gpg-agent copy: src: gnupg dest: "{{ lookup('env', 'HOME') }}/.gnupg" mode: '0644' directory_mode: '0700' tags: gpg - name: Create MPD directories file: path: "{{ item }}" state: directory mode: '0755' loop: - "{{ lookup('env', 'HOME') }}/.config/mpd" - "{{ lookup('env', 'HOME') }}/.config/mpd/playlists" - "{{ lookup('env', 'HOME') }}/.local/share/mpd" - "{{ lookup('env', 'HOME') }}/.local/share/mpd/music" - name: Create MPD log, db, pid, state, and socket files file: path: "{{ lookup('env', 'HOME') }}/.local/share/mpd/{{ item }}" state: touch mode: '0644' loop: - db - log - pid - state - sticker.sql - name: Systemd override to use custom mpd.conf copy: dest: "{{ lookup('env', 'HOME') }}/.config/systemd/user/mpd.service.d/override.conf" content: | [Service] ExecStart= ExecStart=/usr/bin/mpd --no-daemon {{ lookup('env', 'HOME') }}/.config/mpd/mpd.conf notify: Reload systemd user daemon - name: Enable and start user mpd service systemd: scope: user enabled: true name: mpd state: started daemon_reload: true # Battery - name: Ensure systemd user directory exists file: path: "{{ lookup('env', 'HOME') }}/.config/systemd/user" state: directory mode: '0755' tags: battery - name: Install battery alert systemd service copy: dest: "{{ lookup('env', 'HOME') }}/.config/systemd/user/battery-alert.service" mode: '0644' content: | [Unit] Description=Battery level notifier [Service] Type=oneshot ExecStart=%h/.config/scripts/battery_alert.sh tags: battery - name: Install battery alert systemd timer copy: dest: "{{ lookup('env', 'HOME') }}/.config/systemd/user/battery-alert.timer" mode: '0644' content: | [Unit] Description=Run battery alert every 30 seconds [Timer] OnBootSec=15s OnUnitActiveSec=30s Unit=battery-alert.service [Install] WantedBy=default.target tags: battery - name: Reload systemd user daemon command: systemctl --user daemon-reexec environment: XDG_RUNTIME_DIR: "/run/user/{{ ansible_uid }}" tags: battery - name: Reload systemd user units command: systemctl --user daemon-reload environment: XDG_RUNTIME_DIR: "/run/user/{{ ansible_uid }}" tags: battery - name: Enable and start battery alert timer systemd: name: battery-alert.timer scope: user enabled: yes state: started environment: XDG_RUNTIME_DIR: "/run/user/{{ ansible_uid }}" tags: battery