ansible/roles/fedora_setup/tasks/main.yml

---
# Packages and Updates
- name: Enable COPR repositories
  command:
    cmd: dnf5 copr enable -y {{ item }}
    creates: "/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:{{ item | replace('/', ':') }}.repo"
  loop: "{{ copr_repos }}"
  tags:
    - packages

- name: Add LibreWolf repository
  get_url:
    url: https://repo.librewolf.net/librewolf.repo
    dest: /etc/yum.repos.d/librewolf.repo
    mode: '0644'
  tags:
    - packages

- name: Upgrade all packages
  dnf5:
    name: "*"
    state: latest
  tags:
    - packages

- name: Install packages
  package:
    name: "{{ item }}"
    state: present
  loop: "{{ packages }}"
  tags:
    - packages

## RPM Fusion
- name: Install RPM Fusion Free Repository
  package:
    name: "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm"
    state: present

- name: Install RPM Fusion Nonfree Repository
  package:
    name: "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm"
    state: present

- name: Install Multimedia Group Packages
  package:
    name: "@multimedia"
    state: present

- name: Install Sound and Video Group Packages
  package:
    name: "@sound-and-video"
    state: present

- name: Install Additional Multimedia Codecs
  package:
    name:
      - gstreamer1-plugins-bad-free
      - gstreamer1-plugins-good
      - gstreamer1-plugins-ugly
      - gstreamer1-plugins-base
      - gstreamer1-plugin-openh264
      - gstreamer1-libav
      - lame
    state: present

- name: Swap ffmpeg-free with full ffmpeg
  command: dnf5 swap ffmpeg-free ffmpeg --allowerasing
  args:
    warn: false

# Base System Setup
- name: Create groups
  group:
    name: "{{ item }}"
    state: present
  loop: "{{ init_groups }}"
  tags:
    - base

- name: Ensure Users are Configured Correctly
  user:
    name: "{{ item.value.name }}"
    group: "{{ item.value.group }}"
    groups: "{{ item.value.groups }}"
    state: "{{ item.value.state }}"
    create_home: "{{ item.value.create_home }}"
    shell: "{{ item.value.shell }}"
  loop: "{{ init_users | dict2items }}"
  tags:
    - base

- name: Create or ensure presence of custom home directories
  file:
    path: /home/opal/{{ item }}
    state: directory
    mode: '0755'
    owner: opal
    group: opal
  loop: "{{ create_directories }}"
  tags:
    - base

- name: Remove default home directories if present
  file:
    path: /home/opal/{{ item }}
    state: absent
  loop: "{{ remove_directories }}"
  tags:
    - base

- name: Create/Ensure ~/.ssh directories
  file:
    path: "/home/{{ item.value.name }}/.ssh"
    state: directory
    mode: '0700'
    owner: "{{ item.value.name }}"
    group: "{{ item.value.group }}"
  loop: "{{ init_users | dict2items }}"
  tags:
    - base

- name: Ensure SELinux is enabled and configured persistently
  selinux:
    policy: targeted
    state: enforcing
    configfile: /etc/selinux/config
  tags:
    - security

# DNF Automatic Security Updates
- name: Install dnf-automatic for automatic security updates
  package:
    name: dnf-automatic
    state: present
  tags:
    - updates

- name: Configure dnf-automatic
  template:
    src: dnf-automatic.conf.j2
    dest: /etc/dnf/automatic.conf
    owner: root
    group: root
    mode: '0644'
  tags:
    - updates

- name: Enable and start dnf-automatic timer
  systemd:
    name: dnf-automatic.timer
    enabled: true
    state: started
  tags:
    - updates

# Git Config
- name: Set global Git configuration
  become: yes
  become_user: opal
  git_config:
    name: "{{ item.name }}"
    scope: global
    value: "{{ item.value }}"
  loop: "{{ git_global_config }}"
  tags: git

- name: Install ET Book fonts
  copy:
    src: fonts
    dest: "{{ lookup('env', 'HOME') }}/.local/share/fonts/"
    mode: '0644'
    directory_mode: '0755'
  tags: fonts

- name: Configure gpg-agent
  copy:
    src: gnupg
    dest: "{{ lookup('env', 'HOME') }}/.gnupg"
    mode: '0644'
    directory_mode: '0700'
  tags: gpg

- name: Create MPD directories
  file:
    path: "{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - "{{ lookup('env', 'HOME') }}/.config/mpd"
    - "{{ lookup('env', 'HOME') }}/.config/mpd/playlists"
    - "{{ lookup('env', 'HOME') }}/.local/share/mpd"
    - "{{ lookup('env', 'HOME') }}/.local/share/mpd/music"

- name: Create MPD log, db, pid, state, and socket files
  file:
    path: "{{ lookup('env', 'HOME') }}/.local/share/mpd/{{ item }}"
    state: touch
    mode: '0644'
  loop:
    - db
    - log
    - pid
    - state
    - sticker.sql

- name: Systemd override to use custom mpd.conf
  copy:
    dest: "{{ lookup('env', 'HOME') }}/.config/systemd/user/mpd.service.d/override.conf"
    content: |
      [Service]
      ExecStart=
      ExecStart=/usr/bin/mpd --no-daemon {{ lookup('env', 'HOME') }}/.config/mpd/mpd.conf
  notify: Reload systemd user daemon

- name: Enable and start user mpd service
  systemd:
    scope: user
    enabled: true
    name: mpd
    state: started
    daemon_reload: true

# Dunst
- name: Install dunst systemd user service
  copy:
    dest: "{{ lookup('env', 'HOME') }}/.config/systemd/user/dunst.service"
    mode: '0644'
    content: |
      [Unit]
      Description=Dunst notification daemon
      After=graphical-session.target

      [Service]
      ExecStart=/usr/bin/dunst
      Restart=always
      RestartSec=2

      [Install]
      WantedBy=default.target
  tags: dunst

- name: Reload systemd user daemon
  systemd:
    daemon_reload: true
    scope: user
  environment:
    XDG_RUNTIME_DIR: "/run/user/{{ ansible_uid }}"
  tags: dunst

- name: Enable and start dunst systemd user service
  systemd:
    name: dunst.service
    scope: user
    enabled: true
    state: started
  environment:
    XDG_RUNTIME_DIR: "/run/user/{{ ansible_uid }}"
  tags: dunst