Split fedora and manjaro playbooks

Split playbooks to better accomodate development of both.

fedora/ansible/btrbk/files/btrbk.conf

@@ -0,0 +1,188 @@
+#
+# Example btrbk configuration file
+#
+#
+# Please refer to the btrbk.conf(5) man-page for a complete
+# description of all configuration options.
+# For more examples, see README.md included with this package.
+#
+#   btrbk.conf(5): <https://digint.ch/btrbk/doc/btrbk.conf.5.html>
+#   README.md:     <https://digint.ch/btrbk/doc/readme.html>
+#
+# Note that the options can be overridden per volume/subvolume/target
+# in the corresponding sections.
+#
+
+
+# Enable transaction log
+transaction_log            /var/log/btrbk.log
+
+# Enable stream buffer. Adding a buffer between the sending and
+# receiving side is generally a good idea.
+# NOTE: If enabled, make sure to install the "mbuffer" package!
+stream_buffer              256m
+
+# Directory in which the btrfs snapshots are created. Relative to
+# <volume-directory> of the volume section.
+# If not set, the snapshots are created in <volume-directory>.
+#
+# If you want to set a custom name for the snapshot (and backups),
+# use the "snapshot_name" option within the subvolume section.
+#
+# NOTE: btrbk does not autmatically create this directory, and the
+# snapshot creation will fail if it is not present.
+#
+snapshot_dir               _btrbk_snap
+
+# Always create snapshots. Set this to "ondemand" to only create
+# snapshots if the target volume is reachable. Set this to "no" if
+# snapshot creation is done by another instance of btrbk.
+#snapshot_create            always
+
+# Perform incremental backups (set to "strict" if you want to prevent
+# creation of non-incremental backups if no parent is found).
+#incremental                yes
+
+# Specify after what time (in full hours after midnight) backups/
+# snapshots are considered as a daily backup/snapshot
+#preserve_hour_of_day       0
+
+# Specify on which day of week weekly/monthly backups are to be
+# preserved.
+#preserve_day_of_week       sunday
+
+# Preserve all snapshots for a minimum period of time.
+#snapshot_preserve_min      1d
+
+# Retention policy for the source snapshots.
+#snapshot_preserve          <NN>h <NN>d <NN>w <NN>m <NN>y
+
+# Preserve all backup targets for a minimum period of time.
+#target_preserve_min        no
+
+# Retention policy for backup targets:
+#target_preserve            <NN>h <NN>d <NN>w <NN>m <NN>y
+
+# Retention policy for archives ("btrbk archive" command):
+#archive_preserve_min       no
+#archive_preserve           <NN>h <NN>d <NN>w <NN>m <NN>y
+
+# Specify SSH private key for "ssh://" volumes / targets:
+#ssh_identity               /etc/btrbk/ssh/id_ed25519
+#ssh_user                   root
+#ssh_compression            no
+#ssh_cipher_spec            default
+
+# Enable compression for remote btrfs send/receive operations:
+#stream_compress            no
+#stream_compress_level      default
+#stream_compress_threads    default
+
+# Enable lock file support: Ensures that only one instance of btrbk
+# can be run at a time.
+#lockfile                   /var/lock/btrbk.lock
+
+# Don't wait for transaction commit on deletion. Set this to "after"
+# or "each" to make sure the deletion of subvolumes is committed to
+# disk when btrbk terminates.
+#btrfs_commit_delete        no
+
+
+#
+# Volume section (optional): "volume <volume-directory>"
+#
+#   <volume-directory>  Base path within a btrfs filesystem
+#                       containing the subvolumes to be backuped
+#                       (usually the mount-point of a btrfs filesystem
+#                       mounted with subvolid=5 option).
+#
+# Subvolume section: "subvolume <subvolume-name>"
+#
+#   <subvolume-name>    Subvolume to be backuped, relative to
+#                       <volume-directory> in volume section.
+#
+# Target section: "target <type> <volume-directory>"
+#
+#   <type>              (optional) type, defaults to "send-receive".
+#   <volume-directory>  Directory within a btrfs filesystem
+#                       receiving the backups.
+#
+# NOTE: The parser does not care about indentation, this is only for
+# human readability. All options apply to the last section
+# encountered, overriding the corresponding option of the upper
+# section. This means that the global options must be set on top,
+# before any "volume", "subvolume" or "target section.
+#
+
+
+#
+# Example retention policy:
+#
+snapshot_preserve_min   2d
+snapshot_preserve       14d
+
+target_preserve_min     no
+target_preserve         20d 10w *m
+
+
+#
+# Simple setup: Backup root and home to external disk
+#
+snapshot_dir /btrfs/snapshots
+target       /mnt/btr_pool
+subvolume    /btrfs/root
+subvolume    /btrfs/home
+
+
+#
+# Complex setup
+#
+# In order to keep things organized, it is recommended to use "volume"
+# sections and mount the top-level subvolume (subvolid=5):
+#
+#  $ mount -o subvolid=5 /dev/sda1 /mnt/btr_pool
+#
+# Backup to external disk mounted on /mnt/btr_backup
+#volume /btrfs
+  # Create snapshots in /mnt/btr_pool/btrbk_snapshots
+#  snapshot_dir btrbk_snapshots
+
+  # Target for all subvolume sections:
+#  target /mnt/btr_backup
+
+  # Some default btrfs installations (e.g. Ubuntu) use "@" for rootfs
+  # (mounted at "/") and "@home" (mounted at "/home"). Note that this
+  # is only a naming convention.
+  #subvolume @
+#  subvolume root
+#  subvolume home
+  #subvolume kvm
+    # Use different retention policy for kvm backups:
+    #target_preserve 7d 4w
+
+
+# Backup data to external disk as well as remote host
+#volume /mnt/btr_data
+#  subvolume  data
+    # Always create snapshot, even if targets are unreachable
+#    snapshot_create always
+#    target /mnt/btr_backup
+#    target ssh://backup.my-remote-host.com/mnt/btr_backup
+
+
+# Backup from remote host, with different naming
+#volume ssh://my-remote-host.com/mnt/btr_pool
+#  subvolume data_0
+#    snapshot_dir   snapshots/btrbk
+#    snapshot_name  data_main
+#    target /mnt/btr_backup/my-remote-host.com
+
+
+# Resume backups from remote host which runs its own btrbk instance
+# creating snapshots for "home" in "/mnt/btr_pool/btrbk_snapshots".
+#volume ssh://my-remote-host.com/mnt/btr_pool
+#  snapshot_dir           btrbk_snapshots
+#  snapshot_create        no
+#  snapshot_preserve_min  all
+#  subvolume home
+#    target /mnt/btr_backup/my-remote-host.com

fedora/ansible/btrbk/files/btrbk.service

@@ -0,0 +1,5 @@
+[Unit]
+Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf
+
+[Service]
+ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run

fedora/ansible/btrbk/files/btrbk.timer

@@ -0,0 +1,11 @@
+[Unit]
+Description=Run btrbk every hour
+
+[Timer]
+OnCalendar=hourly
+AccuracySec=10min
+Persistent=true
+Unit=btrbk.service
+
+[Install]
+WantedBy=timers.target

fedora/ansible/btrbk/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Creates a btrbk service that runs every hour and backs up to a usb disk at /mnt/btr_pool
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/btrbk/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+# Ensure btrbk installed
+- name: Ensure daily-driver (development, work, gaming) installed
+  dnf:
+    name: 
+    - btrbk
+    state: present
+  become: yes
+# Copy btrbk.conf
+- name: Ensure /etc/btrbk exists
+  file:
+    state: directory
+    path: /etc/btrbk
+  become: yes
+- name: Copy btrbk.conf
+  copy:
+    src: files/btrbk.conf
+    dest: /etc/btrbk/btrbk.conf
+  become: yes
+# Copy service definition and timer
+- name: Copy btrbk.service
+  copy:
+    src: files/btrbk.service
+    dest: /etc/systemd/system/btrbk.service
+  become: yes
+- name: Copy btrbk.timer
+  copy:
+    src: files/btrbk.timer
+    dest: /etc/systemd/system/btrbk.timer
+  become: yes
+# Enable btrbk timer
+- name: Enable btrbk timer
+  ansible.builtin.systemd:
+    name: btrbk.timer
+    state: started
+    daemon_reload: yes
+  become: yes

fedora/ansible/certificates/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Imports dnet certificate from private certificate authority
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/certificates/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+# Install DNET CA
+- name: Download DNET CA
+  get_url:
+    url: https://vault.ducoterra.net/v1/dnet/ca
+    dest: /etc/pki/ca-trust/source/anchors/dnet_ca.crt
+    mode: '0660'
+  become: yes
+- name: Update trust store
+  command: update-ca-trust
+  become: yes

fedora/ansible/dconf/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Edits dconf settings to my preferences
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/dconf/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+# dconf settings
+- name: Turn off palm rejection
+  command: dconf write /org/gnome/desktop/peripherals/touchpad/disable-while-typing false
+- name: Set flat mouse acceleration profile
+  command: dconf write /org/gnome/desktop/peripherals/mouse/accel-profile "'flat'"
+- name: Center new windows
+  command: dconf write /org/gnome/mutter/center-new-windows true
+- name: Don't sleep on power
+  command: dconf write /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type "'nothing'"
+- name: Maximize window with <Super>Up
+  command: dconf write /org/gnome/desktop/wm/keybindings/maximize "['<Super>Up']"
+- name: Center window with ['<Super>Return']
+  command: dconf write /org/gnome/desktop/wm/keybindings/move-to-center "['<Super><Alt>Return']"
+- name: Emulate right-click with two fingers
+  command: dconf write /org/gnome/desktop/peripherals/touchpad/click-method "'fingers'"

fedora/ansible/framework_tweaks/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Tweaks Fedora to work better with the Framework Laptop
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/framework_tweaks/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+# Mic headphone jack
+# https://help.ubuntu.com/community/HdaIntelSoundHowto
+# http://lxr.linux.no/#linux+v3.2.19/Documentation/sound/alsa/HD-Audio-Models.txt
+- name: Ensure microphone works plugged into headphone jack
+  copy:
+    dest: "/etc/modprobe.d/alsa-base.conf"
+    content: |
+      options snd-hda-intel model=auto
+  become: yes
+# Disable swap
+- name: Uninstall zram-generator-defaults
+  dnf:
+    name:
+    - zram-generator-defaults
+    state: absent
+  become: yes

fedora/ansible/framework_tweaks/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

fedora/ansible/framework_tweaks/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - arch/hardware_tools

fedora/ansible/framework_tweaks/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for arch/hardware_tools

fedora/ansible/gnome_extensions/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Installs favorite gnome extensions
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/gnome_extensions/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+# Gnome extensions
+- name: Enable gnome extensions
+  command: 'gnome-extensions enable {{ item }}'
+  loop:
+    - bluetooth-quick-connect@bjarosze.gmail.com
+    - clipboard-indicator@tudmotu.com
+    - sound-output-device-chooser@kgshank.net
+    - Resource_Monitor@Ory0n
+    - drive-menu@gnome-shell-extensions.gcampax.github.com

fedora/ansible/iscsi_freenas/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Configures connection to iscsi drive at freenas.dnet
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/iscsi_freenas/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+# tasks file for ansible/arch_iscsi
+# Sync and update Pacman
+- name: Perform a discovery on freenas.dnet and show available target nodes
+  community.general.open_iscsi:
+    show_nodes: yes
+    discover: yes
+    portal: freenas.dnet
+  become: yes
+- name: Enable automatic login for freenas.dnet
+  community.general.open_iscsi:
+    login: yes
+    portal: freenas.dnet
+    auto_portal_startup: yes
+    target: iqn.2022-02.freenas.dnet:framework-backup
+  become: yes
+- name: Ensure iscsi service started
+  ansible.builtin.systemd:
+    name: iscsi
+    state: started
+    enabled: yes
+  become: yes
+- name: Ensure iscsid service started
+  ansible.builtin.systemd:
+    name: iscsid
+    state: started
+    enabled: yes
+  become: yes

fedora/ansible/openssh/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Ensures secure openssh configuration
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/openssh/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+# SSH
+- name: Curl SSH trusted CA
+  get_url:
+    url: https://vault.ducoterra.net/v1/ssh-client-signer/public_key
+    dest: /etc/ssh/trusted-user-ca-keys.pem
+    mode: '0660'
+  become: yes
+- name: Create sshd_config file
+  copy:
+    dest: "/etc/ssh/sshd_config"
+    content: |
+      AuthorizedKeysFile      .ssh/authorized_keys
+      PasswordAuthentication no
+      KbdInteractiveAuthentication no
+      UsePAM yes
+      Subsystem sftp internal-sftp
+      PrintMotd no # pam does that
+      TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
+  become: yes
+- name: Ensure ssh service started
+  ansible.builtin.systemd:
+    name: sshd
+    state: restarted
+    daemon_reload: yes
+    enabled: yes
+  become: yes

fedora/ansible/software_common/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Installs daily drivers for fedora workstation
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/software_common/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+# Install dnf daily drivers
+- name: Ensure daily-driver (development, work, gaming) installed
+  dnf:
+    name: 
+    - remmina
+    - freerdp
+    - chromium
+    - steam
+    - geary
+    - make
+    - seahorse # gnome keyring manager
+    - gimp
+    - libreoffice
+    state: present
+  become: yes
+# Install snap-based daily-drivers
+- name: Ensure snap installed
+  dnf:
+    name: snapd
+    state: present
+  become: yes
+- name: Ensure snapd service running
+  ansible.builtin.systemd:
+    name: snapd.socket
+    state: started
+    enabled: yes
+  become: yes
+- name: Link /var/lib/snapd/snap /snap
+  ansible.builtin.file:
+    src: /var/lib/snapd/snap
+    dest: /snap
+    owner: root
+    group: root
+    state: link
+  become: yes
+- name: Install snap packages
+  community.general.snap:
+    name: 
+    - snap-store
+    - spotify
+    - discord
+    state: present
+  become: yes
+  retries: 6
+  delay: 10

fedora/ansible/software_developer/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Installs common developer tools
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/software_developer/tasks/main.yml

@@ -0,0 +1,168 @@
+---
+# Install developer tools
+- name: Ensure common developer tools installed
+  dnf:
+    name: 
+    - vim-enhanced
+    - iperf3
+    - python3-pip
+    - glances
+    - htop
+    - dconf-editor
+    - dnf-plugins-core
+    - ufw
+  become: yes
+# Enable ufw
+- name: Enable UFW
+  community.general.ufw:
+    state: enabled
+  become: yes
+# Install snap developer tools
+- name: Ensure snap installed
+  dnf:
+    name: snapd
+    state: present
+  become: yes
+- name: Link /var/lib/snapd/snap /snap
+  ansible.builtin.file:
+    src: /var/lib/snapd/snap
+    dest: /snap
+    owner: root
+    group: root
+    state: link
+  become: yes
+- name: Ensure snapd service running
+  ansible.builtin.systemd:
+    name: snapd.socket
+    state: started
+    enabled: yes
+  become: yes
+- name: Install snap packages
+  community.general.snap:
+    name: 
+    - yq
+    state: present
+  become: yes
+- name: Install classic snap packages
+  community.general.snap:
+    name:
+    - code
+    - kubectl
+    - helm
+    state: present
+    classic: yes
+  become: yes
+# AWS CLI
+- name: Download awscli v2 installer - latest version
+  unarchive:
+    src: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip
+    dest: '{{ executable_temp_dir }}'
+    remote_src: true
+    creates: '{{ executable_temp_dir }}/aws'
+    mode: 0755
+  when: awscli_version is not defined
+  tags: ["awscli", "awscliv2"]
+- name: Download awscli v2 installer - specific version {{ awscli_version }}
+  unarchive:
+    src: 'https://awscli.amazonaws.com/awscli-exe-linux-x86_64-{{ awscli_version }}.zip'
+    dest: "{{ executable_temp_dir }}"
+    remote_src: true
+    creates: '{{ executable_temp_dir }}/aws'
+    mode: 0755
+  when: awscli_version is defined
+  tags: ["awscli", "awscliv2"]
+- name: Run the installer for awscli v2
+  command:
+  args:
+    cmd: '{{ executable_temp_dir }}/aws/install -i {{ awscli_install_dir }} -b /usr/local/bin'
+    creates: /usr/local/bin/aws
+  become: yes
+  tags: ["awscli", "awscliv2"]
+# Ansible
+- name: Install ansible
+  pip:
+    name: ansible
+    extra_args: --user
+# Docker
+- name: Add Docker dnf repo
+  command: dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
+  become: yes
+- name: Ensure Docker installed
+  dnf:
+    name: 
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    state: present
+  become: yes
+- name: Ensure ducoterra in the "docker" group
+  ansible.builtin.user:
+    name: ducoterra
+    groups: docker
+    append: yes
+  become: yes
+# Vault CLI
+- name: Download vault binary
+  unarchive:
+    src: https://releases.hashicorp.com/vault/{{vault_version}}/vault_{{vault_version}}_linux_amd64.zip
+    dest: '{{ executable_temp_dir }}'
+    remote_src: true
+    creates: '{{ executable_temp_dir }}/vault'
+    mode: 0755
+  become: yes
+- name: Move vault binary to /usr/local/bin
+  ansible.builtin.copy:
+    remote_src: yes
+    src: '{{ executable_temp_dir }}/vault'
+    dest: /usr/local/bin/vault
+    owner: root
+    group: root
+    mode: '0755'
+  become: yes
+# Terraform CLI
+- name: Download vault binary
+  unarchive:
+    src: https://releases.hashicorp.com/terraform/{{tf_version}}/terraform_{{tf_version}}_linux_amd64.zip
+    dest: '{{ executable_temp_dir }}'
+    remote_src: true
+    creates: '{{ executable_temp_dir }}/terraform'
+    mode: 0755
+  become: yes
+- name: Move terraform binary to /usr/local/bin
+  ansible.builtin.copy:
+    remote_src: yes
+    src: '{{ executable_temp_dir }}/terraform'
+    dest: /usr/local/bin/terraform
+    owner: root
+    group: root
+    mode: '0755'
+  become: yes
+# Packer CLI
+- name: Download packer binary
+  unarchive:
+    src: https://releases.hashicorp.com/packer/{{packer_version}}/packer_{{packer_version}}_linux_amd64.zip
+    dest: '{{ executable_temp_dir }}'
+    remote_src: true
+    creates: '{{ executable_temp_dir }}/packer'
+    mode: 0755
+  become: yes
+- name: Move packer binary to /usr/local/bin
+  ansible.builtin.copy:
+    remote_src: yes
+    src: '{{ executable_temp_dir }}/packer'
+    dest: /usr/local/bin/packer
+    owner: root
+    group: root
+    mode: '0755'
+  become: yes
+# Wireguard Configuration
+- name: Ensure wireguard-tools installed
+  dnf:
+    name:  wireguard-tools
+    state: present
+  become: yes
+- name: Ensure /etc/wireguard directory
+  file:
+    path: /etc/wireguard
+    state: directory
+  become: yes

fedora/ansible/software_games/files/minecraft.desktop

@@ -0,0 +1,7 @@
+[Desktop Entry]
+Encoding=UTF-8
+Name=Minecraft Launcher
+Exec=/home/ducoterra/Applications/minecraft-launcher
+Icon=/home/ducoterra/.icons/minecraft-launcher.png
+Type=Application
+Categories=Games;

fedora/ansible/software_games/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Installs Steam, Minecraft, and the like
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/software_games/tasks/main.yml

@@ -0,0 +1,28 @@
+# Install dnf daily drivers
+- name: Ensure daily-driver (development, work, gaming) installed
+  dnf:
+    name: 
+    - steam
+    state: present
+  become: yes
+# Install Minecraft
+- name: Download Minecraft Launcher
+  unarchive:
+    src: https://launcher.mojang.com/download/Minecraft.tar.gz
+    dest: '{{ executable_temp_dir }}'
+    remote_src: true
+    creates: '{{ executable_temp_dir }}/minecraft-launcher/'
+    mode: 0755
+- name: Ensure "~/Applications" folder
+  file:
+    state: directory
+    path: '{{ansible_env.HOME}}/Applications'
+- name: Copy minecraft-launcher to ~/Applications
+  copy:
+    src: '{{ executable_temp_dir }}/minecraft-launcher/minecraft-launcher'
+    dest: '{{ansible_env.HOME}}/Applications/minecraft-launcher'
+- name: Create .desktop shortcut for minecraft-launcher
+  copy:
+    src: files/minecraft.desktop
+    dest: /usr/share/applications/minecraft.desktop
+  become: yes

fedora/ansible/software_security/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Installs common security A&P tools
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/software_security/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+# Install security tools
+- name: Ensure common security tools installed
+  dnf:
+    name: 
+    - nmap
+    - tcpdump
+    - tcpreplay
+    - wireshark-cli
+  become: yes

fedora/ansible/swap/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Configures Fedora's swapfile
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/swap/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+# Create swap
+- name: Turn off swap
+  command: "swapoff --all"
+  become: yes
+- name: Remove old swap file
+  file:
+    state: absent
+    path: "{{ swap_file_path }}"
+  become: yes
+- name: Create swap file
+  command: truncate -s 0 "{{ swap_file_path }}"
+            creates="{{ swap_file_path }}"
+  become: yes
+  when: swap_file_size_mb != 0
+- name: Set swap compression
+  command: chattr +C "{{ swap_file_path }}"
+  become: yes
+  when: swap_file_size_mb != 0
+- name: Allocate swap space
+  command: fallocate -l "{{ swap_file_size_mb }}M" "{{ swap_file_path }}"
+  become: yes
+  when: swap_file_size_mb != 0
+- name: Change swap file permissions
+  file: path="{{ swap_file_path }}"
+        owner=root
+        group=root
+        mode=0600
+  become: yes
+  when: swap_file_size_mb != 0
+- name: "Check swap file type"
+  command: file {{ swap_file_path }}
+  register: swapfile
+  become: yes
+  when: swap_file_size_mb != 0
+- name: Make swap file
+  command: "mkswap {{ swap_file_path }}"
+  become: yes
+  when: swap_file_size_mb != 0
+- name: Write swap entry in fstab
+  mount: name=none
+        src={{ swap_file_path }}
+        fstype=swap
+        opts=sw
+        passno=0
+        dump=0
+        state=present
+  become: yes
+  when: swap_file_size_mb != 0
+- name: Mount swap
+  command: "swapon {{ swap_file_path }}"
+  become: yes
+  when: swap_file_size_mb != 0
+- name: Set swappiness
+  command: sysctl -w vm.swappiness=1
+  become: yes
+  when: swap_file_size_mb != 0
+- name: Make swappiness permanent
+  copy:
+    dest: "/etc/sysctl.d/99-swappiness.conf"
+    content: |
+      vm.swappiness=1
+  become: yes
+  when: swap_file_size_mb != 0

fedora/desktop.yml

@@ -0,0 +1,23 @@
+---
+# Run through all tasks to setup machines
+# https://community.frame.work/t/fedora-linux-35-on-the-framework-laptop/6613/10
+- hosts: localhost
+  gather_facts: true
+  order: inventory
+  vars:
+    executable_temp_dir: /tmp
+    awscli_install_dir: /opt/aws-cli/
+    vault_version: 1.9.3
+    tf_version: 1.1.5
+    packer_version: 1.7.10
+
+  roles:
+    - role: ansible/btrbk
+    - role: ansible/certificates
+    - role: ansible/dconf
+    - role: ansible/gnome_extensions
+    - role: ansible/iscsi_freenas
+    - role: ansible/openssh
+    - role: ansible/software_common
+    - role: ansible/software_developer
+    - role: ansible/software_security

fedora/framework.yml

@@ -0,0 +1,41 @@
+---
+# Run through all tasks to setup machines
+# https://community.frame.work/t/fedora-linux-35-on-the-framework-laptop/6613/10
+- hosts: localhost
+  gather_facts: true
+  order: inventory
+  vars:
+    executable_temp_dir: /tmp
+    awscli_install_dir: /opt/aws-cli/
+    vault_version: 1.9.3
+    tf_version: 1.1.5
+    packer_version: 1.7.10
+
+  roles:
+
+    - role: ansible/btrbk
+      tags: ["btrbk"]
+
+    - role: ansible/certificates
+      tags: ["certificates"]
+    
+    - role: ansible/dconf
+      tags: ["dconf"]
+
+    - role: ansible/framework_tweaks
+      tags: ["framework_tweaks"]
+
+    - role: ansible/gnome_extensions
+      tags: ["gnome_extensions"]
+
+    - role: ansible/openssh
+      tags: ["openssh"]
+
+    - role: ansible/software_common
+      tags: ["software_common"]
+
+    - role: ansible/software_developer
+      tags: ["software_developer"]
+
+    - role: ansible/software_security
+      tags: ["software_security"]