WIP: Notes

fedora/ansible/btrbk/files/btrbk.conf

@@ -1,188 +1,11 @@
-#
-# Example btrbk configuration file
-#
-#
-# Please refer to the btrbk.conf(5) man-page for a complete
-# description of all configuration options.
-# For more examples, see README.md included with this package.
-#
-#   btrbk.conf(5): <https://digint.ch/btrbk/doc/btrbk.conf.5.html>
-#   README.md:     <https://digint.ch/btrbk/doc/readme.html>
-#
-# Note that the options can be overridden per volume/subvolume/target
-# in the corresponding sections.
-#
-
-
-# Enable transaction log
-transaction_log            /var/log/btrbk.log
-
-# Enable stream buffer. Adding a buffer between the sending and
-# receiving side is generally a good idea.
-# NOTE: If enabled, make sure to install the "mbuffer" package!
-stream_buffer              256m
-
-# Directory in which the btrfs snapshots are created. Relative to
-# <volume-directory> of the volume section.
-# If not set, the snapshots are created in <volume-directory>.
-#
-# If you want to set a custom name for the snapshot (and backups),
-# use the "snapshot_name" option within the subvolume section.
-#
-# NOTE: btrbk does not autmatically create this directory, and the
-# snapshot creation will fail if it is not present.
-#
-snapshot_dir               _btrbk_snap
-
-# Always create snapshots. Set this to "ondemand" to only create
-# snapshots if the target volume is reachable. Set this to "no" if
-# snapshot creation is done by another instance of btrbk.
-#snapshot_create            always
-
-# Perform incremental backups (set to "strict" if you want to prevent
-# creation of non-incremental backups if no parent is found).
-#incremental                yes
-
-# Specify after what time (in full hours after midnight) backups/
-# snapshots are considered as a daily backup/snapshot
-#preserve_hour_of_day       0
-
-# Specify on which day of week weekly/monthly backups are to be
-# preserved.
-#preserve_day_of_week       sunday
-
-# Preserve all snapshots for a minimum period of time.
-#snapshot_preserve_min      1d
-
-# Retention policy for the source snapshots.
-#snapshot_preserve          <NN>h <NN>d <NN>w <NN>m <NN>y
-
-# Preserve all backup targets for a minimum period of time.
-#target_preserve_min        no
-
-# Retention policy for backup targets:
-#target_preserve            <NN>h <NN>d <NN>w <NN>m <NN>y
-
-# Retention policy for archives ("btrbk archive" command):
-#archive_preserve_min       no
-#archive_preserve           <NN>h <NN>d <NN>w <NN>m <NN>y
-
-# Specify SSH private key for "ssh://" volumes / targets:
-#ssh_identity               /etc/btrbk/ssh/id_ed25519
-#ssh_user                   root
-#ssh_compression            no
-#ssh_cipher_spec            default
-
-# Enable compression for remote btrfs send/receive operations:
-#stream_compress            no
-#stream_compress_level      default
-#stream_compress_threads    default
-
-# Enable lock file support: Ensures that only one instance of btrbk
-# can be run at a time.
-#lockfile                   /var/lock/btrbk.lock
-
-# Don't wait for transaction commit on deletion. Set this to "after"
-# or "each" to make sure the deletion of subvolumes is committed to
-# disk when btrbk terminates.
-#btrfs_commit_delete        no
-
-
-#
-# Volume section (optional): "volume <volume-directory>"
-#
-#   <volume-directory>  Base path within a btrfs filesystem
-#                       containing the subvolumes to be backuped
-#                       (usually the mount-point of a btrfs filesystem
-#                       mounted with subvolid=5 option).
-#
-# Subvolume section: "subvolume <subvolume-name>"
-#
-#   <subvolume-name>    Subvolume to be backuped, relative to
-#                       <volume-directory> in volume section.
-#
-# Target section: "target <type> <volume-directory>"
-#
-#   <type>              (optional) type, defaults to "send-receive".
-#   <volume-directory>  Directory within a btrfs filesystem
-#                       receiving the backups.
-#
-# NOTE: The parser does not care about indentation, this is only for
-# human readability. All options apply to the last section
-# encountered, overriding the corresponding option of the upper
-# section. This means that the global options must be set on top,
-# before any "volume", "subvolume" or "target section.
-#
-
-
-#
-# Example retention policy:
-#
+snapshot_create         ondemand
 snapshot_preserve_min   2d
 snapshot_preserve       14d
 
 target_preserve_min     no
 target_preserve         20d 10w *m
 
-
-#
-# Simple setup: Backup root and home to external disk
-#
-snapshot_dir /btrfs/snapshots
-target       /mnt/btr_pool
-subvolume    /btrfs/root
-subvolume    /btrfs/home
-
-
-#
-# Complex setup
-#
-# In order to keep things organized, it is recommended to use "volume"
-# sections and mount the top-level subvolume (subvolid=5):
-#
-#  $ mount -o subvolid=5 /dev/sda1 /mnt/btr_pool
-#
-# Backup to external disk mounted on /mnt/btr_backup
-#volume /btrfs
-  # Create snapshots in /mnt/btr_pool/btrbk_snapshots
-#  snapshot_dir btrbk_snapshots
-
-  # Target for all subvolume sections:
-#  target /mnt/btr_backup
-
-  # Some default btrfs installations (e.g. Ubuntu) use "@" for rootfs
-  # (mounted at "/") and "@home" (mounted at "/home"). Note that this
-  # is only a naming convention.
-  #subvolume @
-#  subvolume root
-#  subvolume home
-  #subvolume kvm
-    # Use different retention policy for kvm backups:
-    #target_preserve 7d 4w
-
-
-# Backup data to external disk as well as remote host
-#volume /mnt/btr_data
-#  subvolume  data
-    # Always create snapshot, even if targets are unreachable
-#    snapshot_create always
-#    target /mnt/btr_backup
-#    target ssh://backup.my-remote-host.com/mnt/btr_backup
-
-
-# Backup from remote host, with different naming
-#volume ssh://my-remote-host.com/mnt/btr_pool
-#  subvolume data_0
-#    snapshot_dir   snapshots/btrbk
-#    snapshot_name  data_main
-#    target /mnt/btr_backup/my-remote-host.com
-
-
-# Resume backups from remote host which runs its own btrbk instance
-# creating snapshots for "home" in "/mnt/btr_pool/btrbk_snapshots".
-#volume ssh://my-remote-host.com/mnt/btr_pool
-#  snapshot_dir           btrbk_snapshots
-#  snapshot_create        no
-#  snapshot_preserve_min  all
-#  subvolume home
-#    target /mnt/btr_backup/my-remote-host.com
+snapshot_dir /mnt/btr_pool/snapshots
+target       /mnt/btr_backup
+subvolume    /mnt/btr_pool/root
+subvolume    /mnt/btr_pool/home

fedora/ansible/disable-swap/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+# Disable swap
+- name: Turn off swap
+  command: swapoff --all
+  become: yes
+- name: Uninstall zram-generator-defaults
+  dnf:
+    name:
+    - zram-generator-defaults
+    state: absent
+  become: yes

fedora/ansible/dnf-install-dash-to-dock/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Install dash-to-dock
+  dnf:
+    name: 
+      - gnome-shell-extension-dash-to-dock
+      - gnome-extensions-app
+    state: present
+  become: yes

fedora/ansible/dnf-install-snap/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Installs daily drivers for fedora workstation
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/dnf-install-snap/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Ensure snap installed
+  dnf:
+    name: snapd
+    state: present
+  become: yes
+- name: Ensure snapd service running
+  ansible.builtin.systemd:
+    name: snapd.socket
+    state: started
+    enabled: yes
+  become: yes
+- name: Link /var/lib/snapd/snap /snap
+  ansible.builtin.file:
+    src: /var/lib/snapd/snap
+    dest: /snap
+    owner: root
+    group: root
+    state: link
+  become: yes

fedora/ansible/dnf-install-steam/tasks/main.yml

@@ -0,0 +1,4 @@
+- name: DNF Install Steam
+  dnf:
+    name: 
+    - steam

fedora/ansible/enable-deep-sleep/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Tweaks Fedora to work better with the Framework Laptop
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/enable-deep-sleep/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+# Set deep sleep to default
+- name: Set deep sleep to default
+  command: grubby --update-kernel=ALL --args="mem_sleep_default=deep"
+  become: yes

fedora/ansible/fix-framework-microphone/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Tweaks Fedora to work better with the Framework Laptop
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/fix-framework-microphone/tasks/main.yml

@@ -8,10 +8,3 @@
     content: |
       options snd-hda-intel model=auto
   become: yes
-# Disable swap
-- name: Uninstall zram-generator-defaults
-  dnf:
-    name:
-    - zram-generator-defaults
-    state: absent
-  become: yes

fedora/ansible/framework_tweaks/tests/inventory

@@ -1,2 +0,0 @@
-localhost
-

fedora/ansible/framework_tweaks/tests/test.yml

@@ -1,5 +0,0 @@
----
-- hosts: localhost
-  remote_user: root
-  roles:
-    - arch/hardware_tools

fedora/ansible/framework_tweaks/vars/main.yml

@@ -1,2 +0,0 @@
----
-# vars file for arch/hardware_tools

fedora/ansible/gnome_extensions/tasks/main.yml

@@ -1,10 +0,0 @@
----
-# Gnome extensions
-- name: Enable gnome extensions
-  command: 'gnome-extensions enable {{ item }}'
-  loop:
-    - bluetooth-quick-connect@bjarosze.gmail.com
-    - clipboard-indicator@tudmotu.com
-    - sound-output-device-chooser@kgshank.net
-    - Resource_Monitor@Ory0n
-    - drive-menu@gnome-shell-extensions.gcampax.github.com

fedora/ansible/install-autofs/files/10-home-network.py

@@ -0,0 +1,226 @@
+#!/usr/bin/env python3
+
+import sys
+import os
+import logging
+import subprocess
+
+
+def run_cmd_safe(cmd, expire_cmd=None, timeout=6, retry=10):
+    """Safely executes a command with timeout. Logs stdout and stderr. Captures TimeOutException.
+
+    Args:
+        cmd (list): Command to be executed
+    """
+    result = None
+    retry_count = 0
+    while retry_count < retry:
+        if retry_count > 0 and expire_cmd:
+            logging.warn(f"Running expire command {expire_cmd}")
+            run_cmd_safe(expire_cmd)
+        try:
+            logging.debug(f"Executing {' '.join(cmd)}")
+            result = subprocess.run(cmd, capture_output=True, timeout=timeout)
+            logging.info(f"{' '.join(cmd)}: {result.stdout}")
+            logging.error(f"{' '.join(cmd)}: {result.stderr}")
+            break
+        except subprocess.TimeoutExpired:
+            logging.error(f"Attempt {retry_count}")
+            logging.error(f"Command expired: {cmd}")
+            retry_count += 1
+
+    return result
+
+
+def get_network_state(conn_uuid):
+    """Using nmcli, retreive the state of the given network
+
+    Args:
+        conn_uuid (str): The connection UUID provided by `nmcli connection show`
+
+    Returns:
+        str: The state of the connection provided by nmcli
+    """
+    UUID = 0
+    STATE = 1
+    CMD = ['nmcli', '-t', '-f', 'con-uuid,state', 'device', 'status']
+
+    result = run_cmd_safe(CMD)
+    decoded_result = result.stdout.decode()
+    network_connections = decoded_result.split("\n")
+    valid_connections = list(filter(
+        lambda item: item[0] != "",
+        [conn.split(':') for conn in network_connections]))
+    selected_network = list(filter(lambda item: item[UUID] == conn_uuid, valid_connections))
+    if len(selected_network) > 0:
+        return selected_network[0][STATE]
+    else:
+        return ''
+
+
+def network_connected(conn_uuid):
+    """Returns True if the given connection UUID is connected
+
+    Args:
+        conn_uuid (str): The connection UUID provided by `nmcli connection show`
+
+    Returns:
+        bool: True if connected, False otherwise
+    """
+    CONNECTED = "connected"
+
+    current_state = get_network_state(conn_uuid)
+    return current_state == CONNECTED
+
+
+def one_up(conn_uuids):
+    """Returns True if at least one of the provided network connections is up
+
+    Args:
+        conn_uuids (list): List of connections to check
+    """
+    for conn_uuid in conn_uuids:
+        if network_connected(conn_uuid):
+            return True
+    return False
+
+
+def set_wifi_state(on=True):
+    """Turns the wifi on and off
+
+    Args:
+        on (bool, optional): Set to False to turn wifi off. Defaults to True.
+
+    Returns:
+        bool: True if command successful, False if otherwise
+    """
+    desired_state = "on" if on else "off"
+    cmd = ["nmcli", "radio", "wifi", desired_state]
+    result = run_cmd_safe(cmd)
+    return result.returncode == 0
+
+
+def is_mountpoint(path):
+    cmd = ["mountpoint", path]
+    result = run_cmd_safe(cmd)
+    return result.returncode == 0
+
+
+if __name__ == "__main__":
+
+    logging.basicConfig(
+        filename='/var/log/nmd.log',
+        encoding='utf-8',
+        level=logging.DEBUG,
+        format='%(asctime)s %(levelname)s: %(message)s',
+        datefmt='%m/%d/%Y %I:%M:%S %p')
+
+    logging.debug("----------Start----------")
+
+    # List of connections relevant to this script
+    # Use tags to denote ethernet or wifi
+    CONNECTIONS = {
+        "home": {
+            "029a0daa-9dcd-36c2-9f3f-8c8a4da10da0": {
+                "tags": ["ethernet"]
+            },
+            "991b3332-3b25-467d-b49d-daecb968b4f8": {
+                "tags": ["wifi"]
+            }
+        }
+    }
+
+    # List of valid states for NetworkManager
+    # Taken from https://developer-old.gnome.org/NetworkManager/unstable/NetworkManager-dispatcher.html
+    STATES = {
+        "pre-up": "pre-up",
+        "up": "up",
+        "pre-down": "pre-down",
+        "down": "down",
+        "vpn-pre-up": "vpn-pre-up",
+        "vpn-up": "vpn-up",
+        "vpn-pre-down": "vpn-pre-down",
+        "vpn-down": "vpn-down",
+        "hostname": "hostname",
+        "dhcp4-change": "dhcp4-change",
+        "dhcp6-change": "dhcp6-change",
+        "connectivity-change": "connectivity-change",
+    }
+
+    # List of available environment variables given by NetworkManager
+    # Taken from https://developer-old.gnome.org/NetworkManager/unstable/NetworkManager-dispatcher.html
+    # Note: omits DHCP4_<dhcp-option-name> and IP6_<name> for simplicity's sake
+    ENV_VARS = {
+        "NM_DISPATCHER_ACTION": "NM_DISPATCHER_ACTION",
+        "CONNECTION_UUID": "CONNECTION_UUID",
+        "CONNECTION_ID": "CONNECTION_ID",
+        "CONNECTION_DBUS_PATH": "CONNECTION_DBUS_PATH",
+        "CONNECTION_FILENAME": "CONNECTION_FILENAME",
+        "CONNECTION_EXTERNAL": "CONNECTION_EXTERNAL",
+        "DEVICE_IFACE": "DEVICE_IFACE",
+        "DEVICE_IP_IFACE": "DEVICE_IP_IFACE",
+        "IP4_ADDRESS_N": "IP4_ADDRESS_N",
+        "IP4_NUM_ADDRESSES": "IP4_NUM_ADDRESSES",
+        "IP4_GATEWAY": "IP4_GATEWAY",
+        "IP4_ROUTE_N": "IP4_ROUTE_N",
+        "IP4_NUM_ROUTES": "IP4_NUM_ROUTES",
+        "IP4_NAMESERVERS": "IP4_NAMESERVERS",
+        "IP4_DOMAINS": "IP4_DOMAINS",
+        "CONNECTIVITY_STATE": "CONNECTIVITY_STATE",
+    }
+
+    # Used to retrive values from dictionaries after they've been turned into .items()
+    KEY = 0
+    VALUE = 1
+
+    # Filter out all home connections
+    home_connections = CONNECTIONS.get("home").keys()
+    logging.debug(f"Home connections: {home_connections}")
+
+    # Filter out our ethernet connections per their tags and save to a list
+    ethernets = list(map(
+        lambda conn: conn[KEY],
+        filter(
+            lambda conn: "ethernet" in conn[VALUE].get("tags") or [],
+            CONNECTIONS["home"].items())))
+    logging.debug(f"Ethernet connections: {ethernets}")
+
+    # The interface and state are always passed as positional arguments
+    logging.debug(f"arguments: {sys.argv}")
+    interface, state = sys.argv[1:3]
+    logging.debug(f"interface: {interface}")
+    logging.debug(f"state: {state}")
+
+    # Get the environment variables from our dictionary above
+    environment = {var[KEY]: os.getenv(var[VALUE]) for var in ENV_VARS.items()}
+    logging.debug(f"enviroment: {environment}")
+
+    # Get our conn_uuid from the dictionary of environment variables
+    conn_uuid = environment.get(ENV_VARS["CONNECTION_UUID"])
+    logging.debug(f"Connection UUID: {conn_uuid}")
+
+    # check if we need to turn the wifi on or off
+    if conn_uuid in ethernets:
+        # If the state of our home ethernet connection is "up" (we've just connected to ethernet),
+        # turn wifi off.
+        if state == STATES["up"]:
+            set_wifi_state(on=False)
+        # If the state of our home ethernet connection is "down" (we've just disconnected from
+        # ethernet), turn wifi back on.
+        elif state == STATES["down"]:
+            set_wifi_state(on=True)
+
+    # When we connect to a home network, mount our shares
+    # When we disconnect from all home networks, unmount our shares
+    # one_home_connection_up = one_up(home_connections)
+    # logging.debug(f"One Home Connection Up: {one_home_connection_up}")
+
+    # umount_cmd = ["umount", "-a", "-l", "-t", "cifs"]
+    # mount_cmd = ["mount", "/mnt/truenas"]
+    # if one_home_connection_up:
+    #     run_cmd_safe(mount_cmd, expire_cmd=umount_cmd)
+    # else:
+    #     run_cmd_safe(umount_cmd)
+
+    # Log Done
+    logging.debug("----------Done----------")

fedora/ansible/install-autofs/files/auto.truenas

@@ -0,0 +1,2 @@
+truenas -fstype=cifs,rw,uid=1000,gid=1000,credentials=/home/ducoterra/.smbpasswd ://freenas.dnet/truenas
+media -fstype=cifs,rw,uid=1000,gid=1000,credentials=/home/ducoterra/.smbpasswd ://freenas.dnet/media

fedora/ansible/install-autofs/files/truenas.extra

@@ -0,0 +1,5 @@
+/misc   /etc/auto.misc
+/net    -hosts
++dir:/etc/auto.master.d
++auto.master
+/smb    /etc/auto.truenas

fedora/ansible/install-autofs/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/install-autofs/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+# sudo dnf install autofs
+# /smb    /etc/auto.truenas
+# truenas -fstype=cifs,rw,uid=1000,gid=1000,credentials=/home/ducoterra/.smbpasswd ://freenas.dnet/truenas
+# media -fstype=cifs,rw,uid=1000,gid=1000,credentials=/home/ducoterra/.smbpasswd ://freenas.dnet/media
+- name: Install autofs
+  dnf:
+    name: autofs
+    state: present
+  become: yes
+- name: Create /etc/auto.master.d/truenas.extra
+  copy:
+    src: files/truenas.extra
+    dest: /etc/auto.master.d/truenas.extra
+    owner: root
+    group: root
+    mode: '0755'
+  become: yes
+- name: Create /etc/auto.truenas
+  copy:
+    src: files/auto.truenas
+    dest: /etc/auto.truenas
+    owner: root
+    group: root
+    mode: '0755'
+  become: yes

fedora/ansible/software_developer/tasks/main.yml

@@ -1,4 +1,7 @@
 ---
+# Install kvm
+# sudo dnf -y install bridge-utils libvirt virt-install qemu-kvm virt-manager
+# sudo systemctl start libvirtd
 # Install developer tools
 - name: Ensure common developer tools installed
   dnf:
@@ -10,12 +13,6 @@
     - htop
     - dconf-editor
     - dnf-plugins-core
-    - ufw
-  become: yes
-# Enable ufw
-- name: Enable UFW
-  community.general.ufw:
-    state: enabled
   become: yes
 # Install snap developer tools
 - name: Ensure snap installed

fedora/ansible/software_security/tasks/main.yml

@@ -7,4 +7,15 @@
     - tcpdump
     - tcpreplay
     - wireshark-cli
+    - ufw
+  become: yes
+# Enable UFW and allow SSH
+- name: Allow SSH
+  community.general.ufw:
+    rule: allow
+    name: ssh
+  become: yes
+- name: Enable UFW
+  community.general.ufw:
+    state: enabled
   become: yes

fedora/ansible/tigervnc/files/config

@@ -0,0 +1,7 @@
+## Supported server options to pass to vncserver upon invocation can be listed
+## in this file. See the following manpages for more: vncserver(1) Xvnc(1).
+## Several common ones are shown below. Uncomment and modify to your liking.
+##
+session=gnome
+securitytypes=vncauth,tlsvnc
+geometry=1920x1080

fedora/ansible/tigervnc/files/vncserver.users

@@ -0,0 +1 @@
+:2=vncuser

fedora/ansible/tigervnc/files/xstartup

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+unset SESSION_MANAGER
+unset DBUS_SESSION_BUS_ADDRESS
+/etc/X11/xinit/xinitrc
+# Assume either Gnome will be started by default when installed
+# We want to kill the session automatically in this case when user logs out. In case you modify
+# /etc/X11/xinit/Xclients or ~/.Xclients yourself to achieve a different result, then you should
+# be responsible to modify below code to avoid that your session will be automatically killed
+if [ -e /usr/bin/gnome-session ]; then
+    vncserver -kill $DISPLAY
+fi

fedora/ansible/tigervnc/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: Reese Wells
+  description: Installs and enables a tigervnc server
+  company: ""
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

fedora/ansible/tigervnc/tasks/main.yml

@@ -0,0 +1,59 @@
+---
+# Install and activate tigervnc
+# NOTE: You will still need to log in manually as the new user and run "passwd" and "vncpasswd"
+- name: Ensure tigervnc-server is installed
+  dnf:
+    name: 
+    - tigervnc-server
+  become: yes
+- name: Copy systemd file to /etc/system/system
+  copy:
+    remote_src: yes
+    src: /lib/systemd/system/vncserver@.service
+    dest: /etc/systemd/system/vncserver@.service
+  become: yes
+- name: Copy vncserver.users
+  copy:
+    src: files/vncserver.users
+    dest: /etc/tigervnc/vncserver.users
+  become: yes
+- name: Create vncuser
+  user:
+    name: vncuser
+    shell: /bin/fish
+    groups: wheel
+    append: yes
+  become: yes
+- name: Ensure .vnc folder exists for vncuser
+  file:
+    path: /home/vncuser/.vnc
+    state: directory
+    owner: vncuser
+    group: vncuser
+  become: yes
+- name: Copy vnc config
+  copy:
+    src: files/config
+    dest: /home/vncuser/.vnc/config
+    owner: vncuser
+    group: vncuser
+  become: yes
+- name: Copy xstartup
+  copy:
+    src: files/xstartup
+    dest: /home/vncuser/.vnc/xstartup
+    owner: vncuser
+    group: vncuser
+  become: yes
+- name: Start tigervnc service
+  systemd:
+    name: vncserver@:2
+    state: started
+    enabled: yes
+  become: yes
+- name: UFW Allow 5902/tcp
+  community.general.ufw:
+    rule: allow
+    port: 5902
+    proto: tcp
+  become: yes

fedora/desktop.yml

@@ -1,7 +1,7 @@
 ---
 # Run through all tasks to setup machines
 # https://community.frame.work/t/fedora-linux-35-on-the-framework-laptop/6613/10
-- hosts: localhost
+- hosts: pc
   gather_facts: true
   order: inventory
   vars:
@@ -12,12 +12,21 @@
     packer_version: 1.7.10
 
   roles:
-    - role: ansible/btrbk
+    - setup-openssh
+    - add-dnet-cert
+    - disable-swap
+    - dnf-install-dash-to-dock
+    - dnf-install-snap
+    - dnf-install-steam
+    - enable-deep-sleep
+    - write-dconf-config
+    # - role: ansible/btrbk
     - role: ansible/certificates
     - role: ansible/dconf
-    - role: ansible/gnome_extensions
-    - role: ansible/iscsi_freenas
+    # - role: ansible/gnome_extensions
     - role: ansible/openssh
     - role: ansible/software_common
     - role: ansible/software_developer
+    - role: ansible/software_games
     - role: ansible/software_security
+    # - role: ansible/tigervnc

fedora/framework.yml

@@ -39,3 +39,6 @@
 
     - role: ansible/software_security
       tags: ["software_security"]
+
+    - role: ansible/network_drives
+      tags: ["network_drives"]