- name: Setup Workstation hosts: localhost vars: executable_temp_dir: /tmp awscli_install_dir: /opt/aws-cli/ vault_version: 1.9.3 swap_file_path: /swap/swapfile swap_file_size_mb: 4096 tasks: # System Tools - name: Ensure grub installed community.general.pacman: name: grub state: present become: yes - name: Ensure bluez installed community.general.pacman: name: - bluez - bluez-utils state: present become: yes - name: Ensure bluetooth service started ansible.builtin.systemd: name: bluetooth state: started enabled: yes become: yes - name: Ensure glances installed community.general.pacman: name: glances state: present become: yes - name: Ensure htop installed community.general.pacman: name: htop state: present become: yes - name: Ensure curl and wget community.general.pacman: name: - curl - wget state: present become: yes - name: Ensure dconf-editor community.general.pacman: name: dconf-editor state: present become: yes # Install DNET CA - name: Download DNET CA get_url: url: https://vault.ducoterra.net/v1/dnet/ca dest: /etc/ca-certificates/trust-source/anchors/dnet_ca.crt mode: '0660' become: yes - name: Update trust store command: trust extract-compat become: yes # dconf settings - name: Turn off palm rejection command: dconf write /org/gnome/desktop/peripherals/touchpad/disable-while-typing false - name: Set flat mouse acceleration profile command: dconf write /org/gnome/desktop/peripherals/mouse/accel-profile "'flat'" - name: Center new windows command: dconf write /org/gnome/mutter/center-new-windows true # Daily Driver Tools - name: Ensure vim installed community.general.pacman: name: vim state: present become: yes - name: Ensure unzip installed community.general.pacman: name: unzip state: present become: yes - name: Ensure chromium installed community.general.pacman: name: chromium state: present become: yes - name: Ensure steam installed community.general.pacman: name: steam-manjaro state: present become: yes - name: Ensure discord installed community.general.pacman: name: discord state: present become: yes - name: Ensure geary installed community.general.pacman: name: geary state: present become: yes # Developer Tools - name: Ensure wine installed community.general.pacman: name: - wine - winetricks - wine-mono - wine_gecko state: present become: yes - name: Ensure wireguard installed community.general.pacman: name: wireguard-tools state: present become: yes - name: Ensure ping installed community.general.pacman: name: iputils state: present become: yes - name: Ensure nslookup installed community.general.pacman: name: dnsutils state: present become: yes - name: Ensure docker installed community.general.pacman: name: - docker - docker-compose state: present become: yes - name: Ensure ducoterra in the "docker" group ansible.builtin.user: name: ducoterra groups: docker append: yes become: yes - name: Ensure kubectl installed community.general.pacman: name: kubectl state: present become: yes - name: Ensure python and pip instaled community.general.pacman: name: - python - python-pip state: present become: yes - name: Install ansible pip: name: ansible extra_args: --user - name: Install ansible pip: name: qmk extra_args: --user - name: Run qmk setup ansible.builtin.command: qmk setup -y - name: Copy qmk udev rules ansible.builtin.copy: src: ~/qmk_firmware/util/udev/50-qmk.rules dest: /etc/udev/rules.d/50-qmk.rules owner: ducoterra group: root mode: '0755' become: yes # AWS CLI - name: Download awscli v2 installer - latest version unarchive: src: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip dest: '{{ executable_temp_dir }}' remote_src: true creates: '{{ executable_temp_dir }}/aws' mode: 0755 when: awscli_version is not defined tags: ["awscli", "awscliv2"] - name: Download awscli v2 installer - specific version {{ awscli_version }} unarchive: src: 'https://awscli.amazonaws.com/awscli-exe-linux-x86_64-{{ awscli_version }}.zip' dest: "{{ executable_temp_dir }}" remote_src: true creates: '{{ executable_temp_dir }}/aws' mode: 0755 when: awscli_version is defined tags: ["awscli", "awscliv2"] - name: Run the installer for awscli v2 command: args: cmd: '{{ executable_temp_dir }}/aws/install -i {{ awscli_install_dir }} -b /usr/local/bin' creates: /usr/local/bin/aws become: yes tags: ["awscli", "awscliv2"] # Vault CLI - name: Download vault binary unarchive: src: https://releases.hashicorp.com/vault/{{vault_version}}/vault_{{vault_version}}_linux_amd64.zip dest: '{{ executable_temp_dir }}' remote_src: true creates: '{{ executable_temp_dir }}/vault' mode: 0755 - name: Move vault binary to /usr/local/bin ansible.builtin.copy: src: '{{ executable_temp_dir }}/vault' dest: /usr/local/bin/vault owner: root group: root mode: '0755' become: yes # Snap Installs - name: Ensure snap installed community.general.pacman: name: snapd state: present become: yes - name: Ensure snapd service running ansible.builtin.systemd: name: snapd.socket state: started enabled: yes become: yes - name: Link /var/lib/snapd/snap /snap ansible.builtin.file: src: /var/lib/snapd/snap dest: /snap owner: root group: root state: link become: yes - name: Install snap-store community.general.snap: name: snap-store state: present become: yes - name: Install vscode community.general.snap: name: code state: present classic: yes become: yes - name: Install spotify community.general.snap: name: spotify state: present become: yes # Create swap - name: Turn off swap command: "swapoff --all" become: yes - name: Remove old swap file file: state: absent path: "{{ swap_file_path }}" - name: Create swap file command: truncate -s 0 "{{ swap_file_path }}" creates="{{ swap_file_path }}" become: yes - name: Set swap compression command: chattr +C "{{ swap_file_path }}" become: yes - name: Allocate swap space command: fallocate -l "{{ swap_file_size_mb }}M" "{{ swap_file_path }}" become: yes - name: Change swap file permissions file: path="{{ swap_file_path }}" owner=root group=root mode=0600 become: yes - name: "Check swap file type" command: file {{ swap_file_path }} register: swapfile become: yes - name: Make swap file command: "mkswap {{ swap_file_path }}" become: yes - name: Write swap entry in fstab mount: name=none src={{ swap_file_path }} fstype=swap opts=sw passno=0 dump=0 state=present become: yes - name: Mount swap command: "swapon {{ swap_file_path }}" become: yes - name: Set swappiness command: sysctl -w vm.swappiness=1 become: yes - name: Make swappiness permanent copy: dest: "/etc/sysctl.d/99-swappiness.conf" content: | vm.swappiness=1 become: yes # Minecraft - name: Clone minecraft-launcher repo ansible.builtin.git: repo: 'https://aur.archlinux.org/minecraft-launcher.git' dest: '{{ executable_temp_dir }}/minecraft-launcher' - name: Install minecraft-launcher with makepkg command: makepkg -si --noconfirm args: chdir: '{{ executable_temp_dir }}/minecraft-launcher' # Citrix ICA Client (Citrix Receiver) - name: Clone citrix-receiver repo ansible.builtin.git: repo: 'https://aur.archlinux.org/icaclient.git' dest: '{{ executable_temp_dir }}/citrix-receiver' - name: Install citrix-receiver with makepkg command: makepkg -si --noconfirm args: chdir: '{{ executable_temp_dir }}/citrix-receiver' - name: Create INI client dir for citrix receiver file: state: directory path: '~/.ICAClient/cache' - name: Copy INI Files to ICAClient so citrix receiver works ansible.builtin.copy: src: '/opt/Citrix/ICAClient/config/{{ item }}.ini' dest: '~/.ICAClient/{{ item }}.ini' loop: - All_Regions - Trusted_Region - Unknown_Region - canonicalization - regions