Add explicit Fedora workstation target and package role

2026-05-30 15:39:58 +00:00 · 2026-04-08 20:04:47 +02:00
parent 872695ed15
commit 94df137ea0
11 changed files with 314 additions and 28 deletions
--- a/ansible/inventory/group_vars/fedora.yml
+++ b/ansible/inventory/group_vars/fedora.yml
@@ -0,0 +1,64 @@
+---
+fedora_packages_base:
+  - curl
+  - flatpak
+  - gcc
+  - gcc-c++
+  - git-delta
+  - htop
+  - jq
+  - make
+  - nodejs
+  - ripgrep
+
+fedora_manage_docker_repo: true
+fedora_manage_google_chrome_repo: true
+fedora_manage_intellij_repo: true
+fedora_manage_vscode_repo: true
+fedora_intellij_copr_owner: coder966
+fedora_intellij_copr_project: intellij-idea-ultimate
+fedora_intellij_package_name: intellij-idea-ultimate
+
+fedora_docker_packages:
+  - docker-ce
+  - docker-ce-cli
+  - containerd.io
+  - docker-buildx-plugin
+  - docker-compose-plugin
+
+enabled_services:
+  - docker
+  - firewalld
+
+fedora_dotfiles:
+  - src: .bashrc.d/
+    dest: .bashrc.d/
+    mode: preserve
+
+workstation_firewall_backend: firewalld
+
+workstation_host_linux_packages_fedora:
+  - code
+  - firewall-config
+  - gnome-shell-extensions
+  - gnome-shell-extension-manager
+  - gnome-tweaks
+  - libreoffice
+  - meld
+  - NetworkManager-openconnect-gnome
+  - pcsc-lite
+  - pinentry-gnome3
+  - podman
+  - podman-compose
+  - yubikey-manager
+
+workstation_flatpak_remote_name: flathub
+workstation_flatpak_remote_url: https://dl.flathub.org/repo/flathub.flatpakrepo
+workstation_flatpak_packages:
+  - com.getpostman.Postman
+  - com.spotify.Client
+  - com.github.jeromerobert.pdfarranger
+  - io.dbeaver.DBeaverCommunity
+  - org.mozilla.Thunderbird
+  - org.telegram.desktop
+  - org.xournalpp.xournalpp
--- a/ansible/inventory/group_vars/workstation_host_linux.yml
+++ b/ansible/inventory/group_vars/workstation_host_linux.yml
@@ -18,6 +18,7 @@ workstation_host_linux_dotfiles:
    dest: .gnupg/gpg-agent.conf
    mode: "0600"

+workstation_firewall_backend: ufw
 workstation_manage_google_chrome: true

 workstation_removed_snap_packages:
--- a/ansible/inventory/host_vars/deadalus-fedora.yml
+++ b/ansible/inventory/host_vars/deadalus-fedora.yml
@@ -0,0 +1,35 @@
+---
+hostname: deadalus-fedora
+
+host_packages: []
+host_enabled_services: []
+
+workstation_host_vscode_extensions:
+  - ms-vscode-remote.remote-containers
+  - ms-vscode-remote.remote-ssh
+  - ms-azuretools.vscode-docker
+  - redhat.vscode-yaml
+  - redhat.ansible
+
+workstation_gnome_managed_settings:
+  - schema: org.gnome.shell
+    key: favorite-apps
+    value: "['google-chrome.desktop', 'org.gnome.Nautilus.desktop', 'com.spotify.Client.desktop', 'org.mozilla.Thunderbird.desktop', 'org.telegram.desktop.desktop', 'code.desktop', 'intellij-idea-ultimate.desktop', 'io.dbeaver.DBeaverCommunity.desktop', 'com.getpostman.Postman.desktop']"
+  - schema: org.gnome.desktop.input-sources
+    key: sources
+    value: "[('xkb', 'us')]"
+  - schema: org.gnome.desktop.interface
+    key: clock-format
+    value: "'24h'"
+  - schema: org.gnome.desktop.interface
+    key: clock-show-date
+    value: "true"
+  - schema: org.gnome.desktop.interface
+    key: color-scheme
+    value: "'prefer-dark'"
+  - schema: org.gnome.desktop.wm.preferences
+    key: button-layout
+    value: "'appmenu:close'"
+  - schema: org.gnome.desktop.wm.preferences
+    key: num-workspaces
+    value: "4"
--- a/ansible/inventory/host_vars/deadalus-ubuntu.yml
+++ b/ansible/inventory/host_vars/deadalus-ubuntu.yml
@@ -1,10 +1,10 @@
 ---
-hostname: deadalus
+hostname: deadalus-ubuntu

 host_packages: []
 host_enabled_services: []

-deadalus_vscode_extensions:
+workstation_host_vscode_extensions:
  - ms-vscode-remote.remote-containers
  - ms-vscode-remote.remote-ssh
  - ms-azuretools.vscode-docker
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@@ -21,6 +21,10 @@ all:
        workstation_dev_wsl:
        ubuntu_server:

+    fedora:
+      children:
+        fedora_workstation:
+
    workstation:
      children:
        workstation_host:
@@ -34,6 +38,7 @@ all:
    workstation_dev:
      children:
        workstation_dev_ubuntu:
+        workstation_dev_fedora:
        workstation_dev_wsl:

    server:
@@ -42,17 +47,29 @@ all:

    ubuntu_workstation:
      hosts:
-        deadalus:
+        deadalus-ubuntu:
+          ansible_connection: local
+
+    fedora_workstation:
+      hosts:
+        deadalus-fedora:
          ansible_connection: local

    workstation_host_linux:
      hosts:
-        deadalus:
+        deadalus-ubuntu:
+          ansible_connection: local
+        deadalus-fedora:
          ansible_connection: local

    workstation_dev_ubuntu:
      hosts:
-        deadalus:
+        deadalus-ubuntu:
+          ansible_connection: local
+
+    workstation_dev_fedora:
+      hosts:
+        deadalus-fedora:
          ansible_connection: local

    workstation_host_windows:
--- a/ansible/roles/packages_fedora/tasks/main.yml
+++ b/ansible/roles/packages_fedora/tasks/main.yml
@@ -0,0 +1,139 @@
+---
+- name: Gather installed package facts
+  tags: [packages]
+  ansible.builtin.package_facts:
+    manager: auto
+
+- name: Copy Fedora dotfiles
+  tags: [dotfiles, dotfiles:common]
+  ansible.builtin.copy:
+    src: "{{ playbook_dir }}/../dotfiles/fedora/{{ item.src }}"
+    dest: "{{ effective_user_home }}/{{ item.dest }}"
+    owner: "{{ effective_username }}"
+    group: "{{ effective_user_group }}"
+    mode: "{{ item.mode }}"
+  loop: "{{ fedora_dotfiles | default([]) }}"
+  loop_control:
+    label: "{{ item.dest }}"
+
+- name: Configure Docker repository on Fedora
+  tags: [packages]
+  ansible.builtin.yum_repository:
+    name: docker-ce-stable
+    description: Docker CE Stable - $basearch
+    baseurl: "https://download.docker.com/linux/fedora/$releasever/$basearch/stable"
+    enabled: true
+    gpgcheck: true
+    gpgkey: https://download.docker.com/linux/fedora/gpg
+    state: present
+  when: fedora_manage_docker_repo | default(false)
+
+- name: Configure Google Chrome repository on Fedora
+  tags: [packages]
+  ansible.builtin.yum_repository:
+    name: google-chrome
+    description: Google Chrome
+    baseurl: "https://dl.google.com/linux/chrome/rpm/stable/$basearch"
+    enabled: true
+    gpgcheck: true
+    gpgkey: https://dl.google.com/linux/linux_signing_key.pub
+    state: present
+  when:
+    - workstation_manage_google_chrome | default(false)
+    - fedora_manage_google_chrome_repo | default(false)
+
+- name: Configure Visual Studio Code repository on Fedora
+  tags: [packages, vscode]
+  ansible.builtin.yum_repository:
+    name: vscode
+    description: Visual Studio Code
+    baseurl: https://packages.microsoft.com/yumrepos/vscode
+    enabled: true
+    gpgcheck: true
+    gpgkey: https://packages.microsoft.com/keys/microsoft.asc
+    state: present
+  when:
+    - "'workstation_host_linux' in group_names"
+    - fedora_manage_vscode_repo | default(false)
+
+- name: Configure IntelliJ IDEA COPR repository on Fedora
+  tags: [packages]
+  ansible.builtin.get_url:
+    url: >-
+      https://copr.fedorainfracloud.org/coprs/{{ fedora_intellij_copr_owner }}/{{ fedora_intellij_copr_project }}/repo/fedora-{{ ansible_facts['distribution_major_version'] }}/{{ fedora_intellij_copr_owner }}-{{ fedora_intellij_copr_project }}-fedora-{{ ansible_facts['distribution_major_version'] }}.repo
+    dest: /etc/yum.repos.d/{{ fedora_intellij_copr_owner }}-{{ fedora_intellij_copr_project }}-fedora-{{ ansible_facts['distribution_major_version'] }}.repo
+    owner: root
+    group: root
+    mode: "0644"
+  when:
+    - "'workstation_host_linux' in group_names"
+    - fedora_manage_intellij_repo | default(false)
+
+- name: Refresh dnf package metadata
+  tags: [packages]
+  ansible.builtin.dnf:
+    update_cache: true
+
+- name: Install packages on Fedora
+  tags: [packages]
+  ansible.builtin.dnf:
+    name: >-
+      {{
+        (
+          (common_packages | default([]))
+        + (fedora_packages_base | default([]))
+        + (fedora_docker_packages | default([]))
+        + (
+            ['google-chrome-stable']
+            if workstation_manage_google_chrome | default(false)
+            else []
+          )
+        + (profile_packages | default([]))
+        + (workstation_dev_packages | default([]))
+        + (
+            (workstation_host_linux_packages_fedora | default(workstation_host_linux_packages | default([])))
+            if 'workstation_host_linux' in group_names
+            else []
+          )
+        + (
+            [fedora_intellij_package_name]
+            if (
+              'workstation_host_linux' in group_names
+              and fedora_manage_intellij_repo | default(false)
+            )
+            else []
+          )
+        + (host_packages | default([]))
+        )
+        | unique
+      }}
+    state: present
+
+- name: Add user to docker group
+  tags: [packages]
+  ansible.builtin.user:
+    name: "{{ effective_username }}"
+    groups: docker
+    append: true
+  when: (fedora_docker_packages | default([])) | length > 0
+
+- name: Ensure Flathub remote is configured for Fedora workstation
+  tags: [packages]
+  community.general.flatpak_remote:
+    name: "{{ workstation_flatpak_remote_name | default('flathub') }}"
+    state: present
+    flatpakrepo_url: "{{ workstation_flatpak_remote_url | default('https://dl.flathub.org/repo/flathub.flatpakrepo') }}"
+  when:
+    - "'workstation_host_linux' in group_names"
+    - (workstation_flatpak_packages | default([])) | length > 0
+
+- name: Install Fedora workstation Flatpak applications
+  tags: [packages]
+  community.general.flatpak:
+    name: "{{ workstation_flatpak_packages }}"
+    state: present
+    remote: "{{ workstation_flatpak_remote_name | default('flathub') }}"
+    method: system
+  when:
+    - "'workstation_host_linux' in group_names"
+    - (workstation_flatpak_packages | default([])) | length > 0
--- a/ansible/roles/profile_workstation_gnome/tasks/main.yml
+++ b/ansible/roles/profile_workstation_gnome/tasks/main.yml
@@ -86,14 +86,14 @@
  register: workstation_vscode_cli
  changed_when: false
  failed_when: false
-  when: (deadalus_vscode_extensions | default([])) | length > 0
+  when: (workstation_host_vscode_extensions | default([])) | length > 0

 - name: Ensure VS Code CLI is available before managing extensions
  tags: [packages, vscode]
  ansible.builtin.fail:
-    msg: Ensure Visual Studio Code is installed before managing VS Code extensions on deadalus.
+    msg: Ensure Visual Studio Code is installed before managing workstation VS Code extensions.
  when:
-    - (deadalus_vscode_extensions | default([])) | length > 0
+    - (workstation_host_vscode_extensions | default([])) | length > 0
    - workstation_vscode_cli.rc != 0

 - name: Read installed VS Code extensions on workstation host
@@ -108,7 +108,7 @@
  register: workstation_vscode_extensions_current
  changed_when: false
  when:
-    - (deadalus_vscode_extensions | default([])) | length > 0
+    - (workstation_host_vscode_extensions | default([])) | length > 0
    - workstation_vscode_cli.rc == 0

 - name: Install VS Code extensions on workstation host
@@ -122,7 +122,7 @@
  become_user: "{{ username }}"
  environment:
    HOME: "{{ user_home }}"
-  loop: "{{ deadalus_vscode_extensions | default([]) }}"
+  loop: "{{ workstation_host_vscode_extensions | default([]) }}"
  loop_control:
    label: "{{ item }}"
  when:
@@ -245,3 +245,4 @@
  tags: [services, packages]
  community.general.ufw:
    state: enabled
+  when: workstation_firewall_backend | default('ufw') == 'ufw'
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -37,6 +37,14 @@
    - services_systemd
    - profile_workstation_dev_common

+- hosts: workstation_dev_fedora
+  become: true
+
+  roles:
+    - packages_fedora
+    - services_systemd
+    - profile_workstation_dev_common
+
 - hosts: workstation_host_linux
  become: true