Add explicit Fedora workstation target and package role

AGENTS.md

@@ -16,12 +16,14 @@ Project type: Ansible-driven infrastructure, workstation/server provisioning, an
 
 ## Topology And Orchestration
 - Void desktops: `ikaros`, `nymph`
-- Ubuntu workstation: `deadalus`
+- Ubuntu workstation: `deadalus-ubuntu`
+- Fedora workstation: `deadalus-fedora`
 - Ubuntu server: `prometheus`
 - Workstation topology now supports Linux host + Ubuntu dev and Windows 11 host + Ubuntu WSL dev as separate layers
+- A single inventory host can intentionally participate in multiple plays by belonging to multiple groups; host identity and play layering are not 1:1
 - The WSL dev environment is intended to be managed by running Ansible locally from inside the distro, while the Windows host is managed remotely via PSRP and Windows package installs default to `winget_psrp`
 - Most hosts use `ansible_connection: local`
-- Current playbook layering: `all:!workstation_host_windows -> dotfiles_common`, `void -> packages_void + services_runit + profile_desktop_common + profile_desktop_i3 + profile_desktop_sway + profile_desktop_hyprland + profile_desktop_host`, `workstation_dev_ubuntu -> packages_ubuntu + services_systemd + profile_workstation_dev_common`, `workstation_host_linux -> profile_workstation_gnome`, `workstation_dev_wsl -> packages_ubuntu + services_systemd + profile_workstation_dev_common + profile_workstation_dev_wsl`, `workstation_host_windows -> profile_workstation_host_windows`, `ubuntu_server -> packages_ubuntu + services_systemd + profile_server`
+- Current playbook layering: `all:!workstation_host_windows -> dotfiles_common`, `void -> packages_void + services_runit + profile_desktop_common + profile_desktop_i3 + profile_desktop_sway + profile_desktop_hyprland + profile_desktop_host`, `workstation_dev_ubuntu -> packages_ubuntu + services_systemd + profile_workstation_dev_common`, `workstation_dev_fedora -> packages_fedora + services_systemd + profile_workstation_dev_common`, `workstation_host_linux -> profile_workstation_gnome`, `workstation_dev_wsl -> packages_ubuntu + services_systemd + profile_workstation_dev_common + profile_workstation_dev_wsl`, `workstation_host_windows -> profile_workstation_host_windows`, `ubuntu_server -> packages_ubuntu + services_systemd + profile_server`
 - Present but currently unwired roles: `base`, `dotfiles`
 
 ## Local Instruction Files
@@ -62,7 +64,8 @@ Core validation from the repo root:
 ansible-playbook ansible/site.yml --syntax-check
 ansible-playbook ansible/site.yml --limit ikaros --check --diff
 ansible-playbook ansible/site.yml --limit nymph --check --diff
-ansible-playbook ansible/site.yml --limit deadalus --check --diff
+ansible-playbook ansible/site.yml --limit deadalus-ubuntu --check --diff
+ansible-playbook ansible/site.yml --limit deadalus-fedora --check --diff
 ansible-playbook ansible/site.yml --limit deadalus-wsl --check --diff
 ansible-playbook ansible/site.yml --limit prometheus --check --diff
 ansible-lint ansible/site.yml
@@ -75,7 +78,8 @@ Useful execution commands:
 ansible-playbook ansible/site.yml
 ansible-playbook ansible/site.yml --limit ikaros
 ansible-playbook ansible/site.yml --limit nymph
-ansible-playbook ansible/site.yml --limit deadalus
+ansible-playbook ansible/site.yml --limit deadalus-ubuntu
+ansible-playbook ansible/site.yml --limit deadalus-fedora
 ansible-playbook ansible/site.yml --limit deadalus-wsl
 ansible-playbook ansible/site.yml --limit prometheus
 scripts/bootstrap_mail.sh
@@ -155,8 +159,9 @@ Use the narrowest command matching the changed area.
 - `profile_desktop_sway` contains the wlroots/Sway session pieces and deploys shared Sway + Waybar dotfiles
 - `profile_desktop_hyprland` contains the optional Hyprland/Wayland session pieces
 - `profile_desktop_host` carries host-specific desktop overrides such as NVIDIA, PRIME wrappers, and host-only WirePlumber config
-- `profile_workstation_dev_common` carries the Ubuntu dev layer shared by native workstation and WSL Ubuntu
+- `profile_workstation_dev_common` carries the shared dev layer for native Linux workstation profiles plus Ubuntu WSL
-- `profile_workstation_gnome` carries Linux host-only GNOME setup, extensions, and UFW
+- `profile_workstation_gnome` carries Linux host-only GNOME setup, extensions, and firewall enablement
+- Native Linux workstation plays can be combined on the same inventory host when that host is placed in both the relevant OS/dev group and `workstation_host_linux`
 - `profile_workstation_dev_wsl` carries WSL-specific Ubuntu tweaks such as `systemd` and PSRP Python dependencies
 - `profile_workstation_host_windows` manages the Windows 11 host via PSRP over HTTPS using `negotiate` by default, installs host applications via `winget` with a configurable `windows_package_backend` defaulting to `winget_psrp`, applies Windows shell tweaks, manages taskbar pins through a local Start layout policy with `PinListPlacement="Replace"`, and sets Windows Terminal's default profile to Ubuntu
 - `deadalus-wsl` is modeled as a local inventory target intended to be run from inside the Ubuntu WSL distro
@@ -258,7 +263,8 @@ Run a host-limited dry run whenever the change affects a real host profile, pack
 
 For workstation changes, prefer:
 ```bash
-ansible-playbook ansible/site.yml --limit deadalus --check --diff
+ansible-playbook ansible/site.yml --limit deadalus-ubuntu --check --diff
+ansible-playbook ansible/site.yml --limit deadalus-fedora --check --diff
 ansible-playbook ansible/site.yml --limit deadalus-wsl --check --diff
 ```
 
@@ -277,5 +283,5 @@ pwsh -NoProfile -Command "[void][System.Management.Automation.Language.Parser]::
 - Do not revert unrelated worktree changes made by the user
 - Keep `README.md` and `AGENTS.md` aligned when workflows materially change
 - If you add a new operational area, also add the validation command agents should run
-- Prefer host-limited validation first: `ikaros` or `nymph` for Void desktop work, `deadalus` for Ubuntu workstation work, and `prometheus` for server work
+- Prefer host-limited validation first: `ikaros` or `nymph` for Void desktop work, `deadalus-ubuntu` for Ubuntu workstation work, `deadalus-fedora` for Fedora workstation work, and `prometheus` for server work
 - Call out checks you could not run and any follow-up verification needed

README.md

@@ -96,35 +96,43 @@ Lo stato attuale del profilo desktop include, tra le altre cose:
 Sistemi operativi supportati:
 
 - Ubuntu LTS nativa
+- Fedora Workstation nativa
 - Windows 11 host + Ubuntu WSL
 
 Desktop environment host Linux:
 
 - GNOME
-
+
 Macchine attuali:
 
-- `deadalus` come workstation Ubuntu nativa
+- `deadalus-ubuntu` come workstation Ubuntu nativa
+- `deadalus-fedora` come workstation Fedora nativa
 - supporto attivo per host Windows 11 + WSL tramite `deadalus-win` e `deadalus-wsl`
-
+
 Questo profilo è pensato per sviluppo e lavoro, con separazione tra layer host e layer dev.
 
+Nel modello Ansible usato qui, un singolo inventory host puo appartenere intenzionalmente a piu gruppi e quindi ricevere piu play nello stesso run: l'associazione non e `1 host = 1 play`, ma `host + gruppi = layering finale`.
+
 Il profilo workstation e agganciato al playbook principale e ora distingue:
 
 - layer dev Ubuntu condiviso tra workstation Linux nativa e Ubuntu in WSL
+- layer dev Fedora nativo parallelo a Ubuntu
 - layer host Linux GNOME
 - layer host Windows 11 con bootstrap WSL, remoting `PSRP` su `HTTPS/5986`, gestione app via `winget` con backend configurabile e VS Code lato Windows
 - layer WSL dedicato per sviluppo con `systemd`
 
+Per esempio, lo stesso host Linux puo stare in `workstation_host_linux` e in `workstation_dev_fedora` oppure `workstation_dev_ubuntu`, a seconda del layering che vuoi comporre.
+
 Lo stato attuale del profilo workstation include:
 
 - installazione pacchetti base Ubuntu via apt
+- installazione pacchetti base Fedora via dnf per il ramo workstation nativo
 - installazione e configurazione di Docker dal repository ufficiale
 - gestione dei dotfiles workstation e rendering dei template dev condivisi
-- installazione di Google Chrome, pacchetti Snap workstation e estensioni GNOME sul solo host Linux nativo
+- installazione di Google Chrome, applicazioni workstation via Snap su Ubuntu nativa e via Flatpak su Fedora nativa, oltre alle estensioni GNOME sul solo host Linux nativo
 - configurazione del ramo Windows 11 host con app installate dal playbook via `winget`, con backend predefinito `winget_psrp`, tema scuro, pin della taskbar gestiti via policy locale e profilo predefinito di Windows Terminal impostato su `Ubuntu`
 - preparazione del ramo WSL Ubuntu con `systemd` per il toolchain di sviluppo
-- attivazione del firewall UFW sul solo host Linux nativo
+- attivazione del firewall UFW su Ubuntu nativa e `firewalld` su Fedora nativa
 
 Workflow Windows + WSL previsto:
 
@@ -237,9 +245,10 @@ I principali ruoli attualmente presenti sono:
 
 | Role                      | Descrizione                         |
 | ------------------------- | ----------------------------------- |
-| base                      | configurazione base comune          |
+| base                      | configurazione base comune          |
 | packages_void             | installazione pacchetti su Void     |
 | packages_ubuntu           | installazione pacchetti su Ubuntu   |
+| packages_fedora           | installazione pacchetti su Fedora   |
 | services_runit            | gestione servizi runit              |
 | services_systemd          | gestione servizi systemd            |
 | profile_desktop_common    | bootstrap desktop Void condiviso    |
@@ -247,7 +256,7 @@ I principali ruoli attualmente presenti sono:
 | profile_desktop_sway      | sessione desktop Sway               |
 | profile_desktop_hyprland  | sessione desktop Hyprland           |
 | profile_desktop_host      | override desktop specifici per host |
-| profile_workstation_dev_common | configurazione dev Ubuntu condivisa |
+| profile_workstation_dev_common | configurazione dev workstation condivisa |
 | profile_workstation_gnome | configurazione host workstation GNOME |
 | profile_workstation_dev_wsl | configurazione WSL Ubuntu per sviluppo |
 | profile_workstation_host_windows | configurazione host Windows 11 workstation |
@@ -259,12 +268,13 @@ I principali ruoli attualmente presenti sono:
 
 # Stato attuale del playbook principale
 
-Il playbook `ansible/site.yml` e attualmente composto da sei blocchi:
+Il playbook `ansible/site.yml` e attualmente composto da sette blocchi:
 
 ```text
 all:!workstation_host_windows -> dotfiles_common
 void -> packages_void + services_runit + profile_desktop_common + profile_desktop_i3 + profile_desktop_sway + profile_desktop_hyprland + profile_desktop_host
 workstation_dev_ubuntu -> packages_ubuntu + services_systemd + profile_workstation_dev_common
+workstation_dev_fedora -> packages_fedora + services_systemd + profile_workstation_dev_common
 workstation_host_linux -> profile_workstation_gnome
 workstation_dev_wsl -> packages_ubuntu + services_systemd + profile_workstation_dev_common + profile_workstation_dev_wsl
 workstation_host_windows -> profile_workstation_host_windows
@@ -274,7 +284,8 @@ ubuntu_server -> packages_ubuntu + services_systemd + profile_server
 Questo significa che, allo stato attuale:
 
 - i desktop Void (`ikaros`, `nymph`) restano il target operativo piu completo
-- la workstation Ubuntu (`deadalus`) e gestita separando ambiente dev e layer host GNOME
+- la workstation Ubuntu (`deadalus-ubuntu`) e gestita separando ambiente dev e layer host GNOME
+- la workstation Fedora (`deadalus-fedora`) usa lo stesso principio di composizione a gruppi con il ramo Fedora dedicato
 - il ramo Windows + WSL e predisposto con bootstrap PowerShell e play Windows/WSL dedicati
 - il server Ubuntu (`prometheus`) e gestito con pacchetti, servizi, dotfiles server e firewall
 
@@ -287,6 +298,7 @@ dotfiles/
 ├── common
 ├── desktop
 ├── server
+├── fedora
 ├── workstation
 ├── ikaros
 └── nymph
@@ -345,6 +357,7 @@ Allo stato attuale questo comando:
 - distribuisce i dotfiles comuni a tutti gli host
 - per gli host Void applica bootstrap desktop condiviso, sessioni i3/Sway/Hyprland e override specifici per host
 - per `workstation_dev_ubuntu` applica pacchetti Ubuntu, servizi systemd e profilo dev comune
+- per `workstation_dev_fedora` applica pacchetti Fedora, servizi systemd e profilo dev comune
 - per `workstation_host_linux` applica il layer host Linux GNOME
 - per `workstation_dev_wsl` applica pacchetti Ubuntu, servizi systemd, profilo dev comune e tweak WSL dedicati
 - per `workstation_host_windows` applica il layer host Windows 11 via PSRP, con installazione pacchetti Windows eseguita di default tramite `winget_psrp`
@@ -359,7 +372,8 @@ Per validare prima di applicare:
 ansible-playbook ansible/site.yml --syntax-check
 ansible-playbook ansible/site.yml --limit ikaros --check --diff
 ansible-playbook ansible/site.yml --limit nymph --check --diff
-ansible-playbook ansible/site.yml --limit deadalus --check --diff
+ansible-playbook ansible/site.yml --limit deadalus-ubuntu --check --diff
+ansible-playbook ansible/site.yml --limit deadalus-fedora --check --diff
 ansible-playbook ansible/site.yml --limit deadalus-wsl --check --diff
 ansible-playbook ansible/site.yml --limit prometheus --check --diff
 ansible-lint ansible/site.yml

ansible/inventory/group_vars/fedora.yml

@@ -0,0 +1,64 @@
+---
+fedora_packages_base:
+  - curl
+  - flatpak
+  - gcc
+  - gcc-c++
+  - git-delta
+  - htop
+  - jq
+  - make
+  - nodejs
+  - ripgrep
+
+fedora_manage_docker_repo: true
+fedora_manage_google_chrome_repo: true
+fedora_manage_intellij_repo: true
+fedora_manage_vscode_repo: true
+fedora_intellij_copr_owner: coder966
+fedora_intellij_copr_project: intellij-idea-ultimate
+fedora_intellij_package_name: intellij-idea-ultimate
+
+fedora_docker_packages:
+  - docker-ce
+  - docker-ce-cli
+  - containerd.io
+  - docker-buildx-plugin
+  - docker-compose-plugin
+
+enabled_services:
+  - docker
+  - firewalld
+
+fedora_dotfiles:
+  - src: .bashrc.d/
+    dest: .bashrc.d/
+    mode: preserve
+
+workstation_firewall_backend: firewalld
+
+workstation_host_linux_packages_fedora:
+  - code
+  - firewall-config
+  - gnome-shell-extensions
+  - gnome-shell-extension-manager
+  - gnome-tweaks
+  - libreoffice
+  - meld
+  - NetworkManager-openconnect-gnome
+  - pcsc-lite
+  - pinentry-gnome3
+  - podman
+  - podman-compose
+  - yubikey-manager
+
+workstation_flatpak_remote_name: flathub
+workstation_flatpak_remote_url: https://dl.flathub.org/repo/flathub.flatpakrepo
+workstation_flatpak_packages:
+  - com.getpostman.Postman
+  - com.spotify.Client
+  - com.github.jeromerobert.pdfarranger
+  - io.dbeaver.DBeaverCommunity
+  - org.mozilla.Thunderbird
+  - org.telegram.desktop
+  - org.xournalpp.xournalpp

ansible/inventory/group_vars/workstation_host_linux.yml

@@ -18,6 +18,7 @@ workstation_host_linux_dotfiles:
     dest: .gnupg/gpg-agent.conf
     mode: "0600"
 
+workstation_firewall_backend: ufw
 workstation_manage_google_chrome: true
 
 workstation_removed_snap_packages:

ansible/inventory/host_vars/deadalus-fedora.yml

@@ -0,0 +1,35 @@
+---
+hostname: deadalus-fedora
+
+host_packages: []
+host_enabled_services: []
+
+workstation_host_vscode_extensions:
+  - ms-vscode-remote.remote-containers
+  - ms-vscode-remote.remote-ssh
+  - ms-azuretools.vscode-docker
+  - redhat.vscode-yaml
+  - redhat.ansible
+
+workstation_gnome_managed_settings:
+  - schema: org.gnome.shell
+    key: favorite-apps
+    value: "['google-chrome.desktop', 'org.gnome.Nautilus.desktop', 'com.spotify.Client.desktop', 'org.mozilla.Thunderbird.desktop', 'org.telegram.desktop.desktop', 'code.desktop', 'intellij-idea-ultimate.desktop', 'io.dbeaver.DBeaverCommunity.desktop', 'com.getpostman.Postman.desktop']"
+  - schema: org.gnome.desktop.input-sources
+    key: sources
+    value: "[('xkb', 'us')]"
+  - schema: org.gnome.desktop.interface
+    key: clock-format
+    value: "'24h'"
+  - schema: org.gnome.desktop.interface
+    key: clock-show-date
+    value: "true"
+  - schema: org.gnome.desktop.interface
+    key: color-scheme
+    value: "'prefer-dark'"
+  - schema: org.gnome.desktop.wm.preferences
+    key: button-layout
+    value: "'appmenu:close'"
+  - schema: org.gnome.desktop.wm.preferences
+    key: num-workspaces
+    value: "4"

ansible/inventory/host_vars/deadalus-ubuntu.yml

@@ -1,10 +1,10 @@
 ---
-hostname: deadalus
+hostname: deadalus-ubuntu
 
 host_packages: []
 host_enabled_services: []
 
-deadalus_vscode_extensions:
+workstation_host_vscode_extensions:
   - ms-vscode-remote.remote-containers
   - ms-vscode-remote.remote-ssh
   - ms-azuretools.vscode-docker

ansible/inventory/hosts.yml

@@ -21,6 +21,10 @@ all:
         workstation_dev_wsl:
         ubuntu_server:
 
+    fedora:
+      children:
+        fedora_workstation:
+
     workstation:
       children:
         workstation_host:
@@ -34,6 +38,7 @@ all:
     workstation_dev:
       children:
         workstation_dev_ubuntu:
+        workstation_dev_fedora:
         workstation_dev_wsl:
 
     server:
@@ -42,17 +47,29 @@ all:
 
     ubuntu_workstation:
       hosts:
-        deadalus:
+        deadalus-ubuntu:
+          ansible_connection: local
+
+    fedora_workstation:
+      hosts:
+        deadalus-fedora:
           ansible_connection: local
 
     workstation_host_linux:
       hosts:
-        deadalus:
+        deadalus-ubuntu:
+          ansible_connection: local
+        deadalus-fedora:
           ansible_connection: local
 
     workstation_dev_ubuntu:
       hosts:
-        deadalus:
+        deadalus-ubuntu:
+          ansible_connection: local
+
+    workstation_dev_fedora:
+      hosts:
+        deadalus-fedora:
           ansible_connection: local
 
     workstation_host_windows:

ansible/roles/packages_fedora/tasks/main.yml

@@ -0,0 +1,139 @@
+---
+- name: Gather installed package facts
+  tags: [packages]
+  ansible.builtin.package_facts:
+    manager: auto
+
+- name: Copy Fedora dotfiles
+  tags: [dotfiles, dotfiles:common]
+  ansible.builtin.copy:
+    src: "{{ playbook_dir }}/../dotfiles/fedora/{{ item.src }}"
+    dest: "{{ effective_user_home }}/{{ item.dest }}"
+    owner: "{{ effective_username }}"
+    group: "{{ effective_user_group }}"
+    mode: "{{ item.mode }}"
+  loop: "{{ fedora_dotfiles | default([]) }}"
+  loop_control:
+    label: "{{ item.dest }}"
+
+- name: Configure Docker repository on Fedora
+  tags: [packages]
+  ansible.builtin.yum_repository:
+    name: docker-ce-stable
+    description: Docker CE Stable - $basearch
+    baseurl: "https://download.docker.com/linux/fedora/$releasever/$basearch/stable"
+    enabled: true
+    gpgcheck: true
+    gpgkey: https://download.docker.com/linux/fedora/gpg
+    state: present
+  when: fedora_manage_docker_repo | default(false)
+
+- name: Configure Google Chrome repository on Fedora
+  tags: [packages]
+  ansible.builtin.yum_repository:
+    name: google-chrome
+    description: Google Chrome
+    baseurl: "https://dl.google.com/linux/chrome/rpm/stable/$basearch"
+    enabled: true
+    gpgcheck: true
+    gpgkey: https://dl.google.com/linux/linux_signing_key.pub
+    state: present
+  when:
+    - workstation_manage_google_chrome | default(false)
+    - fedora_manage_google_chrome_repo | default(false)
+
+- name: Configure Visual Studio Code repository on Fedora
+  tags: [packages, vscode]
+  ansible.builtin.yum_repository:
+    name: vscode
+    description: Visual Studio Code
+    baseurl: https://packages.microsoft.com/yumrepos/vscode
+    enabled: true
+    gpgcheck: true
+    gpgkey: https://packages.microsoft.com/keys/microsoft.asc
+    state: present
+  when:
+    - "'workstation_host_linux' in group_names"
+    - fedora_manage_vscode_repo | default(false)
+
+- name: Configure IntelliJ IDEA COPR repository on Fedora
+  tags: [packages]
+  ansible.builtin.get_url:
+    url: >-
+      https://copr.fedorainfracloud.org/coprs/{{ fedora_intellij_copr_owner }}/{{ fedora_intellij_copr_project }}/repo/fedora-{{ ansible_facts['distribution_major_version'] }}/{{ fedora_intellij_copr_owner }}-{{ fedora_intellij_copr_project }}-fedora-{{ ansible_facts['distribution_major_version'] }}.repo
+    dest: /etc/yum.repos.d/{{ fedora_intellij_copr_owner }}-{{ fedora_intellij_copr_project }}-fedora-{{ ansible_facts['distribution_major_version'] }}.repo
+    owner: root
+    group: root
+    mode: "0644"
+  when:
+    - "'workstation_host_linux' in group_names"
+    - fedora_manage_intellij_repo | default(false)
+
+- name: Refresh dnf package metadata
+  tags: [packages]
+  ansible.builtin.dnf:
+    update_cache: true
+
+- name: Install packages on Fedora
+  tags: [packages]
+  ansible.builtin.dnf:
+    name: >-
+      {{
+        (
+          (common_packages | default([]))
+        + (fedora_packages_base | default([]))
+        + (fedora_docker_packages | default([]))
+        + (
+            ['google-chrome-stable']
+            if workstation_manage_google_chrome | default(false)
+            else []
+          )
+        + (profile_packages | default([]))
+        + (workstation_dev_packages | default([]))
+        + (
+            (workstation_host_linux_packages_fedora | default(workstation_host_linux_packages | default([])))
+            if 'workstation_host_linux' in group_names
+            else []
+          )
+        + (
+            [fedora_intellij_package_name]
+            if (
+              'workstation_host_linux' in group_names
+              and fedora_manage_intellij_repo | default(false)
+            )
+            else []
+          )
+        + (host_packages | default([]))
+        )
+        | unique
+      }}
+    state: present
+
+- name: Add user to docker group
+  tags: [packages]
+  ansible.builtin.user:
+    name: "{{ effective_username }}"
+    groups: docker
+    append: true
+  when: (fedora_docker_packages | default([])) | length > 0
+
+- name: Ensure Flathub remote is configured for Fedora workstation
+  tags: [packages]
+  community.general.flatpak_remote:
+    name: "{{ workstation_flatpak_remote_name | default('flathub') }}"
+    state: present
+    flatpakrepo_url: "{{ workstation_flatpak_remote_url | default('https://dl.flathub.org/repo/flathub.flatpakrepo') }}"
+  when:
+    - "'workstation_host_linux' in group_names"
+    - (workstation_flatpak_packages | default([])) | length > 0
+
+- name: Install Fedora workstation Flatpak applications
+  tags: [packages]
+  community.general.flatpak:
+    name: "{{ workstation_flatpak_packages }}"
+    state: present
+    remote: "{{ workstation_flatpak_remote_name | default('flathub') }}"
+    method: system
+  when:
+    - "'workstation_host_linux' in group_names"
+    - (workstation_flatpak_packages | default([])) | length > 0

ansible/roles/profile_workstation_gnome/tasks/main.yml

@@ -86,14 +86,14 @@
   register: workstation_vscode_cli
   changed_when: false
   failed_when: false
-  when: (deadalus_vscode_extensions | default([])) | length > 0
+  when: (workstation_host_vscode_extensions | default([])) | length > 0
 
 - name: Ensure VS Code CLI is available before managing extensions
   tags: [packages, vscode]
   ansible.builtin.fail:
-    msg: Ensure Visual Studio Code is installed before managing VS Code extensions on deadalus.
+    msg: Ensure Visual Studio Code is installed before managing workstation VS Code extensions.
   when:
-    - (deadalus_vscode_extensions | default([])) | length > 0
+    - (workstation_host_vscode_extensions | default([])) | length > 0
     - workstation_vscode_cli.rc != 0
 
 - name: Read installed VS Code extensions on workstation host
@@ -108,7 +108,7 @@
   register: workstation_vscode_extensions_current
   changed_when: false
   when:
-    - (deadalus_vscode_extensions | default([])) | length > 0
+    - (workstation_host_vscode_extensions | default([])) | length > 0
     - workstation_vscode_cli.rc == 0
 
 - name: Install VS Code extensions on workstation host
@@ -122,7 +122,7 @@
   become_user: "{{ username }}"
   environment:
     HOME: "{{ user_home }}"
-  loop: "{{ deadalus_vscode_extensions | default([]) }}"
+  loop: "{{ workstation_host_vscode_extensions | default([]) }}"
   loop_control:
     label: "{{ item }}"
   when:
@@ -245,3 +245,4 @@
   tags: [services, packages]
   community.general.ufw:
     state: enabled
+  when: workstation_firewall_backend | default('ufw') == 'ufw'

ansible/site.yml

@@ -37,6 +37,14 @@
     - services_systemd
     - profile_workstation_dev_common
 
+- hosts: workstation_dev_fedora
+  become: true
+
+  roles:
+    - packages_fedora
+    - services_systemd
+    - profile_workstation_dev_common
+
 - hosts: workstation_host_linux
   become: true
 

dotfiles/fedora/.bashrc.d/20-editor-fedora.sh

@@ -0,0 +1 @@
+export EDITOR=vim