mustard/ansible-playbooks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixing regex and other stuff

Browse source
This commit is contained in:
mustard 2024-12-29 14:25:53 +01:00
parent ed68d23c6c
commit 528bc75280
1 changed files with 53 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

84
tasks/fedora-41-template.yaml → tasks/fedora-41-qubes-gnome.yaml
View file

@ -33,7 +33,7 @@
- name: Make home directory private
ansible.builtin.file:
path: /home
path: /home/*
state: directory
recurse: true
mode: '0700'
@ -61,22 +61,22 @@
- name: Disable coredump
ansible.builtin.copy:
src: '/etc/security/limits.d/30-disable-coredump.conf'
src: '../qubes-config/etc/security/limits.d/30-disable-coredump.conf'
dest: '/etc/security/limits.d/30-disable-coredump.conf'
mode: '0644'
- name: Create coredump.conf.d
- name: Create coredump.conf.d
ansible.builtin.file:
path: '/etc/systemd/coredump.conf.d'
state: 'directory'
mode: '0755'
- name: Copy disable.conf
ansible.builtin.copy:
src: '/etc/systemd/coredump.conf.d/disable.conf'
src: '../qubes-config/etc/systemd/coredump.conf.d/disable.conf'
dest: '/etc/systemd/coredump.conf.d/disable.conf'
mode: '0644'
- name: Make locks dir for dconf
ansible.builtin.file:
path: '/etc/dconf/db/local.d/locks'
path: '../qubes-config/etc/dconf/db/local.d/locks'
state: 'directory'
mode: '0755'
- name: copy dconf file 1
@ -136,15 +136,23 @@
dest: '/etc/environment'
mode: '0600'
- name: Mark packages as manually installed to avoid removal
shell: 'sudo dnf mark install flatpak gnome-menus qubes-menus'
- name: Upgrade all packages
ansible.builtin.dnf5:
name: "*"
state: latest
- name: Remove unwanted groups as well as unnecessary stuff from the template
ansible.builtin.dnf:
- name: Mark packages as manually installed to avoid removal
shell: 'sudo dnf mark user flatpak gnome-menus qubes-menus -y'
- name: Remove unnecessary stuff from the template
ansible.builtin.dnf5:
name:
- '@Container Management'
- '@Desktop Accessibility'
- '@Firefox Web Browser'
- '@Guest Desktop Agents'
- '@Libreoffice'
- '@Printing Support'
- 'gnome-software'
- 'httpd'
- 'keepassxc'
@ -186,7 +194,7 @@
- 'ImageMagick*'
- 'sane*'
- 'simple-scan'
- 'sssd*'
- 'sssd*'
- 'realmd'
- 'cyrus-sasl-gssapi'
- 'quota*'
@ -246,34 +254,35 @@
- 'rng-tools'
- 'thermald'
- '*perl*'
state: 'absent'
allowerasing: true
autoremove: true
- name: Disable openh264 repo (y tho?)
community.general.dnf_config_manager:
name: 'fedora-cisco-openh264'
state: disabled
shell: 'sudo dnf config-manager setopt fedora-cisco-openh264.enabled=0'
# community.general.dnf_config_manager:
# name: 'fedora-cisco-openh264'
# state: disabled
- name: Install custom packages
ansible.builtin.dnf:
name:
- 'qubes-ctap'
- 'qubes-gpg-split'
- 'adw-gtk3-theme'
- 'ncurses'
- 'gnome-shell'
- 'ptyxis'
state: 'present'
- Enable hardened_malloc COPR
community.general.copr:
name: 'secureblue/hardened_malloc'
state: 'enabled'
ansible.builtin.dnf5:
name:
- 'qubes-ctap'
- 'qubes-gpg-split'
- 'adw-gtk3-theme'
- 'ncurses'
- 'gnome-shell'
- 'ptyxis'
state: 'present'
- name: Enable hardened_malloc COPR
shell: 'sudo dnf copr enable secureblue/hardened_malloc -y'
#
# name: 'secureblue/hardened_malloc'
# state: 'enabled'
- name: Install hardened_malloc
ansible.builtin.dnf:
name: 'hardened_malloc'
state: 'present'
ansible.builtin.dnf5:
name: 'hardened_malloc'
state: 'present'
- name: Enable hardened_malloc
ansible.builtin.copy:
@ -290,4 +299,17 @@
dest: '/etc/dnf/dnf.conf'
mode: '0644'
- name: Get list of files
ansible.builtin.find:
paths: /etc/yum.repos.d/
recurse: true
register: found_files
- name: Replace text in those files
ansible.builtin.lineinfile:
backup: true
backrefs: true
path: '{{ item.path }}'
regexp: '^(metalink=.*)$'
line: '\1&protocol=https'
loop: '{{ found_files.files }}'