From 528bc7528060c69b48596596cea273e33a21c2f5 Mon Sep 17 00:00:00 2001 From: mustard Date: Sun, 29 Dec 2024 14:25:53 +0100 Subject: [PATCH] Fixing regex and other stuff --- ...mplate.yaml => fedora-41-qubes-gnome.yaml} | 84 ++++++++++++------- 1 file changed, 53 insertions(+), 31 deletions(-) rename tasks/{fedora-41-template.yaml => fedora-41-qubes-gnome.yaml} (82%) diff --git a/tasks/fedora-41-template.yaml b/tasks/fedora-41-qubes-gnome.yaml similarity index 82% rename from tasks/fedora-41-template.yaml rename to tasks/fedora-41-qubes-gnome.yaml index 2ef6cf3..2375e3a 100644 --- a/tasks/fedora-41-template.yaml +++ b/tasks/fedora-41-qubes-gnome.yaml @@ -33,7 +33,7 @@ - name: Make home directory private ansible.builtin.file: - path: /home + path: /home/* state: directory recurse: true mode: '0700' @@ -61,22 +61,22 @@ - name: Disable coredump ansible.builtin.copy: - src: '/etc/security/limits.d/30-disable-coredump.conf' + src: '../qubes-config/etc/security/limits.d/30-disable-coredump.conf' dest: '/etc/security/limits.d/30-disable-coredump.conf' mode: '0644' - - name: Create coredump.conf.d + - name: Create coredump.conf.d ansible.builtin.file: path: '/etc/systemd/coredump.conf.d' state: 'directory' mode: '0755' - name: Copy disable.conf ansible.builtin.copy: - src: '/etc/systemd/coredump.conf.d/disable.conf' + src: '../qubes-config/etc/systemd/coredump.conf.d/disable.conf' dest: '/etc/systemd/coredump.conf.d/disable.conf' mode: '0644' - name: Make locks dir for dconf ansible.builtin.file: - path: '/etc/dconf/db/local.d/locks' + path: '../qubes-config/etc/dconf/db/local.d/locks' state: 'directory' mode: '0755' - name: copy dconf file 1 @@ -136,15 +136,23 @@ dest: '/etc/environment' mode: '0600' - - name: Mark packages as manually installed to avoid removal - shell: 'sudo dnf mark install flatpak gnome-menus qubes-menus' + - name: Upgrade all packages + ansible.builtin.dnf5: + name: "*" + state: latest - - name: Remove unwanted groups as well as unnecessary stuff from the template - ansible.builtin.dnf: + - name: Mark packages as manually installed to avoid removal + shell: 'sudo dnf mark user flatpak gnome-menus qubes-menus -y' + + - name: Remove unnecessary stuff from the template + ansible.builtin.dnf5: name: - '@Container Management' - '@Desktop Accessibility' - '@Firefox Web Browser' + - '@Guest Desktop Agents' + - '@Libreoffice' + - '@Printing Support' - 'gnome-software' - 'httpd' - 'keepassxc' @@ -186,7 +194,7 @@ - 'ImageMagick*' - 'sane*' - 'simple-scan' - - 'sssd*' + - 'sssd*' - 'realmd' - 'cyrus-sasl-gssapi' - 'quota*' @@ -246,34 +254,35 @@ - 'rng-tools' - 'thermald' - '*perl*' - - state: 'absent' + allowerasing: true autoremove: true - name: Disable openh264 repo (y tho?) - community.general.dnf_config_manager: - name: 'fedora-cisco-openh264' - state: disabled + shell: 'sudo dnf config-manager setopt fedora-cisco-openh264.enabled=0' + # community.general.dnf_config_manager: + # name: 'fedora-cisco-openh264' + # state: disabled - name: Install custom packages - ansible.builtin.dnf: - name: - - 'qubes-ctap' - - 'qubes-gpg-split' - - 'adw-gtk3-theme' - - 'ncurses' - - 'gnome-shell' - - 'ptyxis' - state: 'present' - - Enable hardened_malloc COPR - community.general.copr: - name: 'secureblue/hardened_malloc' - state: 'enabled' + ansible.builtin.dnf5: + name: + - 'qubes-ctap' + - 'qubes-gpg-split' + - 'adw-gtk3-theme' + - 'ncurses' + - 'gnome-shell' + - 'ptyxis' + state: 'present' + - name: Enable hardened_malloc COPR + shell: 'sudo dnf copr enable secureblue/hardened_malloc -y' + # + # name: 'secureblue/hardened_malloc' + # state: 'enabled' - name: Install hardened_malloc - ansible.builtin.dnf: - name: 'hardened_malloc' - state: 'present' + ansible.builtin.dnf5: + name: 'hardened_malloc' + state: 'present' - name: Enable hardened_malloc ansible.builtin.copy: @@ -290,4 +299,17 @@ dest: '/etc/dnf/dnf.conf' mode: '0644' + - name: Get list of files + ansible.builtin.find: + paths: /etc/yum.repos.d/ + recurse: true + register: found_files + - name: Replace text in those files + ansible.builtin.lineinfile: + backup: true + backrefs: true + path: '{{ item.path }}' + regexp: '^(metalink=.*)$' + line: '\1&protocol=https' + loop: '{{ found_files.files }}'