wip: fixing baseline role

roles/baseline/tasks/main.yaml

@@ -31,7 +31,6 @@
     replace: 'umask 077'
   when: umask_changes == true
 
-
 - name: Make home directory private
   ansible.builtin.file:
     path: /home/*
@@ -48,8 +47,13 @@
   loop:
   - 'etc/ssh/ssh_config.d/10-custom.conf'
   - 'etc/modprobe.d/workstation-blacklist.conf'
-  - 'etc/sysctl.d/99-workstation.conf'
+  - 'etc/crypto-policies/back-ends/openssh.config'
 
+- name: Kernel sysctl config
+  ansible.builtin.template:
+    src: 'etc/sysctl.d/99-workstation.conf' 
+    dest: '/etc/sysctl.d/99-workstation.conf'
+    mode: '0644'
 
 - name: Reload sysctl
   shell: 'sysctl -p'
@@ -131,6 +135,15 @@
     name: 'hardened_malloc'
     state: 'present'
 
+- name: Install custom packages
+  ansible.builtin.dnf5:
+    name:
+      - 'qubes-ctap'
+      - 'qubes-gpg-split'
+      - 'flatpak'
+      - 'ncurses'
+      - 'xdg-desktop-portal-gtk'
+
 - name: Enable hardened_malloc
   ansible.builtin.copy:
     src: 'etc/ld.so.preload'
@@ -159,4 +172,4 @@
     path: '{{ item.path }}'
     regexp: '^(metalink=.*)$'
     line: '\1&protocol=https'
-  loop: '{{ found_files.files }}'
+  loop: '{{ found_files.files }}'