diff --git a/fedora-42-dev.yaml b/fedora-42-dev.yaml index b77c3a7..ff8340d 100644 --- a/fedora-42-dev.yaml +++ b/fedora-42-dev.yaml @@ -1,4 +1,4 @@ -- name: Configure Fedora 42 Gnome Template +- name: Configure Fedora 42 Dev Template hosts: 127.0.0.1 connection: local tasks: @@ -6,10 +6,10 @@ ansible.builtin.include_role: name: 'baseline' vars: - umask_changes: true + umask_changes: false manage_network: true allow_ptrace: true - use_hardened_malloc: true + use_hardened_malloc: false - name: 'Gnome package stuff' ansible.builtin.include_role: @@ -30,10 +30,17 @@ name: - wireguard-tools - neovim + - clangd + - cmake + - sequoia-sq - gdb - podman + - golang + - golang-gvisor # outdated, but sufficient for playing around with gvisor - glibc-devel - opentofu + - docker + - docker-compose state: 'present' - name: 'Handle SUID binaries' diff --git a/fedora-42-gnome.yaml b/fedora-42-gnome.yaml index 409098e..ac5e443 100644 --- a/fedora-42-gnome.yaml +++ b/fedora-42-gnome.yaml @@ -25,11 +25,13 @@ vars: enable_webgl: false - - name: 'Install wireguard-tools and neovim' + - name: 'Install wireguard-tools and neovim and PGP tooling and opentofu' ansible.builtin.dnf5: name: - wireguard-tools - neovim + - sequoia-sq + - opentofu state: 'present' - name: 'Handle SUID binaries' diff --git a/roles/baseline/tasks/main.yaml b/roles/baseline/tasks/main.yaml index b522c4b..c5c5331 100644 --- a/roles/baseline/tasks/main.yaml +++ b/roles/baseline/tasks/main.yaml @@ -99,6 +99,12 @@ - 'etc/dconf/db/local.d/locks/privacy' - 'etc/dconf/db/local.d/privacy' +- name: Fix dconf perms + ansible.builtin.file: + path: '/etc/dconf' + state: 'directory' + mode: '0755' + - name: Update dconf shell: 'dconf update' @@ -180,3 +186,9 @@ regexp: '^(metalink=.*)$' line: '\1&protocol=https' loop: '{{ found_files.files }}' + +- name: 'Install zram' + ansible.builtin.dnf5: + name: + - zram-generator + - zram-generator-defaults