From 2b3d4075fdf5adbe22ad304f87fb38e23dc7a17a Mon Sep 17 00:00:00 2001
From: mustard <sussybaka@homelab0ne.xyz>
Date: Fri, 19 Sep 2025 04:35:24 +0200
Subject: [PATCH 1/6] add sequoia-sq

---
 fedora-42-dev.yaml   | 1 +
 fedora-42-gnome.yaml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/fedora-42-dev.yaml b/fedora-42-dev.yaml
index b77c3a7..e7aad9f 100644
--- a/fedora-42-dev.yaml
+++ b/fedora-42-dev.yaml
@@ -30,6 +30,7 @@
         name:
           - wireguard-tools
           - neovim
+          - sequoia-sq
           - gdb
           - podman
           - glibc-devel
diff --git a/fedora-42-gnome.yaml b/fedora-42-gnome.yaml
index 409098e..663f2c4 100644
--- a/fedora-42-gnome.yaml
+++ b/fedora-42-gnome.yaml
@@ -30,6 +30,7 @@
         name:
           - wireguard-tools
           - neovim
+          - sequoia-sq
         state: 'present'
   
     - name: 'Handle SUID binaries'

From fd94ac8a3be5bfe08d45cbf4b9b5d56856a27a7f Mon Sep 17 00:00:00 2001
From: mustard <sussybaka@homelab0ne.xyz>
Date: Tue, 23 Sep 2025 00:09:39 +0200
Subject: [PATCH 2/6] feat: added golang and gvisor to dev templates

---
 fedora-42-dev.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fedora-42-dev.yaml b/fedora-42-dev.yaml
index e7aad9f..166066d 100644
--- a/fedora-42-dev.yaml
+++ b/fedora-42-dev.yaml
@@ -33,6 +33,8 @@
           - sequoia-sq
           - gdb
           - podman
+          - golang
+          - golang-gvisor # outdated, but sufficient for playing around with gvisor
           - glibc-devel
           - opentofu
         state: 'present'

From 573ec63c333fe1512e84d21a9bb957a605c87a8f Mon Sep 17 00:00:00 2001
From: mustard <sussybaka@homelab0ne.xyz>
Date: Wed, 24 Sep 2025 12:56:11 +0200
Subject: [PATCH 3/6] add opentofu

---
 fedora-42-gnome.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fedora-42-gnome.yaml b/fedora-42-gnome.yaml
index 663f2c4..ac5e443 100644
--- a/fedora-42-gnome.yaml
+++ b/fedora-42-gnome.yaml
@@ -25,12 +25,13 @@
       vars:
         enable_webgl: false
 
-    - name: 'Install wireguard-tools and neovim'
+    - name: 'Install wireguard-tools and neovim and PGP tooling and opentofu'
       ansible.builtin.dnf5:
         name:
           - wireguard-tools
           - neovim
           - sequoia-sq
+          - opentofu
         state: 'present'
   
     - name: 'Handle SUID binaries'

From ac12e08577a75cce3fe7eb4e0ec18884ce37e00d Mon Sep 17 00:00:00 2001
From: mustard <sussybaka@homelab0ne.xyz>
Date: Sun, 19 Oct 2025 16:14:17 +0200
Subject: [PATCH 4/6] feat: add clangd and cmake to dev template

---
 fedora-42-dev.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fedora-42-dev.yaml b/fedora-42-dev.yaml
index 166066d..b31385b 100644
--- a/fedora-42-dev.yaml
+++ b/fedora-42-dev.yaml
@@ -30,6 +30,8 @@
         name:
           - wireguard-tools
           - neovim
+          - clangd
+          - cmake
           - sequoia-sq
           - gdb
           - podman

From 02069d93fdb2ed8d17afb03246addf60a35ff9fe Mon Sep 17 00:00:00 2001
From: mustard <sussybaka@homelab0ne.xyz>
Date: Wed, 22 Oct 2025 17:07:18 +0200
Subject: [PATCH 5/6] fix: relax dev template hardening, add docker +
 docker-compose

---
 fedora-42-dev.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fedora-42-dev.yaml b/fedora-42-dev.yaml
index b31385b..ff8340d 100644
--- a/fedora-42-dev.yaml
+++ b/fedora-42-dev.yaml
@@ -1,4 +1,4 @@
-- name: Configure Fedora 42 Gnome Template
+- name: Configure Fedora 42 Dev Template
   hosts: 127.0.0.1
   connection: local
   tasks:
@@ -6,10 +6,10 @@
       ansible.builtin.include_role:
         name: 'baseline'
       vars:
-        umask_changes: true
+        umask_changes: false
         manage_network: true
         allow_ptrace: true
-        use_hardened_malloc: true
+        use_hardened_malloc: false
 
     - name: 'Gnome package stuff'
       ansible.builtin.include_role:
@@ -39,6 +39,8 @@
           - golang-gvisor # outdated, but sufficient for playing around with gvisor
           - glibc-devel
           - opentofu
+          - docker
+          - docker-compose
         state: 'present'
   
     - name: 'Handle SUID binaries'

From 7825f4cac74ecbba36e354b058a8dc72b42d96aa Mon Sep 17 00:00:00 2001
From: mustard <sussybaka@homelab0ne.xyz>
Date: Sat, 25 Oct 2025 20:33:01 +0200
Subject: [PATCH 6/6] feat: ZRAM

---
 roles/baseline/tasks/main.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/roles/baseline/tasks/main.yaml b/roles/baseline/tasks/main.yaml
index b522c4b..c5c5331 100644
--- a/roles/baseline/tasks/main.yaml
+++ b/roles/baseline/tasks/main.yaml
@@ -99,6 +99,12 @@
   - 'etc/dconf/db/local.d/locks/privacy'
   - 'etc/dconf/db/local.d/privacy'
 
+- name: Fix dconf perms
+  ansible.builtin.file:
+    path: '/etc/dconf'
+    state: 'directory'
+    mode: '0755'
+
 - name: Update dconf
   shell: 'dconf update'
 
@@ -180,3 +186,9 @@
     regexp: '^(metalink=.*)$'
     line: '\1&protocol=https'
   loop: '{{ found_files.files }}'
+
+- name: 'Install zram'
+  ansible.builtin.dnf5:
+    name:
+      - zram-generator
+      - zram-generator-defaults