- name: Configure Fedora 42 Dev Template
  hosts: 127.0.0.1
  connection: local
  tasks:
    - name: 'Baseline hardening'
      ansible.builtin.include_role:
        name: 'baseline'
      vars:
        umask_changes: false
        manage_network: true
        allow_ptrace: true
        use_hardened_malloc: false

    - name: 'Gnome package stuff'
      ansible.builtin.include_role:
        name: gnome

    - name: 'Install trivalent'
      ansible.builtin.include_role:
        name: trivalent

    - name: 'Setup arkenfox'
      ansible.builtin.include_role:
        name: arkenfox
      vars:
        enable_webgl: false

    - name: 'Install wireguard-tools and neovim and gdb and podman and other devtools'
      ansible.builtin.dnf5:
        name:
          - wireguard-tools
          - neovim
          - clangd
          - cmake
          - sequoia-sq
          - gdb
          - podman
          - golang
          - golang-gvisor # outdated, but sufficient for playing around with gvisor
          - glibc-devel
          - opentofu
          - docker
          - docker-compose
        state: 'present'
  
    - name: 'Handle SUID binaries'
      ansible.builtin.script:
        cmd: ./remove_suid.sh