- name: Configure Fedora 42 Gnome Template
  hosts: 127.0.0.1
  connection: local
  tasks:
    - name: 'Baseline hardening'
      ansible.builtin.include_role:
        name: 'baseline'
      vars:
        umask_changes: true
        manage_network: true
        allow_ptrace: false # turn off for gvisor

    - name: 'Gnome package stuff'
      ansible.builtin.include_role:
        name: gnome

    - name: 'Install trivalent'
      ansible.builtin.include_role:
        name: trivalent

    - name: 'Setup arkenfox'
      ansible.builtin.include_role:
        name: arkenfox

    - name: 'Install wireguard-tools and neovim'
      ansible.builtin.dnf5:
        name:
          - wireguard-tools
          - neovim
        state: 'present'
  
    - name: 'Install devtools'
      ansible.builtin.include_role:
        name: devtools

    - name: 'Handle SUID binaries'
      ansible.builtin.include_role:
        name: suid_role
      vars:
        allow_run0: true