Checkpoint

README.md

@@ -7,3 +7,8 @@
 * Fix Nvidia sleep `sudo systemctl enable nvidia-{suspend,resume,hibernate}`
 * Write grub kernel params if needed `sudo grub2-mkconfig -o "$(readlink -e /etc/grub2.cfg)"`
 * Activate tailscale
+* Zoom needs `enableAlphaBuffer=false` in `~/.config/zoomus.conf`
+* fstab needs `UUID=EC77-5380  /mnt/Beta       exfat   defaults,uid=jonathan   0 0` and `/home/jonathan/.steam/steam/steamapps/compatdata /mnt/Beta/SteamLibrary/steamapps/compatdata none defaults,bind,x-systemd.requires-mounts-for=/mnt/Beta 0 0`
+* Need to install and configure Coolero
+* Configure startup apps in Gnome Tweaks
+* sudo grub-reboot "$(grep -i windows /boot/grub/grub.cfg|cut -d"'" -f2)"

desktop.yml

@@ -10,8 +10,8 @@
   - { role: docker, tags: [ 'docker' ] }
   - { role: globalprotect, tags: [ 'globalprotect'] }
   - { role: tailscale, tags: [ 'tailscale'] }
-  - { role: scream, tags: [ 'scream'] }
-  - { role: virtualhere, tags: [ 'virtualhere'] }
   - { role: devdeck, tags: [ 'devdeck'] }
   - { role: syncthing, tags: [ 'syncthing' ] }
-  - { role: xbox, tags: [ 'xbox' ] }
+  - { role: nvidia, tags: [ 'nvidia' ] }
+  - { role: howdy, tags: [ 'howdy' ] }
+  - { role: oversteer, tags: [ 'oversteer' ] }

host_vars/desktop

@@ -14,3 +14,4 @@ virtualhere_license: !vault |
           32326539646336663235353164623461353537303533626637363838653732623333373561303466
           61333534316436366263646137643864343464303932626236616462373133346538663038376565
           3232
+video_device: /dev/v4l/by-id/usb-046d_Logi_4K_Stream_Edition_55908139-video-index2

host_vars/laptop

@@ -0,0 +1,3 @@
+---
+
+video_device: /dev/video2

hosts

@@ -2,4 +2,8 @@ desktop ansible_connection=local
 
 laptop ansible_connection=local
 
-magnus ansible_host=10.0.1.6
+vault ansible_host=10.0.1.123
+
+k8s-1 ansible_host=10.0.1.54
+
+work ansible_connection=local

k8s.yml

@@ -0,0 +1,10 @@
+---
+
+- hosts: k8s-1
+  roles:
+  - { role: base, tags: [ 'base'] }
+  - { role: server, tags: [ 'server'] }
+  - { role: users, tags: [ 'users'] }
+  - { role: ssh, tags: [ 'ssh'] }
+  - { role: kubernetes, tags: [ 'kubernetes'] }
+  - { role: tailscale, tags: [ 'tailscale'] }

laptop.yml

@@ -1,6 +1,6 @@
 ---
 
-- hosts: desktop
+- hosts: laptop
   roles:
   - { role: base, tags: [ 'base' ] }
   - { role: desktop, tags: [ 'desktop' ] }
@@ -10,9 +10,7 @@
   - { role: docker, tags: [ 'docker' ] }
   - { role: globalprotect, tags: [ 'globalprotect' ] }
   - { role: tailscale, tags: [ 'tailscale' ] }
-  - { role: scream, tags: [ 'scream' ] }
+  - { role: howdy, tags: [ 'howdy' ] }
-  - { role: virtualhere, tags: [ 'virtualhere' ] }
-#  - { role: howdy, tags: [ 'howdy' ] }
   - { role: nvidia, tags: [ 'nvidia' ] }
   - { role: syncthing, tags: [ 'syncthing' ] }
   - { role: openrazer, tags: [ 'openrazer' ] }

nano.yml

@@ -0,0 +1,9 @@
+---
+
+- hosts: nano
+      
+  roles:
+  - { role: base, tags: [ 'base'] }
+  - { role: users, tags: [ 'users'] }
+  - { role: ssh, tags: [ 'ssh'] }
+  - { role: docker, tags: [ 'docker' ] }

roles/base/defaults/main.yml

@@ -6,3 +6,4 @@ btop_version: "1.0.22"
 kind_version: "v0.11.1"
 kubectl_version: "v1.23.3"
 kompose_version: "v1.26.0"
+minikube_version: "v1.29.0"

roles/base/files/boost.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Enable AMD boost
+Before=basic.target
+After=local-fs.target sysinit.target
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "echo 1 > /sys/devices/system/cpu/cpufreq/boost"
+
+[Install]
+WantedBy=basic.target
+

roles/base/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+
+- name: enable boost
+  systemd: 
+    name: boost
+    enabled: yes
+    state: started
+  become: yes

roles/base/tasks/main.yml

@@ -1,5 +1,22 @@
 ---
 
+- name: Add boost service for AMD 4800U
+  copy:
+    src: boost.service
+    mode: "0644"
+    dest: /lib/systemd/system/boost.service
+  when: ansible_processor[2] == "AMD Ryzen 7 4800U with Radeon Graphics"
+  notify: enable boost
+  become: yes
+
+- name: Disable SELinux because it's a nightmare with Podman
+  ansible.builtin.lineinfile:
+    path: /etc/selinux/config
+    regexp: '^SELINUX='
+    line: SELINUX=disabled
+  become: yes
+
+
 - name: Install rpmfusion-free
   dnf:
     name: "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm"
@@ -25,6 +42,8 @@
   dnf:
     name:
     - kernel-tools
+    - inotify-tools
+    - btop
     - sysbench
     - exa
     - iperf3
@@ -33,9 +52,9 @@
     - make
     - direnv
     - ncdu
-    - restic
     - powertop
     - tmux
+    - btop
     - htop
     - openssh-server
     - curl
@@ -81,69 +100,37 @@
     dest: ~/.local/bin/mkcert
     mode: 0755
 
-- name: Fetch gh-cli repo
-  get_url:
-    url: https://cli.github.com/packages/rpm/gh-cli.repo
-    dest: /etc/yum.repos.d/gh-cli.repo
-    mode: 0644
-  become: yes
-
 - name: Fetch kind binary
   get_url:
     url: "https://kind.sigs.k8s.io/dl/{{ kind_version }}/kind-linux-amd64"
     dest: ~/.local/bin/kind
     mode: 0755
 
-- name: Fetch kubectl binary
-  get_url:
-    url: "https://dl.k8s.io/release/{{ kubectl_version }}/bin/linux/amd64/kubectl"
-    dest: ~/.local/bin/kubectl
-    mode: 0755
-
 - name: Fetch kompose binary
   get_url:
     url: "https://github.com/kubernetes/kompose/releases/download/{{ kompose_version }}/kompose-linux-amd64"
     dest: ~/.local/bin/kompose
     mode: 0755
 
+- name: Fetch minikube binary
+  get_url:
+    url: "https://github.com/kubernetes/minikube/releases/download/{{ minikube_version }}/minikube-linux-amd64"
+    dest: ~/.local/bin/minikube
+    mode: 0755
+
+- name: Fetch gh-cli repo
+  get_url:
+    url: https://cli.github.com/packages/rpm/gh-cli.repo
+    dest: /etc/yum.repos.d/gh-cli.repo
+    mode: 0644
+  become: yes
+
 - name: Install gh-cli
   dnf:
     name: gh
     state: present
   become: yes
 
-- name: create ~/.local/share/btop/themes
-  file:
-    path: ~/.local/share/btop/themes
-    state: directory
-    mode: '0755'
-
-- name: Fetch btop tarball and extract to ~/.local
-  unarchive:
-    src: https://github.com/aristocratos/btop/releases/download/v{{ btop_version }}/btop-{{ btop_version }}-x86_64-linux-musl.tbz
-    dest: ~/.local/
-    remote_src: yes
-    exclude:
-    - CHANGES.md
-    - install.sh
-    - LICENSE
-    - Makefile
-    - README.md
-    - setuid.sh
-    - uninstall.sh
-    creates: ~/.local/bin/btop
-
-- name: Move btop themes to correct path
-  copy:
-    src: ~/.local/themes
-    dest: ~/.local/share/btop/
-    remote_src: yes
-
-- name: pip install yt-dlp
-  pip:
-    name: yt-dlp
-    state: present
-
 - name: Enable copr project varlad/onefetch
   community.general.copr:
     name: varlad/onefetch

roles/desktop/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+zoom_version: "5.17.5.2543"
+fx_cast_version: "v0.3.0"
+open_audible_version: "3.9.6"

roles/desktop/files/100-mount-steam-proton.rules

@@ -0,0 +1 @@
+ACTION=="add", ATTRS{idVendor}=="0781", ATTRS{idProduct}=="55ae", RUN+="/usr/bin/setsid /home/jonathan/.bin/exfat-proton-mount"

roles/desktop/files/hashicorp.repo

@@ -0,0 +1,13 @@
+[hashicorp]
+name=Hashicorp Stable - $basearch
+baseurl=https://rpm.releases.hashicorp.com/fedora/$releasever/$basearch/stable
+enabled=1
+gpgcheck=1
+gpgkey=https://rpm.releases.hashicorp.com/gpg
+
+[hashicorp-test]
+name=Hashicorp Test - $basearch
+baseurl=https://rpm.releases.hashicorp.com/fedora/$releasever/$basearch/test
+enabled=0
+gpgcheck=1
+gpgkey=https://rpm.releases.hashicorp.com/gpg

roles/desktop/files/rpm.librewolf.net.repo

@@ -1,4 +0,0 @@
-[rpm.librewolf.net]
-name=Librewolf
-baseurl=https://rpm.librewolf.net
-enabled=1

roles/desktop/handlers/main.yml

@@ -17,3 +17,16 @@
     enabled: yes
     state: started
   become: yes
+
+- name: enable systemd proton mount
+  systemd: 
+    name: proton.mount
+    enabled: yes
+    state: started
+  become: yes
+
+- name: reload udev
+  service: 
+    name: udev
+    state: reloaded
+  become: yes

roles/desktop/tasks/main.yml

@@ -1,27 +1,10 @@
 ---
 
-- name: Add boost service for AMD 4800U
-  copy:
-    src: boost.service
-    mode: "0644"
-    dest: /lib/systemd/system/boost.service
-  when: ansible_processor[2] == "AMD Ryzen 7 4800U with Radeon Graphics"
-  notify: enable boost
-  become: yes
-
-- name: Disable SELinux because it's a nightmare with Podman
-  ansible.builtin.lineinfile:
-    path: /etc/selinux/config
-    regexp: '^SELINUX='
-    line: SELINUX=disabled
-  become: yes
-
 - name: Import dnf keys
   rpm_key:
     state: present
     key: '{{ item }}'
   loop:
-    - https://packagecloud.io/gpg.key
     - https://packages.microsoft.com/keys/microsoft.asc
     - https://rpm.releases.teleport.dev/RPM-GPG-KEY-teleport
     - https://downloads.1password.com/linux/keys/1password.asc
@@ -34,23 +17,22 @@
     mode: "0644"
     dest: '/etc/yum.repos.d/{{ item }}'
   loop:
-  - slack.repo
   - vscode.repo
   - teleport.repo
   - 1password.repo
-  - rpm.librewolf.net.repo
+  - hashicorp.repo
   become: yes
 
 - name: Install common desktop dnf packages
   dnf:
     name:
-    - deja-dup
+    - liquidctl
     - power-profiles-daemon # Adds power settings in gnome-settings-center
-    - chrome-gnome-shell
     - celluloid
     - cheese
     - geary
     - pavucontrol
+    - gnome-browser-connector
     - gnome-shell-extension-appindicator
     - gnome-shell-extension-gsconnect
     - gnome-nettool
@@ -58,18 +40,21 @@
     - gnome-calendar
     - gnome-clocks
     - gnome-tweaks
-    - bijiben # gnome notes
     - tilix
     - nodejs
     - mpv
     - steam
     - ffmpeg
-    - slack
     - 1password
     - code
     - teleport
-    - librewolf
     - mangohud
+    - solaar
+    - terraform
+    - adobe-source-sans-pro-fonts
+    - v4l-utils
+    - v4l2loopback
+    - akmod-v4l2loopback
     enablerepo:
     - rpmfusion-free
     - rpmfusion-nonfree-steam
@@ -86,45 +71,33 @@
 - name: Install flatpaks from flathub
   flatpak:
     name:
-    - com.gigitux.youp
     - com.discordapp.Discord
     - im.riot.Riot
     - org.telegram.desktop
     - com.plexamp.Plexamp
     - nl.g4d.Girens
     - tech.feliciano.pocket-casts
-    - org.gnome.TextEditor
     - com.mattjakeman.ExtensionManager
     - md.obsidian.Obsidian
     - org.pipewire.Helvum
+    - com.github.tchx84.Flatseal
+    - com.github.maoschanz.drawing
+    - com.belmoussaoui.Obfuscate
+    - de.haeckerfelix.Fragments
+    - org.gnome.World.PikaBackup
+    - org.pitivi.Pitivi
+    - rest.insomnia.Insomnia
+    - io.dbeaver.DBeaverCommunity
     state: present
     remote: flathub
     method: user
 
-- name: Add the knapsu flatpak repository remote to the user installation
-  flatpak_remote:
-    name: knapsu
-    state: present
-    flatpakrepo_url: https://flatpak.knapsu.eu/plex-media-player.flatpakrepo
-    method: user
-
-- name: Install flatpaks from knapsu
-  flatpak:
-    name: 
-    - tv.plex.PlexMediaPlayer
-    state: present
-    remote: knapsu
-    method: user
-
 - name: Install remote rpms
   dnf:
     name:
-    - https://cdn.zoom.us/prod/v5.10.4/zoom_x86_64.rpm
+    - "https://cdn.zoom.us/prod/{{ zoom_version }}/zoom_x86_64.rpm"
-    - https://github.com/hensm/fx_cast/releases/download/v0.2.0/fx_cast_bridge-0.2.0-x64.rpm
+    #- https://github.com/hensm/fx_cast/releases/download/{{ fx_cast_version }}/fx_cast_bridge-{{ fx_cast_version }}-x64.rpm
-    - https://github.com/Kong/insomnia/releases/download/core%402021.5.3/Insomnia.Core-2021.5.3.rpm
+    #- https://github.com/openaudible/openaudible/releases/download/v{{ open_audible_version }}/OpenAudible_{{ open_audible_version }}_x86_64.rpm
-    - https://github.com/openaudible/openaudible/releases/download/v3.4.3/OpenAudible_3.4.3_x86_64.rpm
-    - https://github.com/Mastermindzh/tidal-hifi/releases/download/2.7.1/tidal-hifi-2.7.1.x86_64.rpm
-    - https://github.com/iongion/podman-desktop-companion/releases/download/4.0.3-rc.2/podman-desktop-companion-x86_64-4.0.3-rc.2.rpm
     state: present
     disable_gpg_check: 1
   become: yes

roles/docker/tasks/main.yml

@@ -11,6 +11,7 @@
   systemd:
     name: docker
     state: started
+    enabled: true
   become: yes
 
 - name: Install docker-compose

roles/gnome/defaults/main.yml

@@ -0,0 +1,24 @@
+---
+
+keyboard_shortcuts:
+  - id: 0
+    command: "'/home/jonathan/.bin/audio-switch Audioengine'"
+    shortcut: "'<Shift><Control><Alt>1'"
+    name: "'Audioengine Speakers'"
+  - id: 1
+    command: "'/home/jonathan/.bin/audio-switch \"USB Audio Speakers\"'"
+    shortcut: "'<Shift><Control><Alt>2'"
+    name: "'Sonos Port'"
+  - id: 2
+    command: "'/home/jonathan/.bin/audio-switch arctis'"
+    shortcut: "'<Shift><Control><Alt>3'"
+    name: "'Arctis Nova Pro'"
+  - id: 3
+    command: "'/home/jonathan/.bin/audio-switch \"USB Audio Front Headphones\"'"
+    shortcut: "'<Shift><Control><Alt>4'"
+    name: "'Front Headphones'"
+  - id: 4
+    command: "'/home/jonathan/.bin/audio-switch xm5'"
+    shortcut: "'<Shift><Control><Alt>5'"
+    name: "'XM5s'"
+  

roles/gnome/tasks/main.yml

@@ -1,8 +1,5 @@
 ---
 
-# Run gsettings set org.gnome.shell.extensions.dash-to-dock click-action 'minimize'
-# Run gsettings set org.gnome.shell app-picker-layout "[]"
-
 - name: Install gnome-extensions-cli
   pip:
     name: gnome-extensions-cli
@@ -15,9 +12,9 @@
   with_items:
     - hue-lights@chlumskyvaclav.gmail.com
     - espresso@coadmunkee.github.com
-    - sound-output-device-chooser@kgshank.net
     - logomenu@aryan_k
     - expandable-notifications@kaan.g.inam.org
     - gsconnect@andyholmes.github.io
     - bluetooth-quick-connect@bjarosze.gmail.com
     - appindicatorsupport@rgcjonas.gmail.com
+    - gTile@vibou

roles/howdy/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+
+video_device: /dev/video4

roles/howdy/tasks/main.yml

@@ -1,12 +1,5 @@
 ---
 
-- name: Install rpmsphere-release
-  dnf:
-    name: https://github.com/rpmsphere/noarch/raw/master/r/rpmsphere-release-{{ ansible_distribution_major_version }}.noarch.rpm
-    state: present
-    disable_gpg_check: 1
-  become: yes
-
 - name: Install dlib
   dnf:
     name: 
@@ -15,10 +8,10 @@
     state: present
   become: yes
 
-- name: Enable copr project howdy
+- name: Enable copr principis/howdy
   community.general.copr:
-    name: luya/howdy
+    name: principis/howdy
-    state: disabled
+    state: enabled
   become: yes
 
 - name: Install howdy
@@ -26,3 +19,24 @@
     name: howdy
     state: present
   become: yes
+
+- name: Configure video device for Howdy
+  replace: 
+    path: /lib64/security/howdy/config.ini
+    regexp: '(^device_path\s=\s)(.*)$'
+    replace: '\1{{ video_device }}'
+    backup: yes
+  become: yes
+
+- name: Configure Howdy for sudo
+  ansible.builtin.lineinfile:
+    path: /etc/pam.d/sudo
+    line: "auth       sufficient   pam_python.so /lib64/security/howdy/pam.py"
+  become: yes
+
+- name: Configure Howdy for Gnome login
+  ansible.builtin.lineinfile:
+    path: /etc/pam.d/gdm-password
+    insertafter: 'pam_selinux_permit.so'
+    line: "auth        sufficient    pam_python.so /lib64/security/howdy/pam.py"
+  become: yes

roles/kubernetes/files/containerd-config.toml

@@ -0,0 +1,16 @@
+version = 2
+
+[plugins]
+  [plugins."io.containerd.grpc.v1.cri"]
+    [plugins."io.containerd.grpc.v1.cri".containerd]
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+            SystemdCgroup = true
+    [plugins."io.containerd.grpc.v1.cri".cni]
+      bin_dir = "/usr/libexec/cni/"
+      conf_dir = "/etc/cni/net.d"
+        
+  [plugins."io.containerd.internal.v1.opt"]
+    path = "/var/lib/containerd/opt"

roles/kubernetes/files/kubernetes.repo

@@ -0,0 +1,7 @@
+[kubernetes]
+name=Kubernetes
+baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
+enabled=1
+gpgcheck=1
+gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+exclude=kubelet kubeadm kubectl

roles/kubernetes/files/modules-load-d-k8s.conf

@@ -0,0 +1,2 @@
+overlay
+br_netfilter

roles/kubernetes/files/sysctl-d-k8s.conf

@@ -0,0 +1,3 @@
+net.bridge.bridge-nf-call-iptables  = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward                 = 1

roles/kubernetes/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+

roles/kubernetes/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+
+- name: Add dnf repo for kubernetes
+  copy:
+    src: kubernetes.repo
+    mode: "0644"
+    dest: /etc/yum.repos.d/kubernetes.repo
+  become: yes
+
+- name: Configure containerd for k8s
+  copy:
+    src: containerd-config.toml
+    mode: "0644"
+    dest: /etc/containerd/config.toml
+  become: yes
+
+- name: Install kubernetes dnf packages
+  dnf:
+    name:
+    - kubeadm
+    - kubelet
+    - kubectl
+    - containerd
+    disable_excludes: kubernetes
+  become: yes
+
+- name: Enable kernel mods for k8s
+  copy:
+    src: modules-load-d-k8s.conf
+    mode: "0644"
+    dest: /etc/modules-load.d/k8s.conf
+  become: yes
+
+- name: Set kernel params for k8s
+  copy:
+    src: sysctl-d-k8s.conf
+    mode: "0644"
+    dest: /etc/sysctl.d/k8s.conf
+  become: yes

roles/nvidia/tasks/main.yml

@@ -5,3 +5,43 @@
     name:
     - xorg-x11-drv-nvidia-cuda
   become: yes
+
+- name: Install nvtop dependencies
+  dnf:
+    name:
+    - libdrm-devel
+    - ncurses-devel
+    - cmake
+    - gcc-c++
+  become: yes
+
+- name: Clone syllo/nvtop
+  git:
+    repo: 'https://github.com/syllo/nvtop.git'
+    version: master
+    dest: ~/.cache/syllo-nvtop
+
+- name: Create nvtop build dir
+  file:
+    dest: ~/.cache/syllo-nvtop/build
+    mode: '0755'
+    state: directory
+
+- name: Cmake the nvtop Makefiles
+  command:
+    chdir: ~/.cache/syllo-nvtop/build
+    cmd: cmake .. -DNVIDIA_SUPPORT=ON
+    creates: ~/.cache/syllo-nvtop/build/Makefile
+
+- name: Make all the nvtop things
+  command:
+    chdir: ~/.cache/syllo-nvtop/build
+    cmd: make
+    creates: ~/.cache/syllo-nvtop/build/src/nvtop
+
+- name: make install nvtop
+  command: 
+    chdir: /home/jonathan/.cache/syllo-nvtop/build
+    cmd: make install
+    creates: /usr/local/bin/nvtop
+  become: yes

roles/oversteer/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+
+- name: Install dependencies
+  dnf:
+    name: 
+    - python3
+    - python3-distutils-extra
+    - python3-gobject
+    - python3-pyudev
+    - python3-pyxdg
+    - python3-evdev
+    - gettext
+    - meson
+    - appstream
+    - desktop-file-utils
+    - python3-matplotlib-gtk3
+    - python3-scipy
+    state: present
+  become: yes
+
+- name: Clone berarma/oversteer
+  git:
+    repo: 'https://github.com/berarma/oversteer.git'
+    version: master
+    dest: ~/.cache/berarma-oversteer
+
+- name: meson build
+  command:
+    chdir: ~/.cache/berarma-oversteer/
+    cmd: meson build
+    creates: ~/.cache/berarma-oversteer/build
+
+- name: ninja install
+  command:
+    chdir: /home/jonathan/.cache/berarma-oversteer/build
+    cmd: ninja install
+    creates: /usr/local/bin/oversteer
+  become: yes

roles/server/files/smb.conf

@@ -0,0 +1,46 @@
+# See smb.conf.example for a more detailed config file or
+# read the smb.conf manpage.
+# Run 'testparm' to verify the config is correct after
+# you modified it.
+#
+# Note:
+# SMB1 is disabled by default. This means clients without support for SMB2 or
+# SMB3 are no longer able to connect to smbd (by default).
+
+[global]
+	workgroup = SAMBA
+	security = user
+
+	passdb backend = tdbsam
+
+	printing = cups
+	printcap name = cups
+	load printers = yes
+	cups options = raw
+
+	# Install samba-usershares package for support
+	include = /etc/samba/usershares.conf
+
+    include = registry
+
+[homes]
+	comment = Home Directories
+	valid users = %S, %D%w%S
+	browseable = No
+	read only = No
+	inherit acls = Yes
+
+[printers]
+	comment = All Printers
+	path = /var/tmp
+	printable = Yes
+	create mask = 0600
+	browseable = No
+
+[print$]
+	comment = Printer Drivers
+	path = /var/lib/samba/drivers
+	write list = @printadmin root
+	force group = @printadmin
+	create mask = 0664
+	directory mask = 0775

roles/server/handlers/main.yml

@@ -0,0 +1,28 @@
+---
+  - name: enable nfs-server
+    service: 
+      name: nfs-server
+      state: started
+      enabled: true
+    become: yes
+
+  - name: enable libvirtd
+    service: 
+      name: libvirtd
+      state: started
+      enabled: true
+    become: yes
+
+  - name: enable pmlogger
+    service: 
+      name: pmlogger
+      state: started
+      enabled: true
+    become: yes
+
+  - name: restart smb
+    service: 
+      name: smb
+      state: restart
+      enabled: true
+    become: yes

roles/server/tasks/main.yml

@@ -0,0 +1,60 @@
+---
+
+- name: Add gpu packages for intel
+  dnf:
+    name:
+    - intel-media-driver
+    - libva-utils
+    - libvdpau-va-gl
+    - intel-gpu-tools
+    enablerepo: rpmfusion-free
+    state: present
+  when: ansible_processor[2] == "Intel(R) Celeron(R) N5105 @ 2.00GHz"
+  become: yes
+
+- name: Add server-only packages
+  dnf:
+    name:
+    - sqlite
+    - cockpit-machines
+    - cockpit-podman
+    - cockpit-file-sharing
+    - nfs-utils
+    - borgbackup
+  notify: enable nfs-server
+  become: yes
+
+- name: Add pcp metric-collection packages
+  dnf:
+    name:
+    - pcp
+    - pcp-conf
+    - pcp-libs
+    - pcp-selinux
+  notify: enable pmlogger
+  become: yes
+
+- name: Add libvirt
+  dnf:
+    name:
+    - libvirt
+  notify: enable libvirtd
+  become: yes
+
+- name: Update smb.conf for registry
+  copy:
+    src: smb.conf
+    mode: "0644"
+    dest: /etc/samba/smb.conf
+  notify: restart smb
+  become: yes
+
+- name: Increase max user watches
+  sysctl:
+    name: fs.inotify.max_user_watches
+    value: '524288'
+    sysctl_file: /etc/sysctl.d/max_user_watches.conf
+    sysctl_set: yes
+    state: present
+    reload: yes
+  become: yes

roles/ssh/templates/sshd_config.j2.new

@@ -0,0 +1,133 @@
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# To modify the system-wide sshd configuration, create a  *.conf  file under
+#  /etc/ssh/sshd_config.d/  which will be automatically included below
+Include /etc/ssh/sshd_config.d/*.conf
+
+# If you want to change the port on a SELinux system, you have to tell
+# SELinux about this change.
+# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
+#
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin no
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+#KerberosUseKuserok yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+#GSSAPIEnablek5users no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
+# problems.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

roles/steam/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Link proton directories
+  file:
+    src: /home/jonathan/.local/share/Steam
+    dest: ~/.local/bin/firefox-dev
+    state: link

roles/syncthing/tasks/main.yml

@@ -27,6 +27,7 @@
     - /home/jonathan/Sync
     - /home/jonathan/Code
     - /home/jonathan/Udemy
+    - /home/jonathan/Photos
 
 
 - name: Create and start Syncthing container
@@ -38,13 +39,14 @@
       PUID: "0"
       PGID: "0"
     volume:
-      - /home/jonathan/.config/podman/etc/syncthing:/var/syncthing/config:Z
+      - /home/jonathan/.config/podman/etc/syncthing:/var/syncthing/config
-      - /home/jonathan/.config/podman/syncthing/:/var/syncthing:Z
+      - /home/jonathan/.config/podman/syncthing/:/var/syncthing
-      - /home/jonathan/Sync:/home/jonathan/Sync:Z
+      - /home/jonathan/Sync:/home/jonathan/Sync
-      - /home/jonathan/Code:/home/jonathan/Code:Z
+      - /home/jonathan/Code:/home/jonathan/Code
-      - /home/jonathan/Udemy:/home/jonathan/Udemy:Z
+      - /home/jonathan/Udemy:/home/jonathan/Udemy
-      - /home/jonathan/Pictures:/home/jonathan/Pictures:Z
+      - /home/jonathan/Pictures:/home/jonathan/Pictures
-      - /home/jonathan/Documents:/home/jonathan/Documents:Z
+      - /home/jonathan/Photos:/home/jonathan/Photos
+      - /home/jonathan/Documents:/home/jonathan/Documents
     network: host
     restart_policy: on-failure:5
 

roles/tailscale/tasks/main.yml

@@ -4,7 +4,6 @@
   command:
     cmd: dnf config-manager --add-repo https://pkgs.tailscale.com/stable/fedora/tailscale.repo
     creates: /etc/yum.repos.d/tailscale.repo
-    warn: false
   become: yes
 
 - name: Install tailscale

roles/xbox/tasks/main.yml

@@ -20,3 +20,4 @@
 # fi
 
 # do the things in https://github.com/medusalix/xone/blob/master/install.sh
+

server.yml

@@ -1,8 +1,9 @@
 ---
 
-- hosts: magnus
+- hosts: vault
   roles:
   - { role: base, tags: [ 'base'] }
+  - { role: server, tags: [ 'server'] }
   - { role: users, tags: [ 'users'] }
   - { role: ssh, tags: [ 'ssh'] }
   - { role: docker, tags: [ 'docker'] }

work.yml

@@ -0,0 +1,13 @@
+---
+
+- hosts: work
+  roles:
+  - { role: base, tags: [ 'base'] }
+  - { role: desktop, tags: [ 'desktop'] }
+  - { role: gnome, tags: [ 'gnome' ] }
+  - { role: users, tags: [ 'users'] }
+  - { role: ssh, tags: [ 'ssh'] }
+  - { role: docker, tags: [ 'docker' ] }
+  - { role: globalprotect, tags: [ 'globalprotect'] }
+  - { role: tailscale, tags: [ 'tailscale'] }
+  - { role: syncthing, tags: [ 'syncthing' ] }