11 files changed, 270 insertions, 0 deletions

diff --git a/roles/linux_desktop/defaults/main.yml b/roles/linux_desktop/defaults/main.yml
new file mode 100644
index 0000000..ab00eff
--- /dev/null
+++ b/roles/linux_desktop/defaults/main.yml
@@ -0,0 +1,6 @@
+linux_desktop_access_group: role-linux-desktop-access
+linux_desktop_flatpak_update_on_calendar: daily
+linux_desktop_enable_wayland: yes
+linux_desktop_thumbnail_cache_size: 4096 # MB
+
+linux_desktop_enable_window_buttons: yes
diff --git a/roles/linux_desktop/files/etc/dconf/db/local.d/00-hidpi b/roles/linux_desktop/files/etc/dconf/db/local.d/00-hidpi
new file mode 100644
index 0000000..eef356b
--- /dev/null
+++ b/roles/linux_desktop/files/etc/dconf/db/local.d/00-hidpi
@@ -0,0 +1,2 @@
+[org/gnome/mutter]
+experimental-features=['scale-monitor-framebuffer']
diff --git a/roles/linux_desktop/files/etc/dconf/db/local.d/locks/hidpi b/roles/linux_desktop/files/etc/dconf/db/local.d/locks/hidpi
new file mode 100644
index 0000000..15e31c2
--- /dev/null
+++ b/roles/linux_desktop/files/etc/dconf/db/local.d/locks/hidpi
@@ -0,0 +1 @@
+/org/gnome/mutter/experimental-features
diff --git a/roles/linux_desktop/files/usr/local/share/thumbnailers/totem.thumbnailer b/roles/linux_desktop/files/usr/local/share/thumbnailers/totem.thumbnailer
new file mode 100644
index 0000000..26649bd
--- /dev/null
+++ b/roles/linux_desktop/files/usr/local/share/thumbnailers/totem.thumbnailer
@@ -0,0 +1,4 @@
+[Thumbnailer Entry]
+TryExec=/usr/bin/totem-video-thumbnailer
+Exec=/usr/bin/totem-video-thumbnailer -l -s %s %u %o
+MimeType=application/mxf;application/ram;application/sdp;application/vnd.apple.mpegurl;application/vnd.ms-asf;application/vnd.ms-wpl;application/vnd.rn-realmedia;application/vnd.rn-realmedia-vbr;application/x-extension-m4a;application/x-extension-mp4;application/x-flash-video;application/x-matroska;application/x-netshow-channel;application/x-quicktimeplayer;application/x-shorten;image/vnd.rn-realpix;image/x-pict;misc/ultravox;text/x-google-video-pointer;video/3gp;video/3gpp;video/3gpp2;video/dv;video/divx;video/fli;video/flv;video/mp2t;video/mp4;video/mp4v-es;video/mpeg;video/mpeg-system;video/msvideo;video/ogg;video/quicktime;video/vivo;video/vnd.divx;video/vnd.mpegurl;video/vnd.rn-realvideo;video/vnd.vivo;video/webm;video/x-anim;video/x-avi;video/x-flc;video/x-fli;video/x-flic;video/x-flv;video/x-m4v;video/x-matroska;video/x-mjpeg;video/x-mpeg;video/x-mpeg2;video/x-ms-asf;video/x-ms-asf-plugin;video/x-ms-asx;video/x-msvideo;video/x-ms-wm;video/x-ms-wmv;video/x-ms-wmx;video/x-ms-wvx;video/x-nsv;video/x-ogm+ogg;video/x-theora;video/x-theora+ogg;video/x-totem-stream;audio/x-pn-realaudio;audio/3gpp;audio/3gpp2;audio/aac;audio/ac3;audio/AMR;audio/AMR-WB;audio/basic;audio/dv;audio/eac3;audio/flac;audio/m4a;audio/midi;audio/mp1;audio/mp2;audio/mp3;audio/mp4;audio/mpeg;audio/mpg;audio/ogg;audio/opus;audio/prs.sid;audio/scpls;audio/vnd.rn-realaudio;audio/wav;audio/webm;audio/x-aac;audio/x-aiff;audio/x-ape;audio/x-flac;audio/x-gsm;audio/x-it;audio/x-m4a;audio/x-m4b;audio/x-matroska;audio/x-mod;audio/x-mp1;audio/x-mp2;audio/x-mp3;audio/x-mpg;audio/x-mpeg;audio/x-ms-asf;audio/x-ms-asx;audio/x-ms-wax;audio/x-ms-wma;audio/x-musepack;audio/x-opus+ogg;audio/x-pn-aiff;audio/x-pn-au;audio/x-pn-wav;audio/x-pn-windows-acm;audio/x-realaudio;audio/x-real-audio;audio/x-s3m;audio/x-sbc;audio/x-shorten;audio/x-speex;audio/x-stm;audio/x-tta;audio/x-wav;audio/x-wavpack;audio/x-vorbis;audio/x-vorbis+ogg;audio/x-xm;application/x-flac;
diff --git a/roles/linux_desktop/handlers/main.yml b/roles/linux_desktop/handlers/main.yml
new file mode 100644
index 0000000..16c1d21
--- /dev/null
+++ b/roles/linux_desktop/handlers/main.yml
@@ -0,0 +1,7 @@
+- name: restart gdm
+  systemd:
+    name: gdm
+    state: restarted
+
+- name: update dconf
+  command: dconf update
diff --git a/roles/linux_desktop/meta/main.yml b/roles/linux_desktop/meta/main.yml
new file mode 100644
index 0000000..9b04ef8
--- /dev/null
+++ b/roles/linux_desktop/meta/main.yml
@@ -0,0 +1,9 @@
+dependencies:
+  - role: yum
+    yum_repositories:
+      - epel
+      - rpmfusion-free
+      - rpmfusion-free-tainted
+      - rpmfusion-nonfree
+      - rpmfusion-nonfree-tainted
+    tags: yum
diff --git a/roles/linux_desktop/tasks/freeipa.yml b/roles/linux_desktop/tasks/freeipa.yml
new file mode 100644
index 0000000..f7a09e1
--- /dev/null
+++ b/roles/linux_desktop/tasks/freeipa.yml
@@ -0,0 +1,33 @@
+- name: create linux-desktops hostgroup
+  ipahostgroup:
+    ipaadmin_principal: '{{ ipa_user }}'
+    ipaadmin_password: '{{ ipa_pass }}'
+    name: '{{ linux_desktop_hbac_hostgroup}}'
+    description: Linux Desktops
+    host: "{{ groups[linux_desktop_hbac_hostgroup] | map('regex_replace', '$', '.' ~ ansible_domain) }}"
+  run_once: yes
+
+- name: create desktop access group
+  ipagroup:
+    ipaadmin_principal: '{{ ipa_user }}'
+    ipaadmin_password: '{{ ipa_pass }}'
+    name: '{{ linux_desktop_access_group }}'
+    description: linux desktop access
+    nonposix: yes
+    state: present
+  run_once: yes
+
+- name: create HBAC rule for gdm
+  ipahbacrule:
+    ipaadmin_principal: '{{ ipa_user }}'
+    ipaadmin_password: '{{ ipa_pass }}'
+    name: allow_gdm_on_linux_desktops
+    description: Allow login to GDM on linux desktops
+    hostgroup:
+      - '{{ linux_desktop_hbac_hostgroup }}'
+    group:
+      - '{{ linux_desktop_access_group }}'
+    hbacsvc:
+      - gdm
+      - gdm-password
+  run_once: yes
diff --git a/roles/linux_desktop/tasks/main.yml b/roles/linux_desktop/tasks/main.yml
new file mode 100644
index 0000000..dbddcd4
--- /dev/null
+++ b/roles/linux_desktop/tasks/main.yml
@@ -0,0 +1,109 @@
+- name: install packages
+  dnf:
+    name: '{{ linux_desktop_packages }}'
+    exclude: '{{ linux_desktop_excluded_packages }}'
+    state: present
+
+# Sticking with tuned for now. On my thinkpad, the power-profiles-daemon sets the
+# CPU governor to "performance" in the "power-save" profile!
+- name: mask power-profiles-daemon
+  systemd:
+    name: power-profiles-daemon
+    state: stopped
+    masked: yes
+
+- name: make sure tuned wasn't killed by power-profiles-daemon
+  systemd:
+    name: tuned
+    state: started
+
+- name: enable GuC for intel card
+  copy:
+    content: |
+      options i915 enable_guc=2 enable_fbc=1
+    dest: /etc/modprobe.d/i915.conf
+  register: i915_options
+
+- name: warn if reboot needed
+  fail:
+    msg: A reboot is needed to apply settings to i915 graphics module.
+  when: i915_options.changed
+  ignore_errors: yes
+
+- name: set default target to graphical
+  file:
+    src: /usr/lib/systemd/system/graphical.target
+    dest: /etc/systemd/system/default.target
+    state: link
+
+- name: generate gdm configuration
+  template:
+    src: etc/gdm/custom.conf.j2
+    dest: /etc/gdm/custom.conf
+  notify: restart gdm
+
+- name: check if graphical target is active
+  command: systemctl is-active graphical.target
+  register: graphical_target
+  changed_when: false
+  failed_when: false
+
+- name: start display manager
+  command: systemctl isolate graphical.target
+  when: graphical_target.rc != 0
+  notify: restart gdm
+
+- name: enable fractional scaling
+  copy:
+    src: '{{ item[1:] }}'
+    dest: '{{ item }}'
+  loop:
+    - /etc/dconf/db/local.d/00-hidpi
+    - /etc/dconf/db/local.d/locks/hidpi
+  notify: update dconf
+
+- name: add local dconf settings
+  template:
+    src: etc/dconf/db/local.d/00-gnome.j2
+    dest: /etc/dconf/db/local.d/00-gnome
+  notify: update dconf
+
+- name: add flathub flatpak repository
+  flatpak_remote:
+    name: flathub
+    flatpakrepo_url: '{{ linux_desktop_flathub_repo }}'
+    state: present
+
+- name: install flatpak applications
+  flatpak:
+    name: '{{ item }}'
+    state: present
+  loop: '{{ linux_desktop_flatpaks }}'
+
+- name: set up flatpak-update timer
+  include_role:
+    name: systemd_timer
+  vars:
+    timer_name: flatpak-update
+    timer_description: Update flatpaks
+    timer_after: network.target
+    timer_on_calendar: '{{ linux_desktop_flatpak_update_on_calendar }}'
+    timer_exec: flatpak update -y
+
+- name: configure flatpak overrides
+  command: flatpak override {{ item.key }} {{ item.value }}
+  changed_when: no
+  loop: '{{ linux_desktop_flatpak_overrides | dict2items }}'
+
+- name: create /usr/local/share/thumbnailers
+  file:
+    path: /usr/local/share/thumbnailers
+    state: directory
+
+# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973942
+- name: patch totem thumbnailer to support large mp4 files
+  copy:
+    src: usr/local/share/thumbnailers/totem.thumbnailer
+    dest: /usr/local/share/thumbnailers/totem.thumbnailer
+
+- import_tasks: freeipa.yml
diff --git a/roles/linux_desktop/templates/etc/dconf/db/local.d/00-gnome.j2 b/roles/linux_desktop/templates/etc/dconf/db/local.d/00-gnome.j2
new file mode 100644
index 0000000..42e4570
--- /dev/null
+++ b/roles/linux_desktop/templates/etc/dconf/db/local.d/00-gnome.j2
@@ -0,0 +1,18 @@
+[org/gnome/desktop/thumbnail-cache]
+maximum-size={{ linux_desktop_thumbnail_cache_size }}
+
+[org/gnome/nautilus/preferences]
+recursive-search='always'
+show-directory-item-counts='always'
+show-image-thumbnails='always'
+
+[org/gnome/nautilus/list-view]
+use-tree-view=true
+
+{% if linux_desktop_enable_window_buttons %}
+[org/gnome/desktop/wm/preferences]
+button-layout=':minimize,maximize,close'
+{% endif %}
+
+[org/gnome/shell]
+enabled-extensions=['appindicatorsupport@rgcjonas.gmail.com', 'dash-to-dock@gnome-shell-extensions.gcampax.github.com']
diff --git a/roles/linux_desktop/templates/etc/gdm/custom.conf.j2 b/roles/linux_desktop/templates/etc/gdm/custom.conf.j2
new file mode 100644
index 0000000..a1099d2
--- /dev/null
+++ b/roles/linux_desktop/templates/etc/gdm/custom.conf.j2
@@ -0,0 +1,16 @@
+# GDM configuration storage
+
+[daemon]
+InitialSetupEnable=false
+# Uncomment the line below to force the login screen to use Xorg
+WaylandEnable={{ linux_desktop_enable_wayland | bool | to_json }}
+
+[security]
+
+[xdmcp]
+
+[chooser]
+
+[debug]
+# Uncomment the line below to turn on debugging
+#Enable=true
diff --git a/roles/linux_desktop/vars/main.yml b/roles/linux_desktop/vars/main.yml
new file mode 100644
index 0000000..67cd80a
--- /dev/null
+++ b/roles/linux_desktop/vars/main.yml
@@ -0,0 +1,65 @@
+linux_desktop_packages:
+  - '@gnome-desktop'
+  - '@fonts'
+  - '@hardware-support'
+  - '@internet-browser'
+  - '@base-x'
+  - '@networkmanager-submodules'
+  - '@print-client'
+  - gnome-tweaks
+  - evolution
+  - libreoffice-calc
+  - libreoffice-draw
+  - libreoffice-impress
+  - libreoffice-math
+  - libreoffice-writer
+  - ffmpeg-libs
+  - ffmpeg
+  - nfs4-acl-tools
+  - hexchat
+  - vlc
+  - youtube-dl
+  - gstreamer1-plugins-ugly
+  - gstreamer1-plugins-bad-freeworld
+  - gstreamer1-libav
+  - gstreamer1-vaapi
+  - libva-utils
+  - intel-media-driver
+  - seahorse
+  - inkscape
+  - dconf-editor
+  - libdvdcss
+  - gimp
+  - brasero
+  - ntfs-3g
+  - ntfsprogs
+  - exfatprogs
+  - gnome-shell-extension-appindicator
+  - gnome-shell-extension-dash-to-dock
+  - chromium
+  - gnome-extensions-app
+
+linux_desktop_excluded_packages:
+  - gnome-software
+  - libva-intel-driver
+
+linux_desktop_hbac_hostgroup: linux_desktops
+
+linux_desktop_flathub_repo: https://dl.flathub.org/repo/flathub.flatpakrepo
+
+linux_desktop_flatpaks:
+  - org.signal.Signal
+  - com.bitwarden
+  - org.libretro.RetroArch
+  - ca.littlesvr.asunder
+  - org.gnome.EasyTAG
+  - com.makemkv.MakeMKV
+  - org.gnucash.GnuCash
+  - org.gnome.Rhythmbox3
+  - org.gajim.Gajim
+  - org.gajim.Gajim.Plugin.omemo
+
+linux_desktop_flatpak_overrides:
+  org.gnome.EasyTAG:    --filesystem=host
+  org.gnome.Rhythmbox3: --filesystem=host
+  org.signal.Signal:    --env=SIGNAL_USE_TRAY_ICON=1