From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001 From: Stonewall Jackson Date: Sat, 4 Feb 2023 01:23:43 -0500 Subject: initial commit --- roles/linux_desktop/defaults/main.yml | 6 ++ .../files/etc/dconf/db/local.d/00-hidpi | 2 + .../files/etc/dconf/db/local.d/locks/hidpi | 1 + .../usr/local/share/thumbnailers/totem.thumbnailer | 4 + roles/linux_desktop/handlers/main.yml | 7 ++ roles/linux_desktop/meta/main.yml | 9 ++ roles/linux_desktop/tasks/freeipa.yml | 33 +++++++ roles/linux_desktop/tasks/main.yml | 109 +++++++++++++++++++++ .../templates/etc/dconf/db/local.d/00-gnome.j2 | 18 ++++ .../linux_desktop/templates/etc/gdm/custom.conf.j2 | 16 +++ roles/linux_desktop/vars/main.yml | 65 ++++++++++++ 11 files changed, 270 insertions(+) create mode 100644 roles/linux_desktop/defaults/main.yml create mode 100644 roles/linux_desktop/files/etc/dconf/db/local.d/00-hidpi create mode 100644 roles/linux_desktop/files/etc/dconf/db/local.d/locks/hidpi create mode 100644 roles/linux_desktop/files/usr/local/share/thumbnailers/totem.thumbnailer create mode 100644 roles/linux_desktop/handlers/main.yml create mode 100644 roles/linux_desktop/meta/main.yml create mode 100644 roles/linux_desktop/tasks/freeipa.yml create mode 100644 roles/linux_desktop/tasks/main.yml create mode 100644 roles/linux_desktop/templates/etc/dconf/db/local.d/00-gnome.j2 create mode 100644 roles/linux_desktop/templates/etc/gdm/custom.conf.j2 create mode 100644 roles/linux_desktop/vars/main.yml (limited to 'roles/linux_desktop') diff --git a/roles/linux_desktop/defaults/main.yml b/roles/linux_desktop/defaults/main.yml new file mode 100644 index 0000000..ab00eff --- /dev/null +++ b/roles/linux_desktop/defaults/main.yml @@ -0,0 +1,6 @@ +linux_desktop_access_group: role-linux-desktop-access +linux_desktop_flatpak_update_on_calendar: daily +linux_desktop_enable_wayland: yes +linux_desktop_thumbnail_cache_size: 4096 # MB + +linux_desktop_enable_window_buttons: yes diff --git a/roles/linux_desktop/files/etc/dconf/db/local.d/00-hidpi b/roles/linux_desktop/files/etc/dconf/db/local.d/00-hidpi new file mode 100644 index 0000000..eef356b --- /dev/null +++ b/roles/linux_desktop/files/etc/dconf/db/local.d/00-hidpi @@ -0,0 +1,2 @@ +[org/gnome/mutter] +experimental-features=['scale-monitor-framebuffer'] diff --git a/roles/linux_desktop/files/etc/dconf/db/local.d/locks/hidpi b/roles/linux_desktop/files/etc/dconf/db/local.d/locks/hidpi new file mode 100644 index 0000000..15e31c2 --- /dev/null +++ b/roles/linux_desktop/files/etc/dconf/db/local.d/locks/hidpi @@ -0,0 +1 @@ +/org/gnome/mutter/experimental-features diff --git a/roles/linux_desktop/files/usr/local/share/thumbnailers/totem.thumbnailer b/roles/linux_desktop/files/usr/local/share/thumbnailers/totem.thumbnailer new file mode 100644 index 0000000..26649bd --- /dev/null +++ b/roles/linux_desktop/files/usr/local/share/thumbnailers/totem.thumbnailer @@ -0,0 +1,4 @@ +[Thumbnailer Entry] +TryExec=/usr/bin/totem-video-thumbnailer +Exec=/usr/bin/totem-video-thumbnailer -l -s %s %u %o +MimeType=application/mxf;application/ram;application/sdp;application/vnd.apple.mpegurl;application/vnd.ms-asf;application/vnd.ms-wpl;application/vnd.rn-realmedia;application/vnd.rn-realmedia-vbr;application/x-extension-m4a;application/x-extension-mp4;application/x-flash-video;application/x-matroska;application/x-netshow-channel;application/x-quicktimeplayer;application/x-shorten;image/vnd.rn-realpix;image/x-pict;misc/ultravox;text/x-google-video-pointer;video/3gp;video/3gpp;video/3gpp2;video/dv;video/divx;video/fli;video/flv;video/mp2t;video/mp4;video/mp4v-es;video/mpeg;video/mpeg-system;video/msvideo;video/ogg;video/quicktime;video/vivo;video/vnd.divx;video/vnd.mpegurl;video/vnd.rn-realvideo;video/vnd.vivo;video/webm;video/x-anim;video/x-avi;video/x-flc;video/x-fli;video/x-flic;video/x-flv;video/x-m4v;video/x-matroska;video/x-mjpeg;video/x-mpeg;video/x-mpeg2;video/x-ms-asf;video/x-ms-asf-plugin;video/x-ms-asx;video/x-msvideo;video/x-ms-wm;video/x-ms-wmv;video/x-ms-wmx;video/x-ms-wvx;video/x-nsv;video/x-ogm+ogg;video/x-theora;video/x-theora+ogg;video/x-totem-stream;audio/x-pn-realaudio;audio/3gpp;audio/3gpp2;audio/aac;audio/ac3;audio/AMR;audio/AMR-WB;audio/basic;audio/dv;audio/eac3;audio/flac;audio/m4a;audio/midi;audio/mp1;audio/mp2;audio/mp3;audio/mp4;audio/mpeg;audio/mpg;audio/ogg;audio/opus;audio/prs.sid;audio/scpls;audio/vnd.rn-realaudio;audio/wav;audio/webm;audio/x-aac;audio/x-aiff;audio/x-ape;audio/x-flac;audio/x-gsm;audio/x-it;audio/x-m4a;audio/x-m4b;audio/x-matroska;audio/x-mod;audio/x-mp1;audio/x-mp2;audio/x-mp3;audio/x-mpg;audio/x-mpeg;audio/x-ms-asf;audio/x-ms-asx;audio/x-ms-wax;audio/x-ms-wma;audio/x-musepack;audio/x-opus+ogg;audio/x-pn-aiff;audio/x-pn-au;audio/x-pn-wav;audio/x-pn-windows-acm;audio/x-realaudio;audio/x-real-audio;audio/x-s3m;audio/x-sbc;audio/x-shorten;audio/x-speex;audio/x-stm;audio/x-tta;audio/x-wav;audio/x-wavpack;audio/x-vorbis;audio/x-vorbis+ogg;audio/x-xm;application/x-flac; diff --git a/roles/linux_desktop/handlers/main.yml b/roles/linux_desktop/handlers/main.yml new file mode 100644 index 0000000..16c1d21 --- /dev/null +++ b/roles/linux_desktop/handlers/main.yml @@ -0,0 +1,7 @@ +- name: restart gdm + systemd: + name: gdm + state: restarted + +- name: update dconf + command: dconf update diff --git a/roles/linux_desktop/meta/main.yml b/roles/linux_desktop/meta/main.yml new file mode 100644 index 0000000..9b04ef8 --- /dev/null +++ b/roles/linux_desktop/meta/main.yml @@ -0,0 +1,9 @@ +dependencies: + - role: yum + yum_repositories: + - epel + - rpmfusion-free + - rpmfusion-free-tainted + - rpmfusion-nonfree + - rpmfusion-nonfree-tainted + tags: yum diff --git a/roles/linux_desktop/tasks/freeipa.yml b/roles/linux_desktop/tasks/freeipa.yml new file mode 100644 index 0000000..f7a09e1 --- /dev/null +++ b/roles/linux_desktop/tasks/freeipa.yml @@ -0,0 +1,33 @@ +- name: create linux-desktops hostgroup + ipahostgroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ linux_desktop_hbac_hostgroup}}' + description: Linux Desktops + host: "{{ groups[linux_desktop_hbac_hostgroup] | map('regex_replace', '$', '.' ~ ansible_domain) }}" + run_once: yes + +- name: create desktop access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ linux_desktop_access_group }}' + description: linux desktop access + nonposix: yes + state: present + run_once: yes + +- name: create HBAC rule for gdm + ipahbacrule: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: allow_gdm_on_linux_desktops + description: Allow login to GDM on linux desktops + hostgroup: + - '{{ linux_desktop_hbac_hostgroup }}' + group: + - '{{ linux_desktop_access_group }}' + hbacsvc: + - gdm + - gdm-password + run_once: yes diff --git a/roles/linux_desktop/tasks/main.yml b/roles/linux_desktop/tasks/main.yml new file mode 100644 index 0000000..dbddcd4 --- /dev/null +++ b/roles/linux_desktop/tasks/main.yml @@ -0,0 +1,109 @@ +- name: install packages + dnf: + name: '{{ linux_desktop_packages }}' + exclude: '{{ linux_desktop_excluded_packages }}' + state: present + +# Sticking with tuned for now. On my thinkpad, the power-profiles-daemon sets the +# CPU governor to "performance" in the "power-save" profile! +- name: mask power-profiles-daemon + systemd: + name: power-profiles-daemon + state: stopped + masked: yes + +- name: make sure tuned wasn't killed by power-profiles-daemon + systemd: + name: tuned + state: started + +- name: enable GuC for intel card + copy: + content: | + options i915 enable_guc=2 enable_fbc=1 + dest: /etc/modprobe.d/i915.conf + register: i915_options + +- name: warn if reboot needed + fail: + msg: A reboot is needed to apply settings to i915 graphics module. + when: i915_options.changed + ignore_errors: yes + +- name: set default target to graphical + file: + src: /usr/lib/systemd/system/graphical.target + dest: /etc/systemd/system/default.target + state: link + +- name: generate gdm configuration + template: + src: etc/gdm/custom.conf.j2 + dest: /etc/gdm/custom.conf + notify: restart gdm + +- name: check if graphical target is active + command: systemctl is-active graphical.target + register: graphical_target + changed_when: false + failed_when: false + +- name: start display manager + command: systemctl isolate graphical.target + when: graphical_target.rc != 0 + notify: restart gdm + +- name: enable fractional scaling + copy: + src: '{{ item[1:] }}' + dest: '{{ item }}' + loop: + - /etc/dconf/db/local.d/00-hidpi + - /etc/dconf/db/local.d/locks/hidpi + notify: update dconf + +- name: add local dconf settings + template: + src: etc/dconf/db/local.d/00-gnome.j2 + dest: /etc/dconf/db/local.d/00-gnome + notify: update dconf + +- name: add flathub flatpak repository + flatpak_remote: + name: flathub + flatpakrepo_url: '{{ linux_desktop_flathub_repo }}' + state: present + +- name: install flatpak applications + flatpak: + name: '{{ item }}' + state: present + loop: '{{ linux_desktop_flatpaks }}' + +- name: set up flatpak-update timer + include_role: + name: systemd_timer + vars: + timer_name: flatpak-update + timer_description: Update flatpaks + timer_after: network.target + timer_on_calendar: '{{ linux_desktop_flatpak_update_on_calendar }}' + timer_exec: flatpak update -y + +- name: configure flatpak overrides + command: flatpak override {{ item.key }} {{ item.value }} + changed_when: no + loop: '{{ linux_desktop_flatpak_overrides | dict2items }}' + +- name: create /usr/local/share/thumbnailers + file: + path: /usr/local/share/thumbnailers + state: directory + +# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973942 +- name: patch totem thumbnailer to support large mp4 files + copy: + src: usr/local/share/thumbnailers/totem.thumbnailer + dest: /usr/local/share/thumbnailers/totem.thumbnailer + +- import_tasks: freeipa.yml diff --git a/roles/linux_desktop/templates/etc/dconf/db/local.d/00-gnome.j2 b/roles/linux_desktop/templates/etc/dconf/db/local.d/00-gnome.j2 new file mode 100644 index 0000000..42e4570 --- /dev/null +++ b/roles/linux_desktop/templates/etc/dconf/db/local.d/00-gnome.j2 @@ -0,0 +1,18 @@ +[org/gnome/desktop/thumbnail-cache] +maximum-size={{ linux_desktop_thumbnail_cache_size }} + +[org/gnome/nautilus/preferences] +recursive-search='always' +show-directory-item-counts='always' +show-image-thumbnails='always' + +[org/gnome/nautilus/list-view] +use-tree-view=true + +{% if linux_desktop_enable_window_buttons %} +[org/gnome/desktop/wm/preferences] +button-layout=':minimize,maximize,close' +{% endif %} + +[org/gnome/shell] +enabled-extensions=['appindicatorsupport@rgcjonas.gmail.com', 'dash-to-dock@gnome-shell-extensions.gcampax.github.com'] diff --git a/roles/linux_desktop/templates/etc/gdm/custom.conf.j2 b/roles/linux_desktop/templates/etc/gdm/custom.conf.j2 new file mode 100644 index 0000000..a1099d2 --- /dev/null +++ b/roles/linux_desktop/templates/etc/gdm/custom.conf.j2 @@ -0,0 +1,16 @@ +# GDM configuration storage + +[daemon] +InitialSetupEnable=false +# Uncomment the line below to force the login screen to use Xorg +WaylandEnable={{ linux_desktop_enable_wayland | bool | to_json }} + +[security] + +[xdmcp] + +[chooser] + +[debug] +# Uncomment the line below to turn on debugging +#Enable=true diff --git a/roles/linux_desktop/vars/main.yml b/roles/linux_desktop/vars/main.yml new file mode 100644 index 0000000..67cd80a --- /dev/null +++ b/roles/linux_desktop/vars/main.yml @@ -0,0 +1,65 @@ +linux_desktop_packages: + - '@gnome-desktop' + - '@fonts' + - '@hardware-support' + - '@internet-browser' + - '@base-x' + - '@networkmanager-submodules' + - '@print-client' + - gnome-tweaks + - evolution + - libreoffice-calc + - libreoffice-draw + - libreoffice-impress + - libreoffice-math + - libreoffice-writer + - ffmpeg-libs + - ffmpeg + - nfs4-acl-tools + - hexchat + - vlc + - youtube-dl + - gstreamer1-plugins-ugly + - gstreamer1-plugins-bad-freeworld + - gstreamer1-libav + - gstreamer1-vaapi + - libva-utils + - intel-media-driver + - seahorse + - inkscape + - dconf-editor + - libdvdcss + - gimp + - brasero + - ntfs-3g + - ntfsprogs + - exfatprogs + - gnome-shell-extension-appindicator + - gnome-shell-extension-dash-to-dock + - chromium + - gnome-extensions-app + +linux_desktop_excluded_packages: + - gnome-software + - libva-intel-driver + +linux_desktop_hbac_hostgroup: linux_desktops + +linux_desktop_flathub_repo: https://dl.flathub.org/repo/flathub.flatpakrepo + +linux_desktop_flatpaks: + - org.signal.Signal + - com.bitwarden + - org.libretro.RetroArch + - ca.littlesvr.asunder + - org.gnome.EasyTAG + - com.makemkv.MakeMKV + - org.gnucash.GnuCash + - org.gnome.Rhythmbox3 + - org.gajim.Gajim + - org.gajim.Gajim.Plugin.omemo + +linux_desktop_flatpak_overrides: + org.gnome.EasyTAG: --filesystem=host + org.gnome.Rhythmbox3: --filesystem=host + org.signal.Signal: --env=SIGNAL_USE_TRAY_ICON=1 -- cgit