install.fairie/home/dot_local/share/ansible/tasks/qubes/vm-template-stock.yml

---
- name: Determine if RPM Fusion was already enabled
  become: true
  stat:
    path: /root/.setup-rpm-fusion-enabled
  register: template_rpm_fusion
  when: ansible_os_family == 'RedHat'

- name: Ensure RPM Fusion package repositories are enabled on RedHat-flavored systems
  become: true
  shell:
    cmd: |
      dnf config-manager --set-enabled rpmfusion-free
      dnf config-manager --set-enabled rpmfusion-free-updates
      dnf config-manager --set-enabled rpmfusion-nonfree
      dnf config-manager --set-enabled rpmfusion-nonfree-updates
  when:
    - ansible_os_family == 'RedHat'
    - not template_rpm_fusion.stat.exists
    - not ('-minimal' in inventory_hostname)

- name: Register RPM Fusion enabled indicator
  become: true
  copy:
    content: |
      done
    dest: /root/.setup-rpm-fusion-enabled
  when:
    - ansible_os_family == 'RedHat'
    - not template_rpm_fusion.stat.exists

- name: Ensure Debian systems are updated
  become: true
  apt:
    cache_valid_time: 3600
    force_apt_get: true
    update_cache: true
    upgrade: dist
  timeout: 900
  when: ansible_os_family == 'Debian'

- name: Ensure RedHat systems are updated
  become: true
  dnf:
    name: '*'
    state: latest
    update_cache: true
  timeout: 900
  when: ansible_os_family == 'RedHat'

- name: Check if Archlinux has refreshed keys
  become: true
  stat:
    path: /root/.setup-pacman-refreshed-keys
  register: pacman_key_refresh
  when: ansible_os_family == 'Archlinux'

- name: Ensure Archlinux pacman GPG keys are updated
  become: true
  shell: pacman-key --refresh-keys
  when:
    - ansible_os_family == 'Archlinux'
    - not pacman_key_refresh.stat.exists

- name: Ensure Archlinux key refresh is saved to prevent unnecessary future calls
  become: true
  copy:
    content: |
      done
    dest: /root/.setup-pacman-refreshed-keys
  when:
    - ansible_os_family == 'Archlinux'
    - not pacman_key_refresh.stat.exists

- name: Ensure Archlinux systems are updated
  become: true
  community.general.pacman:
    update_cache: true
    upgrade: true
    extra_args: --ignore=*pulse*
    update_cache_extra_args: --noconfirm
    upgrade_extra_args: --ignore="*pulse*"
  when: ansible_os_family == 'Archlinux'

- name: Install common software packages
  become: true
  ansible.builtin.package:
    name: '{{ common_software_packages | default([]) }}'
    state: latest
  ignore_errors: '{{ qubes_prerelease | default(false) }}'

- name: Clone the yay repository (Archlinux)
  ansible.builtin.git:
    repo: https://aur.archlinux.org/yay.git
    dest: ~/.local/yay
    version: master
  when: ansible_os_family == 'Archlinux'

- name: Check if yay is installed
  command: type yay
  register: yay_type
  failed_when: false
  changed_when: false
  when: ansible_os_family == 'Archlinux'

- name: Ensure Go is installed which is a requirement for installing yay (Archlinux)
  become: true
  community.general.pacman:
    name: go
    state: latest
  when: ansible_os_family == 'Archlinux'

- name: Install yay (Archlinux)
  ansible.builtin.shell:
    cmd: echo Y | makepkg -si
  args:
    chdir: ~/.local/yay
  when:
    - ansible_os_family == 'Archlinux'
    - yay_type.rc != 0

- name: Check if snap is installed
  command: type snap
  register: snap_type
  failed_when: false
  changed_when: false
  when: ansible_os_family == 'Archlinux'
  ignore_errors: '{{ qubes_prerelease | default(false) }}'

- name: Install snapd with yay (Archlinux)
  ansible.builtin.shell:
    cmd: yay --noconfirm -Sy snapd
  when:
    - ansible_os_family == 'Archlinux'
    - snap_type.rc != 0

- name: Detect presence of /var/lib/snapd/snap
  stat:
    path: /var/lib/snapd/snap
  register: var_lib_snapd

- name: Ensure /snap is symlinked to /var/lib/snapd/snap
  become: true
  file:
    src: /var/lib/snapd/snap
    dest: /snap
    state: link
  when: var_lib_snapd.stat.exists

- name: Ensure snapd is enabled and running
  become: true
  ansible.builtin.systemd:
    enabled: true
    state: started
    name: snapd
    daemon_reload: true
  when: not ('-minimal' in inventory_hostname)
  ignore_errors: '{{ qubes_prerelease | default(false) }}'

- name: Apply full theme and dotfiles
  include_role:
    name: professormanhattan.theme

- include_tasks: tasks/qubes/vm-common.yml

- name: Ensure /etc/skel /usr/local.orig is setup for inheritence
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    mode: '{{ item.mode }}'
    remote_src: true
  with_items:
    - src: /home
      dest: /etc/skel
      mode: preserve
    - src: /usr/local
      dest: /usr/local.orig
      mode: preserve
Added Gas Station. 2023-07-15 22:40:26 -07:00			`---`
			`- name: Determine if RPM Fusion was already enabled`
			`become: true`
			`stat:`
			`path: /root/.setup-rpm-fusion-enabled`
			`register: template_rpm_fusion`
			`when: ansible_os_family == 'RedHat'`

			`- name: Ensure RPM Fusion package repositories are enabled on RedHat-flavored systems`
			`become: true`
			`shell:`
			`cmd: \|`
			`dnf config-manager --set-enabled rpmfusion-free`
			`dnf config-manager --set-enabled rpmfusion-free-updates`
			`dnf config-manager --set-enabled rpmfusion-nonfree`
			`dnf config-manager --set-enabled rpmfusion-nonfree-updates`
			`when:`
			`- ansible_os_family == 'RedHat'`
			`- not template_rpm_fusion.stat.exists`
			`- not ('-minimal' in inventory_hostname)`

			`- name: Register RPM Fusion enabled indicator`
			`become: true`
			`copy:`
			`content: \|`
			`done`
			`dest: /root/.setup-rpm-fusion-enabled`
			`when:`
			`- ansible_os_family == 'RedHat'`
			`- not template_rpm_fusion.stat.exists`

			`- name: Ensure Debian systems are updated`
			`become: true`
			`apt:`
			`cache_valid_time: 3600`
			`force_apt_get: true`
			`update_cache: true`
			`upgrade: dist`
			`timeout: 900`
			`when: ansible_os_family == 'Debian'`

			`- name: Ensure RedHat systems are updated`
			`become: true`
			`dnf:`
			`name: '*'`
			`state: latest`
			`update_cache: true`
			`timeout: 900`
			`when: ansible_os_family == 'RedHat'`

			`- name: Check if Archlinux has refreshed keys`
			`become: true`
			`stat:`
			`path: /root/.setup-pacman-refreshed-keys`
			`register: pacman_key_refresh`
			`when: ansible_os_family == 'Archlinux'`

			`- name: Ensure Archlinux pacman GPG keys are updated`
			`become: true`
			`shell: pacman-key --refresh-keys`
			`when:`
			`- ansible_os_family == 'Archlinux'`
			`- not pacman_key_refresh.stat.exists`

			`- name: Ensure Archlinux key refresh is saved to prevent unnecessary future calls`
			`become: true`
			`copy:`
			`content: \|`
			`done`
			`dest: /root/.setup-pacman-refreshed-keys`
			`when:`
			`- ansible_os_family == 'Archlinux'`
			`- not pacman_key_refresh.stat.exists`

			`- name: Ensure Archlinux systems are updated`
			`become: true`
			`community.general.pacman:`
			`update_cache: true`
			`upgrade: true`
			`extra_args: --ignore=pulse`
			`update_cache_extra_args: --noconfirm`
			`upgrade_extra_args: --ignore="pulse"`
			`when: ansible_os_family == 'Archlinux'`

			`- name: Install common software packages`
			`become: true`
			`ansible.builtin.package:`
			`name: '{{ common_software_packages \| default([]) }}'`
			`state: latest`
			`ignore_errors: '{{ qubes_prerelease \| default(false) }}'`

			`- name: Clone the yay repository (Archlinux)`
			`ansible.builtin.git:`
			`repo: https://aur.archlinux.org/yay.git`
			`dest: ~/.local/yay`
			`version: master`
			`when: ansible_os_family == 'Archlinux'`

			`- name: Check if yay is installed`
			`command: type yay`
			`register: yay_type`
			`failed_when: false`
			`changed_when: false`
			`when: ansible_os_family == 'Archlinux'`

			`- name: Ensure Go is installed which is a requirement for installing yay (Archlinux)`
			`become: true`
			`community.general.pacman:`
			`name: go`
			`state: latest`
			`when: ansible_os_family == 'Archlinux'`

			`- name: Install yay (Archlinux)`
			`ansible.builtin.shell:`
			`cmd: echo Y \| makepkg -si`
			`args:`
			`chdir: ~/.local/yay`
			`when:`
			`- ansible_os_family == 'Archlinux'`
			`- yay_type.rc != 0`

			`- name: Check if snap is installed`
			`command: type snap`
			`register: snap_type`
			`failed_when: false`
			`changed_when: false`
			`when: ansible_os_family == 'Archlinux'`
			`ignore_errors: '{{ qubes_prerelease \| default(false) }}'`

			`- name: Install snapd with yay (Archlinux)`
			`ansible.builtin.shell:`
			`cmd: yay --noconfirm -Sy snapd`
			`when:`
			`- ansible_os_family == 'Archlinux'`
			`- snap_type.rc != 0`

			`- name: Detect presence of /var/lib/snapd/snap`
			`stat:`
			`path: /var/lib/snapd/snap`
			`register: var_lib_snapd`

			`- name: Ensure /snap is symlinked to /var/lib/snapd/snap`
			`become: true`
			`file:`
			`src: /var/lib/snapd/snap`
			`dest: /snap`
			`state: link`
			`when: var_lib_snapd.stat.exists`

			`- name: Ensure snapd is enabled and running`
			`become: true`
			`ansible.builtin.systemd:`
			`enabled: true`
			`state: started`
			`name: snapd`
			`daemon_reload: true`
			`when: not ('-minimal' in inventory_hostname)`
			`ignore_errors: '{{ qubes_prerelease \| default(false) }}'`

			`- name: Apply full theme and dotfiles`
			`include_role:`
			`name: professormanhattan.theme`

			`- include_tasks: tasks/qubes/vm-common.yml`

			`- name: Ensure /etc/skel /usr/local.orig is setup for inheritence`
			`become: true`
			`copy:`
			`src: '{{ item.src }}'`
			`dest: '{{ item.dest }}'`
			`mode: '{{ item.mode }}'`
			`remote_src: true`
			`with_items:`
			`- src: /home`
			`dest: /etc/skel`
			`mode: preserve`
			`- src: /usr/local`
			`dest: /usr/local.orig`
			`mode: preserve`