Setup

My Ansible setup for Fedora 41

Why ?

Setup an entire Linux desktop for personal and work usage, is just a considerable effort by hand. I have to research package names all the times again and again, for various package managers, add some dependencies for some particular packages, ... I made a few Bash scripts that really suck and have no idempotence, I have to search and execute steps on how to compile from source some specific softwares like espanso... Making all Plasma configurations by hand, setting up my dotfiles manually, generating SSH keypairs, ... that's just endless and so tiring to it twice.

The personal goal is to be able to setup at 95% a new Fedora with KDE Plasma desktop machine under 2 hours. I'm going to try to automate as much stuff as possible, even more complex things like build from sources programs, "complex to install" apps, zoxide index, private config files, SSH keys, secrets management,...

The other goal with this setup is to help my friends migrate to Fedora (because everyone agrees this is the best GNU/Linux distro right ?), bringing the new advantage of "you can skip most of figuring out steps with this setup". It obviously take a bit of time to understand, especially if you don't know Ansible, but

I help to migrate 2 friends this summer of 2024, and this is not the end...

I tried to document most of the packages so you can choose

Overview

To see an overview of tasks included in this playbook, open docs.md which is autogenerated from the various YAML files.

FAQ

I don't know Ansible, how can I read your setup ?
I made a cheatsheet to understand basics of Ansible without digging much into the docs. It helps to identify the equivalent of various very common commands. This is taking examples from this setup. This is just for your beginning, when you start getting confident and you want to setup exotic things, you will need to look at modules docs probably.

Samuel ... you spent more than 2.5 weeks working on this automation, is it really worth it for 3 days gain every 2 years when reinstalling your laptop ?
Maybe, maybe not, time will say, I already feel this is useful, but that's just very satisfying to have everything so easily installable without loosing hours everytime I need to figure out things again for something that breaks, for a missing dependency... And helping other installing stuff very without dicting 10 commands loudly or giving a script in 4 parts that still need some decision-making, is a nice benefit ! If you reused my setup to automate your existing Fedora or migrate to it, that would exponentially make this time well invested !

Okay, I'm convinced, how can I use your setup and adapt it to my needs ?
Look at the dedicated section Reusing this setup on the recommended steps.

What is the license of this setup ? Can I legally use and modify your work ?
Yes you can, it is released under a well known free license, because I really care about sharing improvements I chose GPL-3.0-or-later. Read more under License section.

Your question...

Continuous iteration

Continuous effort
This automation was a big effort and maintenance is an ongoing effort (adding or tweeking things). I'm learning and understanding Ansible, this is still new to me even if I wanted to do this since 2 years (see lxsetup to dig more...). As you can see there is still around ~36 TODO here, some possible improvements or little fixes to bring... The structure is probably very basic, we could clearly improve this with roles and groups but I didn't had time/motivation to learn to use them.

The first considerable impact story
On the 29.07.2024 I managed to reinstall my laptop in ~2h15 after having spent hours automating softwares installation and having made an optimized backup (with most of apps states but without most of cache and useless logs). Even if the playbook fails 3 times and there is still a very few things to configure manually, this is just a first big success to me. I don't fear the need to reinstall everything anymore because I know it doesn't take so much effort with this playbook + some optimized backup... But the process to improve, document and automate my setup is clearly not done, I still have some work on my backups strategy to ensure this.

More coming sooon stories with friends I hope :) ...

Fedora installation

1. Grab the ISO on Download Fedora KDE Plasma Desktop 41.
2. Take a USB stick that can be formatted
3. Verify the download (checksum and signature)
4. Flash your USB stick with Ventoy (which allows to have multiple ISO on a single USB key) and copy Fedora's ISO in the partition creating during the flash.
5. Note: you can also use Fedora Media Writer on Fedora or Balena Etcher if you are on Windows, to flash the ISO file on the UBS stick directly, but it will takes 10-15min instead of ~5.
6. Prepare new LUKS passphrase and session password in your head
7. Make sure secure boot is disabled in BIOS coming from Windows
8. If you are dual booting, make sure YOUR EFI PARTITION IS BIG ENOUGH. 260Mo is not enough ! Read this article. Fedora 40 has chosen 600MB for me. Even if only 4% is used, I encountered issue during kernel upgrade that couldn't be unpacked because of missing space. You can move partitions and resize the EFI partition via KDE Partition Manager (at least it worked once for me).
9. Boot on USB stick by entering the GRUB menu and choose the USB stick (generally F12, F10 or another key, check online)
10. Run through the Anaconda (the "Install to Hard drive" app) steps, do not forget to check the "Encrypt my data" if you want to have a fully encrypted disk.

Setup the setup

After a fresh Fedora installation,

1. Connect to the WIFI
2. Run a DNF update with sudo dnf update -y, even with a fresh installed downloaded ISO image. Make sure it succeed and reboot.
3. Run these commands to install Ansible, git and latest dnf version, get this repository and finally run the playbook.

sudo dnf install ansible git -y
cd ~/Desktop
git clone https://codeberg.org/samuelroland/setup.git
cd setup

Depending on what you prefer you can choose your virtualisation backend.

Either install VirtualBox

ansible-playbook playbook.yml -K -v --tags vms -e vm_backend_virtualbox=true

Or KVM

ansible-playbook playbook.yml -K -v --tags vms -e vm_backend_kvm=true

WARNING: do not run with --become because all tasks will run with root, this is dangerous and would install a lot of things locally for root user...

Additionnal tasks probably only for Samuel (tagged only-sam)

ansible-playbook playbook.yml -K -v --tags only-sam

Note: The playbook takes around ~30minutes to run the first time (with a ~5MB/s connection). The duration when there is nothing to change is of ~25s

Then delete this repository as it should be cloned elsewhere using SSH URL...

In case the execution fails, it's not problem at all to fix manually the issue or fix the playbook, and restart it many times if needed. The goal is to reach a point of quality where it never fails.

Manual steps

1. Connect and open backup disk
2. Wait for FreeFileSync to be installed (see the first priority tasks)
3. Open FreeFileSync, open "RestoreBack" configuration (todo: yet to implement) and start sync. TODO:
4. Connect mouse and keyboard via bluetooth
5. Configure network connection like VPN connections if needed
6. Save the new passwords (LUKS + account) in password manager
7. Backup the LUKS headers ! TODO: how to do that ??
8. Install dotfiles repository. TODO: how to automate this ? Should I switch to chezmoi ??

Playbook content

At the exception of Nvidia drivers that are installed if there is Nvidia GPU detected, and a few firmwares for Wifi and others, this setup (to my knowledge) only contains free softwares! For non Nvidia GPU powered computer, it will not connect to rpmfusion-nonfree branch.

Sources

RPM registries

• Fedora default registries
• Enabled the fedora-cisco-openh264 (configured but disabled by default)
• RPMFusion free branch (nonfree branch only enabled if Nvidia GPU is detected)
• docker-ce-stable - Docker RPM registry
• Firefox PWA project repository
• gitlab.com_paulcarroty_vscodium_repo - VSCodium repository
• ? - Visual Studio Code DNF

Other registries

• flathub.org - main flatpak registry
• crates.io - Rust ecosystem registry
• github.com - for various Go tools
• charm.sh - nice Go tools repository

TODO add missing links

TODO document this! home_mkittler Martchus applications repository for openSUSE and Fedora (Fedora_41) virtualbox Fedora 41 - x86_64 - VirtualBox WineHQ WineHQ packages

Copr

• copr:copr.fedorainfracloud.org:atim:bottom Copr repo for bottom owned by atim
• copr:copr.fedorainfracloud.org:karlisk:ventoy Copr repo for ventoy owned by karlisk
• copr:copr.fedorainfracloud.org:petersen:haskell-language-server Copr repo for haskell-language-server owned by petersen
• copr:copr.fedorainfracloud.org:zeno:scrcpy Copr repo for scrcpy owned by zeno

I try to not use Snap because of the server code being proprietary in contrary to other package managers.

Archives

Old working ways of installing some stuff as stored inside tasks/archive in case you want to use alternative approach or need inspiration. None of these files are included in any YAML file out of this folder.

Conventions

Here are a few conventions I applied to match the above strategy.

1. This playbook serves the purpose of installing the tools, not making sure they are up-to-date ! Updates are managed externally. This is why you can see some state: present instead of latest. One benefit is the execution a bit sped up. TODO: should I do a update.yml file to run specific updates and call upa ? should i delete upa ?
2. Each task file must contain a first comment line that will be displayed in the title in docs.md, and optionnally several other comment lines. It must contain at least one empty lines after that.

Tricks

Quickly edit my playbook:
To easily change something in my playbook and generate docs after modification I wrote this little fish function eap.

## Easily Edit my Ansible Playbook - generate docs if there is some git diff
set -g SETUP_REPOS_PATH ~/code/setup
function eap
    pushd $SETUP_REPOS_PATH
    set -l file (fd -e yml -e md -e fish | fzf)
    if test -f "$file"
        echo "Editing $file..."
        $EDITOR "$SETUP_REPOS_PATH/$file"

        # If there are any change, generate docs again
        if ! git diff --exit-code >/dev/null
            fish docs.fish
        else
            echo Skipped generating docs...
        end
    end
    popd
end

Note: it requires fzf + fd to be installed, and $EDITOR to be defined. I defined $SETUP_REPOS_PATH as the path to where I cloned this repository.

Tmp tasks list
TODO tmp.yml

Reusing this setup

This is a recommended way to reuse my setup and potentially syncing it from time to time to get fixes and new softwares. The idea is that your fork this repository (not necessarily from codeberg.org though) and make changes in your repository.

If you see other improvements to this setup to make it easier to fork/pull, please contact me or open an issue.

License

This setup is released under GPL-3.0-or-later (see LICENSE). You really should read this license to understand it: except if you don't distribute your fork (if it is a private fork just for you that no one else know), the license requires you to release your changes under the same license. To simplify things, leave your fork public so anyone can come back inspecting your changes and taking them back legally. I have chosen a protective license, because if you benefitted from this setup, it is fair to make improvements available to others or even contribute changes here if they could benefit me or others ! Also, making your fork public make the first git clone easier because you don't need SSH auth to be setup !!

This license obviously doesn't apply to installed software, just the files inside this repository (except the tasks/scripts folder where I store some installations scripts from various software that cannot be installed differently). Each software has its respective license to know about.

Copyright notice and no warranty notice:

Setup repository - Ansible setup for Fedora with KDE Plasma
Copyright (C) 2024 Samuel Roland

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.

Fork the repository

If you have a Git repos somewhere else and the "Fork" button is not cross-servers sadly (we hope federation with Forgejo will bring that one day !), you can fork it locally.

1. Create a new Git repos somewhere, clone it and jump inside
2. Add this repos as upstream origin: TODO document
3. TODO: continue

Sync my setup with your fork

TODO

Diff your fork and my repos

TODO: idk how to do this... any idea on how to generate diff from what was unchanged and not reviewed in the meantime.

Keep changes in your setup

TODO: idk how to do this... any idea on how to pull from upstream but still keep changes if you don't like my opinion ?

Contribute your changes back