Add debian-local-install.yml

debian-local-install.yml

@@ -0,0 +1,184 @@
+---
+- hosts: local
+  gather_facts: true
+  become: true
+
+  tasks:
+    - name: Configure /etc/apt/sources.list
+      ansible.builtin.blockinfile:
+        path: /etc/apt/sources.list
+        owner: root
+        group: root
+        block: |
+          deb http://debian.uchicago.edu/debian/ {{ansible_distribution_release}} main contrib non-free non-free-firmware
+          deb http://debian.uchicago.edu/debian/ {{ansible_distribution_release}}-updates main contrib non-free non-free-firmware
+          deb http://debian.uchicago.edu/debian/ {{ansible_distribution_release}}-backports main contrib non-free non-free-firmware
+          deb http://security.debian.org/debian-security {{ansible_distribution_release}}-security main contrib non-free non-free-firmware
+
+    - name: Disable APT language translations
+      ansible.builtin.lineinfile:
+        path: /etc/apt/apt.conf.d/99translations
+        line: 'Acquire::Languages "none";'
+        owner: root
+        group: root
+        create: true
+
+    - name: Update APT repository cache
+      ansible.builtin.apt:
+        update_cache: true
+        default_release: "{{ansible_distribution_release}}-backports"
+
+    - name: Run dist-upgrade if needed
+      ansible.builtin.apt:
+        upgrade: dist
+        update_cache: true
+        default_release: "{{ansible_distribution_release}}-backports"
+
+    - name: Add third-party repositories
+      block:
+        - name: Ensure /etc/apt/keyrings exists
+          ansible.builtin.file:
+            path: /etc/apt/keyrings
+            state: directory
+            mode: 0755
+
+        - name: Add charm repo key
+          ansible.builtin.get_url:
+            url: https://repo.charm.sh/apt/gpg.key
+            dest: /etc/apt/keyrings/charm.gpg
+
+        - name: Add charm repo
+          ansible.builtin.apt_repository:
+            repo: "deb [signed-by=/etc/apt/keyrings/charm.gpg] https://repo.charm.sh/apt/ * *"
+            state: present
+
+        - name: Ensure /usr/share/keyrings exists
+          ansible.builtin.file:
+            path: /usr/share/keyrings
+            state: directory
+            mode: 0755
+
+        - name: Add Tailscale repo key
+          ansible.builtin.get_url:
+            url: "https://pkgs.tailscale.com/stable/debian/{{ansible_distribution_release}}.noarmor.gpg"
+            dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
+
+        - name: Add Tailscale repo
+          ansible.builtin.get_url:
+            url: https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list
+            dest: /etc/apt/sources.list.d/tailscale.list
+
+    - name: Install APT packages
+      ansible.builtin.apt:
+        update_cache: true
+        default_release: "{{ansible_distribution_release}}-backports"
+        state: present
+        pkg:
+          - apt-file
+          - apt-listbugs
+          - apt-listchanges
+          - apt-transport-https
+          - atop
+          - autoconf
+          - automake
+          - autossh
+          - borgbackup
+          - borgmatic
+          - breeze-gtk-theme
+          - breeze-icon-theme
+          - btop
+          - build-essential
+          - curl
+          - devilspie2
+          - dnsutils
+          - emacs
+          - firewalld
+          - flatpak
+          - fonts-noto-color-emoji
+          - fonts-noto-mono
+          - galculator
+          - git
+          - git-core
+          - golang
+          - gum
+          - htop
+          - hugo
+          - jc
+          - jq
+          - lynx
+          - maim
+          - ncat
+          - ndiff
+          - nextcloud-desktop
+          - nodejs
+          - npm
+          - optipng
+          - papirus-icon-theme
+          - pass
+          - pipx
+          - podman
+          - python3-dev
+          - python3-pip
+          - rofi
+          - rsync
+          - systemd-resolved
+          - tailscale
+          - tuptime
+          - w3m
+          - w3m-img
+          - wget
+          - wireshark
+          - xclip
+          - xfce4-genmon-plugin
+          - xfce4-weather-plugin
+          - zip
+          - zsh
+
+    - name: Configure XDG user dirs defaults
+      ansible.builtin.blockinfile:
+        path: /etc/xdg/user-dirs.defaults
+        owner: root
+        group: root
+        mode: 0644
+        block: |
+          DESKTOP=desktop
+          DOWNLOAD=downloads
+          TEMPLATES=
+          PUBLICSHARE=sync
+          DOCUMENTS=sync/documents
+          MUSIC=
+          PICTURES=sync/pictures
+          VIDEOS=sync/videos
+
+    - name: Remove old ~/.config/user-dirs.dirs
+      ansible.builtin.file:
+        path: /home/jas/.config/user-dirs.dirs
+        state: absent
+
+    - name: Remove unneeded XDG user dirs
+      ansible.builtin.file:
+        path: "/home/jas/{{ item }}"
+        state: absent
+      with_items:
+        - Desktop
+        - Documents
+        - Downloads
+        - Music
+        - Pictures
+        - Public
+        - Templates
+        - Videos
+
+    - name: Run xdg-user-dirs-update
+      ansible.builtin.command: xdg-user-dirs-update
+      become_user: jas
+
+    - name: Disable unneeded services
+      ansible.builtin.systemd_service:
+        name: "{{ item }}"
+        enabled: false
+      with_items:
+        - avahi-daemon.service
+        - avahi-daemon.socket
+        - cups-browsed.service
+        - cups.service