Record new playbook

Use ansible to bootstrap a remote workstation based on Alma Linux. Possibly compatible with fedora.

ansible_playbooks/bootstrap_vnc.yml

@@ -0,0 +1,127 @@
+---
+- name: Setup Swap, WireGuard, and VNC on CentOS
+  hosts: almalinux
+  become: true
+  tasks:
+    - name: Create a swap file
+      ansible.builtin.command: fallocate -l 4G /swapfile
+      args:
+        creates: /swapfile
+
+    - name: Set permissions on the swap file
+      ansible.builtin.file:
+        path: /swapfile
+        mode: "0600"
+
+    - name: Set up swap space
+      ansible.builtin.command: mkswap /swapfile
+      args:
+        creates: /swapfile
+
+    - name: Enable swap file
+      ansible.posix.mount:
+        name: none
+        src: /swapfile
+        fstype: swap
+        state: present
+
+    - name: Add swap file to fstab
+      ansible.builtin.lineinfile:
+        path: /etc/fstab
+        line: /swapfile none swap defaults 0 0
+        state: present
+
+    - name: Update package cache
+      ansible.builtin.dnf:
+        update_cache: true
+
+    - name: Upgrade all packages
+      ansible.builtin.dnf:
+        name: "*"
+        state: latest
+
+    - name: Install WireGuard
+      ansible.builtin.dnf:
+        name:
+          - wireguard-tools
+        state: present
+
+    - name: Load WireGuard module
+      community.general.modprobe:
+        name: wireguard
+        state: present
+
+    - name: Enable IP forwarding
+      ansible.posix.sysctl:
+        name: net.ipv4.ip_forward
+        value: 1
+        state: present
+        reload: true
+
+    - name: Create WireGuard keys
+      ansible.builtin.command: >
+        sh -c 'wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey'
+      args:
+        creates: /etc/wireguard/privatekey
+
+    - name: Install EPEL release
+      ansible.builtin.dnf:
+        name: epel-release
+        state: present
+
+    - name: Install XFCE desktop environment
+      ansible.builtin.dnf:
+        name: "@XFCE"
+        state: present
+
+    - name: Install TigerVNC server
+      ansible.builtin.dnf:
+        name: tigervnc-server
+        state: present
+
+    - name: Create vnc configuration directory
+      become: false
+      ansible.builtin.file:
+        path: ~/.vnc/
+        state: directory
+        recurse: true
+
+    - name: Create VNC startup file
+      become: false
+      ansible.builtin.copy:
+        dest: ~/.vnc/xstartup
+        content: |
+          #!/bin/sh
+          unset SESSION_MANAGER
+          unset DBUS_SESSION_BUS_ADDRESS
+          exec /etc/X11/xinit/xinitrc
+        mode: "0755"
+
+    - name: Enable TigerVNC service
+      ansible.builtin.systemd:
+        name: vncserver@:1.service
+        enabled: true
+        state: started
+
+    - name: Open WireGuard port (51820) in firewall
+      ansible.posix.firewalld:
+        service: wireguard
+        permanent: true
+        state: enabled
+        zone: public
+
+    - name: Open VNC port (5901) in firewall
+      ansible.posix.firewalld:
+        port: 5901/tcp
+        permanent: true
+        state: enabled
+        zone: public
+
+    - name: Reload firewalld to apply changes
+      ansible.builtin.service:
+        name: firewalld
+        state: restarted
+
+    - name: Reboot the system
+      ansible.builtin.reboot:
+        msg: Rebooting to apply changes