fedora-dev-machine-setup | Fedora Workstation 43

Description

This repo contains Ansible playbooks to configure your system as a development machine after a clean install.

The playbooks have been tested on:

• Fedora Workstation 43

---

What gets installed and configured?

Summary of packages that get installed and configured based on roles:

• role: harden_system

  • Remove the passim package and stop the passimd service from listening on 0.0.0.0
  • Disable Link-Local Multicast Name Resolution (LLMNR) listening on 0.0.0.0
  • Create and activate a new firewalld zone FedoraWsHardened, which DROPS all incoming requests

• role: base

  • Enable the firewalld firewall
  • Tune system swappiness to greatly reduce swapping
  • Upgrade all packages
  • Install archiving tools like zip, rar, etc.
  • Install LibreOffice
  • Install Foliate, an e-book reader
  • Install Obsidian markdown editor
  • Install power management tools like TLP
  • Install development tools like android-tools, awscli, httpie, docker, golang, poetry, etc.
  • Install code formatters and linters like ruff, ansible-lint, etc.
  • Set up golang directories
  • Install download tools like axel, transmission, wget, aria2
  • Install image, audio, and video tools like VLC, Totem, GIMP, ImageMagick, etc.
  • Option to turn on Night Light for eye comfort (set base_permanent_night_light.night_light_enabled to true in group_vars/all/base.yml)
  • Enable fzf fuzzy finder in the Zsh terminal
  • Install lazygit
  • Install terminal emulator Alacritty
  • Set GNOME color-scheme to dark mode

• role: zsh

  • Install the Zsh package and set the user shell to Zsh
  • Install zinit Zsh plugin manager
  • Copy and enable a sample ~/.zshrc file if one doesn't exist
    • Includes a function to stop ssh-agent from repeatedly asking for encrypted SSH key passwords in new terminals
    • Adds additional aliases, functions, and variables in ~/.shell_aliases.sh,~/.shell_functions.sh, and ~/.shell_variables.sh for use in interactive sessions
  • Install ohmyzsh/ohmyzsh and enable bundled plugins
  • Enable the Bullet Train Zsh theme (others like p10k can be configured as well)

• role: terminal_customizations

  • Download and install Nerd Fonts from ryanoasis/nerd-fonts; ideal for terminal and programming editors
  • Copy and enable a sample Tilix config file with configured Nerd Font
  • Copy and enable a sample Tmux config file if one doesn't exist
  • Copy and enable ~/.tmux.conf with tmux plugin manager and several plugins
    • Open Tilix and run the tmux command, or enable a custom command option in Tilix
    • Edit ~/.tmux.conf as needed

• role: neovim

  • Install Neovim packages
  • Install LazyVim Neovim distribution
    • Open nvim from terminal; plugins will install automatically on first launch

• role: vscode

  • Add the Visual Studio Code APT repo
  • Install Visual Studio Code
  • Install popular extensions

• role: privacy

  • Install Tor
  • Configure Tor to run at boot and avoid certain countries as exit nodes
    • Edit /etc/tor/torrc if needed
  • Install ProxyChains
  • Configure ProxyChains to use Tor. See my Medium story for usage
    • Edit /etc/proxychains.conf if needed
  • Install a metadata anonymization toolkit

• role: security

  • Install ClamAV (antivirus) and its GNOME interface. Run scans manually via Nautilus or CLI using clamscan; clamd is not installed due to high memory usage
  • Install Firejail for sandboxing applications

• role: virtualization

  • Install Docker packages
  • Install and configure QEMU and KVM with libvirt
    • sets up an isolated network virbr69 10.69.69.0/24 in addition to the default NAT netowrk
    • sets up additional storage pools isos and templates with correct SELinux contexts

• role: googlechrome

  • Add the Google Chrome APT repo
  • Install Google Chrome

---

Step 0 | Prerequisites for running the Ansible playbooks

On the system you are about to configure using Ansible, perform the following:

Install ansible and git first:

/usr/bin/sudo dnf update -y
/usr/bin/sudo dnf install ansible git -y

git clone https://github.com/FazleArefin/fedora-dev-machine-setup.git
cd fedora-dev-machine-setup

Step 1 | Running the playbooks to configure your system

Run the following as yourself (the primary user), not as root:

ansible-playbook main.yml -vv -e "laptop_mode=true local_username=$(id -un)" -K

Enter your sudo password when prompted for BECOME password:.

The main.yml playbook can take between 15 minutes to an hour to finish.

Once complete, reboot your laptop for all changes to take effect.

Effect of the extra vars passed using -e

• laptop_mode
  • true: installs packages like TLP for battery optimization
  • false: skips installing battery-saving packages like TLP

---

Known Issues

• If the Ansible playbook stops mid-way, rerun it. Most tasks are idempotent, so re-execution is safe.
• If your terminal displays strange characters after installing a Zsh theme, change the font to a Nerd Font in the terminal's settings.
• If you dislike fuzzy finder completions, comment out the #fzf line in your ~/.zshrc (this is a feature, not a bug).

---

Pull Requests and Forks

Pull requests are welcome! However, this repo is tailored to my own development needs. For your own workflow, it's probably better to fork it and customize as you like.

---

Donations

If this setup saved you time or effort, feel free to donate—though the repo is entirely free and open, with no strings attached.

Bitcoin (BTC): bc1qzlhpm94vtk2ht67etdutzcy2g5an5v6g36tp0m