Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



62 Commits

Repository files navigation

Contributors Forks Stargazers Issues MIT License LinkedIn



Ansible playbooks for provisioning Fedora Workstations with tools which are commonly used in DevOps environments.
Explore the docs »

View Demo · Report Bug · Request Feature



Table of Contents

  1. About The Project
  2. Usage
  3. Contributing
  4. License
  5. Contact
  6. Acknowledgements

About The Project

Ansible playbooks for provisioning Fedora Workstations with tools which are commonly used in DevOps environments.

Built With


Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request



  1. Install git, python, ansible

    sudo -i
    dnf install -y git python3-pip curl sudo
    pip3 install ansible
  2. Clone repository

    # Create directory for github repository
    mkdir -p ~/git/github
    cd ~/git/github
    # Clone (pull) git repository
    git clone
  3. Change user_name in playbooks/group_vars/all.yml to your Fedora username and run Ansible

    # Go to repository directory
    cd ansible-ops-workstation/playbooks
    # Edit playbooks/group_vars/all.yml, change user_name
    vi group_vars/all.yml
    # Run Ansible
    ansible-playbook -i ../inventory/hosts.yml fedora.yml -K
  4. Reboot your machine to apply all changes


  1. Open terminal, login as root, upgrade your OS:

    sudo -i
    hostnamectl set-hostname mikeePC
    dnf upgrade -y
  2. Reboot your machine


Ubuntu WSL

  1. Install

  2. Open WSL2 terminal, login as root, upgrade your OS:

    sudo -i
    apt-get update
    apt-get upgrade
  3. Install git, python, ansible

    sudo -i
    apt-get install -y git python3-pip curl sudo
    pip3 install ansible
  4. Clone repository

    # Create directory for github repository
    mkdir -p ~/git/github
    cd ~/git/github
    # Clone (pull) git repository
    git clone
  5. Change user_name in playbooks/group_vars/all.yml to your WSL username (link) and run Ansible

    # Go to repository directory
    cd ansible-ops-workstation/playbooks
    # Edit playbooks/group_vars/all.yml, change user_name
    vi group_vars/all.yml
    # Run Ansible
    ansible-playbook -i ../inventory/hosts.yml wsl-ubuntu.yml -K
  6. Install PowerLevel10K font on Windows -

  7. Copy Windows Terminal config from -

    • and paste it here - C:\Users\${WINDOWS_USER_NAME}\AppData\Local\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\LocalState
  8. Copy VScode config file from -

    • and paste it here - C:/Users/${WINDOWS_USER_NAME}/AppData/Roaming/Code/User/settings.json
  9. You can also install VScode extensions manually from the list here -, by finding them in the VScode UI and clicking install or via CLI by executing:

    code --install-extension ${EXTENSION_NAME}
  10. Restart your VScode/Windows Terminal to see your new oh-my-zsh :)

Remember to use VScode with Remote WSL extension and store all your unix/git files/repositories under WSL2 to not encounter any issues with file permissions, etc.

I also recommend to use builtin terminal in VSCode as it also really configurable and works like a charm with oh-my-zsh and P10K

Tips and Tricks

  1. MacOS disk utility doesn't show free space on a harddisk

    • create ntfs partition on any free disk space on that disk, then shrink/resize your APFS partitions/containers.
  2. To fix Docker on newer Fedora's installations:

    vi /etc/default/grub
    grub2-mkconfig -o /boot/grub2/grub.cfg
  3. Fix selinux policies for OpenVPN certs custom path

    sudo semanage fcontext -a -t home_cert_t /home/mikee/Documents/vpns/certs_vpn/ca.crt
    sudo restorecon -R -v /home/mikee/Documents/vpns/certs_vpn/
  4. How to enable bitlocker on macbook

    • Configure BitLocker to work without a TPM:

      Start => run => gpedit.msc
      Open the Local Computer Policy node
      Navigate to Computer Configuration \ Administrative Templates \ Windows
      Components \ Bit Locker Drive Encryption \ Operating System Drives
      Double click on Require additional authentication at startup
      Enable the feature and check the box next to `Allow BitLocker without a compatible TPM`, click Apply and Ok, and close out of Local Group Policy Editor.
  5. To save last boot entry in grub - add lines below to /etc/default/grub and run grub2-mkconfig -o /boot/grub2/grub.cfg

  6. To setup hp printer

    hp-setup        # to configure HP printer
  7. To disable KDE wallet when using pip3

    python3 -m keyring --disable
  8. hid_apple mods -

    cd /sys/module/hid_apple/parameters
    echo 1 > swap_fn_leftctrl
    echo 1 > swap_opt_cmd
    # vi /etc/modprobe.d/hid_apple.conf
    options hid_apple swap_fn_leftctrl=1
    options hid_apple swap_opt_cmd=1
    options hid_apple iso_layout=1
    # after adding this options to the file, you need to rebuild your initramfs
    ## in Fedora
    dracut -f
  9. Add SSH keys, config and private gpg keys from keybase

    keybase pgp list
    keybase pgp export --query $KEY_ID -s > private.gpg; gpg --import private.gpg; rm -v private.gpg
    keybase pgp export --query $KEY_ID > public.gpg; gpg --import public.gpg; rm -v public.gpg
    git-crypt add-gpg-user -n --trusted $USER_ID[could be email]
    # If `gpg -vvvvv --import` hangs on:
    ## gpg: waiting for lock (held by 5555) ...
    ## gpg: no running keyboxd - starting '/usr/libexec/keyboxd'
    ### you can fix it by commenting out use-keyboxd in ~/.gnupg/common.conf.
  10. To save HTTPS git credentials

    git config --global credential.helper store
    git config lfs.cachecredentials true
  11. How to install latest NVIDIA driver on Linux:

    ### Install using .run installer (manually) ###
    # Install DKMS to automatically install Nvidia driver when updating kernel
    dnf install dkms kernel-devel kernel-headers gcc make acpid libglvnd-glx libglvnd-opengl libglvnd-devel pkgconfig vdpauinfo libva-vdpau-driver libva-utils
    # Add opensource nvidia driver - nouveau to blacklist
    vi /etc/modprobe.d/nvidia-installer-disable-nouveau.conf
    blacklist nouveau
    options nouveau modeset=0
    vi /etc/default/grub
    GRUB_CMDLINE_LINUX="rhgb quiet rd.driver.blacklist=nouveau"
    grub2-mkconfig -o /boot/grub2/grub.cfg
    # Rebuild initramfs
    dracut -f
    systemctl set-default
    # Download latest cuda driver and nvidia driver and go to download path
    # CUDA -
    # cuda will also install nvidia driver, but in older version
    # Nvidia driver -
    systemctl set-default
    dnf remove xorg-x11-drv-nouveau
    # to dynamically change current session to non-graphical user interface
    systemctl isolate
    # to revert back to graphical
    systemctl isolate
    # If there are some issues with booting to graphical environment, i.e.: with API mismatch error, execute `dracut -f` to rebuild initramfs with newer version of driver
    # dmesg|grep -i nvrm -A3
    # [  113.647054] NVRM: API mismatch: the client has the version 460.91.03, but
    #                NVRM: this kernel module has the version 390.144.  Please
    #                NVRM: make sure that this kernel module and all NVIDIA driver
    #                NVRM: components have the same version.
    dracut -f
    # If you fail to boot to Fedora, you can edit boot entry in grub by clicking "e" in grub bootmenu and in line starting with "linux ..." add at the end "init 3" to boot in (without graphical interface)
    # If you are using Secure Boot, during installation of the NVIDIA drivers create new key pair (or use existing one), and if it's a new key pair then add them to UEFI key by executing
    mkdir -p /usr/share/uefimok/
    cp -rfv /usr/share/nvidia/nvidia-modsign-crt-${id}.der /usr/share/uefimok/
    cp -rfv /usr/share/nvidia/nvidia-modsign-key-${id}.key /usr/share/uefimok/
    mokutil --import /usr/share/uefimok/nvidia-modsign-crt-${id}.der
    bash --module-signing-secret-key=/usr/share/uefimok/nvidia-modsign-key-${id}.key --module-signing-public-key=/usr/share/uefimok/nvidia-modsign-crt-${id}.der
    ### Install using packages from CUDA rpm repository ###
    # Check latest available rpm repo (fedora40 is not available) -
    dnf config-manager --add-repo$distro/x86_64/cuda-$distro.repo
    dnf -y install dkms
    dnf -y module install nvidia-driver:open-dkms
    dnf -y install nvidia-container-toolkit
    # Make sure you're running desktop in X11 mode, wayland is a bit laggy still
    # xorg.conf can be generated from nvidia-settings
    # Enroll MOK key if you're using SecureBoot
    ## You can check by which key the kernel module is signed by, by executing: modinfo nvidia-drm, and then try to find it locally (i.e.: in dkms config file)
    mokutil --import /var/lib/dkms/
    ### Enabling wayland
    ## vi /etc/dracut.conf.d/nvidia.conf
    force_drivers+=" nvidia nvidia_modeset nvidia_uvm nvidia_drm "
    ## vi /etc/modprobe.d/nvidia.conf
    options nvidia_drm modeset=1 fbdev=1
    mv /usr/lib/udev/rules.d/61-gdm.rules /root/61-gdm.rules
    dracut -f
  12. To fix purple'ish screen, enable OC and Fan control (I recommend to use GreenWithEnvy - gwe (installed using flatpak)) apply those changes to /etc/X11/xorg.conf:

    Section "Device"
        # To fix ddcutil
        Option         "RegistryDwords" "RMUseSwI2c=0x01; RMI2cSpeed=100"
        # To enable fan control and OC
        Option         "Coolbits" "12"
    Section "Screen"
        # To fix purple'ish screen
        ## These settings can be controled using nvidia-settings --> X Server Display Configuration --> Advanced... --> Force Composition Pipeline --> Save to X Configuration File
        Option         "metamodes" "nvidia-auto-select +0+0 {ForceCompositionPipeline=On, AllowGSYNCCompatible=On}"
    ### Example /etc/X11/xorg.conf
    Section "Device"
        Identifier     "Device0"
        Driver         "nvidia"
        VendorName     "NVIDIA Corporation"
        BoardName      "NVIDIA GeForce RTX 3070"
        Option         "RegistryDwords" "RMUseSwI2c=0x01; RMI2cSpeed=100"
        Option         "Coolbits" "12"
    Section "Screen"
        Identifier     "Screen0"
        Device         "Device0"
        Monitor        "Monitor0"
        DefaultDepth    24
        Option         "Stereo" "0"
        Option         "nvidiaXineramaInfoOrder" "DFP-1"
        Option         "metamodes" "nvidia-auto-select +0+0 {ForceCompositionPipeline=On, AllowGSYNCCompatible=On}"
        Option         "SLI" "Off"
        Option         "MultiGPU" "Off"
        Option         "BaseMosaic" "off"
        SubSection     "Display"
            Depth       24
  13. To enable "outdated" gnome extension add used gnome-shell version to shell-version table in metadata.json extension's file

    gnome-shell --version
    GNOME Shell 41.2
    vi ~/.local/share/gnome-shell/extensions/${EXTENSION_NAME}/metadata.json
      "shell-version": [
  14. To turn off hdd

    echo 1 > /sys/block/sdb/device/delete
  15. To open remote VScode session from CLI:

    code --folder-uri vscode-remote://ssh-remote+${SSH_USER}@${HOST}${PATH}
    # Example
    code --folder-uri vscode-remote://[email protected]/home/user/git
  16. To change brightness:

cat /sys/class/backlight/acpi_video0/max_brightness
echo 2 > /sys/class/backlight/acpi_video0/brightness
  1. To give Steam access to local storage outside of flatpak
flatpak override com.valvesoftware.Steam --filesystem=${PATH_TO_FILESYSTEM}
  1. Terminator fails to open with an error terminator:24:<module>:ModuleNotFoundError: No module named 'psutil', try reinstalling dnf reinstall python3-psutil to fix it

  2. Enable tabs scrolling in firefox:

### about:config

# tabs mouse scrolling
toolkit.tabbox.switchByScrolling = true

# if google docs crashes, page jumps
gfx.canvas.accelerated = false


Distributed under the GNU GPLv3 License. See COPYING for more information.


Twitter - @mikeeqp

Project Link:
