Roles meant to be used after a basic Ubuntu installation: custom keyboard layouts, vscode and extensions, dconf and common ones


Ansible roles for Ubuntu laptop or desktop install

Note 1: This repository is not a finished product ! For me it seems too complex to be used at large. For quick tasks I am using simpler playbooks and scripts, like those from the Scripts repository.

Note 2: Coding best practices, linting and so on were not a priority for this repository, some of these are tests and proof of concept code !

Note 3 begin: I am rebuilding this repository. Someof the changes that must be done:

  • the settings section from vscode role MUST be rebuilt
  • vscode role should be rebuilt to include the profiles feature
  • wordlists role MUST be rebuilt

Note 3 end.

This repository contains some roles meant to be used after a basic Ubuntu installation. The defined roles are:

  • common install the apps defined in common_apps, group_apps and host_apps variables
  • clamav installs clamav and freshclam then sets the number of checks per day
  • dconf, see it's source for description of functionality
  • firewall installs nftables and firewalld
  • git installs git and sets it's global settings from the git_global_options variable
  • hydra installs THC Hydra
  • keyboard adds custom keyboard profiles / layouts. It contains keyboard layouts for converting a laptop keyboard to a Tenkeyless-like one, using the numberpad as navigation keys. See this post for details.
  • kicad installs a KiCad version from it's ppa
  • nodejs installs Node.js from repository
  • podman installs podman, buildah, slirp4netns and fuse-overlayfs. In Ubuntu 20.04 uses the Kubic project provided packages. For other distributions uses the default repositories.
  • python installs python3, python3-pip and python3-venv
  • ruby_bundler installs ruby-full and ruby-bundler
  • setuser sets basic user properties, see it's source for description of functionality
  • teams_insiders installs Teams Insiders from Microsoft's repository
  • vim installs vim and sets /etc/vim/vimrc.local
  • vscode installs Visual Studio Code from Microsoft's repository, extensions and custom user settings. For extensions I have built an Ansible module.
  • wordlists downloads wordlists into user's ~/wordlists directory. Downloading is implemented from, KaliLists/dirbuster and from any complete URL.
  • zaproxy installs OWASP ZAP using the official ZAP Linux Repos

This is a work-in-progress and should be tested before use.


To test playbooks, roles and tasks I use physical and virtual hosts.

Using lxc, a simple virtual system container can be created with:

lxc launch images:ubuntu/22.04 jammy-container

# set a password for 'ubuntu' user
lxc exec jammy-container -- sh -c "echo \"ubuntu:$pass\" | chpasswd"

# install OpenSSH server
lxc exec jammy-container -- sh -c 'apt update && apt -y install openssh-server'

# find the IPv4 address of the container
addr="$(lxc info jammy-container | grep 'inet:' | grep -v '' | cut -d: -f2 | cut -d/ -f1 | tr -d ' ')" && echo "$addr"

# try a connection to add the key to known_hosts file
ssh -l ubuntu "$addr"

and cleaned up with:

lxc stop jammy-container
lxc delete jammy-container

About Ansible

You may start by reading Ansible notes and quick start


On the control host (the local host if the roles will be launched from this host) run:

sudo apt update
sudo apt install software-properties-common
sudo apt install python3 python3-pip python3-venv python3-jmespath python3-psutil
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible ansible-lint

# install the requirements with
[[ -r requirements.yml ]] && ansible-galaxy collection install -r requirements.yml
# to upgrade all collections from a 'requirements.yml' file use:
# [[ -r requirements.yml ]] && ansible-galaxy collection install --upgrade -r requirements.yml
# or, to upgrade a single collection, use:
# ansible-galaxy collection install --upgrade <collection_name>

With inventory file(s)

In the root directory of the repository create the inventories/production directory. Inside the inventories/production directory copy the content of the inventories/example directory.

The default configuration files are inventories/production/all.yml, where you should put the common settings, and inventories/production/desktops.yml and inventories/production/laptops.yml for specific ones.

Modify ! the files for your environment, mostly:

  • local_user_name should be the name of your standard user;
  • set the content of git_global_options as needed;
  • enable the roles that you want in site.yml.

Then, for production environment, use:

# if configuring a laptop
ansible-playbook --ask-become-pass -i inventories/production --limit laptop_local site.yml

# if configuring a desktop
ansible-playbook --ask-become-pass -i inventories/production --limit desktop_local site.yml

Without inventory file

All needed variables must be passed on the command line. Read Defining variables at runtime for more information.

Warning: Some roles will not work if their variables are not set.

Here are some simple examples:

# run the playbook against localhost
ansible-playbook -i, \
    --become --ask-become-pass \
    -e 'ansible_connection=local' \
    -e 'local_user_name=your_user_name' \

# run the playbook against the remote host
ansible-playbook -i, \
    --become --ask-become-pass \
    -e 'local_user_name=your_user_name' \


When using Visual Studio Code as editor, add the Ansible VS Code Extension by Red Hat and install Ansible Lint:

sudo python3 -m pip install ansible-lint

Python modules

cd to the root directory of the repository and create a python virtual environment:

[ ! -d .venv ] && python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install psutil

To test :

# activate the venv
source .venv/bin/activate

# create a file to pass arguments to the vscode_extension_installer module
mkdir -p tmp
cat << 'EOF' > tmp/test_args.json
        "name": "redhat.ansible"

# test the vscode_extension_installer module
python roles/vscode/library/ tmp/test_args.json


This repository is licensed under the terms of GNU GPLv3 license. See the LICENSE-GPLv3.txt file.


