ottenwbe · ottenwbe · Jan 31, 2026 · Jan 31, 2026 · Jan 31, 2026 · Jan 31, 2026
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -5,8 +5,6 @@ name: Test Developer Environment Setup
 # Controls when the workflow will run
 on:
   # Triggers the workflow on push or pull request events but only for the master branch
-  push:
-    branches: [ '**' ]
   pull_request:
     branches: [ master ]
 
@@ -28,4 +26,5 @@ jobs:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
       - name: Test Deployment Fedora ${{ matrix.fedora_version }}
-        run: test/test.sh ${{ matrix.fedora_version }} all
+        # some roles are skipped for efficiency of the github workflow, local test should still be executed with "all"
+        run: test/test.sh ${{ matrix.fedora_version }} "user,zsh,ansible,common,go,java,ruby,cpp,python"
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,5 @@
 .venv
-secrets.json
+vars.json
 *.retry
 .idea/
 .vagrant/

diff --git a/README.md b/README.md
@@ -30,7 +30,9 @@ Right now the only tested Distributions are:
 │   ├── kubernetes      // Everything needed for Kubernetes development (minikube, helm, ...)
 │   ├── python          // Everything needed for Python development
 │   └── ruby            // Everything needed for Ruby development       
-│   └── virtualization  // Virtualization tools (VirtualBox, Vagrant)
+│   ├── virtualization  // Virtualization tools (VirtualBox, Vagrant)
+│   └── intellij        // Installation of IntelliJ IDEA
+│   └── ai              // AI tools (Ollama, PyTorch, Jupyter)
 └── test/               // Test the playbook in docker images
     └── docker/
 ```
@@ -44,13 +46,29 @@ git clone https://github.com/ottenwbe/developer-environment-setup.git
 ```
 
 The ```bootstrap_local.sh``` script installs ansible as a prerequisite for executing the playbook.
-On a local Fedora installation where ansible is __not__ installed the playbook can be executed as follows:
+On a local Fedora installation where ansible is __not__ (yet) installed the playbook can be executed as follows. The playbook will install ansible and start sshd:
 
 ```bash
-sh bootstrap_local.sh inventory.yml <your user> Fedora
+sh bootstrap_local.sh inventory.yml @vars.json
 ```
 
-On a local Linux installation where ansible is installed the playbook can be executed as follows:
+This expects a simple config, vars.json, like this to setup your users and all configurations in their respective home directories:
+
+```json
+{
+  "users": [
+    {
+      "username": "user1",
+    },
+    {
+      "username": "user2",
+    }
+  ]    
+}
+```
+
+On a local Linux installation where ansible is installed the playbook can be executed as follows. NOTE: in this example the [git config](https://git-scm.com/docs/git-config) is updated as well for the user, which is an optional step:
+
 ```bash
 ansible-playbook -i inventory.yml site.yml --connection=local --extra-vars '{"users": [{"username": "your user", "git_name": "Your Name", "git_email": "email@example.com"}]}' --ask-become-pass
 ```
@@ -74,6 +92,7 @@ Available tags:
 * python: Python development environment 
 * kubernetes: Kubernetes tools (Minikube, Helm, etc.) 
 * virtualization: Virtualization tools (VirtualBox, Vagrant) 
+* intellij: IntelliJ IDEA installation
 
 To run only specific tags: 
 ```bash 
@@ -83,9 +102,19 @@ ansible-playbook -i inventory.yml site.yml ... --tags "tag1,tag2"
 Or using the bootstrap script (4th argument): 
 
 ```bash 
-sh bootstrap_local.sh inventory.yml <extra-vars> Fedora "tag1,tag2"
+sh bootstrap_local.sh inventory.yml <extra-vars> Fedora "tag1,tag2" true 
 ```
 
+## Configuration 
+
+You can customize the installation by overriding default variables using --extra-vars. 
+
+For example, if you have the need to install IntelliJ IDEA Ultimate instead of the default Community edition: 
+
+```bash 
+ansible-playbook ... --extra-vars '{"intellij_edition": "ultimate"}' 
+``` 
+
 ## Testing 
 
 The playbook can be tested in a Docker container---more or less.

diff --git a/bootstrap_local.sh b/bootstrap_local.sh
@@ -8,11 +8,12 @@ extra_vars=${2:-}
 system=${3:-Fedora}
 tags=${4:-all}
 start_sshd=${5:-true}
+ask_become_pass=${6:-true}
 
 set -uex pipefail
 
 if [ -z "${inventoryfile}" ] || [ -z "${extra_vars}" ] ; then
-  echo "usage: ./bootstrap_local.sh <path-to-host-file> <extra-vars-json> [<Fedora> [<all|tag1,tag2> [<start_sshd>]]]"
+  echo "usage: ./bootstrap_local.sh <path-to-host-file> <extra-vars-json> [<Fedora> [<all|tag1,tag2> [<start_sshd> [<ask_become_pass>]]]]"
   exit 1
 fi
 
@@ -37,6 +38,11 @@ echo "== INSTALL ANSIBLE (AND PREREQUISITES)=="
 pip install --upgrade pip
 pip install -r requirements.txt
 
-ansible-playbook -i "${inventoryfile}" site.yml --connection=local --extra-vars "${extra_vars}" --become --tags "${tags}"
+ANSIBLE_ARGS=""
+if [ "${ask_become_pass}" == "true" ]; then
+  ANSIBLE_ARGS="--ask-become-pass"
+fi
+
+ansible-playbook -i "${inventoryfile}" site.yml --connection=local --extra-vars "${extra_vars}" --tags "${tags}" ${ANSIBLE_ARGS}
 
 echo "== END BOOTSTRAP =="
diff --git a/renovate.json b/renovate.json
@@ -0,0 +1,15 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ],
+  "regexManagers": [
+    {
+      "description": "Update Fedora version in GitHub Actions",
+      "fileMatch": ["^\\.github/workflows/main\\.yml$"],
+      "matchStrings": ["fedora_version: \\[(?<currentValue>\\d+)\\]"],
+      "datasourceTemplate": "docker",
+      "depNameTemplate": "fedora"
+    }
+  ]
+}
diff --git a/roles/ai/defaults/main.yml b/roles/ai/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+ai_python_packages:
+  - jupyterlab
+  - huggingface_hub
+  - torch
+  - torchvision
+  - torchaudio
+  - pandas
+  - numpy
diff --git a/roles/ai/tasks/main.yml b/roles/ai/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: AI - Install Ollama
+  become: true
+  ansible.builtin.shell:
+    cmd: curl -fsSL https://ollama.com/install.sh | sh
+    creates: /usr/local/bin/ollama
+
+- name: AI - Install Python AI tools
+  become: true
+  become_user: "{{ item.username }}"
+  ansible.builtin.pip:
+    name: "{{ ai_python_packages }}"
+    state: present
+    extra_args: "--user"
+  loop: "{{ users }}"
diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-common_packages:
+common_cli_packages:
   - git
   - git-lfs
   - curl
@@ -17,4 +17,11 @@ common_packages:
 
 common_gui_packages:
   - evince
-  - libreoffice
+  - libreoffice
+
+flatpak_packages:
+  - org.kde.krita
+  - org.kde.okular
+  - org.keepassxc.KeePassXC
+
+git_repositories: []
diff --git a/roles/common/tasks/cli.yml b/roles/common/tasks/cli.yml
@@ -0,0 +1,6 @@
+---
+- name: Common - install packages
+  become: true
+  ansible.builtin.dnf:
+    name: "{{ common_cli_packages }}"
+    state: present
diff --git a/roles/common/tasks/flatpak.yml b/roles/common/tasks/flatpak.yml
@@ -0,0 +1,25 @@
+---
+- name: Flatpak - install package
+  become: true
+  ansible.builtin.dnf:
+    name: flatpak
+    state: present
+
+- name: Add Flathub remote
+  become: true
+  ansible.builtin.command:
+    cmd: flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+  changed_when: false
+
+- name: Flatpak - enable flathub remote
+  become: true
+  ansible.builtin.command:
+    cmd: flatpak remote-modify --enable flathub
+  changed_when: false
+
+- name: Flatpak - install applications
+  become: true
+  community.general.flatpak:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ flatpak_packages }}"
diff --git a/roles/common/tasks/git.yml b/roles/common/tasks/git.yml
@@ -0,0 +1,36 @@
+---
+- name: Git - install
+  become: true
+  ansible.builtin.package:
+    name: git
+    state: present
+
+- name: Git - configure user.name
+  become: true
+  become_user: "{{ item.username }}"
+  ansible.builtin.git_config:
+    name: user.name
+    value: "{{ item.git_name }}"
+    scope: global
+  loop: "{{ users }}"
+  when: item.git_name is defined
+
+- name: Git - configure user.email
+  become: true
+  become_user: "{{ item.username }}"
+  ansible.builtin.git_config:
+    name: user.email
+    value: "{{ item.git_email }}"
+    scope: global
+  loop: "{{ users }}"
+  when: item.git_email is defined
+
+- name: Git - clone repositories
+  become: true
+  become_user: "{{ item.0.username }}"
+  ansible.builtin.git:
+    repo: "{{ item.1.repo }}"
+    dest: "/home/{{ item.0.username }}/workspace/{{ item.1.dest | default(item.1.repo | basename | regex_replace('\\.git$', '')) }}"
+    version: "{{ item.1.version | default('HEAD') }}"
+  loop: "{{ users | product(git_repositories) | list }}"
+  when: git_repositories is defined
diff --git a/roles/common/tasks/tools.yml → roles/common/tasks/gui.yml b/roles/common/tasks/tools.yml → roles/common/tasks/gui.yml
@@ -3,4 +3,4 @@
   become: true
   ansible.builtin.dnf:
     name: "{{ common_gui_packages }}"
-    state: present
+    state: present
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
@@ -1,8 +1,12 @@
 - name: Common - include update tasks
   ansible.builtin.include_tasks: update.yml
-- name: Common - include tools tasks
-  ansible.builtin.include_tasks: tools.yml
+- name: Common - include repository tasks
+  ansible.builtin.include_tasks: repositories.yml
+- name: Common - include cli tasks
+  ansible.builtin.include_tasks: cli.yml
+- name: Common - include gui tasks
+  ansible.builtin.include_tasks: gui.yml
+- name: Common - include flatpak tasks
+  ansible.builtin.include_tasks: flatpak.yml
 - name: Common - include chrome tasks
   ansible.builtin.include_tasks: chrome.yml
-- name: Common - include development tasks
-  ansible.builtin.include_tasks: development.yml
diff --git a/roles/common/tasks/development.yml → roles/common/tasks/repositories.yml b/roles/common/tasks/development.yml → roles/common/tasks/repositories.yml
@@ -19,17 +19,15 @@
     key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
     fingerprint: 79BD B88F 9BBF 7391 0FD4 095B 6A2A F961 9484 3C65
 
+- name: Get Fedora Version
+  ansible.builtin.command: rpm -E %fedora
+  register: fedora_version
+  changed_when: false
 
 - name: Common - install rpmfusion
   become: true
   ansible.builtin.dnf:
     name:
-      - "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm"
-      - "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm"
-    state: present
-
-- name: Common - install packages
-  become: true
-  ansible.builtin.dnf:
-    name: "{{ common_packages }}"
+      - "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ fedora_version.stdout }}.noarch.rpm"
+      - "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ fedora_version.stdout }}.noarch.rpm"
     state: present
diff --git a/roles/common/tasks/virtualbox.yml b/roles/common/tasks/virtualbox.yml
diff --git a/roles/intellij/defaults/main.yml b/roles/intellij/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+# Options: community, ultimate
+intellij_edition: community
+intellij_version: '2025.3.2'
+intellij_install_dir: "/opt/idea{{ 'IC' if intellij_edition == 'community' else 'IU' }}"
+intellij_create_desktop_entry: false
+intellij_create_symlink: true
diff --git a/roles/intellij/tasks/main.yml b/roles/intellij/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+# IntelliJ often requires a higher limit for file watchers to handle large projects
+- name: IntelliJ - increase fs.inotify.max_user_watches
+  become: true
+  ansible.posix.sysctl:
+    name: fs.inotify.max_user_watches
+    value: '524288'
+    state: present
+    reload: true
+
+- name: IntelliJ - ensure install directory exists
+  become: true
+  ansible.builtin.file:
+    path: "{{ intellij_install_dir }}"
+    state: directory
+    mode: '0755'
+
+- name: IntelliJ - download and unarchive
+  become: true
+  ansible.builtin.unarchive:
+    src: "https://download.jetbrains.com/idea/idea{{ 'IC' if intellij_edition == 'community' else 'IU' }}-{{ intellij_version }}.tar.gz"
+    dest: "{{ intellij_install_dir }}"
+    remote_src: true
+    extra_opts: [--strip-components=1]
+    creates: "{{ intellij_install_dir }}/bin/idea.sh"
+
+- name: IntelliJ - create symlink
+  become: true
+  ansible.builtin.file:
+    src: "{{ intellij_install_dir }}/bin/idea.sh"
+    dest: /usr/local/bin/idea
+    state: link
+  when: intellij_create_symlink
+
+- name: IntelliJ - create desktop entry
+  become: true
+  ansible.builtin.template:
+    src: jetbrains-idea.desktop.j2
+    dest: /usr/share/applications/jetbrains-idea.desktop
+    mode: '0644'
+  when: intellij_create_desktop_entry
diff --git a/roles/intellij/templates/jetbrains-idea.desktop.j2 b/roles/intellij/templates/jetbrains-idea.desktop.j2
@@ -0,0 +1,10 @@
+[Desktop Entry]
+Version=1.0
+Type=Application
+Name=IntelliJ IDEA {{ 'Community' if intellij_edition == 'community' else 'Ultimate' }}
+Icon={{ intellij_install_dir }}/bin/idea.svg
+Exec="{{ intellij_install_dir }}/bin/idea.sh" %f
+Comment=Capable and Ergonomic IDE for JVM
+Categories=Development;IDE;
+Terminal=false
+StartupWMClass=jetbrains-idea
diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml
@@ -1,4 +1,18 @@
 ---
+- name: Kubernetes - install podman
+  become: true
+  ansible.builtin.dnf:
+    name: podman
+    state: present
+
+- name: Kubernetes - quiet podman-docker emulation message
+  become: true
+  ansible.builtin.copy:
+    content: ""
+    dest: /etc/containers/nodocker
+    force: false
+    mode: '0644'
+
 - name: Kubernetes - install packages
   become: true
   ansible.builtin.dnf: