63 files changed, 1487 insertions, 43 deletions

diff --git a/README b/README
deleted file mode 100644
index 67953eb..0000000
--- a/README
+++ /dev/null
@@ -1,9 +0,0 @@
-Collection of small roles to use mltk to build and install the bwLehrool environment.
-
-Split between:
-* mltk-core: just sets the git repository variables, depended by other mltk related roles
-* mltk-bwlp: builds and installs the bwlp mltk target
-* mltk-nvidia: builds and installed the nvidia as mltk addon
-
-Main playbook:
-* setup-bwlp.yml
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..916a8cc
--- /dev/null
+++ b/README.md
@@ -0,0 +1,26 @@
+# Collection of small roles to use mltk to build and install the bwLehrool environment.
+
+## Playbook
+
+You should used the 'setup-bwlp.yml' playbook. It supports two tags:
+
+- core: the basic bwLehrpool flavour with just xfce4 and basic tools
+- extended: the Freiburg bwLehrpool flavour with kde-plasma, ubuntu-desktio, i3 and extended tools
+
+## mltk roles
+
+- mltk-core: just sets the git repository variables, depended by other mltk related roles
+- mltk-bwlp: builds and installs the bwlp mltk target
+- mltk-vmware: builds and installs the vmware mltk addons
+- mltk-nvidia: builds and installs the nvidia mltk addons
+
+## other roles
+
+TODO
+
+# ToDo list
+
+- Unify variables declaration across roles (sometimes defaults/ and sometimes vars/ is used)
+- Unify package installation across roles (distro-awareness, list as variables, etc)
+- Create own role for installing deps for apt-key (used by several roles, but only installed by docker-ce currently)
+- Rework the whole bwLehrpool background mess
diff --git a/TODO b/TODO
deleted file mode 100644
index 1d1651d..0000000
--- a/TODO
+++ /dev/null
@@ -1,3 +0,0 @@
-** Configurable kernel version for mltk's kernel-vanilla module
-* Native Linux desktop environments
-* Configuration thereof for bwLehrpool purposes
diff --git a/cleanup-apt/tasks/main.yml b/cleanup-apt/tasks/main.yml
new file mode 100644
index 0000000..7618ab3
--- /dev/null
+++ b/cleanup-apt/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: apt | Remove dependencies that are no longer required
+  apt:
+    autoremove: yes
+
+# https://github.com/ansible/ansible/issues/38920
+- name: apt | Clean package cache
+  command: apt-get clean
diff --git a/cleanup-systemd/defaults/main.yml b/cleanup-systemd/defaults/main.yml
new file mode 100644
index 0000000..3237532
--- /dev/null
+++ b/cleanup-systemd/defaults/main.yml
@@ -0,0 +1,28 @@
+services:
+  - apport
+  - apport-autoreport
+  - apt-daily-upgrade
+  - apt-daily-upgrade.timer
+  - apt-daily
+  - apt-daily.timer
+  - fstrim.timer
+  - motd-news.timer
+  - smartd
+  - openarena-server
+  - anacron
+  - anacron.timer
+  - networkd-dispatcher
+  - NetworkManager
+  - NetworkManager-wait-online
+  - wpa_supplicant
+  - winbind
+  - nmbd
+  - smbd
+  - apparmor
+  - grub-common
+  - unattended-upgrades
+  - systemd-journal-flush
+  - systemd-tmpfiles-clean
+  - systemd-tmpfiles-clean.timer
+  - alsa-restore
+  - man-db.timer
diff --git a/cleanup-systemd/tasks/main.yml b/cleanup-systemd/tasks/main.yml
new file mode 100644
index 0000000..b6e61e4
--- /dev/null
+++ b/cleanup-systemd/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- name: Disable obsolete systemd services
+  systemd:
+    name: "{{ item }}"
+    state: stopped
+    masked: yes
+    enabled: no
+  with_items:
+    - "{{ services }}"
+  ignore_errors: yes
+
+- name: Remove kexec sysvinit compatibility files
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/init.d/kexec
+    - /etc/init.d/kexec-load
diff --git a/desktop-common/files/etc/profile.d/10-autostart.sh b/desktop-common/files/etc/profile.d/10-autostart.sh
new file mode 100644
index 0000000..3a4cae0
--- /dev/null
+++ b/desktop-common/files/etc/profile.d/10-autostart.sh
@@ -0,0 +1,83 @@
+#!/bin/ash
+
+TEMP_HOME_DIR="$HOME"
+PERSISTENT_HOME_DIR="$HOME/PERSISTENT"
+
+# Use /etc/skel/* files to create default config files for users that do not have any
+for file in .bashrc .profile .vimrc .gitconfig .local/share/applications/mimeapps.list; do 
+	[ -e "$TEMP_HOME_DIR/$file" ] && continue
+	if [ "x$(dirname "$file")" != "x." ]; then
+		mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")"
+	fi
+	if [ -e "$PERSISTENT_HOME_DIR/$file" ]; then
+			ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file"
+			continue
+	fi
+	if [ -e "/etc/skel/$file" ]; then
+		if [ -d "$PERSISTENT_HOME_DIR" ]; then
+			cp "/etc/skel/$file" "$PERSISTENT_HOME_DIR/$file"
+			ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file"
+		else
+			cp "/etc/skel/$file" "$TEMP_HOME_DIR/$file"
+		fi
+	fi
+done
+
+
+if [ -d "$PERSISTENT_HOME_DIR" ]; then
+
+	# Persistent home was mounted, take care of some convenience directories
+	for file in .vim .config/htop .config/openslx .config/xfce4; do
+		[ -e "$TEMP_HOME_DIR/$file" ] && continue
+		if [ "x$(dirname "$file")" != "x." ]; then
+			mkdir -p "$TEMP_HOME_DIR/$(dirname "$file")"
+		fi
+		if [ ! -d "$PERSISTENT_HOME_DIR/$file" ]; then
+			mkdir -p "$PERSISTENT_HOME_DIR/$file"
+		fi
+		ln -s "$PERSISTENT_HOME_DIR/$file" "$TEMP_HOME_DIR/$file"
+	done
+
+	# configure XDG directories according to $TEMP_HOME_DIR/.openslx/shares
+	if [ -e "${TEMP_HOME_DIR}/.openslx/shares" ]; then
+		. "${TEMP_HOME_DIR}/.openslx/shares"
+
+		## Documents
+		TARGET_DIR="$TEMP_HOME_DIR"
+		[ "$SHARE_DOCUMENTS" = "1" ] && TARGET_DIR="$PERSISTENT_HOME_DIR"
+		echo "XDG_DOCUMENTS_DIR=\"$TARGET_DIR/Documents\""
+		echo "XDG_TEMPLATES_DIR=\"$TARGET_DIR/Templates\""
+
+		## Downloads
+		TARGET_DIR="$TEMP_HOME_DIR"
+		[ "$SHARE_DOWNLOADS" = "1" ] && TARGET_DIR="$PERSISTENT_HOME_DIR"
+		echo "XDG_DOWNLOAD_DIR=\"$TARGET_DIR/Downloads\""
+
+		## Desktop
+		TARGET_DIR="$TEMP_HOME_DIR"
+		[ "$SHARE_DESKTOP" = "1" ] && TARGET_DIR="$PERSISTENT_HOME_DIR"
+		echo "XDG_DESKTOP_DIR=\"$TARGET_DIR/Desktop\""
+
+		# Music/Pictures/Videos
+		TARGET_DIR="$TEMP_HOME_DIR"
+		[ "$SHARE_MEDIA" = "1" ] && TARGET_DIR="$PERSISTENT_HOME_DIR"
+		echo "XDG_MUSIC_DIR=\"$TARGET_DIR/Music\""
+		echo "XDG_PICTURES_DIR=\"$TARGET_DIR/Pictures\""
+		echo "XDG_VIDEOS_DIR=\"$TARGET_DIR/Videos\""
+
+		# Publicshare, w/e that is
+		TARGET_DIR="$TEMP_HOME_DIR"
+		[ "$SHARE_OTHER" = "1" ] && TARGET_DIR="$PERSISTENT_HOME_DIR"
+		echo "XDG_PUBLICSHARE_DIR=\"$TARGET_DIR/Public\""
+	fi > "$TEMP_HOME_DIR/.config/user-dirs.dirs"
+
+	# Check if user has autostart script and run it (so they can create more symlinks etc.)
+	if [ -x "$PERSISTENT_HOME_DIR/AUTOSTART" ]; then
+		if cd "$TEMP_HOME_DIR"; then
+			"$PERSISTENT_HOME_DIR/AUTOSTART"
+			cd - >/dev/null 2>&1
+		fi
+	fi
+
+fi
+
diff --git a/desktop-common/files/etc/udev/rules.d/99-ignore-slx-partitions.rules b/desktop-common/files/etc/udev/rules.d/99-ignore-slx-partitions.rules
new file mode 100644
index 0000000..da45742
--- /dev/null
+++ b/desktop-common/files/etc/udev/rules.d/99-ignore-slx-partitions.rules
@@ -0,0 +1,3 @@
+SUBSYSTEM=="block", ENV{ID_PART_ENTRY_NAME}=="SLX_SYS|OpenSLX-ID44|OpenSLX-ID45", ENV{UDISKS_IGNORE}="1"
+SUBSYSTEM=="block", ENV{ID_PART_ENTRY_UUID}=="87f86132-ff94-4987-b250-444444444444|87f86132-ff94-4987-b250-454545454545", ENV{UDISKS_IGNORE}="1"
+SUBSYSTEM=="block", ENV{ID_PART_ENTRY_TYPE}=="0x44|0x45", ENV{UDISKS_IGNORE}="1"
diff --git a/desktop-common/files/root/.bashrc b/desktop-common/files/root/.bashrc
new file mode 100644
index 0000000..2b3e84c
--- /dev/null
+++ b/desktop-common/files/root/.bashrc
@@ -0,0 +1,99 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# don't put duplicate lines in the history. See bash(1) for more options
+# ... or force ignoredups and ignorespace
+HISTCONTROL=ignoredups:ignorespace
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    alias grep='grep --color=auto'
+    alias fgrep='fgrep --color=auto'
+    alias egrep='egrep --color=auto'
+fi
+
+# some more ls aliases
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -CF'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
+    . /etc/bash_completion
+fi
diff --git a/desktop-common/files/var/lib/locales/supported.d/de b/desktop-common/files/var/lib/locales/supported.d/de
new file mode 100644
index 0000000..029a93f
--- /dev/null
+++ b/desktop-common/files/var/lib/locales/supported.d/de
@@ -0,0 +1 @@
+de_DE.UTF-8 UTF-8
diff --git a/desktop-common/files/var/lib/locales/supported.d/en b/desktop-common/files/var/lib/locales/supported.d/en
new file mode 100644
index 0000000..230dd52
--- /dev/null
+++ b/desktop-common/files/var/lib/locales/supported.d/en
@@ -0,0 +1 @@
+en_GB.UTF-8 UTF-8
diff --git a/desktop-common/tasks/main.yml b/desktop-common/tasks/main.yml
new file mode 100644
index 0000000..f2b43fe
--- /dev/null
+++ b/desktop-common/tasks/main.yml
@@ -0,0 +1,18 @@
+- name: Prevent installation of unwanted packages
+  include_role:
+    name: dummy-package
+  vars:
+    dummy_packages:
+      - plymouth
+      - popularity-contest
+      - unattended-upgrades
+      - ubuntu-release-upgrader-gtk
+      - ubuntu-release-upgrader-core
+      - update-manager
+      - update-manager-core
+
+- name: Copy static files common to all desktop environments
+  copy:
+    src: files/
+    dest: /
+  become: yes
diff --git a/desktop-i3/files/etc/i3status.conf b/desktop-i3/files/etc/i3status.conf
new file mode 100644
index 0000000..a490f88
--- /dev/null
+++ b/desktop-i3/files/etc/i3status.conf
@@ -0,0 +1,74 @@
+# i3status configuration file.
+# see "man i3status" for documentation.
+
+# It is important that this file is edited as UTF-8.
+# The following line should contain a sharp s:
+# ß
+# If the above line is not correctly displayed, fix your editor first!
+
+general {
+        colors = true
+        interval = 5
+}
+
+order += "read_file hostname"
+order += "ipv6"
+order += "wireless _first_"
+order += "ethernet br0"
+order += "read_file dnbd3"
+order += "battery all"
+order += "disk /"
+order += "load"
+order += "memory"
+order += "tztime local"
+
+ipv6 {
+	format_down = ""
+}
+
+wireless _first_ {
+        format_up = "W: (%quality at %essid, %bitrate) %ip"
+        format_down = ""
+}
+
+ethernet br0 {
+        format_up = "br0: %ip (%speed)"
+        format_down = "Network down"
+}
+
+read_file hostname {
+	color_good = "#ffffff"
+	path = "/etc/hostname"
+}
+
+read_file dnbd3 {
+	color_good = "#ffffff"
+	path = "/sys/block/dnbd0/net/cur_server_addr"
+	format = "DNBD3: %content"
+	format_bad = "No DNBD3"
+}
+
+battery all {
+        format = "%status %percentage %remaining"
+	format_down = ""
+}
+
+disk "/" {
+        format = "Temp free: %avail"
+	low_threshold = 2
+	threshold_type = gbytes_free
+}
+
+load {
+        format = "%1min"
+}
+
+memory {
+        format = "RAM: [ %used | %available ]"
+        threshold_degraded = "1G"
+        format_degraded = "MEMORY < %available"
+}
+
+tztime local {
+        format = "%Y-%m-%d %H:%M:%S"
+}
diff --git a/desktop-i3/tasks/main.yml b/desktop-i3/tasks/main.yml
new file mode 100644
index 0000000..9e58a22
--- /dev/null
+++ b/desktop-i3/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: Install i3 tiling window manager
+  apt:
+    name: i3
+    state: present
+    update_cache: yes
+
+- name: Remove i3 debug xsession
+  file:
+    name: "/usr/share/xsessions/i3-with-shmlog.desktop"
+    state: absent
+
+- name: Copy static files
+  copy:
+    src: files/
+    dest: /
+  become: yes
diff --git a/desktop-kde-plasma/files/etc/xdg/baloofilerc b/desktop-kde-plasma/files/etc/xdg/baloofilerc
new file mode 100644
index 0000000..1735f7a
--- /dev/null
+++ b/desktop-kde-plasma/files/etc/xdg/baloofilerc
@@ -0,0 +1,2 @@
+[Basic Settings]
+Indexing-Enabled=false
diff --git a/desktop-kde-plasma/files/etc/xdg/kded5rc b/desktop-kde-plasma/files/etc/xdg/kded5rc
new file mode 100644
index 0000000..fbf4be2
--- /dev/null
+++ b/desktop-kde-plasma/files/etc/xdg/kded5rc
@@ -0,0 +1,53 @@
+[Module-appmenu]
+autoload=true
+
+[Module-baloosearchmodule]
+autoload=false
+
+[Module-bluedevil]
+autoload=false
+
+[Module-colorcorrectlocationupdater]
+autoload=false
+
+[Module-device_automounter]
+autoload=true
+
+[Module-freespacenotifier]
+autoload=false
+
+[Module-keyboard]
+autoload=true
+
+[Module-khotkeys]
+autoload=true
+
+[Module-kscreen]
+autoload=false
+
+[Module-ksysguard]
+autoload=true
+
+[Module-ktimezoned]
+autoload=true
+
+[Module-kwrited]
+autoload=true
+
+[Module-networkstatus]
+autoload=true
+
+[Module-proxyscout]
+autoload=false
+
+[Module-remotenotifier]
+autoload=false
+
+[Module-solidautoeject]
+autoload=true
+
+[Module-statusnotifierwatcher]
+autoload=true
+
+[Module-touchpad]
+autoload=true
diff --git a/desktop-kde-plasma/files/etc/xdg/ksmserverrc b/desktop-kde-plasma/files/etc/xdg/ksmserverrc
new file mode 100644
index 0000000..f213401
--- /dev/null
+++ b/desktop-kde-plasma/files/etc/xdg/ksmserverrc
@@ -0,0 +1,7 @@
+[General]
+confirmLogout=false
+excludeApps=
+loginMode=restorePreviousLogout
+offerShutdown=false
+screenCount=1
+shutdownType=0
diff --git a/desktop-kde-plasma/files/usr/lib/x86_64-linux-gnu/libexec/kscreenlocker_greet b/desktop-kde-plasma/files/usr/lib/x86_64-linux-gnu/libexec/kscreenlocker_greet
new file mode 100755
index 0000000..04f388d
--- /dev/null
+++ b/desktop-kde-plasma/files/usr/lib/x86_64-linux-gnu/libexec/kscreenlocker_greet
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+xscreensaver-command -lock &
+sleep 1
+loginctl unlock-session "$XDG_SESSION_ID"
diff --git a/desktop-kde-plasma/files/usr/share/wallpapers/bwLehrpool/contents/images/1920x1080.png b/desktop-kde-plasma/files/usr/share/wallpapers/bwLehrpool/contents/images/1920x1080.png
new file mode 100644
index 0000000..bcad928
--- /dev/null
+++ b/desktop-kde-plasma/files/usr/share/wallpapers/bwLehrpool/contents/images/1920x1080.png
diff --git a/desktop-kde-plasma/files/usr/share/wallpapers/bwLehrpool/metadata.desktop b/desktop-kde-plasma/files/usr/share/wallpapers/bwLehrpool/metadata.desktop
new file mode 100644
index 0000000..5160b7a
--- /dev/null
+++ b/desktop-kde-plasma/files/usr/share/wallpapers/bwLehrpool/metadata.desktop
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=bwLehrpool
+
+X-KDE-PluginInfo-Name=bwLehrpool
+X-KDE-PluginInfo-Author=bwLehrpool
+X-KDE-PluginInfo-Email=bwlehrpool@hs-offenburg.de
+X-KDE-PluginInfo-License=GPLv2
diff --git a/desktop-kde-plasma/tasks/main.yml b/desktop-kde-plasma/tasks/main.yml
new file mode 100644
index 0000000..8ebaa21
--- /dev/null
+++ b/desktop-kde-plasma/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: Install KDE plasma desktop environment
+  apt:
+    name: kde-plasma-desktop
+    state: present
+
+- name: Remove problematic files (dbus notification and screensaver)
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /usr/lib/x86_64-linux-gnu/libexec/kscreenlocker_greet
+    - /usr/share/dbus-1/services/org.kde.plasma.Notifications.service
+
+- name: Copy static files
+  copy:
+    src: files/
+    dest: /
+  become: yes
+
+- name: Set default theme to bwLehrpool
+  ini_file:
+    path: /usr/share/plasma/desktoptheme/default/metadata.desktop
+    section: Wallpaper
+    option: defaultWallpaperTheme
+    value: bwLehrpool
+    no_extra_spaces: yes
+
+- name: Change FillMode for wallpapers
+  community.general.xml:
+    path: /usr/share/plasma/wallpapers/org.kde.image/contents/config/main.xml
+    xpath: '/x:kcfg/x:group[@name="General"]/x:entry[@name="FillMode"]/x:default'
+    namespaces:
+      x: http://www.kde.org/standards/kcfg/1.0
+    value: "2"
+
+- name: Remove update notifier package
+  apt:
+    name: plasma-discover
+    state: absent
diff --git a/desktop-ubuntu/files/etc/dconf/db/local.d/01-bwlehrpool b/desktop-ubuntu/files/etc/dconf/db/local.d/01-bwlehrpool
new file mode 100644
index 0000000..86f3342
--- /dev/null
+++ b/desktop-ubuntu/files/etc/dconf/db/local.d/01-bwlehrpool
@@ -0,0 +1,51 @@
+# set default background
+[org/gnome/desktop/background]
+picture-uri='file:///usr/share/backgrounds/bwlp-1920x1080.png'
+picture-options='zoom'
+primary-color='000000'
+secondary-color='000000'
+
+# disable screensaver and lock
+# but also set default picture just in case
+[org/gnome/desktop/screensaver]
+idle-activation-enabled=false
+lock-enabled=false
+ubuntu-lock-on-suspend=false
+picture-uri='file:///usr/share/backgrounds/bwlp-1920x1080.png'
+picture-options='zoom'
+primary-color='000000'
+secondary-color='000000'
+
+# disable lockscreen
+[org/gnome/desktop/lockdown]
+disable-lock-screen=true
+
+# ensure german keyboard layout on gnome-shell
+[org/gnome/desktop/input-sources]
+sources=[('xkb', 'de')]
+
+# disable automatic updates of gnome software
+[org/gnome/software]
+download-updates=false
+download-updates-notify=false
+
+# disable icons on desktop for mounted shares
+[org/gnome/nautilus/desktop]
+volumes-visible=false
+
+# disable different power settings
+[org/gnome/settings-daemon/plugins/power]
+idle-dim=false
+idle-brightness=100
+sleep-inactive-ac-timeout=0
+sleep-inactive-battery-timeout=0
+sleep-inactive-ac-type='nothing'
+sleep-inactive-battery-type='nothing'
+
+# disable display suspend after idle-time (uint32 !!!)
+[org/gnome/desktop/session]
+idle-delay=uint32 0
+
+# set favorites in dock
+[org/gnome/shell]
+favorite-apps=[ 'org.gnome.Nautilus.desktop', 'chromium-browser.desktop', 'firefox.desktop', 'libreoffice-writer.desktop', 'libreoffice-calc.desktop', 'libreoffice-impress.desktop', 'org.gnome.Terminal.desktop', 'gnome-control-center.desktop' ]
diff --git a/desktop-ubuntu/files/etc/dconf/profile/user b/desktop-ubuntu/files/etc/dconf/profile/user
new file mode 100644
index 0000000..aca0641
--- /dev/null
+++ b/desktop-ubuntu/files/etc/dconf/profile/user
@@ -0,0 +1,2 @@
+user-db:user
+system-db:local
diff --git a/desktop-ubuntu/tasks/main.yml b/desktop-ubuntu/tasks/main.yml
new file mode 100644
index 0000000..d5e053f
--- /dev/null
+++ b/desktop-ubuntu/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+- name: Include distro-specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_version}}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version}}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+
+- name: Install Ubuntu's desktop environment
+  apt:
+    name: "{{ ubuntu_desktop_packages }}"
+    state: present
+    install_recommends: no
+
+- name: Copy static files
+  copy:
+    src: files/
+    dest: /
+  become: yes
+
+- name: Update dconf
+  command: dconf update
+
+- name: Remove ubuntu's snap session
+  file:
+    path: /usr/share/xsessions/ubuntu-communitheme-snap.desktop
+    state: absent
+
+- name: Disable gnome-keyring-daemon
+  shell: chmod -x /usr/bin/gnome-keyring-daemon
+
diff --git a/desktop-ubuntu/vars/Ubuntu-18.yml b/desktop-ubuntu/vars/Ubuntu-18.yml
new file mode 100644
index 0000000..8c2c553
--- /dev/null
+++ b/desktop-ubuntu/vars/Ubuntu-18.yml
@@ -0,0 +1,2 @@
+ubuntu_desktop_packages:
+  - ubuntu-desktop
diff --git a/desktop-ubuntu/vars/Ubuntu-20.yml b/desktop-ubuntu/vars/Ubuntu-20.yml
new file mode 100644
index 0000000..213a9f1
--- /dev/null
+++ b/desktop-ubuntu/vars/Ubuntu-20.yml
@@ -0,0 +1,3 @@
+ubuntu_desktop_packages:
+  - gnome-terminal
+  - ubuntu-desktop-minimal
diff --git a/desktop-xfce4/files/18.04/etc/profile.d/20-default-xfce4-panel.sh b/desktop-xfce4/files/18.04/etc/profile.d/20-default-xfce4-panel.sh
new file mode 100644
index 0000000..6454c84
--- /dev/null
+++ b/desktop-xfce4/files/18.04/etc/profile.d/20-default-xfce4-panel.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+default_panel_file="/etc/xdg/xfce4/panel/default.xml"
+if [ ! -e "$default_panel_file" ]; then
+	exit 1
+fi
+
+[ -z "$HOME" ] && HOME=$( getent passwd "$(id -u $PAM_USER)" | awk -F: '{print $6}' )
+
+TARGET_HOME_DIR="$HOME"
+[ -d "$HOME/PERSISTENT" ] && TARGET_HOME_DIR="$HOME/PERSISTENT"
+
+if [ ! -e "${TARGET_HOME_DIR}/.config/xfce4/panel/default.xml" ]; then
+	mkdir -p "${TARGET_HOME_DIR}/.config/xfce4/panel"
+	cp -f -- "$default_panel_file" "${TARGET_HOME_DIR}/.config/xfce4/panel/"
+fi
diff --git a/desktop-xfce4/files/18.04/etc/xdg/xfce4/kiosk/kioskrc b/desktop-xfce4/files/18.04/etc/xdg/xfce4/kiosk/kioskrc
new file mode 100644
index 0000000..b2bd204
--- /dev/null
+++ b/desktop-xfce4/files/18.04/etc/xdg/xfce4/kiosk/kioskrc
@@ -0,0 +1,2 @@
+[xfce4-session]
+SaveSession=NONE
diff --git a/desktop-xfce4/files/18.04/etc/xdg/xfce4/panel/default.xml b/desktop-xfce4/files/18.04/etc/xdg/xfce4/panel/default.xml
new file mode 100644
index 0000000..2e58896
--- /dev/null
+++ b/desktop-xfce4/files/18.04/etc/xdg/xfce4/panel/default.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<channel name="xfce4-panel" version="1.0">
+  <property name="configver" type="int" value="2"/>
+  <property name="panels" type="array">
+    <value type="int" value="1"/>
+    <value type="int" value="2"/>
+    <property name="panel-1" type="empty">
+      <property name="position" type="string" value="p=6;x=0;y=0"/>
+      <property name="length" type="uint" value="100"/>
+      <property name="position-locked" type="bool" value="true"/>
+      <property name="size" type="uint" value="30"/>
+      <property name="plugin-ids" type="array">
+        <value type="int" value="1"/>
+        <value type="int" value="3"/>
+        <value type="int" value="15"/>
+        <value type="int" value="4"/>
+        <value type="int" value="17"/>
+        <value type="int" value="5"/>
+        <value type="int" value="6"/>
+        <value type="int" value="2"/>
+      </property>
+    </property>
+    <property name="panel-2" type="empty">
+      <property name="position" type="string" value="p=10;x=0;y=0"/>
+      <property name="position-locked" type="bool" value="true"/>
+      <property name="plugin-ids" type="array">
+        <value type="int" value="7"/>
+        <value type="int" value="8"/>
+        <value type="int" value="9"/>
+        <value type="int" value="10"/>
+        <value type="int" value="11"/>
+        <value type="int" value="12"/>
+        <value type="int" value="13"/>
+        <value type="int" value="14"/>
+      </property>
+    </property>
+  </property>
+  <property name="plugins" type="empty">
+    <property name="plugin-1" type="string" value="applicationsmenu"/>
+    <property name="plugin-2" type="string" value="actions">
+       <property name="items" type="array">
+         <value type="string" value="+lock-screen"/>
+         <value type="string" value="-switch-user"/>
+         <value type="string" value="-separator"/>
+         <value type="string" value="-suspend"/>
+         <value type="string" value="-hibernate"/>
+         <value type="string" value="-separator"/>
+         <value type="string" value="-shutdown"/>
+         <value type="string" value="-restart"/>
+         <value type="string" value="+separator"/>
+         <value type="string" value="+logout"/>
+         <value type="string" value="-logout-dialog"/>
+       </property>
+    </property>
+    <property name="plugin-3" type="string" value="tasklist"/>
+    <property name="plugin-15" type="string" value="separator">
+      <property name="expand" type="bool" value="true"/>
+      <property name="style" type="uint" value="0"/>
+    </property>
+    <property name="plugin-4" type="string" value="pager"/>
+    <property name="plugin-5" type="string" value="clock"/>
+    <property name="plugin-6" type="string" value="systray"/>
+    <property name="plugin-7" type="string" value="showdesktop"/>
+    <property name="plugin-8" type="string" value="separator"/>
+    <property name="plugin-9" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="exo-terminal-emulator.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-10" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="exo-file-manager.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-11" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="exo-web-browser.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-12" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="xfce4-appfinder.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-13" type="string" value="separator"/>
+    <property name="plugin-14" type="string" value="directorymenu"/>
+    <property name="plugin-17" type="string" value="pulseaudio">
+      <property name="enable-keyboard-shortcuts" type="bool" value="true"/>
+    </property>
+  </property>
+</channel>
diff --git a/desktop-xfce4/files/20.04/etc/profile.d/20-default-xfce4-panel.sh b/desktop-xfce4/files/20.04/etc/profile.d/20-default-xfce4-panel.sh
new file mode 100644
index 0000000..6454c84
--- /dev/null
+++ b/desktop-xfce4/files/20.04/etc/profile.d/20-default-xfce4-panel.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+default_panel_file="/etc/xdg/xfce4/panel/default.xml"
+if [ ! -e "$default_panel_file" ]; then
+	exit 1
+fi
+
+[ -z "$HOME" ] && HOME=$( getent passwd "$(id -u $PAM_USER)" | awk -F: '{print $6}' )
+
+TARGET_HOME_DIR="$HOME"
+[ -d "$HOME/PERSISTENT" ] && TARGET_HOME_DIR="$HOME/PERSISTENT"
+
+if [ ! -e "${TARGET_HOME_DIR}/.config/xfce4/panel/default.xml" ]; then
+	mkdir -p "${TARGET_HOME_DIR}/.config/xfce4/panel"
+	cp -f -- "$default_panel_file" "${TARGET_HOME_DIR}/.config/xfce4/panel/"
+fi
diff --git a/desktop-xfce4/files/20.04/etc/xdg/xfce4/kiosk/kioskrc b/desktop-xfce4/files/20.04/etc/xdg/xfce4/kiosk/kioskrc
new file mode 100644
index 0000000..b2bd204
--- /dev/null
+++ b/desktop-xfce4/files/20.04/etc/xdg/xfce4/kiosk/kioskrc
@@ -0,0 +1,2 @@
+[xfce4-session]
+SaveSession=NONE
diff --git a/desktop-xfce4/files/20.04/etc/xdg/xfce4/panel/default.xml b/desktop-xfce4/files/20.04/etc/xdg/xfce4/panel/default.xml
new file mode 100644
index 0000000..16bd715
--- /dev/null
+++ b/desktop-xfce4/files/20.04/etc/xdg/xfce4/panel/default.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<channel name="xfce4-panel" version="1.0">
+  <property name="configver" type="int" value="2"/>
+  <property name="panels" type="array">
+    <value type="int" value="1"/>
+    <value type="int" value="2"/>
+    <property name="panel-1" type="empty">
+      <property name="position" type="string" value="p=6;x=0;y=0"/>
+      <property name="length" type="uint" value="100"/>
+      <property name="position-locked" type="bool" value="true"/>
+      <property name="icon-size" type="uint" value="16"/>
+      <property name="size" type="uint" value="26"/>
+      <property name="plugin-ids" type="array">
+        <value type="int" value="1"/>
+        <value type="int" value="2"/>
+        <value type="int" value="3"/>
+        <value type="int" value="4"/>
+        <value type="int" value="5"/>
+        <value type="int" value="6"/>
+        <value type="int" value="7"/>
+        <value type="int" value="8"/>
+        <value type="int" value="9"/>
+        <value type="int" value="11"/>
+        <value type="int" value="12"/>
+        <value type="int" value="13"/>
+        <value type="int" value="14"/>
+      </property>
+    </property>
+    <property name="panel-2" type="empty">
+      <property name="autohide-behavior" type="uint" value="1"/>
+      <property name="position" type="string" value="p=10;x=0;y=0"/>
+      <property name="position-locked" type="bool" value="true"/>
+      <property name="size" type="uint" value="48"/>
+      <property name="plugin-ids" type="array">
+        <value type="int" value="15"/>
+        <value type="int" value="16"/>
+        <value type="int" value="17"/>
+        <value type="int" value="18"/>
+        <value type="int" value="19"/>
+        <value type="int" value="20"/>
+        <value type="int" value="21"/>
+        <value type="int" value="22"/>
+      </property>
+    </property>
+  </property>
+  <property name="plugins" type="empty">
+    <property name="plugin-1" type="string" value="applicationsmenu"/>
+    <property name="plugin-2" type="string" value="tasklist">
+      <property name="grouping" type="uint" value="1"/>
+    </property>
+    <property name="plugin-3" type="string" value="separator">
+      <property name="expand" type="bool" value="true"/>
+      <property name="style" type="uint" value="0"/>
+    </property>
+    <property name="plugin-4" type="string" value="pager"/>
+    <property name="plugin-5" type="string" value="separator">
+        <property name="style" type="uint" value="0"/>
+    </property>
+    <property name="plugin-6" type="string" value="systray">
+        <property name="show-frame" type="bool" value="false"/>
+        <property name="square-icons" type="bool" value="true"/>
+    </property>
+    <property name="plugin-7" type="string" value="statusnotifier">
+      <property name="square-icons" type="bool" value="true"/>
+      <property name="symbolic-icons" type="bool" value="true"/>
+    </property>
+    <property name="plugin-8" type="string" value="pulseaudio">
+      <property name="enable-keyboard-shortcuts" type="bool" value="true"/>
+      <property name="show-notifications" type="bool" value="true"/>
+    </property>
+    <property name="plugin-9" type="string" value="power-manager-plugin"/>
+    <property name="plugin-11" type="string" value="separator">
+      <property name="style" type="uint" value="0"/>
+    </property>
+    <property name="plugin-12" type="string" value="clock"/>
+    <property name="plugin-13" type="string" value="separator">
+      <property name="style" type="uint" value="0"/>
+    </property>
+		<property name="plugin-14" type="string" value="actions">
+      <property name="items" type="array">
+        <value type="string" value="+lock-screen"/>
+        <value type="string" value="-switch-user"/>
+        <value type="string" value="-separator"/>
+        <value type="string" value="-suspend"/>
+        <value type="string" value="-hibernate"/>
+        <value type="string" value="-separator"/>
+        <value type="string" value="-shutdown"/>
+        <value type="string" value="-restart"/>
+        <value type="string" value="+separator"/>
+        <value type="string" value="+logout"/>
+				<value type="string" value="-logout-dialog"/>
+      </property>
+    </property>
+    <property name="plugin-15" type="string" value="showdesktop"/>
+    <property name="plugin-16" type="string" value="separator"/>
+    <property name="plugin-17" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="exo-terminal-emulator.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-18" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="exo-file-manager.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-19" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="exo-web-browser.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-20" type="string" value="launcher">
+      <property name="items" type="array">
+        <value type="string" value="xfce4-appfinder.desktop"/>
+      </property>
+    </property>
+    <property name="plugin-21" type="string" value="separator"/>
+    <property name="plugin-22" type="string" value="directorymenu"/>
+  </property>
+</channel>
diff --git a/desktop-xfce4/tasks/main.yml b/desktop-xfce4/tasks/main.yml
new file mode 100644
index 0000000..ac78a13
--- /dev/null
+++ b/desktop-xfce4/tasks/main.yml
@@ -0,0 +1,104 @@
+---
+- name: Install XFCE4 desktop environment
+  apt:
+    name: "{{ xfce_packages }}"
+    state: present
+    install_recommends: no
+  vars:
+    xfce_packages:
+      - evince
+      - mousepad
+      - ristretto
+      - xfce4
+      - xfce4-terminal
+      - xfce4-goodies
+      - xfce4-power-manager
+      - xubuntu-icon-theme
+      - greybird-gtk-theme
+      - pavucontrol
+      - pulseaudio
+      - udisks2
+      - gvfs
+      - gvfs-backends
+      - gvfs-fuse
+      # for xml module
+      - python3-lxml
+
+# TODO: do this the proper way, when it is known how :)
+- name: HACK overwrite default wallpaper
+  find:
+    paths: /usr/share/backgrounds/xfce
+    patterns: "*"
+  register: xfce_backgrounds
+
+- name: HACK overwrite default wallpaper
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items: "{{ xfce_backgrounds.files }}"
+
+- name: HACK overwrite default wallpaper
+  file:
+    src: /usr/share/backgrounds/bwlp-1920x1080.png
+    dest: "{{ item.path }}"
+    state: link
+    force: yes
+  with_items: "{{ xfce_backgrounds.files }}"
+
+- name: Cleanup applications menu
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /usr/share/applications/exo-mail-reader.desktop
+    - /usr/share/applications/assistant-qt5.desktop
+    - /usr/share/applications/designer-qt5.desktop
+    - /usr/share/applications/linguist-qt5.desktop
+    - /usr/share/applications/globaltime.desktop
+    - /usr/share/applications/xfcalendar.desktop
+
+- name: Copy distro's specific static files
+  copy:
+    src: "files/{{ ansible_distribution_version }}/"
+    dest: /
+  become: yes
+
+# disable logout menu items
+- name: Configure xfce4 logout menu | probe shutdown node
+  xml:
+    path: /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
+    xpath: /channel/property[@name='shutdown']
+    count: yes
+  register: shutdown_nodes
+
+- name: Configure xfce4 logout menu | check shutdown node
+  debug:
+    var: shutdown_nodes.count
+
+- name: Configure xfce4 logout menu | add shutdown node if missing
+  xml:
+    path: /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
+    xpath: /channel
+    add_children:
+      - property:
+          name: "shutdown"
+          type: "empty"
+    pretty_print: yes
+  when: shutdown_nodes.count == 0
+
+- name: Configure xfce4 logout menu | disable suspend and hibernate
+  xml:
+    path: /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
+    xpath: /channel/property[@name='shutdown']
+    add_children:
+      - property:
+          name: "ShowSuspend"
+          type: "bool"
+          value: "false"
+      - property:
+          name: "ShowHibernate"
+          type: "bool"
+          value: "false"
+    pretty_print: yes
+  when: shutdown_nodes.count == 0
+
diff --git a/docker-ce/files/etc/docker/daemon.json b/docker-ce/files/etc/docker/daemon.json
new file mode 100644
index 0000000..b887738
--- /dev/null
+++ b/docker-ce/files/etc/docker/daemon.json
@@ -0,0 +1,5 @@
+{
+	"data-root": "/tmp/virt/docker",
+	"storage-driver": "overlay2",
+	"userns-remap": "default"
+}
diff --git a/docker-ce/tasks/main.yml b/docker-ce/tasks/main.yml
new file mode 100644
index 0000000..0383f9c
--- /dev/null
+++ b/docker-ce/tasks/main.yml
@@ -0,0 +1,120 @@
+---
+- name: Install dependencies for apt key import
+  apt:
+    name: "{{ apt_key_deps }}"
+  vars:
+    apt_key_deps:
+      - ca-certificates
+      - curl
+      - gpg
+      - gnupg-agent
+      - software-properties-common
+  become: yes
+
+- name: Add docker apt key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+    state: present
+  become: yes
+
+- name: Add docker repo
+  apt_repository:
+    repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+    update_cache: yes
+  become: yes
+
+- name: Install Docker CE and containerd
+  apt:
+    name: "{{ pkgs }}"
+  environment:
+    RUNLEVEL: 1
+  vars:
+    pkgs:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+  become: yes
+
+- name: Add subuid/subgid ranges for dockremap
+  shell: >
+    awk -F: 'BEGIN {
+               max=0
+               found=0
+             } {
+               if ($1=="dockremap")
+                 found=1
+               if ($2>max)
+                 max=($2)
+             } END {
+               if (!found)
+                 print "dockremap:"max+65536":65536"}' \ 
+             "/etc/{{ item }}" >> "/etc/{{ item }}"
+  with_items:
+    - subuid
+    - subgid
+  become: yes
+
+- name: Copy static files
+  copy:
+    src: files/
+    dest: /
+  become: yes
+
+- name: Disable automatic docker startup
+  systemd:
+    name: "{{ item }}"
+    enabled: no
+  with_items:
+    - docker.service
+    - containerd.service
+  become: yes
+
+- name: Enable docker socket activation 
+  systemd:
+    name: docker.socket
+    enabled: yes
+  become: yes
+
+# Enable no-trivial-root authorization plugin
+- name: install
+  unarchive:
+    src: "https://github.com/ad-freiburg/docker-no-trivial-root/releases/download/v0.1.0/docker-no-trivial-root_{{ ansible_architecture }}.tar.bz2"
+    dest: "/tmp"
+    remote_src: yes
+
+- name: Copy over
+  copy:
+    src: "/tmp/docker-no-trivial-root_{{ ansible_architecture }}/docker-no-trivial-root"
+    dest: "/usr/sbin/docker-no-trivial-root"
+    mode: 0755
+    remote_src: yes
+  become: yes
+
+- name: systemd
+  copy:
+    src: "/tmp/docker-no-trivial-root_{{ ansible_architecture }}/systemd/docker-no-trivial-root.service"
+    dest: "/etc/systemd/system/docker-no-trivial-root.service"
+    remote_src: yes
+  become: yes
+
+- name: Enable service
+  systemd:
+    name: docker-no-trivial-root
+    enabled: yes
+  become: yes
+
+- name: Copy service to
+  copy:
+    src: /lib/systemd/system/docker.service
+    dest: /etc/systemd/system/docker.service
+    remote_src: yes
+  become: yes
+
+- name: Enable plugin via command line
+  lineinfile:
+    path: /etc/systemd/system/docker.service
+    regexp: '^(ExecStart=.*dockerd) (.*)$'
+    line: '\1 --authorization-plugin=no-trivial-root \2'
+    backrefs: yes
+  become: yes
diff --git a/docker-nvidia/meta/main.yml b/docker-nvidia/meta/main.yml
new file mode 100644
index 0000000..eec3550
--- /dev/null
+++ b/docker-nvidia/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: docker-ce }
diff --git a/docker-nvidia/tasks/main.yml b/docker-nvidia/tasks/main.yml
new file mode 100644
index 0000000..963e6bc
--- /dev/null
+++ b/docker-nvidia/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: Add nvidia-docker GPG apt-key
+  apt_key:
+    url: https://nvidia.github.io/nvidia-docker/gpgkey
+    id: C95B321B61E88C1809C4F759DDCAE044F796ECB0
+  become: yes
+
+- name: Add nvidia-docker repository in /etc/apt/sources.list.d
+  get_url:
+    url: "https://nvidia.github.io/nvidia-docker/{{ ansible_distribution | lower }}{{ ansible_distribution_version }}//nvidia-docker.list"
+    dest: /etc/apt/sources.list.d/nvidia-docker.list
+    checksum: sha256:1727985494fbd19e3b963880d15117487435cbabef4e295484111f003cf03d41
+  become: yes
+
+- name: Update and install nvidia-container-toolkit
+  apt:
+    name: nvidia-container-toolkit
+    update_cache: yes
+  become: yes
diff --git a/dummy-package/scripts/dummy-package.sh b/dummy-package/scripts/dummy-package.sh
new file mode 100644
index 0000000..7990de9
--- /dev/null
+++ b/dummy-package/scripts/dummy-package.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+[ "$#" -eq 2 ] || exit 1
+[ -d "$1" ] || exit 2
+[ -f "$2" ] && rm -f "$2"
+
+cd "$1"
+
+equivs-control "$2"
+
+sed -r -i \
+	-e "s/^(#\s)?(Maintainer).*/\\2: bwlehrpool@hs-offenburg.de/" \
+	-e "s/^(#\s)?(Package).*/\\2: ${2}/" \
+	-e "s/^(#\s)?(Provides).*/\\2: ${2}/" \
+	-e "s/^(#\s)?(Version).*/\\2: 99.9.9/" \
+	-e "s/^(#\s)?(Description).*/\\2: Dummy package to provide $2/" \
+	-e "/^Description.*/q" \
+	"$2"
+
+cat <<EOF >> "$2"
+	Long description
+	with
+	some
+	more
+	lines...
+EOF
+
+equivs-build "$2"
diff --git a/dummy-package/tasks/main.yml b/dummy-package/tasks/main.yml
new file mode 100644
index 0000000..921e4c6
--- /dev/null
+++ b/dummy-package/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: Create and install dummy package
+  block:
+  - name: Install equivs
+    apt:
+      name: equivs
+      state: present
+      update_cache: yes
+  
+  - name: Create temporary directory for packages
+    tempfile:
+      state: directory
+    register: tempdir
+  
+  - name: Create dummy packages
+    script: scripts/dummy-package.sh "{{ tempdir.path }}" "{{ item }}"
+    args:
+      executable: bash
+    loop: "{{ dummy_packages }}"
+  
+  - name: Register newly created packages
+    find:
+      path: "{{ tempdir.path }}"
+      pattern: '*.deb'
+    register: deb_files
+  
+  - name: Install dummy packages
+    apt:
+      deb: "{{ item.path }}"
+    loop: "{{ deb_files.files }}"
+  
+  - name: Hold on to dummy packages
+    command: "apt-mark hold {{ item }}"
+    loop: "{{ dummy_packages }}"
+  
+  - name: Remove temporary directory
+    file:
+      path: "${{ tempdir.path }}"
+      state: absent
+  when:
+    - dummy_packages is defined
diff --git a/enable-sysrq/tasks/main.yml b/enable-sysrq/tasks/main.yml
new file mode 100644
index 0000000..2120e39
--- /dev/null
+++ b/enable-sysrq/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: Enable magic keys
+  template:
+    src: templates/99-openslx.conf.j2
+    dest: /etc/sysctl.d/99-openslx.conf
diff --git a/enable-sysrq/templates/99-openslx.conf.j2 b/enable-sysrq/templates/99-openslx.conf.j2
new file mode 100644
index 0000000..3613892
--- /dev/null
+++ b/enable-sysrq/templates/99-openslx.conf.j2
@@ -0,0 +1 @@
+kernel.sysrq = 1
diff --git a/journald/tasks/main.yml b/journald/tasks/main.yml
new file mode 100644
index 0000000..6397115
--- /dev/null
+++ b/journald/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: Set journald to volatile storage
+  ini_file:
+    dest: "/etc/systemd/journald.conf"
+    section: Journal
+    option: Storage
+    value: volatile
+    no_extra_spaces: yes
diff --git a/mltk-bwlp/files/etc/apt/preferences.d/disable-distro-kernel-updates.pref b/mltk-bwlp/files/etc/apt/preferences.d/disable-distro-kernel-updates.pref
new file mode 100644
index 0000000..9cae92d
--- /dev/null
+++ b/mltk-bwlp/files/etc/apt/preferences.d/disable-distro-kernel-updates.pref
@@ -0,0 +1,11 @@
+Package: linux-generic
+Pin: release o=Ubuntu
+Pin-Priority: 1
+
+Package: linux-image-generic
+Pin: release o=Ubuntu
+Pin-Priority: 1
+
+Package: linux-headers-generic
+Pin: release o=Ubuntu
+Pin-Priority: 1
diff --git a/mltk-bwlp/files/etc/profile.d/00-slx-env.sh b/mltk-bwlp/files/etc/profile.d/00-slx-env.sh
new file mode 100644
index 0000000..0991c7e
--- /dev/null
+++ b/mltk-bwlp/files/etc/profile.d/00-slx-env.sh
@@ -0,0 +1 @@
+export PATH="$PATH:/opt/openslx/sbin:/opt/openslx/bin"
diff --git a/mltk-bwlp/tasks/distro.yml b/mltk-bwlp/tasks/distro.yml
deleted file mode 100644
index 1db174d..0000000
--- a/mltk-bwlp/tasks/distro.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# TODO other distros if needed
-- set_fact:
-    pkgnames:
-      - build-essential
-      - automake
-      - cmake
-      - lsof
-      - m4
-      - rsync
-      - pkg-config
-      - xserver-xorg
-    when:
-      - ansible_distribution == "Ubuntu"
-# TODO QT
diff --git a/mltk-bwlp/tasks/main.yml b/mltk-bwlp/tasks/main.yml
index e6e7cf7..55cffcd 100644
--- a/mltk-bwlp/tasks/main.yml
+++ b/mltk-bwlp/tasks/main.yml
@@ -1,11 +1,37 @@
 ---
-- import_tasks: tasks/distro.yml
-
 - name: mltk | Install dependencies
   package:
-    name: "{{ item }}"
+    name: "{{ mltk_deps }}"
     state: present
-  with_items: "{{ pkgnames }}"
+  vars:
+    mltk_deps:
+      - build-essential
+      - automake
+      - cmake
+      - lsof
+      - m4
+      - rsync
+      - pkg-config
+      - xserver-xorg
+
+- name: mltk | Process kernel version if specified
+  replace:
+    path: "{{ mltk_git_target }}/core/modules/kernel-vanilla/module.conf"
+    regexp: '^(REQUIRED_KERNEL=).*'
+    replace: '\1"{{ kernel_version }}"'
+  when: kernel_version is defined
+
+- name: mltk | Build and install stage4-bwlp target
+  shell: "{{ mltk_git_target }}/mltk stage4 -b -i"
+
+- name: mltk | Save kernel to /.kernel
+  template:
+    src: "templates/kernel.j2"
+    dest: "/.kernel"
+  when: kernel_version is defined
 
-- name: mltk | Build and install bwlp target
-  shell: "{{ mltk_git_target }}/mltk bwlp -b -i"
+- name: Copy static files
+  copy:
+    src: files/
+    dest: /
+  become: yes
diff --git a/mltk-bwlp/templates/kernel.j2 b/mltk-bwlp/templates/kernel.j2
new file mode 100644
index 0000000..57e5dc1
--- /dev/null
+++ b/mltk-bwlp/templates/kernel.j2
@@ -0,0 +1,3 @@
+version={{ kernel_version }}-openslx+
+path={{ mltk_git_target }}/var/builds/kernel/kernel
+src={{ mltk_git_target }}/tmp/work/kernel/ksrc
diff --git a/mltk-core/defaults/main.yml b/mltk-core/defaults/main.yml
new file mode 100644
index 0000000..8db13a8
--- /dev/null
+++ b/mltk-core/defaults/main.yml
@@ -0,0 +1,6 @@
+mltk_git_source:      "git://git.openslx.org/openslx-ng/mltk"
+mltk_git_target:      "/opt/build-env/mltk"
+mltk_git_branch:      "master"
+mltk_nvidia_versions: "390.143 460.73.01"
+mltk_vmware_version:  "16.1.1"
+mltk_vbox_version:    "6.1.22"
diff --git a/mltk-core/tasks/distro/Ubuntu-20.yml b/mltk-core/tasks/distro/Ubuntu-20.yml
new file mode 100644
index 0000000..23b1219
--- /dev/null
+++ b/mltk-core/tasks/distro/Ubuntu-20.yml
@@ -0,0 +1,13 @@
+- name: Add PPA chromium repo for Ubuntu 20.x
+  apt_repository:
+    repo: ppa:xalt7x/chromium-deb-vaapi
+
+- name: Pin release
+  template:
+    src: templates/pin-xalt7x-chromium-deb-vaapi.j2
+    dest: /etc/apt/preferences.d/pin-xalt7x-chromium-deb-vaapi
+
+- name: Run apt update
+  apt:
+    update_cache: yes
+
diff --git a/mltk-core/tasks/main.yml b/mltk-core/tasks/main.yml
index 95a7cd7..8440943 100644
--- a/mltk-core/tasks/main.yml
+++ b/mltk-core/tasks/main.yml
@@ -1,6 +1,4 @@
 ---
-- import_tasks: tasks/repo.yml
-
 - name: mltk | Install git
   package:
     name: git
@@ -11,4 +9,43 @@
     repo: "{{ mltk_git_source }}"
     dest: "{{ mltk_git_target }}"
     version: "{{ mltk_git_branch }}"
+    force: yes
+    update: yes
     depth: 1
+
+- name: mltk | Create mltk configuration file
+  template:
+    src: templates/mltk-config.j2
+    dest: "{{ mltk_git_target }}/config"
+
+- name: mltk | Patch virtualbox version
+  replace:
+    path: "{{ mltk_git_target }}/core/modules/vbox-src/module.conf"
+    regexp: '^(REQUIRED_VBOX_VERSION=).*'
+    replace: '\g<1>{{ mltk_vbox_version }}'
+
+- name: mltk | Patch vmware16 version
+  replace:
+    path: "{{ mltk_git_target }}/core/modules/vmware16/module.conf"
+    regexp: '^(REQUIRED_VERSION=).*'
+    replace: '\g<1>{{ mltk_vmware_version }}'
+
+- name: mltk | HACKS patch packagemanager.inc to prevent installing recommended packages
+  replace:
+    path: "{{ mltk_git_target }}/core/includes/packagemanager.inc"
+    regexp: '(apt-get install) (-y \${PKG})'
+    replace: '\1 --no-install-recommends \2'
+
+- name: mltk | HACKS patch chroot.inc to include the build environment mount point
+  replace:
+    path: "{{ mltk_git_target }}/core/includes/chroot.inc"
+    regexp: '^(declare -rg CHROOT_BINDMOUNTS=")(/dev[^"]+")'
+    replace: '\1/opt/build-env \2'
+
+- name: mltk | Distro-specific tasks
+  include_tasks: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/tasks/distro/{{ ansible_distribution }}-{{ ansible_distribution_version}}.yml"
+    - "{{ role_path }}/tasks/distro/{{ ansible_distribution }}-{{ ansible_distribution_major_version}}.yml"
+    - "{{ role_path }}/tasks/distro/{{ ansible_distribution }}.yml"
+  ignore_errors: yes
diff --git a/mltk-core/tasks/repo.yml b/mltk-core/tasks/repo.yml
deleted file mode 100644
index b16f97a..0000000
--- a/mltk-core/tasks/repo.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- set_fact:
-     mltk_git_source: "git://git.openslx.org/openslx-ng/mltk"
-     mltk_git_target: "/opt/mltk"
-     mltk_git_branch: "installer"
diff --git a/mltk-core/templates/mltk-config.j2 b/mltk-core/templates/mltk-config.j2
new file mode 100644
index 0000000..d3334cc
--- /dev/null
+++ b/mltk-core/templates/mltk-config.j2
@@ -0,0 +1,4 @@
+export http_proxy=http://132.230.4.234:8123/
+sourceforge_mirror=netcologne
+
+NVIDIA_VERSIONS="{{ mltk_nvidia_versions }}"
diff --git a/mltk-core/templates/pin-xalt7x-chromium-deb-vaapi.j2 b/mltk-core/templates/pin-xalt7x-chromium-deb-vaapi.j2
new file mode 100644
index 0000000..7adc90d
--- /dev/null
+++ b/mltk-core/templates/pin-xalt7x-chromium-deb-vaapi.j2
@@ -0,0 +1,3 @@
+Package: *
+Pin: release o=LP-PPA-xalt7x-chromium-deb-vaapi
+Pin-Priority: 1337
diff --git a/mltk-nvidia/tasks/main.yml b/mltk-nvidia/tasks/main.yml
index b5d41a6..da36344 100644
--- a/mltk-nvidia/tasks/main.yml
+++ b/mltk-nvidia/tasks/main.yml
@@ -1,3 +1,3 @@
 ---
 - name: mltk | Build and install nvidia target
-  shell: "{{ mltk_git_target }}/mltk nvidia_libs -b -i"
+  shell: "{{ mltk_git_target }}/mltk nvidia-libs@NVIDIA_VERSIONS -b -i -d"
\ No newline at end of file
diff --git a/mltk-qemu/meta/main.yml b/mltk-qemu/meta/main.yml
new file mode 100644
index 0000000..74efe31
--- /dev/null
+++ b/mltk-qemu/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: mltk-core }
diff --git a/mltk-qemu/tasks/main.yml b/mltk-qemu/tasks/main.yml
new file mode 100644
index 0000000..4eeb8ff
--- /dev/null
+++ b/mltk-qemu/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- name: mltk | Build and install qemu target
+  shell: "{{ mltk_git_target }}/mltk qemu -b -i -d"
diff --git a/mltk-vmware/meta/main.yml b/mltk-vmware/meta/main.yml
new file mode 100644
index 0000000..74efe31
--- /dev/null
+++ b/mltk-vmware/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: mltk-core }
diff --git a/mltk-vmware/tasks/main.yml b/mltk-vmware/tasks/main.yml
new file mode 100644
index 0000000..1edae4c
--- /dev/null
+++ b/mltk-vmware/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: mltk | Build and install vmware target
+  shell: "{{ mltk_git_target }}/mltk vmware -b -i -d"
+
+- name: mltk | Build and install vmware-legacy target
+  shell: "{{ mltk_git_target }}/mltk vmware-legacy -b -i -d"
+
+- name: mltk | HACK Disable pulse for vmware-legacy
+  shell: |
+    mkdir -p /opt/openslx/addons/vmware-legacy/opt/openslx/etc
+    echo /usr/share/alsa/alsa.conf.d/pulse.conf > /opt/openslx/addons/vmware-legacy/opt/openslx/etc/vmware-legacy.whiteout
diff --git a/setup-bwlp.yml b/setup-bwlp.yml
index d5cd680..6a49164 100644
--- a/setup-bwlp.yml
+++ b/setup-bwlp.yml
@@ -1,6 +1,29 @@
 ---
 - hosts: "all"
   gather_facts: yes
+  pre_tasks:
+    - name: Update packages already installed
+      apt:
+        update_cache: yes
+        upgrade: dist
+      tags: always
   roles:
-    - { role: "mltk-bwlp" }
-    - { role: "mltk-nvidia" }
+    - { role: desktop-common,        tags: core }
+    - { role: desktop-xfce4,         tags: core }
+    - { role: docker-ce,             tags: core }
+    - { role: docker-nvidia,         tags: core }
+    - { role: enable-sysrq,          tags: core }
+    - { role: journald,              tags: core }
+    - { role: singularity,           tags: core }
+    - { role: tools-base,            tags: core }
+    - { role: desktop-kde-plasma,    tags: extended }
+    - { role: desktop-i3,            tags: extended }
+    - { role: desktop-ubuntu,        tags: extended }
+    - { role: tools-extended,        tags: extended }
+    - { role: mltk-bwlp,             tags: core }
+    - { role: mltk-vmware,           tags: core }
+    - { role: mltk-qemu,             tags: core }
+    - { role: mltk-nvidia,           tags: core }
+    - { role: cleanup-apt,           tags: core }
+    - { role: cleanup-systemd,       tags: core }
+    - { role: validate-installation, tags: core }
diff --git a/singularity/tasks/main.yml b/singularity/tasks/main.yml
new file mode 100644
index 0000000..22ef647
--- /dev/null
+++ b/singularity/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: Add NeuroDebian GPG apt-key
+  apt_key:
+    keyserver: hkp://eu.pool.sks-keyservers.net:80
+    id: A5D32F012649A5A9
+  become: yes
+
+- name: Add NeuroDebian repository in /etc/apt/sources.list.d
+  get_url:
+    url: http://neuro.debian.net/lists/bionic.de-m.libre
+    dest: /etc/apt/sources.list.d/neurodebian.sources.list
+    checksum: sha256:0b8a1358a9f85aed8e3f51206caa9eb1babfcfbb00997c263c88cdcf2382b171
+    mode: 0644
+  become: yes
+
+- name: Update and install singularity-container
+  apt:
+    name: singularity-container
+    update_cache: yes
+  become: yes
diff --git a/tools-base/tasks/main.yml b/tools-base/tasks/main.yml
new file mode 100644
index 0000000..33490f7
--- /dev/null
+++ b/tools-base/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+- name: Install default packages for bwLehrpool
+  apt:
+    name: "{{ packages }}"
+    state: present
+    install_recommends: no
+  vars:
+    packages:
+      - bash-completion
+      - build-essential
+      - bridge-utils
+      - dbus-user-session
+      - dnsutils
+      - e2fslibs
+      - firefox
+      - git
+      - gparted
+      - htop
+      - iotop
+      - jq
+      - lm-sensors
+      - ltrace
+      - m4
+      - man
+      - net-tools
+      - nmap
+      - ntfs-3g
+      - screen
+      - smartmontools
+      - strace
+      - tcpdump
+      - tigervnc-xorg-extension
+      - vim
+      - wireshark
+      - xclip
+      - zenity
diff --git a/tools-extended/tasks/main.yml b/tools-extended/tasks/main.yml
new file mode 100644
index 0000000..2f799e6
--- /dev/null
+++ b/tools-extended/tasks/main.yml
@@ -0,0 +1,91 @@
+---
+- name: Install extended packages for bwLehrpool without recommended packages
+  apt:
+    name: "{{ extended_packages }}"
+    state: present
+    install_recommends: no
+  vars:
+    extended_packages:
+      - dbus-user-session
+      - dconf-editor
+      - ddcutil
+      - firefox
+      - firefox-locale-de
+      - gedit
+      - gimp
+      - gimp-help-de
+      - gfortran
+      - glib-networking
+      - gnuplot
+      - gnuplot-x11
+      - gperf
+      - gvfs
+      - gvfs-libs
+      - hunspell-de-de
+      - hyphen-de
+      - hyphen-en-us
+      - inkscape
+      - intltool
+      - kile
+      - kmouth
+      - libreoffice
+      - libreoffice-l10n-de
+      - libreoffice-help-de
+      - libreoffice-gtk2
+      - libreoffice-gtk3
+      - mc
+      - mythes-de
+      - mythes-en-us
+      - nfs-common
+      - okular
+      - okular-extra-backends
+      - quassel-client
+      - r-base
+      - samba
+      - screen
+      - scribus
+      - smbnetfs
+      - sound-icons
+      - sox
+      - squashfs-tools
+      - sshfs
+      - sysfsutils
+      - tcsh
+      - texlive
+      - texlive-full
+      - texlive-lang-german
+      - texlive-science
+      - texstudio
+      - tmux
+      - tree
+      - ubuntustudio-fonts
+      - unrar
+      - vlan
+      - vlc
+      - winbind
+      - wngerman
+      - wogerman
+      - wswiss
+      - xsltproc
+      - zlib1g
+      - ioquake3
+      - openarena
+      - openarena-server
+      - wine-stable
+      - catfish
+      - language-pack-gnome-de
+      - gnome-icon-theme-symbolic
+      - hplip
+      - lm-sensors
+
+- name: Install extended packages for bwLehrpool with recommended packages
+  apt:
+    name: "{{ extended_packages_recommended }}"
+    state: present
+  vars:
+    extended_packages_recommended:
+      - openttd
+
+- name: Install external deb packages
+  apt:
+    deb: https://sourceforge.net/projects/virtualgl/files/2.6.5/virtualgl_2.6.5_amd64.deb/download
diff --git a/validate-installation/tasks/main.yml b/validate-installation/tasks/main.yml
new file mode 100644
index 0000000..44d1720
--- /dev/null
+++ b/validate-installation/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: validate-installation | Get all users from the installed system
+  getent:
+    database: passwd
+
+- name: validate-installation | Assert that all users have an UID smaller or equal than 1000
+  fail:
+    msg: "User {{ item }} has the UID {{ getent_passwd[item].1 }} > 1000!"
+  when: ((getent_passwd[item].1 | int) > 1000) and (item != "nobody")
+  with_items:
+    - "{{ getent_passwd.keys() | list }}"
+
+- name: validate-installation | Get all groups from the installed system
+  getent:
+    database: group
+
+- name: validate-installation | Assert that all groups have a GID smaller or equal than 1000
+  fail:
+    msg: "Group {{ item }} has the GID {{ getent_group[item].1 }} > 1000!"
+  when: ((getent_group[item].1 | int) > 1000) and (item != "nogroup")
+  with_items:
+    - "{{ getent_group.keys() | list }}"