Renamed desk roles and added vars/main.yml files where mising

roles/desk-chromium/README.md

@@ -0,0 +1,29 @@
+# Chromium 🌐
+
+## Description
+
+This Ansible role installs and configures the Chromium browser along with essential security and productivity extensions. It ensures that Chromium is installed and properly set up with forced installation of uBlock Origin and the KeePassXC browser extension via Enterprise Policies, providing a secure and streamlined browsing experience.
+
+## Overview
+
+Designed for various Linux distributions, this role manages the installation of the Chromium browser using the system’s package manager. It configures Chromium's managed policies to automatically deploy key browser extensions, ensuring that users always have a secure and consistent environment. This role integrates seamlessly with other system management roles for a holistic deployment.
+
+## Purpose
+
+The purpose of this role is to automate the provisioning of a secure Chromium environment in a consistent and maintainable way. It reduces manual configuration steps and guarantees that critical browser extensions are enforced, making it ideal for both production and personal deployments.
+
+## Features
+
+- **Installs Chromium Browser:** Automatically installs the appropriate Chromium package based on the target system.
+- **Installs KeePassXC:** Ensures KeePassXC is installed for secure password management.
+- **Enforces Browser Extensions:** Configures Chromium Enterprise Policies to force-install uBlock Origin and the KeePassXC browser extension.
+- **Cross-Platform Support:** Handles package variations for multiple Linux distributions.
+- **Seamless Integration:** Provides a stable and secure browsing setup as part of broader system automation workflows.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

roles/desk-chromium/meta/main.yml

@@ -0,0 +1,35 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Automates the installation and configuration of the Chromium browser with enforced security extensions."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Debian
+      versions:
+        - stretch
+        - buster
+        - bullseye
+    - name: Ubuntu
+      versions:
+        - bionic
+        - focal
+        - jammy
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - chromium
+    - browser
+    - enterprise-policy
+    - security
+    - automation
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+dependencies: []

roles/desk-chromium/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: Update package cache (Debian/Ubuntu)
+  apt:
+    update_cache: yes
+  when: ansible_os_family == "Debian"
+
+- name: Install Chromium browser
+  package:
+    name: "{{ chromium_package }}"
+    state: present
+
+- name: Install KeePassXC
+  package:
+    name: keepassxc
+    state: present
+
+- name: Ensure Chromium policies directory exists
+  file:
+    path: /etc/chromium/policies/managed
+    state: directory
+    mode: '0755'
+
+- name: Copy the extensions policy file for Chromium
+  template:
+    src: extensions_policy.json.j2
+    dest: /etc/chromium/policies/managed/extensions_policy.json
+    mode: '0644'

roles/desk-chromium/templates/configuration.yml.j2

@@ -0,0 +1,23 @@
+# Concerning configuration options checkout:
+# https://chromeenterprise.google/policies/#ExtensionSettings
+chromium:
+  password_manager_enabled: false
+  default_installation_mode: allowed
+  plugins:
+    # UBlock Origin
+    - id: "cjpalhdlnbpafiamejdnhcphjbkeiagm"
+      update_url: "https://clients2.google.com/service/update2/crx"
+      incognito: true
+      installation_mode: "force_installed"
+
+    # KeepassXC
+    - id: "ddkjiahejlhfcafbddmgiahcphecmpfh"
+      update_url: "https://clients2.google.com/service/update2/crx"
+      incognito: false
+      installation_mode: "force_installed"
+
+    # Dark Mode Extension
+    - id: "dmghijelimhndkbmpgbldicpogfkceaj"
+      update_url: "https://clients2.google.com/service/update2/crx"
+      incognito: true
+      installation_mode: "force_installed"

roles/desk-chromium/templates/extensions_policy.json.j2

@@ -0,0 +1,20 @@
+{
+  "ExtensionInstallForcelist": [
+    {% for plugin in applications[application_id].chromium.plugins -%}
+    "{{ plugin.id }};{{ plugin.update_url }}"{% if not loop.last %},{% endif %}
+    {% endfor %}
+  ],
+  "ExtensionSettings": {
+    "*": {
+      "installation_mode": "{{ applications[application_id].default_installation_mode }}"
+    }
+    {% for plugin in applications[application_id].chromium.plugins -%},
+    "{{ plugin.id }}": {
+      "installation_mode": "{{ plugin.installation_mode }}",
+      "update_url": "{{ plugin.update_url }}",
+      "incognito_mode": "{{ 'enabled' if plugin.incognito else 'disabled' }}"
+    }
+    {% endfor %}
+  },
+  "PasswordManagerEnabled": {{ applications[application_id].password_manager_enabled }}
+}

roles/desk-chromium/vars/main.yml

@@ -0,0 +1,5 @@
+---
+
+application_id:   "chromium"
+
+chromium_package: "{{ 'chromium-browser' if ansible_os_family == 'Debian' else 'chromium' }}"