diff --git a/ansible/roles/pds_desktop_deb/tasks/main.yml b/ansible/roles/pds_desktop_deb/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..992c829a342b3fbde8841d474a6a0b7e74aecea2
--- /dev/null
+++ b/ansible/roles/pds_desktop_deb/tasks/main.yml
@@ -0,0 +1,85 @@
+---
+- name: "Install GUI"
+  apt:
+    pkg:
+      - task-desktop
+      - gdm3
+      - lxqt
+      - gnome-core
+      - gnome
+      - kde-standard
+      - alsa-utils
+      - firefox-esr
+      - thunderbird
+      - fonts-symbola
+      - fonts-crosextra-caladea
+      - fonts-crosextra-carlito
+      - fonts-dejavu
+      - fonts-liberation2
+      - fonts-linuxlibertine
+      - fonts-noto-core
+      - fonts-noto-extra
+      - fonts-noto-ui-core
+      - fonts-sil-gentium-basic
+      - xdg-utils
+      - libreoffice
+      - libreoffice-gnome
+      - libreoffice-qt5
+      - libreoffice-plasma
+      - mythes-en-us
+      - xsane
+      - gnupg
+      - ghostscript
+      - imagemagick
+      - gnome-screensaver
+
+    install_recommends: false
+
+
+- name:
+  apt:
+    state: absent
+    pkg:
+      - xscreensaver
+      - i3lock
+
+- name: "Set gdm3 as display manager"
+  debconf:
+    name: "gdm3"
+    question: "shared/default-x-display-manager"
+    value: "gdm3"
+    vtype: "select"
+
+- name: "Set gdm3 to be display-manager.service"
+  file:
+    state: "link"
+    path: "/etc/systemd/system/display-manager.service"
+    src: "/lib/systemd/system/gdm3.service"
+  register: dm_service
+
+- name: "Reload systemd after display manager change"
+  systemd:
+    daemon_reload: true
+  when: dm_service.changed
+
+- name: "Enable login screen"
+  systemd:
+    name: display-manager
+    state: started
+    enabled: true
+
+- name: "Polkit config dir"
+  file:
+    state: directory
+    path: /etc/polkit-1/localauthority/50-local.d
+
+- name: "Disable power management"
+  copy:
+    dest: /etc/polkit-1/localauthority/50-local.d/restrict-login-powermgmt.pkla
+    content: |
+        [Disable display manager power management]
+        Identity=unix-user:*
+        Action= org.freedesktop.login1.halt;org.freedesktop.login1.halt-ignore-inhibit;org.freedesktop.login1.halt-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-ignore-inhibit;org.freedesktop.login1.hibernate-multiple-sessions;org.freedesktop.login1.power-off;org.freedesktop.login1.power-off-ignore-inhibit;org.freedesktop.login1.power-off-multiple-sessions;org.freedesktop.login1.reboot;org.freedesktop.login1.reboot-ignore-inhibit;org.freedesktop.login1.reboot-multiple-sessions;org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-ignore-inhibit;org.freedesktop.login1.suspend-multiple-sessions
+        ResultAny=no
+        ResultInactive=no
+        ResultActive=no