## Decisions (ADR-style)

### 2025-12-31 — Do not manage IDE/editor installs in Ansible

- **Context**: IDEs/editors are interactive, fast-moving, and often user-preference-driven.
- **Decision**: Keep editor installation (Cursor, VS Code, etc.) out of Ansible roles/playbooks.
- **Consequences**:
  - Faster, more stable provisioning runs
  - Less drift caused by UI tooling changes
  - Editor setup is handled separately (manual or via dedicated tooling)

### 2025-12-31 — Split monitoring into server vs workstation roles

- **Context**: Servers and workstations have different needs (e.g., fail2ban/sysstat are server-centric; wireshark-common is workstation-centric).
- **Decision**: Create `monitoring_server` and `monitoring_desktop` roles and wire them into `servers.yml` / workstation playbooks.
- **Consequences**:
  - Smaller install footprint on servers
  - Clearer intent and faster runs

### 2025-12-31 — Desktop applications are installed only on the `desktop` group

- **Context**: Desktop apps should not be installed on headless servers or dev VMs by default.
- **Decision**: Run `role: applications` only in a `desktop`-scoped play (workstations playbook).
- **Consequences**:
  - Reduced unnecessary package installs
  - Less attack surface and fewer updates on non-desktop hosts

### 2025-12-31 — Minimal shell role (aliases-only)

- **Context**: Oh-my-zsh/theme/plugin cloning is slow and overwriting `.zshrc` is risky.
- **Decision**: `role: shell` now manages a small alias file and ensures it’s sourced; it does not overwrite `.zshrc`.
- **Consequences**:
  - Much faster shell configuration
  - Safer for servers and multi-user systems