ilia
c3e6caf9e8
All checks were successful
CI / skip-ci-check (push) Successful in 1m18s
CI / lint-and-test (push) Successful in 1m23s
CI / ansible-validation (push) Successful in 3m2s
CI / secret-scanning (push) Successful in 1m19s
CI / dependency-scan (push) Successful in 1m24s
CI / sast-scan (push) Successful in 2m32s
CI / license-check (push) Successful in 1m23s
CI / vault-check (push) Successful in 2m22s
CI / playbook-test (push) Successful in 2m25s
CI / container-scan (push) Successful in 1m51s
CI / sonar-analysis (push) Successful in 2m32s
CI / workflow-summary (push) Successful in 1m17s
### Summary
This PR refactors the playbook layout to reduce duplication and make host intent clearer (servers vs workstations), splits monitoring by host type, and restores full Zsh setup for developers while keeping servers aliases-only.
### Key changes
- **New playbooks**
- `playbooks/servers.yml`: baseline for server-class hosts (no desktop apps)
- `playbooks/workstations.yml`: baseline for dev/desktop/local + **desktop apps only on `desktop` group**
- **Monitoring split**
- `roles/monitoring_server`: server monitoring + intrusion prevention (includes `fail2ban`, sysstat)
- `roles/monitoring_desktop`: desktop-oriented monitoring tooling
- Updated playbooks to use the correct monitoring role per host type
- **Shell role: server-safe + developer-friendly**
- `roles/shell` now supports two modes:
- `shell_mode: minimal` (default): aliases-only, does not overwrite `.zshrc`
- `shell_mode: full`: installs Oh My Zsh + Powerlevel10k + plugins and deploys a managed `.zshrc`
- `playbooks/development.yml` and `playbooks/workstations.yml` use `shell_mode: full`
- `playbooks/servers.yml` remains **aliases-only**
- **Applications**
- Applications role runs only on `desktop` group (via `workstations.yml`)
- Removed Brave installs/repo management
- Added **CopyQ** to desktop apps (`applications_desktop_packages`)
- **Docs + architecture**
- Added canonical doc tree under `project-docs/` (overview/architecture/standards/workflow/decisions)
- Consolidated architecture docs: `docs/reference/architecture.md` is now a pointer to `project-docs/architecture.md`
- Fixed broken doc links by adding the missing referenced pages under `docs/`
### Behavior changes (important)
- Desktop GUI apps install **only** on the `desktop` inventory group (not on servers, not on dev VMs unless they are in `desktop`).
- Dev/workstation Zsh is now provisioned in **full mode** (managed `.zshrc` + p10k).
### How to test (local CI parity)
```bash
make test
npm test
```
Optional dry runs (interactive sudo may be required):
```bash
make check
make check-local
```
### Rollout guidance
- Apply to a single host first:
- Workstations: `make workstations HOST=<devhost>`
- Servers: `make servers HOST=<serverhost>`
- Then expand to group runs.
Reviewed-on: #4
Role: development
Description
Installs core development tools and utilities for software development. This role provides a lightweight foundation for coding without heavy data science dependencies.
For data science tools (Anaconda, Jupyter, R), see the datascience role.
Requirements
- Ansible 2.9+
- Debian/Ubuntu systems
- Root or sudo access
Installed Components
Development Tools
- git: Version control system
- build-essential: C/C++ compilation tools (gcc, g++, make)
- python3: Python 3 interpreter
- python3-pip: Python package manager
Node.js
- Node.js 22.x: Latest LTS from NodeSource
- npm: Node package manager (included with Node.js)
- Configured from official NodeSource repository
Variables
Core Settings
| Variable | Default | Description |
|---|---|---|
development_packages |
See defaults | Base packages installed by the role |
Dependencies
baserole (for core utilities)
Example Playbook
Basic Installation
- hosts: developers
roles:
- role: development
Customize packages
- hosts: developers
roles:
- role: development
vars:
development_packages:
- git
- build-essential
- python3
- python3-pip
Usage
# Install on specific host
make dev HOST=dev01
# Install only development tools (skip other roles)
ansible-playbook playbooks/development.yml --limit dev01 --tags development
Tags
development,dev: All development tasks
Post-Installation
Verify Installations
git --version
node --version
npm --version
python3 --version
Node.js Usage
# Install packages globally
npm install -g <package>
# Check Node.js version
node --version # Should show v22.x
Performance Notes
Installation Time
- Base packages: 1-2 minutes
- Node.js: 1-2 minutes
- Total: ~3-5 minutes
Disk Space
- Node.js + npm: ~100MB
- Build tools: ~50MB
- Total: ~150MB
Integration
With Data Science Role
- hosts: datascience_workstation
roles:
- role: development # Core dev tools
- role: datascience # Anaconda, Jupyter, R
With Docker
- hosts: fullstack_dev
roles:
- role: development
- role: docker
Troubleshooting
Node.js Version Issues
If Node.js doesn't upgrade to v22:
# Check current version
node --version
# Force reinstall
apt-get remove nodejs
# Re-run playbook
Notes
- Node.js 22 is the current LTS version
- NodeSource repository is configured for automatic updates
- Build tools (gcc, make) are essential for npm native modules
- Python 3 is included for development scripts
- All installations are idempotent (safe to re-run)
Comparison with Data Science Role
| Component | Development Role | Data Science Role |
|---|---|---|
| Git | ✅ | - |
| Node.js | ✅ | - |
| Build Tools | ✅ | - |
| Anaconda | ❌ | ✅ |
| Jupyter | ❌ | ✅ |
| R Language | ❌ | ✅ |
| Install Time | ~10 min | ~30-60 min |
| Disk Space | ~150MB | ~3GB |
Recommendation: Use development role for general coding. Add datascience role only when needed for data analysis/ML work.