ansible/project-docs/decisions.md

Decisions (ADR-style)

2025-12-31 — Do not manage IDE/editor installs in Ansible

• Context: IDEs/editors are interactive, fast-moving, and often user-preference-driven.
• Decision: Keep editor installation (Cursor, VS Code, etc.) out of Ansible roles/playbooks.
• Consequences:
  • Faster, more stable provisioning runs
  • Less drift caused by UI tooling changes
  • Editor setup is handled separately (manual or via dedicated tooling)

2025-12-31 — Split monitoring into server vs workstation roles

• Context: Servers and workstations have different needs (e.g., fail2ban/sysstat are server-centric; wireshark-common is workstation-centric).
• Decision: Create monitoring_server and monitoring_desktop roles and wire them into servers.yml / workstation playbooks.
• Consequences:
  • Smaller install footprint on servers
  • Clearer intent and faster runs

2025-12-31 — Desktop applications are installed only on the desktop group

• Context: Desktop apps should not be installed on headless servers or dev VMs by default.
• Decision: Run role: applications only in a desktop-scoped play (workstations playbook).
• Consequences:
  • Reduced unnecessary package installs
  • Less attack surface and fewer updates on non-desktop hosts

2025-12-31 — Minimal shell role (aliases-only)

• Context: Oh-my-zsh/theme/plugin cloning is slow and overwriting .zshrc is risky.
• Decision: role: shell now manages a small alias file and ensures it’s sourced; it does not overwrite .zshrc.
• Consequences:
  • Much faster shell configuration
  • Safer for servers and multi-user systems