36 lines
1.6 KiB
Markdown
36 lines
1.6 KiB
Markdown
## Decisions (ADR-style)
|
||
|
||
### 2025-12-31 — Do not manage IDE/editor installs in Ansible
|
||
|
||
- **Context**: IDEs/editors are interactive, fast-moving, and often user-preference-driven.
|
||
- **Decision**: Keep editor installation (Cursor, VS Code, etc.) out of Ansible roles/playbooks.
|
||
- **Consequences**:
|
||
- Faster, more stable provisioning runs
|
||
- Less drift caused by UI tooling changes
|
||
- Editor setup is handled separately (manual or via dedicated tooling)
|
||
|
||
### 2025-12-31 — Split monitoring into server vs workstation roles
|
||
|
||
- **Context**: Servers and workstations have different needs (e.g., fail2ban/sysstat are server-centric; wireshark-common is workstation-centric).
|
||
- **Decision**: Create `monitoring_server` and `monitoring_desktop` roles and wire them into `servers.yml` / workstation playbooks.
|
||
- **Consequences**:
|
||
- Smaller install footprint on servers
|
||
- Clearer intent and faster runs
|
||
|
||
### 2025-12-31 — Desktop applications are installed only on the `desktop` group
|
||
|
||
- **Context**: Desktop apps should not be installed on headless servers or dev VMs by default.
|
||
- **Decision**: Run `role: applications` only in a `desktop`-scoped play (workstations playbook).
|
||
- **Consequences**:
|
||
- Reduced unnecessary package installs
|
||
- Less attack surface and fewer updates on non-desktop hosts
|
||
|
||
### 2025-12-31 — Minimal shell role (aliases-only)
|
||
|
||
- **Context**: Oh-my-zsh/theme/plugin cloning is slow and overwriting `.zshrc` is risky.
|
||
- **Decision**: `role: shell` now manages a small alias file and ensures it’s sourced; it does not overwrite `.zshrc`.
|
||
- **Consequences**:
|
||
- Much faster shell configuration
|
||
- Safer for servers and multi-user systems
|
||
|