diff --git a/.gitignore b/.gitignore index 5c199eb..15dfe74 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,100 @@ # ---> Ansible *.retry +ansible.log + +# Vault password files - CRITICAL: Never commit these! +.vault_password +.vault_pass +vault_password.txt +**/vault_password.txt +~/.ansible/vault_password.txt + +# Unencrypted vault files (safety backups) +**/vault.yml.unencrypted +**/secrets.yml.unencrypted +**/*-vault.yml.unencrypted +**/*.vault.yml.dec +**/*.decrypted + +# Fact cache +.ansible/ +/tmp/ansible_facts/ +fact_cache/ + +# Temporary files +*.tmp +*.swp +*.swo +*~ +.*.sw? + +# Local override files +local.yml +override.yml +*-local.yml +*_local.yml +local_*.yml + +# IDE and editor files +.vscode/ +.idea/ +*.iml +.project +.settings/ +*.sublime-project +*.sublime-workspace + +# OS files +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +ehthumbs.db +Thumbs.db + +# Sensitive data patterns +credentials.yml +passwords.yml +private_keys/ +*.key +*.pem +*.crt +*.csr +*.p12 +*.pfx + +# Backup files +*.bak +*.backup +*~ + +# Test and development +test_inventory/ +dev/ +scratch/ +tmp/ +.vagrant/ +*.box + +# Python +__pycache__/ +*.py[cod] +*$py.class +*.so +.Python +venv/ +ENV/ +env/ + +# Logs +*.log +logs/ + +# Claude plans (optional - remove if you want to track them) +.claude/ + +# Other +.env +.envrc diff --git a/CLAUDE.md b/CLAUDE.md deleted file mode 100644 index 95a1995..0000000 --- a/CLAUDE.md +++ /dev/null @@ -1,112 +0,0 @@ -# CLAUDE.md - -This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. - -## Project Overview - -This is an Ansible setup repository for managing system configurations. The project uses Ansible for infrastructure automation and configuration management. - -**License**: GNU Affero General Public License v3.0 (AGPL-3.0) - -## Repository Structure - -This repository is currently in early setup phase. Typical Ansible project structure includes: -- `playbooks/` - Ansible playbooks for orchestrating configurations -- `roles/` - Reusable Ansible roles -- `inventory/` - Host inventory files (hosts.ini, hosts.yml) -- `group_vars/` - Variables organized by groups -- `host_vars/` - Variables for specific hosts -- `ansible.cfg` - Ansible configuration file - -## Common Ansible Commands - -### Running Playbooks -```bash -# Run a playbook -ansible-playbook playbooks/site.yml - -# Run with specific inventory -ansible-playbook -i inventory/hosts.ini playbooks/site.yml - -# Check mode (dry run) -ansible-playbook --check playbooks/site.yml - -# Run with specific tags -ansible-playbook playbooks/site.yml --tags "web,database" - -# Run specific hosts -ansible-playbook playbooks/site.yml --limit "webservers" -``` - -### Testing and Validation -```bash -# Check playbook syntax -ansible-playbook --syntax-check playbooks/site.yml - -# List tasks in a playbook -ansible-playbook --list-tasks playbooks/site.yml - -# List hosts that will be affected -ansible-playbook --list-hosts playbooks/site.yml - -# Validate inventory -ansible-inventory --list -i inventory/hosts.ini -ansible-inventory --graph -i inventory/hosts.ini -``` - -### Ad-hoc Commands -```bash -# Ping all hosts -ansible all -m ping - -# Check disk space on all hosts -ansible all -a "df -h" - -# Gather facts from hosts -ansible all -m setup -``` - -### Ansible Vault (for sensitive data) -```bash -# Create encrypted file -ansible-vault create group_vars/production/vault.yml - -# Edit encrypted file -ansible-vault edit group_vars/production/vault.yml - -# Encrypt existing file -ansible-vault encrypt vars/secrets.yml - -# Run playbook with vault password -ansible-playbook playbooks/site.yml --ask-vault-pass -``` - -## Development Workflow - -### When Creating Playbooks -- Use YAML syntax with proper indentation (2 spaces) -- Start playbooks with descriptive names and hosts definitions -- Include `gather_facts: yes/no` explicitly -- Use `become: yes` when privilege escalation is needed -- Group related tasks using block statements -- Add meaningful task names that describe the action - -### When Creating Roles -- Follow Ansible Galaxy role structure: tasks/, handlers/, templates/, files/, vars/, defaults/, meta/ -- Keep roles focused on a single responsibility -- Use role dependencies in meta/main.yml when appropriate -- Test roles independently before integrating - -### Variables and Inventory -- Use group_vars for shared variables across host groups -- Use host_vars for host-specific configurations -- Prefer YAML format over INI for inventory when complexity grows -- Never commit sensitive data unencrypted (use ansible-vault) - -### Best Practices -- Always test with `--check` mode first -- Use handlers for service restarts and reloads -- Leverage tags for partial playbook execution -- Use templates (Jinja2) for dynamic configuration files -- Register task outputs when results are needed in subsequent tasks -- Use `changed_when` and `failed_when` to control task status reporting diff --git a/README.md b/README.md index 20e1bea..77f321a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ -# Ansible +# Ansible Setup for Fedora Workstations + +Comprehensive Ansible configuration for managing Fedora Workstation laptops. This repository provides automated configuration management for system setup, package management, security hardening, and laptop-specific optimizations. -Ansible Setup for my Systems diff --git a/workstations b/workstations deleted file mode 100644 index 176c39b..0000000 --- a/workstations +++ /dev/null @@ -1,3 +0,0 @@ -[workstations] -x1nano -x240