frpa/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2dab5d8cb9562d4671aa123d32b1c590e3d4576a
ansible/CLAUDE.md
Patrick Fraley 1be3ba7e32 Prepare Work
2025-12-27 11:25:06 +01:00

3.8 KiB
Raw Blame History

CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

Repository Purpose

Comprehensive Ansible configuration for managing Fedora Workstation laptops. Provides automated configuration management for system setup, package management, security hardening, and laptop-specific optimizations.

Common Commands

Running Playbooks

# Run main playbook against localhost
ansible-playbook -i inventory/hosts playbook.yml --ask-become-pass

# Run specific tags
ansible-playbook -i inventory/hosts playbook.yml --tags "packages,security" --ask-become-pass

# Dry run (check mode)
ansible-playbook -i inventory/hosts playbook.yml --check --diff

# Run against specific host
ansible-playbook -i inventory/hosts playbook.yml --limit hostname

# Use vault-encrypted variables
ansible-playbook -i inventory/hosts playbook.yml --ask-vault-pass

Testing and Validation

# Syntax check
ansible-playbook playbook.yml --syntax-check

# List all tasks that would be executed
ansible-playbook -i inventory/hosts playbook.yml --list-tasks

# List all hosts
ansible-playbook -i inventory/hosts playbook.yml --list-hosts

# Validate inventory
ansible-inventory -i inventory/hosts --list

Vault Operations

# Create encrypted file
ansible-vault create group_vars/all/vault.yml

# Edit encrypted file
ansible-vault edit group_vars/all/vault.yml

# Encrypt existing file
ansible-vault encrypt secrets.yml

# Decrypt file (temporary)
ansible-vault view group_vars/all/vault.yml

# Rekey vault file
ansible-vault rekey group_vars/all/vault.yml

Architecture

Standard Ansible Directory Structure

This repository follows standard Ansible best practices for a workstation management setup:

  • inventory/ - Host definitions and group variables
  • roles/ - Reusable role modules (packages, security, dotfiles, etc.)
  • group_vars/ - Variables for host groups
  • host_vars/ - Variables for specific hosts
  • playbooks/ or root playbook.yml - Main orchestration
  • files/ - Static files to be copied to hosts
  • templates/ - Jinja2 templates for configuration files

Typical Role Organization

Roles should follow the structure:

roles/role_name/
├── tasks/main.yml      # Main task list
├── handlers/main.yml   # Handlers for service restarts, etc.
├── templates/          # Jinja2 templates
├── files/              # Static files
├── vars/main.yml       # Role-specific variables
├── defaults/main.yml   # Default variables (lowest precedence)
└── meta/main.yml       # Role dependencies

Workstation Management Patterns

For Fedora workstation management, typical role categories include:

  • Base system: DNF configuration, repositories, system services
  • Packages: Software installation and updates
  • Security: Firewall, SELinux, user permissions
  • Laptop optimization: Power management, suspend/hibernate, battery optimization
  • User configuration: Dotfiles, shell setup, desktop environment
  • Development tools: Programming languages, IDEs, containers

Security Considerations

Vault Usage

  • All sensitive data (passwords, API keys, certificates) must be encrypted with ansible-vault
  • Never commit unencrypted vault files (.gitignore already configured)
  • Store vault password securely outside the repository

Privilege Escalation

  • Use become: true only when necessary
  • Prefer targeted become on specific tasks rather than entire playbooks
  • Always use --ask-become-pass when running locally for security

Testing Approach

For workstation configurations:

  1. Test in check mode first (--check --diff)
  2. Use tags to test individual components
  3. Validate on a test VM or secondary system before production workstation
  4. Keep playbooks idempotent - safe to run multiple times
Reference in New Issue View Git Blame Copy Permalink