dotfiles/scripts/ansible/playbook.yml at main · RichardSlater/dotfiles · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---
- name: Debugging
  hosts: localhost
  tasks:
    - name: Operating System Family
      ansible.builtin.debug:
        var: ansible_facts['os_family']
    - name: Operating System Version
      ansible.builtin.debug:
        var: ansible_facts['distribution_version']
    - name: Debian is > 13
      ansible.builtin.debug:
        var: ansible_facts['distribution_version'] is version('13.0', '>=')

- name: Update Ubuntu/Debian system
  hosts: localhost
  become: true
  tasks:
    - name: Update and upgrade system with recovery
      block:
        - name: Update apt package index
          apt:
            update_cache: true

        - name: Upgrade all packages
          apt:
            upgrade: full

        - name: Remove unnecessary packages
          apt:
            autoremove: true
            autoclean: true

        - name: Install dependant packages
          apt:
            name: "{{ item }}"
            state: present
          loop:
            - python3-debian
            - git
            - wget
            - curl

      rescue:
        - name: Remove extra librhash1 that gets picked up incorrectly
          ansible.builtin.command: sudo dpkg --remove --force-all librhash1
          ignore_errors: true

        - name: Fix broken apt installs
          ansible.builtin.command: apt-get install --fix-broken -y
          register: fix_broken_result
          ignore_errors: true

        - name: Retry update apt package index
          apt:
            update_cache: true

        - name: Retry upgrade all packages
          apt:
            upgrade: full

        - name: Retry remove unnecessary packages
          apt:
            autoremove: true
            autoclean: true

- name: Run roles for system setup
  hosts: localhost
  become: true
  vars:
    packages:
      - dnsutils
      - btop
      - yamllint
      - jq
      - yq
      - shellcheck
      - libclang-dev
    unlisted_packages:
      - name: Dive
        source: https://github.com/wagoodman/dive/releases/download/v0.13.1/dive_0.13.1_linux_amd64.deb
    # geerlingguy.go role variables - Go 1.25.4 (latest stable as of Nov 2025)
    go_version: "1.25.4"
    go_install_clean: true
    go_checksum: "9fa5ffeda4170de60f67f3aa0f824e426421ba724c21e133c1e35d6159ca1bec"
  roles:
    - packages
    - bat
    - fzf
    - geerlingguy.go
    - gh
    - neovim
    - oh-my-posh
    - pwsh
    - tmux
    - zsh
    - wsl
    - podman

- name: Run roles for user setup
  hosts: localhost
  vars:
    rustup_user: "{{ ansible_facts['user_id'] }}"
    uv_tools:
      - pre-commit
  roles:
    - rootless-networking
    - nvm
    - bun
    - hurricanehrndz.rustup
    - cargo
    - uv
    - speckit
    - dotnet
    - copilot-cli

- name: Update Neovim Plugins (LazyVim)
  hosts: localhost
  tasks:
    - name: Check if nvim is installed
      command: which nvim
      register: nvim_check
      ignore_errors: true
      changed_when: false

    - name: Run LazyVim sync
      command: nvim --headless "+Lazy! sync" +qa
      when: nvim_check.rc == 0
      register: lazy_sync
      changed_when: "'No updates' not in lazy_sync.stdout"
      ignore_errors: true

- name: Run roles for user
  hosts: localhost
  roles:
    - role: foundry
      when: "'ensono.com' not in ansible_facts['dns'].search"
    - container-cleanup