first commit

LICENSE

@@ -0,0 +1,68 @@
+GNU LESSER GENERAL PUBLIC LICENSE
+Version 3, 29 June 2007
+
+Copyright (C) 2007 Free Software Foundation, Inc.
+https://fsf.org/
+
+Everyone is permitted to copy and distribute verbatim copies
+of this license document, but changing it is not allowed.
+
+This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+0. Additional Definitions.
+
+As used herein, “this License” refers to version 3 of the GNU Lesser
+General Public License, and the “GNU GPL” refers to version 3 of the
+GNU General Public License.
+
+“The Library” refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+An “Application” is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+
+A “Combined Work” is a work produced by combining or linking an
+Application with the Library.
+
+1. Exception to Section 3 of the GNU GPL.
+
+You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+2. Conveying Modified Versions.
+
+If you modify a copy of the Library, and the modifications relate to
+a function or data supplied by the Library, you may convey a copy of
+the modified version under this License.
+
+3. Object Code Incorporating Material from Library Header Files.
+
+The object code form of an Application may incorporate material from
+a header file that is part of the Library.
+
+4. Combined Works.
+
+You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work.
+
+5. Combined Libraries.
+
+You may place library facilities that are a work based on the Library
+side by side in a single library together with other library
+facilities that are not Applications.
+
+6. Revised Versions of the GNU Lesser General Public License.
+
+The Free Software Foundation may publish revised versions of the
+GNU Lesser General Public License from time to time.
+
+Each version is given a distinguishing version number.
+
+If the Library as you received it specifies that a certain numbered
+version of the GNU Lesser General Public License “or any later version”
+applies to it, you have the option of following the terms and conditions
+either of that published version or of any later version published by
+the Free Software Foundation.

README.md

@@ -0,0 +1,257 @@
+# Infra — Personal Infrastructure as Code
+
+Questo repository contiene la configurazione **Infrastructure as Code (IaC)** utilizzata per gestire e mantenere allineate diverse macchine personali tramite **Ansible**.
+
+L'obiettivo è avere **una singola fonte di verità** per:
+
+- configurazione delle macchine
+- pacchetti installati
+- servizi di sistema
+- configurazioni utente (dotfiles)
+
+Il repository consente di gestire più sistemi operativi e profili macchina mantenendo una struttura modulare, riproducibile e idempotente.
+
+---
+
+# Architettura del progetto
+
+```text
+infra/
+├── ansible/
+│   ├── ansible.cfg
+│   ├── site.yml
+│   ├── inventory/
+│   │   ├── hosts.yml
+│   │   ├── group_vars/
+│   │   └── host_vars/
+│   └── roles/
+│
+├── dotfiles/
+│   ├── common/
+│   ├── desktop/
+│   ├── workstation/
+│   ├── ikaros/
+│   └── nymph/
+│
+├── scripts/
+├── secrets/
+└── README.md
+```
+
+Il repository è diviso in due componenti principali:
+
+| Componente | Scopo                                  |
+| ---------- | -------------------------------------- |
+| ansible    | provisioning e configurazione macchine |
+| dotfiles   | configurazioni utente versionate       |
+
+---
+
+# Macchine gestite
+
+Il sistema attualmente gestisce tre tipologie di profilo.
+
+## Desktop
+
+Sistema operativo:
+
+- Void Linux
+
+Window manager:
+
+- i3
+
+Macchine:
+
+- `ikaros`
+- `nymph`
+
+Queste macchine condividono la stessa configurazione base desktop e vengono mantenute allineate tramite Ansible.
+
+---
+
+## Workstation
+
+Sistema operativo:
+
+- Ubuntu LTS
+
+Desktop environment:
+
+- GNOME
+
+Macchina:
+
+- `deadalus`
+
+Questo profilo è pensato per sviluppo e lavoro.
+
+---
+
+## Server
+
+Sistema operativo:
+
+- Ubuntu LTS
+
+Configurazione:
+
+- nessun ambiente grafico
+
+Macchina:
+
+- `prometheus`
+
+Profilo minimale orientato a servizi server.
+
+---
+
+# Composizione della configurazione
+
+La configurazione finale di una macchina è ottenuta combinando più livelli.
+
+```text
+common configuration
++ OS configuration
++ profile configuration
++ host overrides
+```
+
+Esempio per `ikaros`:
+
+```text
+common + void + desktop + ikaros
+```
+
+Esempio per `nymph`:
+
+```text
+common + void + desktop + nymph
+```
+
+Questo approccio consente di:
+
+- mantenere configurazioni condivise
+- applicare override specifici per host
+- evitare duplicazioni
+
+---
+
+# Ruoli Ansible
+
+I principali ruoli attualmente presenti sono:
+
+| Role                      | Descrizione                         |
+| ------------------------- | ----------------------------------- |
+| base                      | configurazione base comune          |
+| packages_void             | installazione pacchetti su Void     |
+| packages_ubuntu           | installazione pacchetti su Ubuntu   |
+| services_runit            | gestione servizi runit              |
+| services_systemd          | gestione servizi systemd            |
+| profile_desktop_i3        | configurazione desktop i3           |
+| profile_workstation_gnome | configurazione workstation GNOME    |
+| profile_server            | configurazione server               |
+| dotfiles                  | distribuzione configurazioni utente |
+
+---
+
+# Dotfiles
+
+La directory `dotfiles/` contiene le configurazioni utente versionate.
+
+```text
+dotfiles/
+├── common
+├── desktop
+├── workstation
+├── ikaros
+└── nymph
+```
+
+Le configurazioni sono applicate tramite Ansible e organizzate per livelli:
+
+| Livello | Scopo                            |
+| ------- | -------------------------------- |
+| common  | configurazioni condivise         |
+| profile | configurazioni per tipo macchina |
+| host    | override specifici               |
+
+---
+
+# Requisiti
+
+Per utilizzare il repository sono necessari:
+
+- Python 3
+- Ansible
+- accesso SSH alle macchine target
+
+Installazione Ansible:
+
+```bash
+pip install ansible
+```
+
+---
+
+# Utilizzo
+
+Eseguire il playbook principale:
+
+```bash
+ansible-playbook ansible/site.yml
+```
+
+Questo comando:
+
+- installa i pacchetti richiesti
+- configura i servizi
+- applica il profilo macchina
+- distribuisce i dotfiles
+
+---
+
+# Bootstrap di una nuova macchina
+
+Una nuova macchina può essere inizializzata con i seguenti passaggi:
+
+```bash
+git clone <repo>
+cd infra
+ansible-playbook ansible/site.yml
+```
+
+Dopo l'esecuzione del playbook la macchina verrà configurata secondo il profilo definito.
+
+---
+
+# Filosofia del progetto
+
+Il repository segue alcuni principi chiave:
+
+- Infrastructure as Code
+- configurazione dichiarativa
+- idempotenza
+- ambienti riproducibili
+- separazione tra configurazione sistema e configurazione utente
+
+Questo consente di ricreare qualsiasi macchina partendo esclusivamente dal repository.
+
+---
+
+# Roadmap
+
+Possibili evoluzioni future:
+
+- gestione segreti con `ansible-vault`
+- hardening sicurezza server
+- configurazione backup
+- testing automatico playbook
+- integrazione CI
+- supporto ad altre distribuzioni Linux
+
+---
+
+# Licenza
+
+Questo progetto è distribuito sotto licenza **LGPL-3.0**.

ansible/ansible.cfg

@@ -0,0 +1,5 @@
+[defaults]
+inventory = inventory/hosts.yml
+roles_path = roles
+host_key_checking = False
+retry_files_enabled = False

ansible/inventory/group_vars/all.yml

@@ -0,0 +1 @@
+# common variables

ansible/inventory/group_vars/desktop.yml

@@ -0,0 +1 @@
+# desktop profile variables

ansible/inventory/group_vars/server.yml

@@ -0,0 +1 @@
+# server profile variables

ansible/inventory/group_vars/ubuntu.yml

@@ -0,0 +1 @@
+# variables for Ubuntu hosts

ansible/inventory/group_vars/void.yml

@@ -0,0 +1 @@
+# variables for Void Linux hosts

ansible/inventory/group_vars/workstation.yml

@@ -0,0 +1 @@
+# workstation profile variables

ansible/inventory/host_vars/deadalus.yml

@@ -0,0 +1 @@
+# deadalus specific variables

ansible/inventory/host_vars/ikaros.yml

@@ -0,0 +1 @@
+# ikaros specific variables

ansible/inventory/host_vars/nymph.yml

@@ -0,0 +1 @@
+# nymph specific variables

ansible/inventory/host_vars/prometheus.yml

@@ -0,0 +1 @@
+# prometheus specific variables

ansible/inventory/hosts.yml

@@ -0,0 +1,24 @@
+all:
+  children:
+    void:
+      hosts:
+        ikaros:
+        nymph:
+
+    ubuntu:
+      hosts:
+        deadalus:
+        prometheus:
+
+    desktop:
+      hosts:
+        ikaros:
+        nymph:
+
+    workstation:
+      hosts:
+        deadalus:
+
+    server:
+      hosts:
+        prometheus:

ansible/roles/base/tasks/main.yml

@@ -0,0 +1 @@
+# base role tasks

ansible/roles/dotfiles/tasks/main.yml

@@ -0,0 +1 @@
+# dotfiles deployment tasks

ansible/roles/packages_ubuntu/tasks/main.yml

@@ -0,0 +1 @@
+# install packages with apt

ansible/roles/packages_void/tasks/main.yml

@@ -0,0 +1 @@
+# install packages with xbps

ansible/roles/profile_desktop_i3/tasks/main.yml

@@ -0,0 +1 @@
+# desktop profile tasks

ansible/roles/profile_server/tasks/main.yml

@@ -0,0 +1 @@
+# server profile tasks

ansible/roles/profile_workstation_gnome/tasks/main.yml

@@ -0,0 +1 @@
+# workstation profile tasks

ansible/roles/services_runit/tasks/main.yml

@@ -0,0 +1 @@
+# enable runit services

ansible/roles/services_systemd/tasks/main.yml

@@ -0,0 +1 @@
+# enable systemd services

ansible/site.yml

@@ -0,0 +1,31 @@
+---
+- name: Converge all machines
+  hosts: all
+  become: true
+
+  roles:
+    - base
+
+    - role: packages_void
+      when: "'void' in group_names"
+
+    - role: packages_ubuntu
+      when: "'ubuntu' in group_names"
+
+    - role: services_runit
+      when: "'void' in group_names"
+
+    - role: services_systemd
+      when: "'ubuntu' in group_names"
+
+    - role: profile_desktop_i3
+      when: "'desktop' in group_names"
+
+    - role: profile_workstation_gnome
+      when: "'workstation' in group_names"
+
+    - role: profile_server
+      when: "'server' in group_names"
+
+    - role: dotfiles
+      become: false