Add initial Ubuntu workstation orchestration

AGENTS.md

@@ -8,8 +8,8 @@ Project type: Ansible-based infrastructure plus managed dotfiles.
 - Inventory: `ansible/inventory/hosts.yml`
 - Group vars: `ansible/inventory/group_vars/*.yml`
 - Host vars: `ansible/inventory/host_vars/*.yml`
-- Active roles: `dotfiles_common`, `packages_void`, `services_runit`, `profile_desktop_i3`
+- Active roles: `dotfiles_common`, `packages_void`, `services_runit`, `profile_desktop_i3`, `packages_ubuntu`, `services_systemd`, `profile_workstation_gnome`
-- Roles present but not currently wired into `ansible/site.yml`: `base`, `dotfiles`, `packages_ubuntu`, `services_systemd`, `profile_workstation_gnome`, `profile_server`
+- Roles present but not currently wired into `ansible/site.yml`: `base`, `dotfiles`, `profile_server`
 - Dotfiles source of truth: `dotfiles/`
 - Utility scripts: `scripts/`
 - Sensitive local material/examples: `secrets/`
@@ -33,8 +33,9 @@ If any of these files appear later, treat them as higher-priority local instruct
 `ansible/site.yml` currently applies:
 - `all -> dotfiles_common`
 - `void -> packages_void, services_runit, profile_desktop_i3`
+- `ubuntu_workstation -> packages_ubuntu, services_systemd, profile_workstation_gnome`
 
-Inventory also defines Ubuntu workstation and server hosts, but those paths are not yet orchestrated by the main playbook.
+Ubuntu server inventory and role scaffolding still exist, but the server path is not yet orchestrated by the main playbook.
 
 ## Build, lint, and test commands
 There is no compile/build step. Validation is based on Ansible syntax checks, inventory inspection, dry-runs, and linting.
@@ -52,8 +53,11 @@ ansible-playbook ansible/site.yml --check --diff
 ansible-playbook ansible/site.yml --syntax-check
 ansible-playbook ansible/site.yml --limit ikaros
 ansible-playbook ansible/site.yml --limit nymph
+ansible-playbook ansible/site.yml --limit deadalus
+ansible-playbook ansible/site.yml --limit ubuntu_workstation
 ansible-inventory --graph
 ansible-inventory --host ikaros
+ansible-inventory --host deadalus
 ```
 
 Linting and static checks if available locally:

README.md

@@ -54,7 +54,8 @@ Il repository modella attualmente tre tipologie di profilo.
 Nota sullo stato attuale del playbook principale:
 
 - `ansible/site.yml` applica oggi in automatico il profilo desktop su host Void Linux
-- i profili workstation e server sono gia presenti in inventory e nei ruoli, ma non sono ancora inclusi nel playbook principale
+- `ansible/site.yml` applica anche il profilo `ubuntu_workstation` con un setup minimo basato su apt, systemd e GNOME
+- il profilo server Ubuntu resta presente in inventory e nei ruoli, ma non e ancora incluso nel playbook principale
 
 ## Desktop
 
@@ -99,7 +100,13 @@ Macchina:
 
 Questo profilo è pensato per sviluppo e lavoro.
 
-Il modello e la struttura dei ruoli sono presenti, ma l'orchestrazione automatica tramite `ansible/site.yml` verra completata in una fase successiva.
+Il profilo workstation Ubuntu e ora agganciato al playbook principale con una prima implementazione minima.
+
+Lo stato attuale del profilo workstation include:
+
+- installazione pacchetti base Ubuntu via apt
+- abilitazione dei servizi systemd dichiarati in inventory/group vars
+- predisposizione delle directory utente minime per il profilo workstation GNOME
 
 ---
 
@@ -175,17 +182,19 @@ I principali ruoli attualmente presenti sono:
 
 # Stato attuale del playbook principale
 
-Il playbook `ansible/site.yml` e attualmente composto da due blocchi:
+Il playbook `ansible/site.yml` e attualmente composto da tre blocchi:
 
 ```text
 all  -> dotfiles_common
 void -> packages_void + services_runit + profile_desktop_i3
+ubuntu_workstation -> packages_ubuntu + services_systemd + profile_workstation_gnome
 ```
 
 Questo significa che, allo stato attuale:
 
-- i desktop Void (`ikaros`, `nymph`) sono il target operativo principale
+- i desktop Void (`ikaros`, `nymph`) restano il target operativo piu completo
-- inventory, gruppi e ruoli per workstation Ubuntu e server Ubuntu restano nel repository come base per l'estensione futura
+- la workstation Ubuntu (`deadalus`) e ora gestita con una prima orchestrazione minima
+- inventory, gruppi e ruoli per il server Ubuntu restano nel repository come base per l'estensione futura
 
 # Dotfiles
 
@@ -246,6 +255,7 @@ Allo stato attuale questo comando:
 
 - distribuisce i dotfiles comuni a tutti gli host
 - per gli host Void applica pacchetti, servizi runit e profilo desktop i3
+- per gli host `ubuntu_workstation` applica pacchetti Ubuntu, servizi systemd e profilo workstation GNOME minimo
 - carica `secrets/vault.yml` solo se presente
 
 Per validare prima di applicare:
@@ -253,6 +263,7 @@ Per validare prima di applicare:
 ```bash
 ansible-playbook ansible/site.yml --syntax-check
 ansible-playbook ansible/site.yml --limit ikaros --check --diff
+ansible-playbook ansible/site.yml --limit deadalus --check --diff
 ```
 
 ---

ansible/inventory/group_vars/ubuntu.yml

@@ -1 +1,9 @@
-# variables for Ubuntu hosts
+---
+ubuntu_packages_base:
+  - ca-certificates
+  - curl
+  - gpg
+  - python3-apt
+  - python3-gi
+  - python3-gi-cairo
+  - software-properties-common

ansible/inventory/group_vars/workstation.yml

@@ -1 +1,17 @@
-# workstation profile variables
+---
+profile_packages:
+  - dbus-user-session
+  - gnome-keyring
+  - gnome-shell-extension-manager
+  - gnome-shell-extensions
+  - gnome-terminal
+  - gnome-tweaks
+  - seahorse
+
+workstation_user_directories:
+  - path: "{{ user_home }}/.config"
+    mode: "0755"
+  - path: "{{ user_home }}/.local"
+    mode: "0755"
+  - path: "{{ user_home }}/.local/bin"
+    mode: "0755"

ansible/inventory/host_vars/deadalus.yml

@@ -1 +1,5 @@
-# deadalus specific variables
+---
+hostname: deadalus
+
+host_packages: []
+host_enabled_services: []

ansible/inventory/hosts.yml

@@ -1,3 +1,4 @@
+---
 all:
   children:
     void:
@@ -14,6 +15,19 @@ all:
         nymph:
           ansible_connection: local
 
+    ubuntu:
+      children:
+        ubuntu_workstation:
+        ubuntu_server:
+
+    workstation:
+      children:
+        ubuntu_workstation:
+
+    server:
+      children:
+        ubuntu_server:
+
     ubuntu_workstation:
       hosts:
         deadalus:

ansible/roles/packages_ubuntu/tasks/main.yml

@@ -1 +1,18 @@
-# install packages with apt
+---
+- name: Refresh apt package cache
+  tags: [packages]
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+
+- name: Install packages on Ubuntu
+  tags: [packages]
+  ansible.builtin.apt:
+    name: >-
+      {{
+        (common_packages | default([]))
+        + (ubuntu_packages_base | default([]))
+        + (profile_packages | default([]))
+        + (host_packages | default([]))
+      }}
+    state: present

ansible/roles/profile_workstation_gnome/tasks/main.yml

@@ -1 +1,12 @@
-# workstation profile tasks
+---
+- name: Ensure workstation user directories exist
+  tags: [dotfiles, dotfiles:workstation]
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "{{ item.mode }}"
+  loop: "{{ workstation_user_directories | default([]) }}"
+  loop_control:
+    label: "{{ item.path }}"

ansible/roles/services_systemd/tasks/main.yml

@@ -1 +1,20 @@
-# enable systemd services
+---
+- name: Enable base systemd services
+  tags: [services]
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    enabled: true
+    state: started
+  loop: "{{ enabled_services | default([]) }}"
+  loop_control:
+    label: "{{ item }}"
+
+- name: Enable host systemd services
+  tags: [services]
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    enabled: true
+    state: started
+  loop: "{{ host_enabled_services | default([]) }}"
+  loop_control:
+    label: "{{ item }}"

ansible/site.yml

@@ -18,3 +18,11 @@
     - packages_void
     - services_runit
     - profile_desktop_i3
+
+- hosts: ubuntu_workstation
+  become: true
+
+  roles:
+    - packages_ubuntu
+    - services_systemd
+    - profile_workstation_gnome