Add server templates and normalize role tags

ansible/roles/profile_desktop_i3/tasks/main.yml

@@ -64,6 +64,7 @@
   when: ansible_facts['hostname'] == 'nymph'
 
 - name: Enable gnome-keyring PAM auth hook
+  tags: [packages, gnome]
   ansible.builtin.lineinfile:
     path: /etc/pam.d/login
     insertafter: '^auth\s+include\s+system-local-login$'
@@ -71,6 +72,7 @@
     state: present
 
 - name: Enable gnome-keyring PAM session hook
+  tags: [packages, gnome]
   ansible.builtin.lineinfile:
     path: /etc/pam.d/login
     insertafter: '^session\s+include\s+system-local-login$'
@@ -78,6 +80,7 @@
     state: present
 
 - name: Enable gnome-keyring PAM password hook
+  tags: [packages, gnome]
   ansible.builtin.lineinfile:
     path: /etc/pam.d/login
     insertafter: '^password\s+include\s+system-local-login$'
@@ -199,6 +202,7 @@
     - "{{ user_home }}/Maildir/ProtonMailAccount"
 
 - name: Bootstrap iCloud keyring secret from Ansible vault
+  tags: [dotfiles, dotfiles:desktop, gnome]
   when: desktop_manage_icloud_keyring | default(false)
   block:
     - name: Store iCloud mail password in GNOME Keyring
@@ -308,6 +312,7 @@
         - icloud_keyring_store.rc | default(1) != 0
 
 - name: Clone st repository
+  tags: [packages]
   ansible.builtin.git:
     repo: https://codeberg.org/fscotto/st
     dest: "{{ user_home }}/.local/src/st"
@@ -318,23 +323,27 @@
   register: st_repo
 
 - name: Check whether st binary is installed
+  tags: [packages]
   ansible.builtin.stat:
     path: /usr/local/bin/st
   register: st_binary
 
 - name: Build and install st
+  tags: [packages]
   ansible.builtin.command:
     cmd: make clean install
     chdir: "{{ user_home }}/.local/src/st"
   when: st_repo.changed or not st_binary.stat.exists
 
 - name: Clean st build artifacts
+  tags: [packages]
   ansible.builtin.command:
     cmd: make clean
     chdir: "{{ user_home }}/.local/src/st"
   when: st_repo.changed or not st_binary.stat.exists
 
 - name: Ensure flathub remote is configured
+  tags: [packages]
   community.general.flatpak_remote:
     name: "{{ desktop_flatpak_remote_name | default('flathub') }}"
     state: present
@@ -342,6 +351,7 @@
   when: (desktop_flatpak_packages | default([])) | length > 0
 
 - name: Install desktop flatpak applications
+  tags: [packages]
   community.general.flatpak:
     name: "{{ desktop_flatpak_packages }}"
     state: present
@@ -350,6 +360,7 @@
   when: (desktop_flatpak_packages | default([])) | length > 0
 
 - name: Install Flatpak extensions
+  tags: [packages]
   community.general.flatpak:
     name: "{{ item }}"
     state: present
@@ -362,6 +373,7 @@
     - item | length > 0
 
 - name: Set desktop external tool release metadata
+  tags: [packages]
   ansible.builtin.set_fact:
     desktop_tools_tmp_dir: /tmp/desktop-tools
     gitmux_version: v0.11.5
@@ -380,27 +392,32 @@
       }}
 
 - name: Ensure architecture is supported for OpenCode binary
+  tags: [packages]
   ansible.builtin.fail:
     msg: "Unsupported architecture {{ ansible_facts['architecture'] }} for OpenCode release binary"
   when: opencode_asset_name == ''
 
 - name: Ensure architecture is supported for gitmux binary
+  tags: [packages]
   ansible.builtin.fail:
     msg: "Unsupported architecture {{ ansible_facts['architecture'] }} for gitmux release binary"
   when: gitmux_arch == ''
 
 - name: Ensure architecture is supported for bw binary
+  tags: [packages]
   ansible.builtin.fail:
     msg: "Unsupported architecture {{ ansible_facts['architecture'] }} for bw release binary"
   when: ansible_facts['architecture'] != 'x86_64'
 
 - name: Ensure temporary directory exists for external tools
+  tags: [packages]
   ansible.builtin.file:
     path: "{{ desktop_tools_tmp_dir }}"
     state: directory
     mode: "0755"
 
 - name: Fetch latest OpenCode release metadata
+  tags: [packages]
   ansible.builtin.uri:
     url: https://api.github.com/repos/anomalyco/opencode/releases/latest
     headers:
@@ -410,6 +427,7 @@
   changed_when: false
 
 - name: Set OpenCode release asset metadata
+  tags: [packages]
   ansible.builtin.set_fact:
     opencode_version: "{{ opencode_latest_release.json.tag_name }}"
     opencode_asset: >-
@@ -421,11 +439,13 @@
       }}
 
 - name: Ensure latest OpenCode asset metadata is available
+  tags: [packages]
   ansible.builtin.fail:
     msg: "Could not find OpenCode asset {{ opencode_asset_name }} in release {{ opencode_version }}"
   when: opencode_asset == {}
 
 - name: Download OpenCode release archive
+  tags: [packages]
   ansible.builtin.get_url:
     url: "{{ opencode_asset.browser_download_url }}"
     dest: "{{ desktop_tools_tmp_dir }}/{{ opencode_asset.name }}"
@@ -433,12 +453,14 @@
     mode: "0644"
 
 - name: Extract OpenCode release archive
+  tags: [packages]
   ansible.builtin.unarchive:
     src: "{{ desktop_tools_tmp_dir }}/{{ opencode_asset.name }}"
     dest: "{{ desktop_tools_tmp_dir }}"
     remote_src: true
 
 - name: Install OpenCode binary
+  tags: [packages]
   ansible.builtin.copy:
     src: "{{ desktop_tools_tmp_dir }}/opencode"
     dest: /usr/local/bin/opencode
@@ -448,10 +470,12 @@
     mode: "0755"
 
 - name: Set gitmux asset metadata
+  tags: [packages]
   ansible.builtin.set_fact:
     gitmux_asset: "gitmux_{{ gitmux_version }}_linux_{{ gitmux_arch }}.tar.gz"
 
 - name: Download gitmux release archive
+  tags: [packages]
   ansible.builtin.get_url:
     url: "https://github.com/arl/gitmux/releases/download/{{ gitmux_version }}/{{ gitmux_asset }}"
     dest: "{{ desktop_tools_tmp_dir }}/{{ gitmux_asset }}"
@@ -459,12 +483,14 @@
     mode: "0644"
 
 - name: Extract gitmux release archive
+  tags: [packages]
   ansible.builtin.unarchive:
     src: "{{ desktop_tools_tmp_dir }}/{{ gitmux_asset }}"
     dest: "{{ desktop_tools_tmp_dir }}"
     remote_src: true
 
 - name: Install gitmux binary
+  tags: [packages]
   ansible.builtin.copy:
     src: "{{ desktop_tools_tmp_dir }}/gitmux"
     dest: /usr/local/bin/gitmux
@@ -474,10 +500,12 @@
     mode: "0755"
 
 - name: Set bw asset metadata
+  tags: [packages]
   ansible.builtin.set_fact:
     bw_asset: "bw-linux-{{ bw_version }}.zip"
 
 - name: Download bw release archive
+  tags: [packages]
   ansible.builtin.get_url:
     url: "https://github.com/bitwarden/cli/releases/download/v{{ bw_version }}/{{ bw_asset }}"
     dest: "{{ desktop_tools_tmp_dir }}/{{ bw_asset }}"
@@ -485,12 +513,14 @@
     mode: "0644"
 
 - name: Extract bw release archive
+  tags: [packages]
   ansible.builtin.unarchive:
     src: "{{ desktop_tools_tmp_dir }}/{{ bw_asset }}"
     dest: "{{ desktop_tools_tmp_dir }}"
     remote_src: true
 
 - name: Install bw binary
+  tags: [packages]
   ansible.builtin.copy:
     src: "{{ desktop_tools_tmp_dir }}/bw"
     dest: /usr/local/bin/bw