Wire Ubuntu server profile into playbook

AGENTS.md

@@ -8,8 +8,8 @@ Project type: Ansible-based infrastructure plus managed dotfiles.
 - Inventory: `ansible/inventory/hosts.yml`
 - Group vars: `ansible/inventory/group_vars/*.yml`
 - Host vars: `ansible/inventory/host_vars/*.yml`
-- Active roles: `dotfiles_common`, `packages_void`, `services_runit`, `profile_desktop_i3`, `packages_ubuntu`, `services_systemd`, `profile_workstation_gnome`
-- Roles present but not currently wired into `ansible/site.yml`: `base`, `dotfiles`, `profile_server`
+- Active roles: `dotfiles_common`, `packages_void`, `services_runit`, `profile_desktop_i3`, `packages_ubuntu`, `services_systemd`, `profile_workstation_gnome`, `profile_server`
+- Roles present but not currently wired into `ansible/site.yml`: `base`, `dotfiles`
 - Dotfiles source of truth: `dotfiles/`
 - Utility scripts: `scripts/`
 - Sensitive local material/examples: `secrets/`
@@ -34,8 +34,7 @@ If any of these files appear later, treat them as higher-priority local instruct
 - `all -> dotfiles_common`
 - `void -> packages_void, services_runit, profile_desktop_i3`
 - `ubuntu_workstation -> packages_ubuntu, services_systemd, profile_workstation_gnome`
-
-Ubuntu server inventory and role scaffolding still exist, but the server path is not yet orchestrated by the main playbook.
+- `ubuntu_server -> packages_ubuntu, services_systemd, profile_server`
 
 ## Build, lint, and test commands
 There is no compile/build step. Validation is based on Ansible syntax checks, inventory inspection, dry-runs, and linting.
@@ -55,9 +54,12 @@ ansible-playbook ansible/site.yml --limit ikaros
 ansible-playbook ansible/site.yml --limit nymph
 ansible-playbook ansible/site.yml --limit deadalus
 ansible-playbook ansible/site.yml --limit ubuntu_workstation
+ansible-playbook ansible/site.yml --limit prometheus
+ansible-playbook ansible/site.yml --limit ubuntu_server
 ansible-inventory --graph
 ansible-inventory --host ikaros
 ansible-inventory --host deadalus
+ansible-inventory --host prometheus
 ```
 
 Linting and static checks if available locally:

README.md

@@ -55,7 +55,7 @@ Nota sullo stato attuale del playbook principale:
 
 - `ansible/site.yml` applica oggi in automatico il profilo desktop su host Void Linux
 - `ansible/site.yml` applica anche il profilo `ubuntu_workstation` con un setup minimo basato su apt, systemd e GNOME
-- il profilo server Ubuntu resta presente in inventory e nei ruoli, ma non e ancora incluso nel playbook principale
+- `ansible/site.yml` applica anche il profilo `ubuntu_server` con una baseline minima basata su apt, systemd e profilo server
 
 ## Desktop
 
@@ -126,7 +126,11 @@ Macchina:
 
 Profilo minimale orientato a servizi server.
 
-Anche questo profilo e gia rappresentato in inventory e nei ruoli, ma non e ancora agganciato al playbook principale.
+Lo stato attuale del profilo server include:
+
+- installazione pacchetti base Ubuntu via apt
+- abilitazione dei servizi systemd dichiarati in inventory/group vars
+- esecuzione del profilo server minimale
 
 ---
 
@@ -182,19 +186,20 @@ I principali ruoli attualmente presenti sono:
 
 # Stato attuale del playbook principale
 
-Il playbook `ansible/site.yml` e attualmente composto da tre blocchi:
+Il playbook `ansible/site.yml` e attualmente composto da quattro blocchi:
 
 ```text
 all  -> dotfiles_common
 void -> packages_void + services_runit + profile_desktop_i3
 ubuntu_workstation -> packages_ubuntu + services_systemd + profile_workstation_gnome
+ubuntu_server -> packages_ubuntu + services_systemd + profile_server
 ```
 
 Questo significa che, allo stato attuale:
 
 - i desktop Void (`ikaros`, `nymph`) restano il target operativo piu completo
 - la workstation Ubuntu (`deadalus`) e ora gestita con una prima orchestrazione minima
-- inventory, gruppi e ruoli per il server Ubuntu restano nel repository come base per l'estensione futura
+- il server Ubuntu (`prometheus`) e ora agganciato al playbook principale con una baseline minima
 
 # Dotfiles
 
@@ -256,6 +261,7 @@ Allo stato attuale questo comando:
 - distribuisce i dotfiles comuni a tutti gli host
 - per gli host Void applica pacchetti, servizi runit e profilo desktop i3
 - per gli host `ubuntu_workstation` applica pacchetti Ubuntu, servizi systemd e profilo workstation GNOME minimo
+- per gli host `ubuntu_server` applica pacchetti Ubuntu, servizi systemd e profilo server minimale
 - carica `secrets/vault.yml` solo se presente
 
 Per validare prima di applicare:
@@ -264,6 +270,7 @@ Per validare prima di applicare:
 ansible-playbook ansible/site.yml --syntax-check
 ansible-playbook ansible/site.yml --limit ikaros --check --diff
 ansible-playbook ansible/site.yml --limit deadalus --check --diff
+ansible-playbook ansible/site.yml --limit prometheus --check --diff
 ```
 
 ---

ansible/inventory/group_vars/server.yml

@@ -1 +1,2 @@
-# server profile variables
+---
+profile_packages: []

ansible/inventory/host_vars/prometheus.yml

@@ -1 +1,5 @@
-# prometheus specific variables
+---
+hostname: prometheus
+
+host_packages: []
+host_enabled_services: []

ansible/roles/profile_server/tasks/main.yml

@@ -1 +1 @@
-# server profile tasks
+---

ansible/site.yml

@@ -26,3 +26,11 @@
     - packages_ubuntu
     - services_systemd
     - profile_workstation_gnome
+
+- hosts: ubuntu_server
+  become: true
+
+  roles:
+    - packages_ubuntu
+    - services_systemd
+    - profile_server