From f8b6d4c50204bd0f476743461c4f15e8afeac49f Mon Sep 17 00:00:00 2001 From: Fabio Scotto di Santolo Date: Thu, 12 Mar 2026 14:36:24 +0100 Subject: [PATCH] first commit --- LICENSE | 68 +++++ README.md | 257 ++++++++++++++++++ ansible/ansible.cfg | 5 + ansible/inventory/group_vars/all.yml | 1 + ansible/inventory/group_vars/desktop.yml | 1 + ansible/inventory/group_vars/server.yml | 1 + ansible/inventory/group_vars/ubuntu.yml | 1 + ansible/inventory/group_vars/void.yml | 1 + ansible/inventory/group_vars/workstation.yml | 1 + ansible/inventory/host_vars/deadalus.yml | 1 + ansible/inventory/host_vars/ikaros.yml | 1 + ansible/inventory/host_vars/nymph.yml | 1 + ansible/inventory/host_vars/prometheus.yml | 1 + ansible/inventory/hosts.yml | 24 ++ ansible/roles/.gitkeep | 0 ansible/roles/base/.gitkeep | 0 ansible/roles/base/tasks/main.yml | 1 + ansible/roles/dotfiles/.gitkeep | 0 ansible/roles/dotfiles/tasks/main.yml | 1 + ansible/roles/packages_ubuntu/.gitkeep | 0 ansible/roles/packages_ubuntu/tasks/main.yml | 1 + ansible/roles/packages_void/.gitkeep | 0 ansible/roles/packages_void/tasks/main.yml | 1 + ansible/roles/profile_desktop_i3/.gitkeep | 0 .../roles/profile_desktop_i3/tasks/main.yml | 1 + ansible/roles/profile_server/.gitkeep | 0 ansible/roles/profile_server/tasks/main.yml | 1 + .../roles/profile_workstation_gnome/.gitkeep | 0 .../profile_workstation_gnome/tasks/main.yml | 1 + ansible/roles/services_runit/.gitkeep | 0 ansible/roles/services_runit/tasks/main.yml | 1 + ansible/roles/services_systemd/.gitkeep | 0 ansible/roles/services_systemd/tasks/main.yml | 1 + ansible/site.yml | 31 +++ dotfiles/common/.gitkeep | 0 dotfiles/desktop/.gitkeep | 0 dotfiles/ikaros/.gitkeep | 0 dotfiles/nymph/.gitkeep | 0 dotfiles/workstation/.gitkeep | 0 scripts/.gitkeep | 0 secrets/.gitkeep | 0 41 files changed, 404 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 ansible/ansible.cfg create mode 100644 ansible/inventory/group_vars/all.yml create mode 100644 ansible/inventory/group_vars/desktop.yml create mode 100644 ansible/inventory/group_vars/server.yml create mode 100644 ansible/inventory/group_vars/ubuntu.yml create mode 100644 ansible/inventory/group_vars/void.yml create mode 100644 ansible/inventory/group_vars/workstation.yml create mode 100644 ansible/inventory/host_vars/deadalus.yml create mode 100644 ansible/inventory/host_vars/ikaros.yml create mode 100644 ansible/inventory/host_vars/nymph.yml create mode 100644 ansible/inventory/host_vars/prometheus.yml create mode 100644 ansible/inventory/hosts.yml create mode 100644 ansible/roles/.gitkeep create mode 100644 ansible/roles/base/.gitkeep create mode 100644 ansible/roles/base/tasks/main.yml create mode 100644 ansible/roles/dotfiles/.gitkeep create mode 100644 ansible/roles/dotfiles/tasks/main.yml create mode 100644 ansible/roles/packages_ubuntu/.gitkeep create mode 100644 ansible/roles/packages_ubuntu/tasks/main.yml create mode 100644 ansible/roles/packages_void/.gitkeep create mode 100644 ansible/roles/packages_void/tasks/main.yml create mode 100644 ansible/roles/profile_desktop_i3/.gitkeep create mode 100644 ansible/roles/profile_desktop_i3/tasks/main.yml create mode 100644 ansible/roles/profile_server/.gitkeep create mode 100644 ansible/roles/profile_server/tasks/main.yml create mode 100644 ansible/roles/profile_workstation_gnome/.gitkeep create mode 100644 ansible/roles/profile_workstation_gnome/tasks/main.yml create mode 100644 ansible/roles/services_runit/.gitkeep create mode 100644 ansible/roles/services_runit/tasks/main.yml create mode 100644 ansible/roles/services_systemd/.gitkeep create mode 100644 ansible/roles/services_systemd/tasks/main.yml create mode 100644 ansible/site.yml create mode 100644 dotfiles/common/.gitkeep create mode 100644 dotfiles/desktop/.gitkeep create mode 100644 dotfiles/ikaros/.gitkeep create mode 100644 dotfiles/nymph/.gitkeep create mode 100644 dotfiles/workstation/.gitkeep create mode 100644 scripts/.gitkeep create mode 100644 secrets/.gitkeep diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..46d7496 --- /dev/null +++ b/LICENSE @@ -0,0 +1,68 @@ +GNU LESSER GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. +https://fsf.org/ + +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. + +This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + +0. Additional Definitions. + +As used herein, “this License” refers to version 3 of the GNU Lesser +General Public License, and the “GNU GPL” refers to version 3 of the +GNU General Public License. + +“The Library” refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + +An “Application” is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. + +A “Combined Work” is a work produced by combining or linking an +Application with the Library. + +1. Exception to Section 3 of the GNU GPL. + +You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + +2. Conveying Modified Versions. + +If you modify a copy of the Library, and the modifications relate to +a function or data supplied by the Library, you may convey a copy of +the modified version under this License. + +3. Object Code Incorporating Material from Library Header Files. + +The object code form of an Application may incorporate material from +a header file that is part of the Library. + +4. Combined Works. + +You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work. + +5. Combined Libraries. + +You may place library facilities that are a work based on the Library +side by side in a single library together with other library +facilities that are not Applications. + +6. Revised Versions of the GNU Lesser General Public License. + +The Free Software Foundation may publish revised versions of the +GNU Lesser General Public License from time to time. + +Each version is given a distinguishing version number. + +If the Library as you received it specifies that a certain numbered +version of the GNU Lesser General Public License “or any later version” +applies to it, you have the option of following the terms and conditions +either of that published version or of any later version published by +the Free Software Foundation. diff --git a/README.md b/README.md new file mode 100644 index 0000000..7536bf5 --- /dev/null +++ b/README.md @@ -0,0 +1,257 @@ +# Infra — Personal Infrastructure as Code + +Questo repository contiene la configurazione **Infrastructure as Code (IaC)** utilizzata per gestire e mantenere allineate diverse macchine personali tramite **Ansible**. + +L'obiettivo è avere **una singola fonte di verità** per: + +- configurazione delle macchine +- pacchetti installati +- servizi di sistema +- configurazioni utente (dotfiles) + +Il repository consente di gestire più sistemi operativi e profili macchina mantenendo una struttura modulare, riproducibile e idempotente. + +--- + +# Architettura del progetto + +```text +infra/ +├── ansible/ +│ ├── ansible.cfg +│ ├── site.yml +│ ├── inventory/ +│ │ ├── hosts.yml +│ │ ├── group_vars/ +│ │ └── host_vars/ +│ └── roles/ +│ +├── dotfiles/ +│ ├── common/ +│ ├── desktop/ +│ ├── workstation/ +│ ├── ikaros/ +│ └── nymph/ +│ +├── scripts/ +├── secrets/ +└── README.md +``` + +Il repository è diviso in due componenti principali: + +| Componente | Scopo | +| ---------- | -------------------------------------- | +| ansible | provisioning e configurazione macchine | +| dotfiles | configurazioni utente versionate | + +--- + +# Macchine gestite + +Il sistema attualmente gestisce tre tipologie di profilo. + +## Desktop + +Sistema operativo: + +- Void Linux + +Window manager: + +- i3 + +Macchine: + +- `ikaros` +- `nymph` + +Queste macchine condividono la stessa configurazione base desktop e vengono mantenute allineate tramite Ansible. + +--- + +## Workstation + +Sistema operativo: + +- Ubuntu LTS + +Desktop environment: + +- GNOME + +Macchina: + +- `deadalus` + +Questo profilo è pensato per sviluppo e lavoro. + +--- + +## Server + +Sistema operativo: + +- Ubuntu LTS + +Configurazione: + +- nessun ambiente grafico + +Macchina: + +- `prometheus` + +Profilo minimale orientato a servizi server. + +--- + +# Composizione della configurazione + +La configurazione finale di una macchina è ottenuta combinando più livelli. + +```text +common configuration ++ OS configuration ++ profile configuration ++ host overrides +``` + +Esempio per `ikaros`: + +```text +common + void + desktop + ikaros +``` + +Esempio per `nymph`: + +```text +common + void + desktop + nymph +``` + +Questo approccio consente di: + +- mantenere configurazioni condivise +- applicare override specifici per host +- evitare duplicazioni + +--- + +# Ruoli Ansible + +I principali ruoli attualmente presenti sono: + +| Role | Descrizione | +| ------------------------- | ----------------------------------- | +| base | configurazione base comune | +| packages_void | installazione pacchetti su Void | +| packages_ubuntu | installazione pacchetti su Ubuntu | +| services_runit | gestione servizi runit | +| services_systemd | gestione servizi systemd | +| profile_desktop_i3 | configurazione desktop i3 | +| profile_workstation_gnome | configurazione workstation GNOME | +| profile_server | configurazione server | +| dotfiles | distribuzione configurazioni utente | + +--- + +# Dotfiles + +La directory `dotfiles/` contiene le configurazioni utente versionate. + +```text +dotfiles/ +├── common +├── desktop +├── workstation +├── ikaros +└── nymph +``` + +Le configurazioni sono applicate tramite Ansible e organizzate per livelli: + +| Livello | Scopo | +| ------- | -------------------------------- | +| common | configurazioni condivise | +| profile | configurazioni per tipo macchina | +| host | override specifici | + +--- + +# Requisiti + +Per utilizzare il repository sono necessari: + +- Python 3 +- Ansible +- accesso SSH alle macchine target + +Installazione Ansible: + +```bash +pip install ansible +``` + +--- + +# Utilizzo + +Eseguire il playbook principale: + +```bash +ansible-playbook ansible/site.yml +``` + +Questo comando: + +- installa i pacchetti richiesti +- configura i servizi +- applica il profilo macchina +- distribuisce i dotfiles + +--- + +# Bootstrap di una nuova macchina + +Una nuova macchina può essere inizializzata con i seguenti passaggi: + +```bash +git clone +cd infra +ansible-playbook ansible/site.yml +``` + +Dopo l'esecuzione del playbook la macchina verrà configurata secondo il profilo definito. + +--- + +# Filosofia del progetto + +Il repository segue alcuni principi chiave: + +- Infrastructure as Code +- configurazione dichiarativa +- idempotenza +- ambienti riproducibili +- separazione tra configurazione sistema e configurazione utente + +Questo consente di ricreare qualsiasi macchina partendo esclusivamente dal repository. + +--- + +# Roadmap + +Possibili evoluzioni future: + +- gestione segreti con `ansible-vault` +- hardening sicurezza server +- configurazione backup +- testing automatico playbook +- integrazione CI +- supporto ad altre distribuzioni Linux + +--- + +# Licenza + +Questo progetto è distribuito sotto licenza **LGPL-3.0**. diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..9af03de --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +inventory = inventory/hosts.yml +roles_path = roles +host_key_checking = False +retry_files_enabled = False diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml new file mode 100644 index 0000000..ee917e2 --- /dev/null +++ b/ansible/inventory/group_vars/all.yml @@ -0,0 +1 @@ +# common variables diff --git a/ansible/inventory/group_vars/desktop.yml b/ansible/inventory/group_vars/desktop.yml new file mode 100644 index 0000000..b6a14de --- /dev/null +++ b/ansible/inventory/group_vars/desktop.yml @@ -0,0 +1 @@ +# desktop profile variables diff --git a/ansible/inventory/group_vars/server.yml b/ansible/inventory/group_vars/server.yml new file mode 100644 index 0000000..0e34922 --- /dev/null +++ b/ansible/inventory/group_vars/server.yml @@ -0,0 +1 @@ +# server profile variables diff --git a/ansible/inventory/group_vars/ubuntu.yml b/ansible/inventory/group_vars/ubuntu.yml new file mode 100644 index 0000000..f43416f --- /dev/null +++ b/ansible/inventory/group_vars/ubuntu.yml @@ -0,0 +1 @@ +# variables for Ubuntu hosts diff --git a/ansible/inventory/group_vars/void.yml b/ansible/inventory/group_vars/void.yml new file mode 100644 index 0000000..c004f14 --- /dev/null +++ b/ansible/inventory/group_vars/void.yml @@ -0,0 +1 @@ +# variables for Void Linux hosts diff --git a/ansible/inventory/group_vars/workstation.yml b/ansible/inventory/group_vars/workstation.yml new file mode 100644 index 0000000..f21f166 --- /dev/null +++ b/ansible/inventory/group_vars/workstation.yml @@ -0,0 +1 @@ +# workstation profile variables diff --git a/ansible/inventory/host_vars/deadalus.yml b/ansible/inventory/host_vars/deadalus.yml new file mode 100644 index 0000000..e46e33a --- /dev/null +++ b/ansible/inventory/host_vars/deadalus.yml @@ -0,0 +1 @@ +# deadalus specific variables diff --git a/ansible/inventory/host_vars/ikaros.yml b/ansible/inventory/host_vars/ikaros.yml new file mode 100644 index 0000000..6cee1ba --- /dev/null +++ b/ansible/inventory/host_vars/ikaros.yml @@ -0,0 +1 @@ +# ikaros specific variables diff --git a/ansible/inventory/host_vars/nymph.yml b/ansible/inventory/host_vars/nymph.yml new file mode 100644 index 0000000..5419ed3 --- /dev/null +++ b/ansible/inventory/host_vars/nymph.yml @@ -0,0 +1 @@ +# nymph specific variables diff --git a/ansible/inventory/host_vars/prometheus.yml b/ansible/inventory/host_vars/prometheus.yml new file mode 100644 index 0000000..76d7bd8 --- /dev/null +++ b/ansible/inventory/host_vars/prometheus.yml @@ -0,0 +1 @@ +# prometheus specific variables diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml new file mode 100644 index 0000000..292e22b --- /dev/null +++ b/ansible/inventory/hosts.yml @@ -0,0 +1,24 @@ +all: + children: + void: + hosts: + ikaros: + nymph: + + ubuntu: + hosts: + deadalus: + prometheus: + + desktop: + hosts: + ikaros: + nymph: + + workstation: + hosts: + deadalus: + + server: + hosts: + prometheus: diff --git a/ansible/roles/.gitkeep b/ansible/roles/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/base/.gitkeep b/ansible/roles/base/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml new file mode 100644 index 0000000..cd38e91 --- /dev/null +++ b/ansible/roles/base/tasks/main.yml @@ -0,0 +1 @@ +# base role tasks diff --git a/ansible/roles/dotfiles/.gitkeep b/ansible/roles/dotfiles/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/dotfiles/tasks/main.yml b/ansible/roles/dotfiles/tasks/main.yml new file mode 100644 index 0000000..641f447 --- /dev/null +++ b/ansible/roles/dotfiles/tasks/main.yml @@ -0,0 +1 @@ +# dotfiles deployment tasks diff --git a/ansible/roles/packages_ubuntu/.gitkeep b/ansible/roles/packages_ubuntu/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/packages_ubuntu/tasks/main.yml b/ansible/roles/packages_ubuntu/tasks/main.yml new file mode 100644 index 0000000..3ad996b --- /dev/null +++ b/ansible/roles/packages_ubuntu/tasks/main.yml @@ -0,0 +1 @@ +# install packages with apt diff --git a/ansible/roles/packages_void/.gitkeep b/ansible/roles/packages_void/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/packages_void/tasks/main.yml b/ansible/roles/packages_void/tasks/main.yml new file mode 100644 index 0000000..00316d2 --- /dev/null +++ b/ansible/roles/packages_void/tasks/main.yml @@ -0,0 +1 @@ +# install packages with xbps diff --git a/ansible/roles/profile_desktop_i3/.gitkeep b/ansible/roles/profile_desktop_i3/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/profile_desktop_i3/tasks/main.yml b/ansible/roles/profile_desktop_i3/tasks/main.yml new file mode 100644 index 0000000..8fe7fd7 --- /dev/null +++ b/ansible/roles/profile_desktop_i3/tasks/main.yml @@ -0,0 +1 @@ +# desktop profile tasks diff --git a/ansible/roles/profile_server/.gitkeep b/ansible/roles/profile_server/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/profile_server/tasks/main.yml b/ansible/roles/profile_server/tasks/main.yml new file mode 100644 index 0000000..9a5973f --- /dev/null +++ b/ansible/roles/profile_server/tasks/main.yml @@ -0,0 +1 @@ +# server profile tasks diff --git a/ansible/roles/profile_workstation_gnome/.gitkeep b/ansible/roles/profile_workstation_gnome/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/profile_workstation_gnome/tasks/main.yml b/ansible/roles/profile_workstation_gnome/tasks/main.yml new file mode 100644 index 0000000..1dd15be --- /dev/null +++ b/ansible/roles/profile_workstation_gnome/tasks/main.yml @@ -0,0 +1 @@ +# workstation profile tasks diff --git a/ansible/roles/services_runit/.gitkeep b/ansible/roles/services_runit/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/services_runit/tasks/main.yml b/ansible/roles/services_runit/tasks/main.yml new file mode 100644 index 0000000..bf2a909 --- /dev/null +++ b/ansible/roles/services_runit/tasks/main.yml @@ -0,0 +1 @@ +# enable runit services diff --git a/ansible/roles/services_systemd/.gitkeep b/ansible/roles/services_systemd/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/services_systemd/tasks/main.yml b/ansible/roles/services_systemd/tasks/main.yml new file mode 100644 index 0000000..d901476 --- /dev/null +++ b/ansible/roles/services_systemd/tasks/main.yml @@ -0,0 +1 @@ +# enable systemd services diff --git a/ansible/site.yml b/ansible/site.yml new file mode 100644 index 0000000..60be5cb --- /dev/null +++ b/ansible/site.yml @@ -0,0 +1,31 @@ +--- +- name: Converge all machines + hosts: all + become: true + + roles: + - base + + - role: packages_void + when: "'void' in group_names" + + - role: packages_ubuntu + when: "'ubuntu' in group_names" + + - role: services_runit + when: "'void' in group_names" + + - role: services_systemd + when: "'ubuntu' in group_names" + + - role: profile_desktop_i3 + when: "'desktop' in group_names" + + - role: profile_workstation_gnome + when: "'workstation' in group_names" + + - role: profile_server + when: "'server' in group_names" + + - role: dotfiles + become: false diff --git a/dotfiles/common/.gitkeep b/dotfiles/common/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/dotfiles/desktop/.gitkeep b/dotfiles/desktop/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/dotfiles/ikaros/.gitkeep b/dotfiles/ikaros/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/dotfiles/nymph/.gitkeep b/dotfiles/nymph/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/dotfiles/workstation/.gitkeep b/dotfiles/workstation/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/scripts/.gitkeep b/scripts/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/secrets/.gitkeep b/secrets/.gitkeep new file mode 100644 index 0000000..e69de29