add tags + steam OK + kubectl OK

README.md

@@ -1,6 +1,6 @@
 # Debian 13 Ansible workstation installation
 
-Collection of ansible roles to provision a debian 13 workstation 
+Collection of ansible roles to provision a debian 13 workstation locally
 
 ## Configuration
 

ansible.cfg

@@ -1,4 +1,5 @@
 [defaults]
+vault_password_file = .ansible_vault_pass
 inventory = inventory.ini
 roles_path = roles
 host_key_checking = False

files/sources.list

@@ -0,0 +1,14 @@
+deb https://deb.debian.org/debian/ trixie contrib main non-free non-free-firmware
+# deb-src https://deb.debian.org/debian/ trixie contrib main non-free non-free-firmware
+
+deb https://deb.debian.org/debian/ trixie-updates contrib main non-free non-free-firmware
+# deb-src https://deb.debian.org/debian/ trixie-updates contrib main non-free non-free-firmware
+
+deb https://deb.debian.org/debian/ trixie-proposed-updates contrib main non-free non-free-firmware
+# deb-src https://deb.debian.org/debian/ trixie-proposed-updates contrib main non-free non-free-firmware
+
+deb https://deb.debian.org/debian/ trixie-backports contrib main non-free non-free-firmware
+# deb-src https://deb.debian.org/debian/ trixie-backports contrib main non-free non-free-firmware
+
+deb https://security.debian.org/debian-security/ trixie-security contrib main non-free non-free-firmware
+# deb-src https://security.debian.org/debian-security/ trixie-security contrib main non-free non-free-firmware

group_vars/all.yml

@@ -1,3 +1,45 @@
 ---
+ansible_become: true
+# ansible_become_pass: "{{ vault_ansible_become_pass }}"
+
 timezone: Europe/Paris
 ansible_user: "{{ lookup('env', 'USER') }}"
+
+common:
+  apt_update_cache: true
+  apt_upgrade: true
+
+devtools:
+  tabby_version: "1.0.215"
+  tabby_deb_url: "https://github.com/Eugeny/tabby/releases/download/v{{ tabby_version }}/tabby-{{ tabby_version }}-linux-x64.deb"
+  go_version: "1.22.1"
+  go_arch: "amd64"
+  go_tarball: "go{{ go_version }}.linux-{{ go_arch }}.tar.gz"
+  go_url: "https://go.dev/dl/{{ go_tarball }}"
+  go_install_dir: /usr/local
+
+element:
+  element_version: "1.11.73"
+  element_deb_url: "https://packages.element.io/debian/pool/main/e/element-desktop/element-desktop_{{ element_version }}_amd64.deb"
+
+ollama:
+  ollama_install_script: https://ollama.com/install.sh
+  ollama_service_name: ollama
+  ollama_user: ollama
+  ollama_bin: /usr/local/bin/ollama
+  ollama_models:
+    - llama3.2:3b
+
+opentofu:
+  opentofu_repo: https://packages.opentofu.org/opentofu/tofu/any/ any main
+  opentofu_key_url: https://packages.opentofu.org/opentofu/tofu/gpgkey
+
+wine:
+  winehq_repo_url: https://dl.winehq.org/wine-builds/debian/dists/trixie/winehq-trixie.sources
+  winehq_key_url: https://dl.winehq.org/wine-builds/winehq.key
+  winehq_keyring: /etc/apt/keyrings/winehq-archive.key
+  winehq_packages:
+    - winehq-stable
+
+kubectl:
+  kubectl_version: "1.35"

inventory.ini

@@ -3,4 +3,4 @@
 # localhost ansible_connection=local
 
 # Exexcute on distant server
-123.45.67.89 ansible_user=my_user ansible_port=2222
+192.168.0.244 ansible_user=greg ansible_port=22

playbooks/install.yml

@@ -1,7 +1,7 @@
 ---
 - name: Installation Debian 13 complète
   hosts: all
-  become: true
+  become: yes
 
   roles:
     - common
@@ -10,5 +10,8 @@
     - docker
     - podman
     - opentofu
+    - ollama
     - element
-    - wine
+    - wine
+    - steam
+    - kubectl

roles/common/tasks/main.yml

@@ -3,6 +3,7 @@
   ansible.builtin.apt:
     update_cache: true
     cache_valid_time: 3600
+  tags: common
 
 - name: Déployer /etc/apt/sources.list
   ansible.builtin.copy:
@@ -13,17 +14,19 @@
     mode: '0644'
     backup: yes
   notify: apt update
+  tags: common
 
 - name: Mettre à jour le cache APT
   ansible.builtin.apt:
     update_cache: yes
   when: apt_update_cache
+  tags: common
 
 - name: Mettre à jour tous les paquets
   ansible.builtin.apt:
     upgrade: dist
   when: apt_upgrade
-
+  tags: common
 
 - name: Paquets de base
   ansible.builtin.apt:
@@ -42,3 +45,4 @@
       - wireguard
       - python3-venv
     state: present
+  tags: common

roles/devtools/tasks/main.yml

@@ -9,9 +9,9 @@
       - linuxlogo
       - lolcat
       - vagrant
-      - links2
       - kew
     state: present
+  tags: devtools
 
 # VScodium
 - name: Ajouter la clé GPG VSCodium
@@ -19,19 +19,22 @@
     url: https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg
     dest: /usr/share/keyrings/vscodium.gpg
     mode: '0644'
+  tags: devtools
 
 - name: Ajouter le dépôt VSCodium
   ansible.builtin.apt_repository:
     repo: "deb [signed-by=/usr/share/keyrings/vscodium.gpg] https://download.vscodium.com/debs vscodium main"
     filename: vscodium
     state: present
+  tags: devtools
 
 - name: Installer VSCodium
   ansible.builtin.apt:
     name: codium
     update_cache: true
     state: present
-  tags: vscodium
+  tags: devtools
+
 
 # Tabby.sh
 - name: Télécharger Tabby
@@ -39,19 +42,19 @@
     url: "{{ tabby_deb_url }}"
     dest: /tmp/tabby.deb
     mode: '0644'
-  tags: tabby
+  tags: devtools
 
 - name: Installer Tabby
   ansible.builtin.apt:
     deb: /tmp/tabby.deb
     state: present
-  tags: tabby
+  tags: devtools
 
 - name: Vérifier si Go est déjà installé
   ansible.builtin.stat:
     path: "{{ go_install_dir }}/go/bin/go"
   register: go_installed
-  tags: go
+  tags: devtools
 
 # Go 
 - name: Télécharger Go {{ go_version }}
@@ -60,14 +63,14 @@
     dest: "/tmp/{{ go_tarball }}"
     mode: '0644'
   when: not go_installed.stat.exists
-  tags: go
+  tags: devtools
 
 - name: Supprimer ancienne installation Go
   ansible.builtin.file:
     path: "{{ go_install_dir }}/go"
     state: absent
   when: not go_installed.stat.exists
-  tags: go
+  tags: devtools
 
 - name: Installer Go {{ go_version }}
   ansible.builtin.unarchive:
@@ -75,7 +78,7 @@
     dest: "{{ go_install_dir }}"
     remote_src: true
   when: not go_installed.stat.exists
-  tags: go
+  tags: devtools
 
 - name: Ajouter Go au PATH global
   ansible.builtin.copy:
@@ -83,4 +86,4 @@
     mode: '0755'
     content: |
       export PATH=$PATH:/usr/local/go/bin
-  tags: go
+  tags: devtools

roles/kubectl/defaults/main.yml

@@ -0,0 +1,2 @@
+kubectl_version: "1.35"
+kubectl_install_path: /usr/bin

roles/kubectl/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- name: Install dependencies
+  apt:
+    name:
+      - ca-certificates
+      - curl
+      - gnupg
+    state: present
+    update_cache: yes
+  tags: kubectl
+
+- name: Create keyring directory
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: "0755"
+  tags: kubectl
+
+- name: Download Kubernetes GPG key
+  get_url:
+    url: https://pkgs.k8s.io/core:/stable:/v{{ kubectl_version }}/deb/Release.key
+    dest: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+    mode: "0644"
+  tags: kubectl
+
+- name: Add Kubernetes repository
+  apt_repository:
+    repo: >
+      deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg]
+      https://pkgs.k8s.io/core:/stable:/v{{ kubectl_version }}/deb/ /
+    state: present
+    filename: kubernetes
+  tags: kubectl
+
+- name: Install kubectl
+  apt:
+    name: kubectl
+    state: present
+    update_cache: yes
+  tags: kubectl

roles/ollama/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
 ollama_install_script: https://ollama.com/install.sh
+ollama_models: []
 ollama_service_name: ollama
-ollama_bin: /usr/local/bin/ollama
+ollama_bin: /usr/local/bin/ollama

roles/ollama/tasks/install.yml

@@ -0,0 +1,41 @@
+---
+- name: Vérifier que le système est Linux
+  assert:
+    that:
+      - ansible_facts.system == "Linux"
+    fail_msg: "Ollama est uniquement supporté sur Linux"
+  tags: ollama
+
+- name: Vérifier si Ollama est déjà installé
+  ansible.builtin.stat:
+    path: "{{ ollama_bin }}"
+  register: ollama_bin_stat
+  tags: ollama
+
+- name: Installer curl (prérequis)
+  ansible.builtin.apt:
+    name: curl
+    state: present
+    update_cache: yes
+  tags: ollama
+
+- name: Télécharger le script d’installation Ollama
+  ansible.builtin.get_url:
+    url: "{{ ollama_install_script }}"
+    dest: /tmp/ollama_install.sh
+    mode: '0755'
+  when: not ollama_bin_stat.stat.exists
+  tags: ollama
+
+- name: Installer Ollama
+  ansible.builtin.command: /tmp/ollama_install.sh
+  when: not ollama_bin_stat.stat.exists
+  notify: Restart Ollama
+  tags: ollama
+
+- name: Activer et démarrer le service Ollama
+  ansible.builtin.systemd:
+    name: "{{ ollama_service_name }}"
+    enabled: yes
+    state: started
+  tags: ollama

roles/ollama/tasks/main.yml

@@ -1,35 +1,6 @@
 ---
-- name: Vérifier que le système est Linux
-  ansible.builtin.assert:
-    that:
-      - ansible_facts['kernel'] == "Linux"
-    fail_msg: "Ollama est uniquement supporté sur Linux"
+- import_tasks: install.yml
+  tags: ollama
 
-- name: Vérifier si Ollama est déjà installé
-  ansible.builtin.stat:
-    path: "{{ ollama_bin }}"
-  register: ollama_bin_stat
-
-- name: Installer curl (prérequis)
-  ansible.builtin.apt:
-    name: curl
-    state: present
-    update_cache: yes
-
-- name: Télécharger le script d’installation Ollama
-  ansible.builtin.get_url:
-    url: "{{ ollama_install_script }}"
-    dest: /tmp/ollama_install.sh
-    mode: '0755'
-  when: not ollama_bin_stat.stat.exists
-
-- name: Installer Ollama
-  ansible.builtin.command: /tmp/ollama_install.sh
-  when: not ollama_bin_stat.stat.exists
-  notify: Restart Ollama
-
-- name: Activer et démarrer le service Ollama
-  ansible.builtin.systemd:
-    name: "{{ ollama_service_name }}"
-    enabled: yes
-    state: started
+- import_tasks: models.yml
+  tags: ollama

roles/ollama/tasks/models.yml

@@ -0,0 +1,6 @@
+- name: Pull ollama models
+  become: true
+  command: >
+    {{ ollama_bin }} pull {{ item.name }}
+  loop: "{{ ollama_models }}"
+  tags: ollama

roles/steam/tasks/main.yml

@@ -4,23 +4,21 @@
     that:
       - ansible_facts['distribution'] == "Debian"
     fail_msg: "Ce rôle est prévu uniquement pour Debian"
+  tags: steam
 
 - name: Ajouter l’architecture i386
   ansible.builtin.command: dpkg --add-architecture i386
   register: add_i386
   changed_when: add_i386.rc == 0
-
-- name: Activer contrib et non-free
-  ansible.builtin.apt_repository:
-    repo: "deb http://deb.debian.org/debian {{ ansible_facts['distribution_release'] }} main contrib non-free non-free-firmware"
-    state: present
-    filename: debian-contrib-nonfree
+  tags: steam
 
 - name: Mettre à jour le cache APT
   ansible.builtin.apt:
     update_cache: yes
+  tags: steam
 
 - name: Installer Steam
   ansible.builtin.apt:
     name: steam
     state: present
+  tags: steam

roles/wine/tasks/main.yml

@@ -4,23 +4,27 @@
     that:
       - ansible_facts['distribution'] == "Debian"
     fail_msg: "Ce rôle est prévu uniquement pour Debian"
+  tags: wine
 
 - name: Ajouter l’architecture i386
   ansible.builtin.command: dpkg --add-architecture i386
   register: add_i386
   changed_when: add_i386.rc == 0
+  tags: wine
 
 - name: Créer le dossier keyrings
   ansible.builtin.file:
     path: /etc/apt/keyrings
     state: directory
     mode: '0755'
+  tags: wine
 
 - name: Télécharger et installer la clé WineHQ
   ansible.builtin.get_url:
     url: "{{ winehq_key_url }}"
     dest: /tmp/winehq.key
     mode: '0644'
+  tags: wine
 
 - name: Convertir la clé en keyring GPG
   ansible.builtin.command: >
@@ -29,19 +33,23 @@
     /tmp/winehq.key
   args:
     creates: "{{ winehq_keyring }}"
+  tags: wine
 
 - name: Ajouter le dépôt WineHQ
   ansible.builtin.get_url:
     url: "{{ winehq_repo_url }}"
     dest: /etc/apt/sources.list.d/winehq-trixie.sources
     mode: '0644'
+  tags: wine
 
 - name: Mettre à jour le cache APT
   ansible.builtin.apt:
     update_cache: yes
+  tags: wine
 
 - name: Installer WineHQ Stable (avec recommandations)
   ansible.builtin.apt:
     name: "{{ winehq_packages }}"
     state: present
     install_recommends: yes
+  tags: wine