From 63ab9f8c49ae9010f9178d5b92e55796778785e0 Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Mon, 20 Apr 2026 22:35:34 +0200 Subject: [PATCH 01/14] add teams --- README.md | 1 + playbooks/lab-stack.yml | 3 +++ roles/teams_for_linux/defaults/main.yml | 5 +++++ roles/teams_for_linux/tasks/main.yml | 22 ++++++++++++++++++++++ 4 files changed, 31 insertions(+) create mode 100644 roles/teams_for_linux/defaults/main.yml create mode 100644 roles/teams_for_linux/tasks/main.yml diff --git a/README.md b/README.md index 98addb1..d41ec8d 100644 --- a/README.md +++ b/README.md @@ -101,6 +101,7 @@ ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags languagetool ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags quarto ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags chrome ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags vscode +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags teams ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags desktop ``` diff --git a/playbooks/lab-stack.yml b/playbooks/lab-stack.yml index 208c2fc..ce70d9b 100644 --- a/playbooks/lab-stack.yml +++ b/playbooks/lab-stack.yml @@ -35,5 +35,8 @@ - role: vscode tags: [vscode] + - role: teams_for_linux + tags: [teams] + - role: desktop_gnome tags: [desktop] diff --git a/roles/teams_for_linux/defaults/main.yml b/roles/teams_for_linux/defaults/main.yml new file mode 100644 index 0000000..1dc6a52 --- /dev/null +++ b/roles/teams_for_linux/defaults/main.yml @@ -0,0 +1,5 @@ +--- +teams_for_linux_key_url: https://repo.teamsforlinux.de/teams-for-linux.asc +teams_for_linux_repo_url: https://repo.teamsforlinux.de/rpm/teams-for-linux.repo +teams_for_linux_repo_file: /etc/yum.repos.d/teams-for-linux.repo +teams_for_linux_package: teams-for-linux diff --git a/roles/teams_for_linux/tasks/main.yml b/roles/teams_for_linux/tasks/main.yml new file mode 100644 index 0000000..ac98ae2 --- /dev/null +++ b/roles/teams_for_linux/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: Download Teams for Linux repository signing key + ansible.builtin.get_url: + url: "{{ teams_for_linux_key_url }}" + dest: /tmp/teams-for-linux.asc + mode: '0644' + +- name: Import Teams for Linux repository signing key + ansible.builtin.rpm_key: + key: /tmp/teams-for-linux.asc + state: present + +- name: Download Teams for Linux repository file + ansible.builtin.get_url: + url: "{{ teams_for_linux_repo_url }}" + dest: "{{ teams_for_linux_repo_file }}" + mode: '0644' + +- name: Install Teams for Linux + ansible.builtin.dnf: + name: "{{ teams_for_linux_package }}" + state: present From 7d1e1297ecda1b0c023f5d3387c59fbe9454f91f Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Thu, 23 Apr 2026 16:38:34 +0200 Subject: [PATCH 02/14] draft --- LICENSE | 21 ++++ Makefile | 4 - README.md | 250 +------------------------------------- docs/.gitignore | 2 + docs/_quarto.yml | 51 ++++++++ docs/ansible_setup.qmd | 68 +++++++++++ docs/backup.qmd | 11 ++ docs/baseline.qmd | 40 ++++++ docs/chrome.qmd | 5 + docs/data_management.qmd | 12 ++ docs/docker.qmd | 5 + docs/ext_data_sources.qmd | 28 +++++ docs/grobid.qmd | 5 + docs/index.qmd | 58 +++++++++ docs/install_os.qmd | 19 +++ docs/languagetool.qmd | 53 ++++++++ docs/llm.qmd | 46 +++++++ docs/migration.qmd | 5 + docs/ocr.qmd | 5 + docs/principles.qmd | 5 + docs/quarto.qmd | 29 +++++ docs/repo_structure.qmd | 5 + docs/restore.qmd | 10 ++ docs/styles.css | 32 +++++ docs/teams.qmd | 5 + docs/thunderbird.qmd | 23 ++++ docs/troubleshooting.qmd | 5 + docs/updates.qmd | 9 ++ docs/virtualbox.qmd | 5 + docs/vscode.qmd | 5 + 30 files changed, 573 insertions(+), 248 deletions(-) create mode 100644 LICENSE delete mode 100644 Makefile create mode 100644 docs/.gitignore create mode 100644 docs/_quarto.yml create mode 100644 docs/ansible_setup.qmd create mode 100644 docs/backup.qmd create mode 100644 docs/baseline.qmd create mode 100644 docs/chrome.qmd create mode 100644 docs/data_management.qmd create mode 100644 docs/docker.qmd create mode 100644 docs/ext_data_sources.qmd create mode 100644 docs/grobid.qmd create mode 100644 docs/index.qmd create mode 100644 docs/install_os.qmd create mode 100644 docs/languagetool.qmd create mode 100644 docs/llm.qmd create mode 100644 docs/migration.qmd create mode 100644 docs/ocr.qmd create mode 100644 docs/principles.qmd create mode 100644 docs/quarto.qmd create mode 100644 docs/repo_structure.qmd create mode 100644 docs/restore.qmd create mode 100644 docs/styles.css create mode 100644 docs/teams.qmd create mode 100644 docs/thunderbird.qmd create mode 100644 docs/troubleshooting.qmd create mode 100644 docs/updates.qmd create mode 100644 docs/virtualbox.qmd create mode 100644 docs/vscode.qmd diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..263d6c3 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025, Gerit Wagner and Julian Prester + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Makefile b/Makefile deleted file mode 100644 index 91bb8ef..0000000 --- a/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -.PHONY: lab-stack - -lab-stack: - ansible-playbook -K playbooks/lab-stack.yml diff --git a/README.md b/README.md index d41ec8d..13fefe0 100644 --- a/README.md +++ b/README.md @@ -1,250 +1,12 @@ # Workstation setup -## Overview +See the [docs](https://fs-ise.github.io/workstation-setup/) -```mermaid -flowchart LR - %% External infrastructure (outside the subgraphs) - GH[(GitHub)] - BK[(HDD Backup)] - NC[(Nextcloud)] - A[("workstation-setup
(ansible)
this repository")] +## Acknowledgment - %% Day-to-day flow - subgraph Daily["Day-to-day"] - AUpd["Update software/config"] <--> S[Backup and sync] - end - A <--> AUpd - S -- ~/* --> BK - S <-- ~/repos* --> GH - S <-- ~/Nextcloud* --> NC +This project reflects major contributions by Carlo Tang. - %% New machine flow - subgraph New["New machine"] - OS[Install OS] - OS --> AInst["Install/config software"] --> R - R[Restore data] - end - A --> AInst +## License - BK --> R - GH --> R - NC --> R - - %% Styling - classDef highlight fill:#ffec99,stroke:#f08c00,stroke-width:3px,color:#1b1b1b; - classDef muted fill:#f6f7f9,stroke:#c9ced6,stroke-width:1px,color:#2b2b2b; - - class A highlight; - class GH,BK,NC,AUpd,S,OS,AInst,R muted; - - %% Optional: soften subgraph borders - style Daily fill:#ffffff,stroke:#d0d5dd,stroke-width:1px; - style New fill:#ffffff,stroke:#d0d5dd,stroke-width:1px; - -``` - -Install ansible and clone the repository - -```sh -sudo dnf -y install git ansible-core python3-pip -ansible --version -git --version -``` - -Ansible collections - -```sh -ansible-galaxy collection install community.general community.docker -``` - -Clone workstation-setup repository - -```sh -git clone git@github.com:fs-ise/workstation-setup.git -``` - -Enable SSH server on remote host (by default disabled on Fedora Workstation) -``` -# Run this command manually on the remote host -sudo systemctl enable --now sshd -``` - -Install/update software - -```sh -cd workstation-setup - -# copy host_vars/localhost.yml.example to host_vars/localhost.yml - -cat << EOF > inventory -[local] -localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3 -EOF - -ansible-playbook -i inventory -K playbooks/lab-stack.yml - -# upon dnf config-manager: command not found -sudo dnf -y install dnf-plugins-core -ansible-playbook -i inventory -K playbooks/lab-stack.yml -``` - -Run only one role: - -```sh -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags baseline -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags ocr -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags virtualbox -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags docker -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags grobid -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags languagetool -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags quarto -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags chrome -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags vscode -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags teams -ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags desktop -``` - -You can also combine tags, e.g. `--tags baseline,docker,grobid,vscode`. - -## Day-to-day - -### Update software and configuration - -In this Ansible setup repository. - -### Backup and sync - -Assumes a particular structure of directories - -- Nextcloud (shared and personal dirs) -- repos -- workstation (local / symlinks / GTD) - -## New machine - -### Install OS - -Install Fedora Workstation - -* Workstation includes the GNOME (vanilla) Desktop Environment -* Get it [here](https://fedoraproject.org/workstation/download/) - -Advantages of Fedora: - -* parallel downloads for faster updates -* delta RPMs to save bandwidth -* modular system for version control -* persistent metadata caching -* undoable transactions -* simpler and easier-to-remember commands - -There are more but these make DNF much more convenient than APT. - -### Install and configure software - -In the workstation-setup repository, run `make lab-stack`. - -**Manual tasks** - -- Set up SSH and register on GitHub - -```sh -ssh-keygen -t ed25519 -a 64 -C "your-email@institution.edu" -ssh-add ~/.ssh/id_ed25519 -cat ~/.ssh/id_ed25519.pub | wl-copy -# add in GitHub settings/ssh -``` - -- Set up GPG and register on GitHub ([instructions](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)) - -**Tests** - -```sh -git config --global user.name -git config --global user.email - -docker version -docker run --rm hello-world - -ssh -V -ls -la ~/.ssh/*.pub 2>/dev/null || echo "No SSH public keys found" -ssh-add -l || true -ssh -T git@github.com - -quarto --version -quarto check -``` - -Quarto test - -```sh -mkdir -p ~/tmp-quarto-test && cd ~/tmp-quarto-test -cat > test.qmd <<'EOF' ---- -title: "Lab Stack Test" -format: html ---- - -## It works - -- Quarto: `r quarto::quarto_version()` (if R is installed) -- Docker: tested separately -- Git: configured -EOF - -quarto render test.qmd -ls -la -``` - -Languagetool test - -```shell -curl -d "text=This are bad sentence.&language=en-US" http://localhost:8081/v2/check -``` - -Chrome: Advanced settings (only for professional users) - LanguageTool server: Local server - -Test: should return no match for `fs-ise`: - -```shell -curl -s -X POST "http://127.0.0.1:8081/v2/check" \ - -H "Content-Type: application/x-www-form-urlencoded" \ - --data "text=This is fs-ise and it should not be flagged.&language=en-US" \ - | jq '.matches' -``` - -### Restore data - -- `workstation` and `repos` from HDD -- `Nextcloud`: through sync -- Directories (e.g., Thunderbird/including extensions) - -TODO : restoring individual files (link video/explanation?) - -## External data sources - -### HDD backup - -Covers all files in `/home/username` (including Nextcloud and Git repositories) - -Based on Vorta/Borg - -- Protects against ransomware / cloud account compromise -- HDD: versioned snapshots -- HDD backups are encrypted -- HDDs are disconnected (different weekly / monthly / annual HDDs) - -### GitHub - -Serves as a synchronization mechanism. Repositories can be private or public. Git repositories can be local only. Repositories are also backed up on HDD. - -Additional "backup copy" (even synced across devices) - -### Nextcloud - -Serves as a synchronization mechanism. Nextcloud data is also backed up on HDD. - -Files (e.g., PDFs and media files that are not in git repositories or zipped archives of git repositories for completed projects; ideally stable, without symlinks, no unzipped git repositories; shared or personal) - -Additional "backup copy" +This project is distributed under the [MIT License](LICENSE) the documentation is distributed under the [CC-0](https://creativecommons.org/publicdomain/zero/1.0/) license. +If you contribute to the project, you agree to share your contribution following these licenses. diff --git a/docs/.gitignore b/docs/.gitignore new file mode 100644 index 0000000..67f9f12 --- /dev/null +++ b/docs/.gitignore @@ -0,0 +1,2 @@ +/.quarto/ +/_site/ \ No newline at end of file diff --git a/docs/_quarto.yml b/docs/_quarto.yml new file mode 100644 index 0000000..6780416 --- /dev/null +++ b/docs/_quarto.yml @@ -0,0 +1,51 @@ +project: + type: website + +website: + title: "workstation-setup" + sidebar: + contents: + - href: index.qmd + text: Home + + - section: Setup + contents: + - install_os.qmd + - ansible_setup.qmd + + - section: Configuration + contents: + - baseline.qmd + - thunderbird.qmd + - chrome.qmd + - vscode.qmd + - teams.qmd + - docker.qmd + - virtualbox.qmd + - quarto.qmd + - ocr.qmd + - grobid.qmd + - languagetool.qmd + - llm.qmd + + - section: Operations + contents: + - updates.qmd + - data_management.qmd + - backup.qmd + - restore.qmd + - migration.qmd + + - section: Reference + contents: + - repo_structure.qmd + - principles.qmd + - troubleshooting.qmd + +format: + html: + theme: + - cosmo + - brand + css: styles.css + toc: false \ No newline at end of file diff --git a/docs/ansible_setup.qmd b/docs/ansible_setup.qmd new file mode 100644 index 0000000..f9f248b --- /dev/null +++ b/docs/ansible_setup.qmd @@ -0,0 +1,68 @@ +--- +title: "Ansible setup" +--- + +Install ansible and clone the repository + +```sh +sudo dnf -y install git ansible-core python3-pip +ansible --version +git --version +``` + +Ansible collections + +```sh +ansible-galaxy collection install community.general community.docker +``` + +Clone workstation-setup repository + +```sh +git clone git@github.com:fs-ise/workstation-setup.git +``` + +Enable SSH server on remote host (by default disabled on Fedora Workstation) + +```sh +# Run this command manually on the remote host +sudo systemctl enable --now sshd +``` + +Install/update software + +```sh +cd workstation-setup + +# copy host_vars/localhost.yml.example to host_vars/localhost.yml + +cat << EOF > inventory +[local] +localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3 +EOF + +ansible-playbook -i inventory -K playbooks/lab-stack.yml + +# upon dnf config-manager: command not found +sudo dnf -y install dnf-plugins-core +ansible-playbook -i inventory -K playbooks/lab-stack.yml +``` + +Run only one role: + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags baseline +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags ocr +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags virtualbox +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags docker +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags local_llm +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags grobid +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags languagetool +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags quarto +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags chrome +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags vscode +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags teams +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags desktop +``` + +You can also combine tags, e.g. `--tags baseline,docker,grobid,vscode`. diff --git a/docs/backup.qmd b/docs/backup.qmd new file mode 100644 index 0000000..f7333c5 --- /dev/null +++ b/docs/backup.qmd @@ -0,0 +1,11 @@ +--- +title: "Backup" +--- + +## Backup and sync + +Assumes a particular structure of directories + +- Nextcloud (shared and personal dirs) +- repos +- workstation (local / symlinks / GTD) \ No newline at end of file diff --git a/docs/baseline.qmd b/docs/baseline.qmd new file mode 100644 index 0000000..4f08085 --- /dev/null +++ b/docs/baseline.qmd @@ -0,0 +1,40 @@ +--- +title: "Baseline" +--- + + +::: {.callout-manual} +**πŸ”§ Manual setup and configuration** + +- Set up SSH and register on GitHub + +```sh +ssh-keygen -t ed25519 -a 64 -C "your-email@institution.edu" +ssh-add ~/.ssh/id_ed25519 +cat ~/.ssh/id_ed25519.pub | wl-copy +# add in GitHub settings/ssh +``` + +- Set up GPG and register on GitHub ([instructions](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)) +::: + + +::: {.callout-check} +**βœ… Check** + +```sh +git config --global user.name +git config --global user.email + +docker version +docker run --rm hello-world + +ssh -V +ls -la ~/.ssh/*.pub 2>/dev/null || echo "No SSH public keys found" +ssh-add -l || true +ssh -T git@github.com +``` +::: + + +TODO/TBD: integrate the desktop-gnome role? / extract thunderbird? \ No newline at end of file diff --git a/docs/chrome.qmd b/docs/chrome.qmd new file mode 100644 index 0000000..4ea914f --- /dev/null +++ b/docs/chrome.qmd @@ -0,0 +1,5 @@ +--- +title: "Chrome" +--- + +TODO (extensions (automated?) + shortcuts? - TBD: extract from baseline?) \ No newline at end of file diff --git a/docs/data_management.qmd b/docs/data_management.qmd new file mode 100644 index 0000000..256fd06 --- /dev/null +++ b/docs/data_management.qmd @@ -0,0 +1,12 @@ +--- +title: "Manage data" +--- + +TODO: + +- principles (what to store where/in line with backup strategy) +- where to store confidential data/encrypt +- where to store personal dotfiles and sensitive keys (best practices) +- maybe even data lake + dense vector database (with search/indexing setup?) + +Emergency USB Sticks (passwords, keys, setup) - keep one or two copies separate from the laptop (bag) \ No newline at end of file diff --git a/docs/docker.qmd b/docs/docker.qmd new file mode 100644 index 0000000..21d7b44 --- /dev/null +++ b/docs/docker.qmd @@ -0,0 +1,5 @@ +--- +title: "Docker" +--- + +TODO \ No newline at end of file diff --git a/docs/ext_data_sources.qmd b/docs/ext_data_sources.qmd new file mode 100644 index 0000000..02900dd --- /dev/null +++ b/docs/ext_data_sources.qmd @@ -0,0 +1,28 @@ +--- +title: "External data sources" +--- + +### HDD backup + +Covers all files in `/home/username` (including Nextcloud and Git repositories) + +Based on Vorta/Borg + +- Protects against ransomware / cloud account compromise +- HDD: versioned snapshots +- HDD backups are encrypted +- HDDs are disconnected (different weekly / monthly / annual HDDs) + +### GitHub + +Serves as a synchronization mechanism. Repositories can be private or public. Git repositories can be local only. Repositories are also backed up on HDD. + +Additional "backup copy" (even synced across devices) + +### Nextcloud + +Serves as a synchronization mechanism. Nextcloud data is also backed up on HDD. + +Files (e.g., PDFs and media files that are not in git repositories or zipped archives of git repositories for completed projects; ideally stable, without symlinks, no unzipped git repositories; shared or personal) + +Additional "backup copy" diff --git a/docs/grobid.qmd b/docs/grobid.qmd new file mode 100644 index 0000000..bf41d0a --- /dev/null +++ b/docs/grobid.qmd @@ -0,0 +1,5 @@ +--- +title: "GROBID" +--- + +TODO: show shortcut, link and explain \ No newline at end of file diff --git a/docs/index.qmd b/docs/index.qmd new file mode 100644 index 0000000..2a26f7d --- /dev/null +++ b/docs/index.qmd @@ -0,0 +1,58 @@ +--- +title: "workstation-setup" +--- + +This repository documents a structured, reproducible workstation setup used in the [FS-ISE Lab](https://fs-ise.github.io/handbook/). +It brings together operating system installation, software provisioning, data management, and day-to-day workflows into a single, automated pipeline based on Ansible. +The goal is twofold: + +1. to provide a reliable and transparent setup for research and knowledge work within the lab, and +2. to offer a reusable blueprint that others can adapt to their own environments. + +By combining infrastructure-as-code with documented practices (from initial machine setup to ongoing operations), +the project aims to reduce setup friction, improve consistency across devices, and make workstation configurations easier to share, reproduce, and evolve. + +## Overview + +```{mermaid} +flowchart LR + %% External infrastructure (outside the subgraphs) + GH[(GitHub)] + BK[(HDD Backup)] + NC[(Nextcloud)] + A[("workstation-setup
(ansible)
this repository")] + + %% Day-to-day flow + subgraph Daily["Day-to-day"] + AUpd["Update software/config"] <--> S[Backup and sync] + end + A <--> AUpd + S -- ~/* --> BK + S <-- ~/repos* --> GH + S <-- ~/Nextcloud* --> NC + + %% New machine flow + subgraph New["New machine"] + OS[Install OS] + OS --> AInst["Install/config software"] --> R + R[Restore data] + end + A --> AInst + + BK --> R + GH --> R + NC --> R + + %% Styling + classDef highlight fill:#ffec99,stroke:#f08c00,stroke-width:3px,color:#1b1b1b; + classDef muted fill:#f6f7f9,stroke:#c9ced6,stroke-width:1px,color:#2b2b2b; + + class A highlight; + class GH,BK,NC,AUpd,S,OS,AInst,R muted; + + %% Optional: soften subgraph borders + style Daily fill:#ffffff,stroke:#d0d5dd,stroke-width:1px; + style New fill:#ffffff,stroke:#d0d5dd,stroke-width:1px; + +``` + diff --git a/docs/install_os.qmd b/docs/install_os.qmd new file mode 100644 index 0000000..7842e37 --- /dev/null +++ b/docs/install_os.qmd @@ -0,0 +1,19 @@ +--- +title: "Install OS" +--- + +Install Fedora Workstation + +* Workstation includes the GNOME (vanilla) Desktop Environment +* Get it [here](https://fedoraproject.org/workstation/download/) + +Advantages of Fedora: + +* parallel downloads for faster updates +* delta RPMs to save bandwidth +* modular system for version control +* persistent metadata caching +* undoable transactions +* simpler and easier-to-remember commands + +There are more but these make DNF much more convenient than APT. diff --git a/docs/languagetool.qmd b/docs/languagetool.qmd new file mode 100644 index 0000000..12c0d24 --- /dev/null +++ b/docs/languagetool.qmd @@ -0,0 +1,53 @@ +--- +title: "Languagetool" +--- + +::: {.callout-check} +**βœ… Check** + +```sh +curl -s -o /dev/null -w "%{http_code}\n" \ + -d "text=Test sentence.&language=en-US" \ + http://localhost:8081/v2/check +``` + +Expected: + +```text +200 +``` + +--- + +```sh +curl -s -d "text=This are bad sentence.&language=en-US" \ + http://localhost:8081/v2/check | jq -r '.matches[].message' +``` + +Expected: + +```text +The singular demonstrative pronoun β€˜this’ does not agree... +The verb β€˜are’ is plural... +``` + +--- + +```sh +curl -s -X POST "http://127.0.0.1:8081/v2/check" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + --data "text=This is fs-ise and it should not be flagged.&language=en-US" \ + | jq '.matches' +``` + +Expected (not match for `fs-ise`, which should be in the shared dictionary): + +```text +[] +``` + +::: + + +Chrome: Advanced settings (only for professional users) - LanguageTool server: Local server + diff --git a/docs/llm.qmd b/docs/llm.qmd new file mode 100644 index 0000000..97b7c3d --- /dev/null +++ b/docs/llm.qmd @@ -0,0 +1,46 @@ +--- +title: "LLM" +--- + +Local LLMs (Ollama + Open WebUI) + +This repository includes a `local_llm` role that runs: + +- `ollama` (API on `127.0.0.1:11434`) +- `open-webui` (web UI on `http://127.0.0.1:3000`) + +Both services run in Docker with persistent storage under `/opt/local-llm`: + +- Ollama models: `/opt/local-llm/ollama` +- Open WebUI data: `/opt/local-llm/open-webui` + +Install only this role: + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags local_llm +``` + +Optional model preloading (to avoid manual `ollama pull` after install): + +```yaml +# host_vars/localhost.yml +local_llm_models: + - llama3.2:3b +``` + +Optional Open WebUI defaults: + +```yaml +# host_vars/localhost.yml +local_llm_webui_auth: true +local_llm_webui_default_models: "llama3.2:3b" +``` + +Quick checks: + +```sh +curl -s http://127.0.0.1:11434/api/tags | jq . +curl -I http://127.0.0.1:3000 +docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}' | grep -E 'ollama|open-webui' +``` + diff --git a/docs/migration.qmd b/docs/migration.qmd new file mode 100644 index 0000000..ed6f54a --- /dev/null +++ b/docs/migration.qmd @@ -0,0 +1,5 @@ +--- +title: "Migrate" +--- + +TODO: checklist? \ No newline at end of file diff --git a/docs/ocr.qmd b/docs/ocr.qmd new file mode 100644 index 0000000..52f5613 --- /dev/null +++ b/docs/ocr.qmd @@ -0,0 +1,5 @@ +--- +title: "OCR" +--- + +TODO: show shortcut \ No newline at end of file diff --git a/docs/principles.qmd b/docs/principles.qmd new file mode 100644 index 0000000..35c2ee3 --- /dev/null +++ b/docs/principles.qmd @@ -0,0 +1,5 @@ +--- +title: "Principles" +--- + +open-source, security, reproducibility, simplicity, documentation \ No newline at end of file diff --git a/docs/quarto.qmd b/docs/quarto.qmd new file mode 100644 index 0000000..11b35e9 --- /dev/null +++ b/docs/quarto.qmd @@ -0,0 +1,29 @@ +--- +title: "Quarto" +--- + +```sh +quarto --version +quarto check +``` + +Quarto test + +```sh +mkdir -p ~/tmp-quarto-test && cd ~/tmp-quarto-test +cat > test.qmd <<'EOF' +--- +title: "Lab Stack Test" +format: html +--- + +## It works + +- Quarto: `r quarto::quarto_version()` (if R is installed) +- Docker: tested separately +- Git: configured +EOF + +quarto render test.qmd +ls -la +``` diff --git a/docs/repo_structure.qmd b/docs/repo_structure.qmd new file mode 100644 index 0000000..9a3ed8f --- /dev/null +++ b/docs/repo_structure.qmd @@ -0,0 +1,5 @@ +--- +title: "Repo structure" +--- + +TODO \ No newline at end of file diff --git a/docs/restore.qmd b/docs/restore.qmd new file mode 100644 index 0000000..a7d6223 --- /dev/null +++ b/docs/restore.qmd @@ -0,0 +1,10 @@ +--- +title: "Restore data" +--- + + +- `workstation` and `repos` from HDD +- `Nextcloud`: through sync +- Directories (e.g., Thunderbird/including extensions) + +TODO : restoring individual files (link video/explanation?) diff --git a/docs/styles.css b/docs/styles.css new file mode 100644 index 0000000..4354835 --- /dev/null +++ b/docs/styles.css @@ -0,0 +1,32 @@ +.callout-manual, +.callout-check { + border: 1px solid #e0e0e0; + border-left: 4px solid; + border-radius: 6px; + padding: 1rem 1.2rem; + margin: 1.5rem 0; + background-color: #fafafa; +} + +/* Color accents */ +.callout-manual { + border-left-color: #f39c12; +} + +.callout-check { + border-left-color: #2ecc71; +} + +/* Title line */ +.callout-manual strong, +.callout-check strong { + display: block; + margin-bottom: 0.5rem; + font-weight: 600; +} + +/* Improve code spacing inside */ +.callout pre { + margin-top: 0.5rem; + margin-bottom: 0.5rem; +} \ No newline at end of file diff --git a/docs/teams.qmd b/docs/teams.qmd new file mode 100644 index 0000000..2124d31 --- /dev/null +++ b/docs/teams.qmd @@ -0,0 +1,5 @@ +--- +title: "Teams" +--- + +TODO \ No newline at end of file diff --git a/docs/thunderbird.qmd b/docs/thunderbird.qmd new file mode 100644 index 0000000..3333020 --- /dev/null +++ b/docs/thunderbird.qmd @@ -0,0 +1,23 @@ +--- +title: "Thunderbird" +--- + +TODO (extensions (automated?) + shortcuts? - TBD: extract from baseline?) +TBD: best practices for folder structure and archive? + +TBD: JP-addon? + +::: {.callout-manual} +**πŸ”§ Manual setup and configuration** + +Install extensions: + +- LanguageTool (with config) +- mailmindr +- Owl for Exchange + +TBD: FiltaQuilly, SmartTemplates?? + +Set up signature, self-cc + +::: \ No newline at end of file diff --git a/docs/troubleshooting.qmd b/docs/troubleshooting.qmd new file mode 100644 index 0000000..b6a2e14 --- /dev/null +++ b/docs/troubleshooting.qmd @@ -0,0 +1,5 @@ +--- +title: "Troubleshooting" +--- + +TODO \ No newline at end of file diff --git a/docs/updates.qmd b/docs/updates.qmd new file mode 100644 index 0000000..c7e2e3b --- /dev/null +++ b/docs/updates.qmd @@ -0,0 +1,9 @@ +--- +title: "Update software" +--- + +### Update software and configuration + +In this Ansible setup repository. + +Note: runnint `dnf list installed` and using Codex or ChatGTP (with Github repository connected) helps to update ansible efficiently. \ No newline at end of file diff --git a/docs/virtualbox.qmd b/docs/virtualbox.qmd new file mode 100644 index 0000000..61d7168 --- /dev/null +++ b/docs/virtualbox.qmd @@ -0,0 +1,5 @@ +--- +title: "Virtualbox" +--- + +TODO \ No newline at end of file diff --git a/docs/vscode.qmd b/docs/vscode.qmd new file mode 100644 index 0000000..b42b6bd --- /dev/null +++ b/docs/vscode.qmd @@ -0,0 +1,5 @@ +--- +title: "VSCode" +--- + +TODO (extensions (automated?) + shortcuts?) \ No newline at end of file From 0b22757699a88683b138bb505829a047c0af51fb Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Fri, 24 Apr 2026 09:54:33 +0200 Subject: [PATCH 03/14] add AGENTS.md --- AGENTS.md | 300 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 300 insertions(+) create mode 100644 AGENTS.md diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..1a19b6e --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,300 @@ +# AGENTS.md + +This repository provides workstation setup instructions and Ansible automation for preparing research, teaching, and lab workstations. + +Agents working in this repository should prioritize clarity, reproducibility, and safe system changes. Documentation should make it easy for a new team member to understand what will be installed, what needs to be done manually, and how to verify that the setup worked. + +## Repository purpose + +The repository should help users: + +- prepare a workstation for lab work, +- run Ansible playbooks for recurring setup tasks, +- understand which steps are automated and which remain manual, +- verify successful installation and configuration, +- find useful follow-up documentation. + +Prefer practical, executable instructions over abstract explanations. + +## Documentation standards + +### General writing style + +- Use clear, direct, instructional language. +- Prefer short sections with concrete commands. +- Avoid long prose when a checklist, command block, or table is clearer. +- Explain the purpose of each role or setup step before showing commands. +- Distinguish clearly between: + - automated setup, + - manual setup, + - checks/verification, + - optional configuration, + - best practices and useful links. + +### Structure for role documentation + +Each role or setup section should follow this order: + +1. Short purpose statement +2. Ansible command to run the role or tag +3. Manual setup and configuration, if needed +4. Check section +5. Best practices and useful links + +Start each role section with the relevant Ansible instruction. + +Use this pattern: + +````md +## OCR tools + +Install tools for optical character recognition and PDF processing. + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags ocr +````` + +::: {.callout-manual} +**πŸ”§ Manual setup and configuration** + +* Add manual post-installation steps here, if required. +* Mention external accounts, GUI configuration, or credential setup here. + ::: + +::: {.callout-check} +**βœ… Check** + +```sh +tesseract --version +ocrmypdf --version +``` +::: + +## Using OCR + +For German and English documents, use: + +```sh +ocrmypdf -l deu+eng input.pdf output.pdf +``` + +- For English-only documents, use: + +```sh +ocrmypdf -l eng input.pdf output.pdf +``` + +## Best practices and useful links + +* [OCRmyPDF documentation](https://ocrmypdf.readthedocs.io/) +* [Tesseract documentation](https://tesseract-ocr.github.io/) + +````` +``` + +### Required callout types + +Use Pandoc/Quarto-style callouts consistently. + +#### Manual setup callout + +Use this callout for anything that cannot or should not be fully automated, such as account registration, GitHub settings, SSH keys, GPG keys, GUI configuration, private credentials, or institution-specific steps. + +````md +::: {.callout-manual} +**πŸ”§ Manual setup and configuration** + +- Set up SSH and register on GitHub + +```sh +ssh-keygen -t ed25519 -a 64 -C "your-email@institution.edu" +ssh-add ~/.ssh/id_ed25519 +cat ~/.ssh/id_ed25519.pub | wl-copy +# add in GitHub settings/ssh +``` + +- Set up GPG and register on GitHub ([instructions](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)) +::: +````` + +#### Check callout + +Use this callout for verification commands that users can run after installation. + +````md +::: {.callout-check} +**βœ… Check** + +```sh +git config --global user.name +git config --global user.email + +docker version +docker run --rm hello-world + +ssh -V +ls -la ~/.ssh/*.pub 2>/dev/null || echo "No SSH public keys found" +ssh-add -l || true +ssh -T git@github.com +``` +::: +```` + +### Ansible command standard + +When documenting a role or tag, start with the command needed to run it. + +Use this form: + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags +``` + +Example: + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags ocr +``` + +When multiple tags are relevant, prefer one concise command: + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags git,docker,ocr +``` + +Only use different inventory or playbook paths if the repository actually contains them and the surrounding documentation explains why. + +### Command block standards + +* Use fenced code blocks with language markers, especially `sh`, `yaml`, `md`, or `ini`. +* Prefer copy-pasteable commands. +* Do not include destructive commands unless clearly explained. +* Avoid commands that expose secrets, tokens, or private keys. +* For commands requiring sudo privileges through Ansible, use `-K`. +* Prefer idempotent commands where possible. + +Good: + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags docker +``` + +Avoid: + +```sh +sudo rm -rf ... +``` + +unless there is a strong reason and a warning is included. + +## Ansible standards + +### Roles and tags + +* Each Ansible role should have a clear tag. +* The tag name should be short, lowercase, and descriptive. +* Documentation should use the same tag names as the playbooks. +* Keep role responsibilities focused. A role should not install unrelated tools. + +Examples of good tag names: + +```txt +git +docker +python +r +ocr +zotero +vscode +``` + +### Idempotency + +Ansible tasks should be idempotent whenever possible. + +Prefer Ansible modules over raw shell commands: + +* Use `apt`, `package`, `file`, `copy`, `template`, `git`, `lineinfile`, or `blockinfile` where appropriate. +* Use `command` instead of `shell` when shell features are not needed. +* Use `changed_when` and `creates` where needed to avoid false changes. +* Avoid tasks that always report `changed` unless unavoidable. + +### Variables + +* Use variables for repeated values. +* Keep defaults close to the role when appropriate. +* Avoid hard-coding personal usernames, emails, local paths, or institution-specific assumptions. +* Do not commit secrets, tokens, private keys, or local credentials. + +### Safety + +Agents must not introduce tasks that: + +* upload private keys, +* overwrite existing user configuration without backup or confirmation, +* install untrusted scripts using `curl | sh`, +* silently change Git identity, +* disable security features, +* remove large directories without explicit documentation. + +When a potentially risky operation is necessary, document it clearly and provide a check or rollback hint. + +## Markdown style + +* Use sentence case for headings. +* Use descriptive headings, not vague labels like β€œMisc” or β€œStuff”. +* Keep heading levels consistent. +* Prefer relative links for files in this repository. +* Use external links only when they point to stable, authoritative documentation. +* Keep tables small and readable. +* Use bullet lists for procedural notes and numbered lists for ordered procedures. + +## Best practices and useful links sections + +Each substantial role or setup page should end with a section named: + +```md +## Best practices and useful links +``` + +This section should include: + +* official documentation, +* relevant security guidance, +* troubleshooting references, +* project-specific notes, +* links to related roles or setup pages in this repository. + +Example: + +```md +## Best practices and useful links + +- [GitHub SSH documentation](https://docs.github.com/en/authentication/connecting-to-github-with-ssh) +- [GitHub GPG signing documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification) +- [Docker post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/) +``` + +## Pull request expectations + +Before finalizing changes, check that: + +* documentation commands match actual playbook, inventory, and tag names, +* role documentation starts with the relevant `ansible-playbook` command, +* manual steps are placed in `::: {.callout-manual}` blocks, +* verification steps are placed in `::: {.callout-check}` blocks, +* each major setup section ends with best practices and useful links, +* code blocks have language identifiers, +* no secrets or local credentials are committed, +* changes are consistent with existing repository style. + +## Preferred response style for agents + +When proposing changes: + +* briefly summarize what changed, +* mention affected files, +* list any checks that should be run, +* call out assumptions or unresolved questions. + +When editing documentation, prefer a ready-to-commit patch over broad advice. From 5fc451d2686b573c260844b75e0878dce29026c3 Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Mon, 18 May 2026 07:41:33 +0200 Subject: [PATCH 04/14] OCR + GROBID --- docs/grobid.qmd | 59 ++++++++++++++++++++++++++++++++++++++++++++- docs/ocr.qmd | 64 +++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 120 insertions(+), 3 deletions(-) diff --git a/docs/grobid.qmd b/docs/grobid.qmd index bf41d0a..3d86d5f 100644 --- a/docs/grobid.qmd +++ b/docs/grobid.qmd @@ -2,4 +2,61 @@ title: "GROBID" --- -TODO: show shortcut, link and explain \ No newline at end of file +Run GROBID as a local Docker service and convert PDFs into TEI XML. + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags grobid +``` + +::: {.callout-manual} +**πŸ”§ Manual setup and configuration** + +- Make sure Docker is installed and your user can run Docker commands. +- Log out and log back in (or restart Nautilus/Nemo) so right-click actions become visible. +- In **Nautilus**, right-click a PDF and use **Convert PDF to TEI (grobid)**. +- The action calls `/usr/local/bin/pdf-to-tei` and writes `*.tei.xml` next to each PDF. +- The helper script sends PDFs to `http://127.0.0.1:8070/api/processFulltextDocument`. +::: + +::: {.callout-check} +**βœ… Check** + +```sh +docker ps --filter "name=grobid" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" +``` + +Expected: container `grobid` is up and exposes port `8070`. + +--- + +```sh +curl -s -o /dev/null -w "%{http_code}\n" http://127.0.0.1:8070 +``` + +Expected: an HTTP response (commonly `200` or `404`, but not connection refused). + +--- + +```sh +ls -l /usr/local/bin/pdf-to-tei +ls -l ~/.local/share/file-manager/actions/grobid-pdf-to-tei.desktop +ls -l ~/.local/share/nemo/actions/grobid-pdf-to-tei.nemo_action +``` + +Expected: helper script exists and at least one action file exists. +::: + +## Nautilus right-click action behavior + +- **Menu entry:** `Convert PDF to TEI (grobid)` +- **File type:** appears for PDF files (`application/pdf`) +- **Execution:** runs `/usr/local/bin/pdf-to-tei "%F"` +- **Output naming:** input `article.pdf` becomes `article.tei.xml` +- **Batch behavior:** multiple selected PDFs are processed one-by-one +- **Timeout behavior:** request timeout is based on role variable `grobid_nfs_timeout_ms` + +## Best practices and useful links + +- [GROBID documentation](https://grobid.readthedocs.io/) +- [GROBID GitHub repository](https://github.com/kermitt2/grobid) +- [Docker post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/) diff --git a/docs/ocr.qmd b/docs/ocr.qmd index 52f5613..6040959 100644 --- a/docs/ocr.qmd +++ b/docs/ocr.qmd @@ -1,5 +1,65 @@ --- -title: "OCR" +title: "OCRmyPDF" --- -TODO: show shortcut \ No newline at end of file +Install OCRmyPDF and Tesseract to create searchable PDFs from scanned documents. + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags ocr +``` + +::: {.callout-manual} +**πŸ”§ Manual setup and configuration** + +- Log out and log back in after running the role so Nautilus/Nemo reload user actions. +- In **Nautilus**, right-click a PDF and use **OCR PDF (ocrmypdf)**. +- The action runs `~/.local/bin/ocrmypdf-wrapper` and writes `*_ocr.pdf` next to the original file. +- The wrapper defaults to German + English OCR (`-l deu+eng`) and skips pages that already contain text. +- Review `~/.cache/ocrmypdf-wrapper.log` if conversion fails. +::: + +::: {.callout-check} +**βœ… Check** + +```sh +ocrmypdf --version +tesseract --version +``` + +Expected: both commands print a version. + +--- + +```sh +echo "test" > /tmp/ocr-test.txt +enscript /tmp/ocr-test.txt -o - | ps2pdf - /tmp/ocr-test.pdf +ocrmypdf -l eng /tmp/ocr-test.pdf /tmp/ocr-test_ocr.pdf +pdfinfo /tmp/ocr-test_ocr.pdf | sed -n '1,5p' +``` + +Expected: `/tmp/ocr-test_ocr.pdf` is created successfully. + +--- + +```sh +ls -l ~/.local/share/file-manager/actions/ocrmypdf.desktop +ls -l ~/.local/share/nemo/actions/ocrmypdf.nemo_action +``` + +Expected: at least one action file exists (depending on your file manager). +::: + +## Nautilus right-click action behavior + +- **Menu entry:** `OCR PDF (ocrmypdf)` +- **File type:** appears for PDF files (`application/pdf`) +- **Execution:** calls `~/.local/bin/ocrmypdf-wrapper "%f"` +- **Output naming:** input `paper.pdf` becomes `paper_ocr.pdf` +- **Batch behavior:** the wrapper accepts multiple files and processes each one in sequence +- **Troubleshooting:** if the menu entry does not appear, restart Nautilus (`nautilus -q`) or relogin + +## Best practices and useful links + +- [OCRmyPDF documentation](https://ocrmypdf.readthedocs.io/) +- [Tesseract documentation](https://tesseract-ocr.github.io/) +- [Nautilus file-manager-actions documentation](https://manpages.debian.org/testing/filemanager-actions/) From 4a8ea9730d4519ec1c9f0afd160517ab9323a05b Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Mon, 18 May 2026 07:42:24 +0200 Subject: [PATCH 05/14] update ansible setup --- docs/_quarto.yml | 1 + docs/ansible_setup.qmd | 9 ++------- docs/obsidian.qmd | 9 +++++++++ 3 files changed, 12 insertions(+), 7 deletions(-) create mode 100644 docs/obsidian.qmd diff --git a/docs/_quarto.yml b/docs/_quarto.yml index 6780416..7b15aaf 100644 --- a/docs/_quarto.yml +++ b/docs/_quarto.yml @@ -26,6 +26,7 @@ website: - ocr.qmd - grobid.qmd - languagetool.qmd + - obsidian.qmd - llm.qmd - section: Operations diff --git a/docs/ansible_setup.qmd b/docs/ansible_setup.qmd index f9f248b..132c50f 100644 --- a/docs/ansible_setup.qmd +++ b/docs/ansible_setup.qmd @@ -6,23 +6,18 @@ Install ansible and clone the repository ```sh sudo dnf -y install git ansible-core python3-pip +ansible-galaxy collection install community.general community.docker ansible --version git --version ``` -Ansible collections - -```sh -ansible-galaxy collection install community.general community.docker -``` - Clone workstation-setup repository ```sh git clone git@github.com:fs-ise/workstation-setup.git ``` -Enable SSH server on remote host (by default disabled on Fedora Workstation) +Enable SSH server **only when remote administration is required** ```sh # Run this command manually on the remote host diff --git a/docs/obsidian.qmd b/docs/obsidian.qmd new file mode 100644 index 0000000..61f8ad6 --- /dev/null +++ b/docs/obsidian.qmd @@ -0,0 +1,9 @@ +--- +title: "Obsidian" +--- + +## Extensions: + +- https://github.com/brianpetro/obsidian-smart-connections +- https://www.youtube.com/watch?v=7Rvl9Sl29Jk +- https://smartconnections.app/ \ No newline at end of file From 7395de0641d30a6533a7d2cb06f29ec757ef6264 Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Mon, 18 May 2026 07:42:46 +0200 Subject: [PATCH 06/14] update languagetool --- docs/languagetool.qmd | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/languagetool.qmd b/docs/languagetool.qmd index 12c0d24..d0d9ac3 100644 --- a/docs/languagetool.qmd +++ b/docs/languagetool.qmd @@ -49,5 +49,34 @@ Expected (not match for `fs-ise`, which should be in the shared dictionary): ::: +```{mermaid} +flowchart LR + spelling["handbook/data/spelling
lab-specific shared dictionaries"] + + subgraph apps["Writing applications"] + languagetool["LanguageTool server
local Docker container"] + thunderbird["Thunderbird"] + chrome["Chrome"] + vscode["Visual Studio Code"] + obsidian["Obsidian"] + end + + spelling --> languagetool + + thunderbird <--> languagetool + chrome <--> languagetool + vscode <--> languagetool + obsidian <--> languagetool +``` + Chrome: Advanced settings (only for professional users) - LanguageTool server: Local server +To update the shared dictionary, edit the [data/spelling.txt](https://github.com/fs-ise/handbook/blob/main/data/spelling.txt). + +To update the local instance, run: + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml --tags languagetool +``` + +Note: this downloads and includes the `data/spelling.txt` from the handbook. The previous version may be cached and it may take a few minutes until GitHub provisions the new file. \ No newline at end of file From 59a13a66b25767158549d35c1a2bc2d82fdca15e Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Mon, 18 May 2026 07:43:51 +0200 Subject: [PATCH 07/14] Thunderbird shortcuts --- docs/thunderbird.qmd | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/thunderbird.qmd b/docs/thunderbird.qmd index 3333020..d0616fd 100644 --- a/docs/thunderbird.qmd +++ b/docs/thunderbird.qmd @@ -20,4 +20,13 @@ TBD: FiltaQuilly, SmartTemplates?? Set up signature, self-cc -::: \ No newline at end of file +::: + + +Key shortcuts: + +- `N` next unread message +- `P` previous unread message +- `A` archive message +- `Ctrl+R` respond +- `Ctrl+Shift+1` tickle message \ No newline at end of file From 191368a0bfeaadeed5c3433a6afb9a07f22722b5 Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Mon, 18 May 2026 07:45:56 +0200 Subject: [PATCH 08/14] chrome extensions --- docs/chrome.qmd | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/chrome.qmd b/docs/chrome.qmd index 4ea914f..c573c90 100644 --- a/docs/chrome.qmd +++ b/docs/chrome.qmd @@ -2,4 +2,11 @@ title: "Chrome" --- -TODO (extensions (automated?) + shortcuts? - TBD: extract from baseline?) \ No newline at end of file +TODO (extensions (automated?) + shortcuts? - TBD: extract from baseline?) + +Extensions: + +- Advanced URL Cleaner +- Freedom +- Languagetool +- Obsidian picker \ No newline at end of file From 5715f827638054c686e3a48a3c7d0fa09b61381c Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Mon, 18 May 2026 07:49:49 +0200 Subject: [PATCH 09/14] GROBID: rationale --- docs/grobid.qmd | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/grobid.qmd b/docs/grobid.qmd index 3d86d5f..352df25 100644 --- a/docs/grobid.qmd +++ b/docs/grobid.qmd @@ -55,6 +55,14 @@ Expected: helper script exists and at least one action file exists. - **Batch behavior:** multiple selected PDFs are processed one-by-one - **Timeout behavior:** request timeout is based on role variable `grobid_nfs_timeout_ms` +## Rationale + +GROBID is the best performing open-source tools (used in many tools like ResearchGate, Mendeley). +In particular, it supports the parsing of academic references and output like BibTeX. +Reference parsing is still a shortcoming of [docling](https://github.com/docling-project/docling) and [marker](https://github.com/datalab-to/marker). + +Tkaczyk, D., Collins, A., Sheridan, P., & Beel, J. (2018, May). Machine learning vs. rules and out-of-the-box vs. retrained: An evaluation of open-source bibliographic reference and citation parsers. In Proceedings of the 18th ACM/IEEE on joint conference on digital libraries (pp. 99-108). + ## Best practices and useful links - [GROBID documentation](https://grobid.readthedocs.io/) From 3c1c10c8a1fcef936406f34f52c4df6ca7aa0e06 Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Mon, 18 May 2026 08:33:38 +0200 Subject: [PATCH 10/14] add audit playbook --- Makefile | 7 + README.md | 10 + docs/_quarto.yml | 1 + docs/package_audit.qmd | 50 +++ group_vars/all/package_audit.yml | 402 +++++++++++++++++++++++++ playbooks/audit-unmanaged-packages.yml | 93 ++++++ 6 files changed, 563 insertions(+) create mode 100644 Makefile create mode 100644 docs/package_audit.qmd create mode 100644 group_vars/all/package_audit.yml create mode 100644 playbooks/audit-unmanaged-packages.yml diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f272f08 --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +.PHONY: lab-stack audit-packages + +lab-stack: + ansible-playbook -i inventory -K playbooks/lab-stack.yml + +audit-packages: + ansible-playbook -i inventory -K playbooks/audit-unmanaged-packages.yml diff --git a/README.md b/README.md index 13fefe0..5d28a06 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,16 @@ See the [docs](https://fs-ise.github.io/workstation-setup/) +## Run the main workstation setup + +```sh +ansible-playbook -i inventory -K playbooks/lab-stack.yml +``` + +## Audit unmanaged Fedora/DNF packages + +See documentation: [Audit unmanaged Fedora/DNF packages](docs/package_audit.qmd). + ## Acknowledgment This project reflects major contributions by Carlo Tang. diff --git a/docs/_quarto.yml b/docs/_quarto.yml index 7b15aaf..c841716 100644 --- a/docs/_quarto.yml +++ b/docs/_quarto.yml @@ -32,6 +32,7 @@ website: - section: Operations contents: - updates.qmd + - package_audit.qmd - data_management.qmd - backup.qmd - restore.qmd diff --git a/docs/package_audit.qmd b/docs/package_audit.qmd new file mode 100644 index 0000000..ae0ec70 --- /dev/null +++ b/docs/package_audit.qmd @@ -0,0 +1,50 @@ +--- +title: "Audit unmanaged Fedora/DNF packages" +--- + +Detect package drift on Fedora workstations by listing manually installed packages that are not managed by this repository. + +## Run the audit + +```sh +ansible-playbook -i inventory -K playbooks/audit-unmanaged-packages.yml +``` + +Or: + +```sh +make audit-packages +``` + +To report only (do not fail when unmanaged packages are found): + +```sh +ansible-playbook -i inventory -K playbooks/audit-unmanaged-packages.yml -e package_audit_fail_on_unmanaged=false +``` + +## What is an unmanaged package? + +An unmanaged package is a package that is: + +- manually installed on the workstation, +- not declared in this repository's Ansible-managed package list, +- and not allowlisted by exact name or allowlist pattern. + +## How filtering works + +Fedora Workstation can report many base/system packages as user-installed. To keep this audit actionable, this repository uses: + +- exact allowlist entries (`package_audit_allowlist`), and +- regex allowlist patterns (`package_audit_allowlist_patterns`). + +These filters intentionally suppress expected Fedora Workstation/base noise. Packages that reflect deliberate workstation choices should be added to Ansible-managed package lists. + +## Resolve findings + +- Add a package to managed package lists when Ansible should install and maintain it. +- Add a package to `package_audit_allowlist` for intentional local exceptions by exact package name. +- Add a targeted regex to `package_audit_allowlist_patterns` for expected Fedora/system package families. + +## Best practices and useful links + +- [Ansible Automation at Uber scale](https://www.uber.com/de/en/blog/ansible-automation-powers/) diff --git a/group_vars/all/package_audit.yml b/group_vars/all/package_audit.yml new file mode 100644 index 0000000..0529aac --- /dev/null +++ b/group_vars/all/package_audit.yml @@ -0,0 +1,402 @@ +--- +# Fedora/DNF package drift audit settings. +# This allowlist is intentionally local/workstation-specific and may vary by team image. +package_audit_allowlist: + - NetworkManager + - NetworkManager-wifi + - PackageKit-command-not-found + - bash-completion + - fedora-workstation-repositories + - firewall-config + - flatpak + - fzf + - git-core + - glibc-langpack-en + - gnome-shell-extension-appindicator + - hostname + - hunspell-de + - hunspell-en-US + - langpacks-de + - langpacks-en + - langtable + - libvirt-daemon-config-network + - lsof + - ptyxis + - rsync + - toolbox + - util-linux-user + - vim-enhanced + - wireguard-tools + - wl-clipboard + - zsh + + + # expected Fedora default/workstation packages + - acl + - at + - attr + - audit + - b43-fwcutter + - b43-openfwwf + - bc + - bind-utils + - brltty + - bzip2 + - chrony + - cockpit-networkmanager + - cpio + - cyrus-sasl-plain + - deltarpm + - dkms + - ed + - fpaste + - gnupg2-g13 + - gnupg2-scdaemon + - gnupg2-utils + - gnupg2-wks + - irqbalance + - isomd5sum + - jitterentropy + - livesys-scripts + - mailcap + - mcelog + - mtr + - nvme-cli + - opensc + - parted + - pinfo + - quota + - smartmontools + - socat + - symlinks + - tcpdump + - thermald + - time + - traceroute + - wcurl + - wget2-wget + - which + - words + - botan3 + - compesize + - gamemode + - ghostscript + - latex2html + - linkdupes + - lrzsz + - mactel-boot + - md4c + - mpage + - mypaint2-brushes + - nemo-terminal + - net-tools + - netpbm + - netpbm-progs + - ngtcp2-crypto-gnutls + - ngtcp2-crypto-ossl + - pam_afs_session + - pari + - pavucontrol + - podman-sequoia + - prefixdevname + - psacct + - python3-dnf-plugin-versionlock + - spandsp + - tinysparql + - unoconv + - ansible-core + - compsize + - iptstate + - nodejs22-bin + - nodejs22-docs + - nodejs22-full-i18n + - nodejs22-libs + - nodejs22-npm + - nodejs22-npm-bin +package_audit_fail_on_unmanaged: true + +# Managed packages are declared by this repository (role defaults and inline role tasks). +# Keep this list explicit so the audit playbook does not depend on role variable loading. +package_audit_managed_packages: + # roles/baseline + - ca-certificates + - curl + - dnf-plugins-core + - git + - python3 + - python3-pip + - tar + - unzip + - wget + - artha + - audacity + - autokey-gtk + - borgbackup + - catdoc + - clamav + - clamav-update + - dict-gcide + - dict-wn + - dictd + - diffpdf + - flatpak + - gimp + - git-lfs + - gitk + - gnome-clocks + - gnome-commander + - gnupg2 + - hplip + - hplip-gui + - keepassxc + - libxslt + - nemo + - nemo-fileroller + - nextcloud-client + - obs-studio + - openssh-clients + - openssh-server + - pdfarranger + - okular + - perl-librdf + - pinentry + - poppler-utils + - pwgen + - python3-tkinter + - recoll + - ruby + - rubygem-bundler + - texlive-lang-german + - texlive-latex-extra + - texlive-xetex + - texstudio + - tldr + - unifont-fonts + - unrtf + - untex + - vim + - virt-manager + - wv + - xournalpp + - xsel + - texlive-scheme-full + + # roles/ocrmypdf + - ocrmypdf + - tesseract + - tesseract-osd + - tesseract-langpack-eng + - tesseract-langpack-deu + - jbig2enc + - jbig2enc-devel + - jbig2 + + # roles/docker + roles/languagetool + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + - python3-docker + - python3-requests + - python3-packaging + + # roles/chrome + - google-chrome-stable + + # roles/desktop_gnome + - dropbox + - nautilus-dropbox + - thunderbird + - python3-psutil + + # roles/teams_for_linux + - teams-for-linux + + # roles/vscode + - code + + # roles/virtualbox + - VirtualBox + - VirtualBox-server + - akmod-VirtualBox + - kernel-devel + - kernel-headers + + + + # explicitly managed workstation/user packages + - 7zip + - clamav-freshclam + - clisp + - dos2unix + - gcc + - nmap-ncat + - nodejs22 + - pandoc-cli + - podman + - positron + - pre-commit + - tikzit + - tree + - uv + - veracrypt + - whois + - zip +package_audit_allowlist_patterns: + - '^abrt' + - '^sos$' + - '^alsa-' + - '^at-spi2-' + - '^avahi$' + - '^bluez-' + - '^colord$' + - '^dbus$' + - '^dconf$' + - '^fprintd' + - '^gdm$' + - '^ibus-' + - '^pipewire' + - '^wireplumber$' + - '^speech-dispatcher$' + - '^xdg-' + - '^xapp-' + - '^anaconda-' + - '^authselect$' + - '^bash' + - '^coreutils$' + - '^crontabs$' + - '^cryptsetup$' + - '^default-' + - '^dnf5' + - '^dracut' + - '^e2fsprogs$' + - '^efibootmgr$' + - '^file$' + - '^filesystem$' + - '^firewalld$' + - '^fwupd$' + - '^glib' + - '^grubby$' + - '^hostname$' + - '^iproute$' + - '^iptables-' + - '^iputils$' + - '^kbd' + - '^kexec-tools$' + - '^less' + - '^logrotate$' + - '^lvm2$' + - '^man-' + - '^mdadm$' + - '^microcode_ctl$' + - '^ncurses$' + - '^passwdqc$' + - '^pciutils$' + - '^plocate$' + - '^plymouth' + - '^policycoreutils' + - '^polkit$' + - '^procps-ng$' + - '^psmisc$' + - '^realmd$' + - '^rootfiles$' + - '^rpm' + - '^rsyslog$' + - '^selinux-policy' + - '^setup$' + - '^shadow-utils$' + - '^shim-' + - '^sudo$' + - '^systemd' + - '^udisks2' + - '^uresourced$' + - '^usb' + - '^util-linux$' + - '^vim-minimal$' + - '^wpa_supplicant$' + - '^xfsprogs$' + - '^zram-generator' + - '^baobab$' + - '^decibels$' + - '^desktop-backgrounds-' + - '^f[0-9]+-backgrounds-' + - '^firefox$' + - '^gnome-' + - '^glycin-' + - '^gst-' + - '^gstreamer1-' + - '^gutenprint' + - '^gvfs-' + - '^gweather-' + - '^localsearch$' + - '^loupe$' + - '^mesa-' + - '^ModemManager$' + - '^mozilla-openh264$' + - '^nautilus$' + - '^open-vm-tools-desktop$' + - '^openh264$' + - '^papers' + - '^paps$' + - '^pinentry-gnome3$' + - '^qadwaitadecorations-' + - '^rygel$' + - '^showtime$' + - '^snapshot$' + - '^sushi$' + - '^system-config-printer' + - '^totem-video-thumbnailer$' + - '^vte-profile$' + - '.*-fonts$' + - '^hunspell' + - '^cups' + - '^sane-' + - '^hfsplus-tools$' + - '^ntfs' + - '^exfatprogs$' + - '^dosfstools$' + - '^btrfs-progs$' + - '^boost' + - '^elfutils-' + - '^emacs-filesystem$' + - '^fcgi$' + - '^ffcall$' + - '^java-[0-9]+-openjdk-crypto-adapter$' + - '^kf[0-9]+-' + - '^lib' + - '^openapv-libs$' + - '^perl' + - '^python-setuptools-wheel$' + - '^python3-(bugzilla|cfgv|coverage|distlib|filelock|html2text|ibus|identify|nodeenv|virtualenv)$' + - '^python3\.[0-9]+' + - '^qt[0-9]+-' + - '^R-srpm-macros$' + - '^cmake-srpm-macros$' + - '^cifs-utils$' + - '^dns' + - '^ethtool$' + - '^hyperv-daemons$' + - '^iscsi-initiator-utils$' + - '^nfs' + - '^nfsv' + - '^nss-mdns$' + - '^qemu-guest-agent$' + - '^rdma-core-common$' + - '^samba-' + - '^spice-' + - '^sssd-' + - '^teamd$' + - '^kernel' + - '^kmod-' + - '^akmod-' + - '.*-firmware$' + - '^linux-firmware$' + - '^fedora-' + - '^NetworkManager' + - '^PackageKit' + - '^texlive-' + - '^libreoffice-' + - '^glibc' + - '^grub2-' + - '^xorg-' diff --git a/playbooks/audit-unmanaged-packages.yml b/playbooks/audit-unmanaged-packages.yml new file mode 100644 index 0000000..9172d0e --- /dev/null +++ b/playbooks/audit-unmanaged-packages.yml @@ -0,0 +1,93 @@ +--- +- name: Audit manually installed but unmanaged Fedora packages + hosts: local + gather_facts: false + vars: + package_audit_dnf_query_cmd: "dnf repoquery --userinstalled --queryformat '%{name}\n'" + package_audit_fallback_cmd: "dnf5 repoquery --userinstalled --queryformat '%{name}\n'" + tasks: + - name: Collect manually installed packages (preferred) + become: true + ansible.builtin.command: "{{ package_audit_dnf_query_cmd }}" + register: package_audit_userinstalled_primary + changed_when: false + failed_when: false + + - name: Collect manually installed packages (fallback) + become: true + ansible.builtin.command: "{{ package_audit_fallback_cmd }}" + register: package_audit_userinstalled_fallback + changed_when: false + when: package_audit_userinstalled_primary.rc != 0 + + - name: Build normalized package lists for audit + ansible.builtin.set_fact: + package_audit_detected_userinstalled: >- + {{ + ( + package_audit_userinstalled_primary.stdout_lines + if package_audit_userinstalled_primary.rc == 0 + else package_audit_userinstalled_fallback.stdout_lines + ) + | map('trim') + | reject('equalto', '') + | select('match', '^[A-Za-z0-9._+:-]+$') + | list + | unique + | sort + }} + package_audit_managed_flat: "{{ package_audit_managed_packages | flatten | map('string') | unique | sort }}" + package_audit_allowlist_flat: "{{ package_audit_allowlist | flatten | map('string') | unique | sort }}" + package_audit_allowlist_patterns_flat: "{{ package_audit_allowlist_patterns | flatten | map('string') | unique | sort }}" + + - name: Compute unmanaged candidates after exact matching + ansible.builtin.set_fact: + package_audit_candidates: >- + {{ + package_audit_detected_userinstalled + | difference(package_audit_managed_flat + package_audit_allowlist_flat) + | unique + | sort + }} + + - name: Build pattern-ignored package list + ansible.builtin.set_fact: + package_audit_pattern_ignored: "{{ (package_audit_pattern_ignored | default([])) + (package_audit_candidates | select('match', item) | list) }}" + loop: "{{ package_audit_allowlist_patterns_flat }}" + + - name: Compute final unmanaged package list + ansible.builtin.set_fact: + package_audit_pattern_ignored: "{{ package_audit_pattern_ignored | default([]) | unique | sort }}" + package_audit_unmanaged: >- + {{ + package_audit_candidates + | difference(package_audit_pattern_ignored | default([])) + | unique + | sort + }} + + - name: Show audit summary + ansible.builtin.debug: + msg: + - "Detected manually installed packages: {{ package_audit_detected_userinstalled | length }}" + - "Managed packages (exact): {{ package_audit_managed_flat | length }}" + - "Exact allowlisted packages: {{ package_audit_allowlist_flat | length }}" + - "Pattern-ignored packages: {{ package_audit_pattern_ignored | length }}" + - "Unmanaged packages remaining: {{ package_audit_unmanaged | length }}" + + - name: Print unmanaged packages (if any) + ansible.builtin.debug: + msg: "{{ package_audit_unmanaged | to_nice_yaml(indent=2) }}" + when: package_audit_unmanaged | length > 0 + + - name: Fail when unmanaged packages are found (default) + ansible.builtin.fail: + msg: |- + Found unmanaged manually installed packages: + - {{ package_audit_unmanaged | join('\n - ') }} + + Declare expected packages in Ansible-managed package lists or add intentional local/system packages + to package_audit_allowlist or package_audit_allowlist_patterns. + when: + - package_audit_fail_on_unmanaged | bool + - package_audit_unmanaged | length > 0 From 73923dfd57b27907a11bb10d56065814390801c7 Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Mon, 18 May 2026 10:25:34 +0200 Subject: [PATCH 11/14] remove virt-manager --- group_vars/all/package_audit.yml | 1 - roles/baseline/defaults/main.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/group_vars/all/package_audit.yml b/group_vars/all/package_audit.yml index 0529aac..b100908 100644 --- a/group_vars/all/package_audit.yml +++ b/group_vars/all/package_audit.yml @@ -175,7 +175,6 @@ package_audit_managed_packages: - unrtf - untex - vim - - virt-manager - wv - xournalpp - xsel diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml index 66d100c..f34a695 100644 --- a/roles/baseline/defaults/main.yml +++ b/roles/baseline/defaults/main.yml @@ -92,7 +92,6 @@ baseline_install_packages_best_effort: - unrtf - untex - vim - - virt-manager - wv - xournalpp - xsel From 2abb03b3cf49951c8ef8ecb6669e473cfbb2a5a3 Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Wed, 20 May 2026 21:20:10 +0200 Subject: [PATCH 12/14] add sqlitebrowser --- roles/baseline/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml index f34a695..8faeb55 100644 --- a/roles/baseline/defaults/main.yml +++ b/roles/baseline/defaults/main.yml @@ -74,6 +74,7 @@ baseline_install_packages_best_effort: - openssh-clients - openssh-server - pdfarranger + - sqlitebrowser - okular - perl-librdf - pinentry From bed8853b98d3df5f879da11821738f8a3fe4d64c Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Sun, 14 Jun 2026 15:40:57 +0200 Subject: [PATCH 13/14] docker: pull only if not exists --- roles/docker/tasks/main.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 09c9017..f6385e1 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -42,8 +42,20 @@ groups: docker append: true -- name: Pull docker images (this might take a while...) +- name: Check which Docker images already exist locally + ansible.builtin.command: "docker image inspect {{ docker_image }}" + register: docker_image_inspect + failed_when: false + changed_when: false + loop: "{{ docker_images }}" + loop_control: + loop_var: docker_image + +- name: Pull missing Docker images community.docker.docker_image_pull: - name: "{{ item }}" + name: "{{ image_check.docker_image }}" platform: amd64 - loop: "{{ docker_images }}" + loop: "{{ docker_image_inspect.results }}" + loop_control: + loop_var: image_check + when: image_check.rc != 0 \ No newline at end of file From 8a0b083ffd05035be7eb190dfe7a3bc19e3affd6 Mon Sep 17 00:00:00 2001 From: Gerit Wagner Date: Sun, 14 Jun 2026 16:23:31 +0200 Subject: [PATCH 14/14] fix deprecation notes and output --- playbooks/lab-stack.yml | 4 ++-- roles/docker/tasks/main.yml | 2 ++ roles/grobid/defaults/main.yml | 2 +- roles/quarto/tasks/main.yml | 1 + roles/repo_rpmfusion/defaults/main.yml | 4 ++-- roles/repo_rpmfusion/tasks/main.yml | 2 +- 6 files changed, 9 insertions(+), 6 deletions(-) diff --git a/playbooks/lab-stack.yml b/playbooks/lab-stack.yml index ce70d9b..ce585f6 100644 --- a/playbooks/lab-stack.yml +++ b/playbooks/lab-stack.yml @@ -4,8 +4,8 @@ become: true vars: - target_user: "{{ ansible_env.SUDO_USER | default(ansible_user_id) }}" - target_home: "{{ lookup('ansible.builtin.env', 'HOME') if (ansible_env.SUDO_USER is not defined) else '/home/' + target_user }}" + target_user: "{{ ansible_facts['env'].get('SUDO_USER', ansible_facts['user_id']) }}" + target_home: "{{ ansible_facts['env'].get('HOME', lookup('ansible.builtin.env', 'HOME')) if ansible_facts['env'].get('SUDO_USER') is none else '/home/' ~ target_user }}" roles: - role: baseline # should include packages (except for those needed in the following roles) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index f6385e1..5620c7b 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -50,6 +50,7 @@ loop: "{{ docker_images }}" loop_control: loop_var: docker_image + label: "{{ docker_image }}" - name: Pull missing Docker images community.docker.docker_image_pull: @@ -58,4 +59,5 @@ loop: "{{ docker_image_inspect.results }}" loop_control: loop_var: image_check + label: "{{ image_check.docker_image }}" when: image_check.rc != 0 \ No newline at end of file diff --git a/roles/grobid/defaults/main.yml b/roles/grobid/defaults/main.yml index deeab09..166c376 100644 --- a/roles/grobid/defaults/main.yml +++ b/roles/grobid/defaults/main.yml @@ -5,7 +5,7 @@ grobid_container_name: grobid grobid_port: 8070 grobid_nfs_timeout_ms: 60000 grobid_script_path: /usr/local/bin/pdf-to-tei -grobid_nautilus_script_dir: "{{ ansible_env.HOME }}/.local/share/nautilus/scripts" +grobid_nautilus_script_dir: "{{ ansible_facts['env']['HOME'] }}/.local/share/nautilus/scripts" grobid_nautilus_script_install: true grobid_nautilus_action_install: true grobid_nautilus_action_name: "Convert PDF to TEI (grobid)" diff --git a/roles/quarto/tasks/main.yml b/roles/quarto/tasks/main.yml index 5c1a648..da06952 100644 --- a/roles/quarto/tasks/main.yml +++ b/roles/quarto/tasks/main.yml @@ -31,6 +31,7 @@ dest: "{{ quarto_install_dir }}" state: link force: true + follow: false - name: Add {{ quarto_install_dir }}/bin to system PATH ansible.builtin.copy: diff --git a/roles/repo_rpmfusion/defaults/main.yml b/roles/repo_rpmfusion/defaults/main.yml index 0eb972d..f571f99 100644 --- a/roles/repo_rpmfusion/defaults/main.yml +++ b/roles/repo_rpmfusion/defaults/main.yml @@ -1,4 +1,4 @@ --- rpmfusion_urls: - - "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm" - - "https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm" + - "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm" + - "https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm" diff --git a/roles/repo_rpmfusion/tasks/main.yml b/roles/repo_rpmfusion/tasks/main.yml index 5ba760b..af7399e 100644 --- a/roles/repo_rpmfusion/tasks/main.yml +++ b/roles/repo_rpmfusion/tasks/main.yml @@ -5,4 +5,4 @@ state: present disable_gpg_check: true loop: "{{ rpmfusion_urls }}" - when: ansible_distribution == 'Fedora' + when: ansible_facts['distribution'] == 'Fedora'