diff --git a/roles/apt-sources-ubc/tasks/main.yml b/roles/apt-sources-ubc/tasks/main.yml index f52dc7e..0056cd6 100644 --- a/roles/apt-sources-ubc/tasks/main.yml +++ b/roles/apt-sources-ubc/tasks/main.yml @@ -1,19 +1,21 @@ --- -- name: Ensure ubuntu-keyring is installed - ansible.builtin.apt: - name: ubuntu-keyring - state: present - update_cache: yes +- block: + - name: Ensure ubuntu-keyring is installed + ansible.builtin.apt: + name: ubuntu-keyring + state: present + update_cache: yes -- name: Ensure codename aware and dual-source ubuntu.sources is in place - ansible.builtin.template: - src: ubuntu.sources.j2 - dest: /etc/apt/sources.list.d/ubuntu.sources - owner: root - group: root - mode: '0644' - backup: yes + - name: Ensure codename aware and dual-source ubuntu.sources is in place + ansible.builtin.template: + src: ubuntu.sources.j2 + dest: /etc/apt/sources.list.d/ubuntu.sources + owner: root + group: root + mode: '0644' + backup: yes -- name: Update apt cache - ansible.builtin.apt: - update_cache: yes + - name: Update apt cache + ansible.builtin.apt: + update_cache: yes + tags: ['apt-sources-ubc'] diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index a77e3fc..19a17d5 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -1,21 +1,23 @@ --- -- name: apt packages tasks - import_tasks: apt-packages.yml +- block: + - name: apt packages tasks + import_tasks: apt-packages.yml -# - name: development tools and libraries tasks -# import_tasks: dev-packages.yml + # - name: development tools and libraries tasks + # import_tasks: dev-packages.yml -- name: ssh tasks - import_tasks: ssh.yml + - name: ssh tasks + import_tasks: ssh.yml -- name: security tasks - import_tasks: security.yml + - name: security tasks + import_tasks: security.yml -- name: optimize tasks - import_tasks: optimize.yml + - name: optimize tasks + import_tasks: optimize.yml -- name: powersave tasks - import_tasks: powersave.yml + - name: powersave tasks + import_tasks: powersave.yml -- name: keychron tasks - import_tasks: keychron.yml + - name: keychron tasks + import_tasks: keychron.yml + tags: ['base'] diff --git a/roles/disable-local-dns/tasks/main.yml b/roles/disable-local-dns/tasks/main.yml index 6cb4933..cd5794c 100644 --- a/roles/disable-local-dns/tasks/main.yml +++ b/roles/disable-local-dns/tasks/main.yml @@ -1,49 +1,51 @@ --- -- name: Add DNSStubListener=no to /etc/systemd/resolved.conf - lineinfile: - firstmatch: true - path: "/etc/systemd/resolved.conf" - insertafter: "EOF" - line: "DNSStubListener=no" - state: present - register: dns_default_status +- block: + - name: Add DNSStubListener=no to /etc/systemd/resolved.conf + lineinfile: + firstmatch: true + path: "/etc/systemd/resolved.conf" + insertafter: "EOF" + line: "DNSStubListener=no" + state: present + register: dns_default_status -- name: Print dns_default_status - debug: - var: dns_default_status.changed + - name: Print dns_default_status + debug: + var: dns_default_status.changed -- name: Ensure systemd-resolved is enabled and active - systemd: - name: systemd-resolved.service - enabled: true - state: started + - name: Ensure systemd-resolved is enabled and active + systemd: + name: systemd-resolved.service + enabled: true + state: started -- name: Restart systemd-resolved with validation - command: systemctl restart systemd-resolved.service - register: restart_resolved - retries: 3 - delay: 5 - until: restart_resolved.rc == 0 - when: dns_default_status.changed + - name: Restart systemd-resolved with validation + command: systemctl restart systemd-resolved.service + register: restart_resolved + retries: 3 + delay: 5 + until: restart_resolved.rc == 0 + when: dns_default_status.changed -- name: Ensure systemd-networkd is enabled and active - systemd: - name: systemd-networkd.service - enabled: true - state: started + - name: Ensure systemd-networkd is enabled and active + systemd: + name: systemd-networkd.service + enabled: true + state: started -- name: Restart systemd-networkd with validation - command: systemctl restart systemd-networkd.service - register: restart_networkd - retries: 3 - delay: 5 - until: restart_networkd.rc == 0 - when: dns_default_status.changed + - name: Restart systemd-networkd with validation + command: systemctl restart systemd-networkd.service + register: restart_networkd + retries: 3 + delay: 5 + until: restart_networkd.rc == 0 + when: dns_default_status.changed -- name: Ensure DNS resolution is functional - command: "dig example.com +short" - register: dns_check - retries: 5 - delay: 2 - until: dns_check.rc == 0 - when: dns_default_status.changed + - name: Ensure DNS resolution is functional + command: "dig example.com +short" + register: dns_check + retries: 5 + delay: 2 + until: dns_check.rc == 0 + when: dns_default_status.changed + tags: ['disable-local-dns'] diff --git a/roles/env/tasks/main.yml b/roles/env/tasks/main.yml index e488da0..04e70cf 100644 --- a/roles/env/tasks/main.yml +++ b/roles/env/tasks/main.yml @@ -1,43 +1,45 @@ --- -- name: install custom_bash.sh / git_bash_ps1.sh to home .bashrc.d directory - copy: - src: "{{ item }}" - dest: "/{{ home_dir }}/.bashrc.d/" - owner: "{{ local_user }}" - group: "{{ local_user_primary_group }}" - mode: "0640" - loop: - - custom_bash.sh - - fzf_config.sh - - git_bash_ps1.sh +- block: + - name: install custom_bash.sh / git_bash_ps1.sh to home .bashrc.d directory + copy: + src: "{{ item }}" + dest: "/{{ home_dir }}/.bashrc.d/" + owner: "{{ local_user }}" + group: "{{ local_user_primary_group }}" + mode: "0640" + loop: + - custom_bash.sh + - fzf_config.sh + - git_bash_ps1.sh -- name: deploy .bashrc / .dircolors to home directory - copy: - src: "{{ item }}" - dest: "/{{ home_dir }}/" - owner: "{{ local_user }}" - group: "{{ local_user_primary_group }}" - mode: "0640" - loop: - - .bashrc - - .dircolors + - name: deploy .bashrc / .dircolors to home directory + copy: + src: "{{ item }}" + dest: "/{{ home_dir }}/" + owner: "{{ local_user }}" + group: "{{ local_user_primary_group }}" + mode: "0640" + loop: + - .bashrc + - .dircolors -- name: install fzf - git: - repo: "https://github.com/junegunn/fzf.git" - dest: "/{{ home_dir }}/.fzf" - depth: "1" + - name: install fzf + git: + repo: "https://github.com/junegunn/fzf.git" + dest: "/{{ home_dir }}/.fzf" + depth: "1" -- name: check if fzf install script has been executed - shell: "/{{ home_dir }}/.fzf/bin/fzf --version" - register: fzf_installed - failed_when: false - changed_when: false + - name: check if fzf install script has been executed + shell: "/{{ home_dir }}/.fzf/bin/fzf --version" + register: fzf_installed + failed_when: false + changed_when: false -#- name: fzf_installed - #debug: - #msg: "{{ fzf_installed }}" + #- name: fzf_installed + #debug: + #msg: "{{ fzf_installed }}" -- name: run fzf install - shell: "/{{ home_dir }}/.fzf/install --key-bindings --completion --no-update-rc" - when: fzf_installed.rc != 0 + - name: run fzf install + shell: "/{{ home_dir }}/.fzf/install --key-bindings --completion --no-update-rc" + when: fzf_installed.rc != 0 + tags: ['env'] diff --git a/roles/unbound-adblock/tasks/main.yml b/roles/unbound-adblock/tasks/main.yml index dc0fd5b..8925dbf 100644 --- a/roles/unbound-adblock/tasks/main.yml +++ b/roles/unbound-adblock/tasks/main.yml @@ -1,209 +1,211 @@ --- -- name: Ensure _adblock user exists and add to unbound group - user: - name: "_adblock" - shell: /sbin/nologin - home: /var/empty - create_home: false - password_lock: true - state: present - groups: unbound - append: yes - -- name: Copy unbound-adblock.sh to target host - copy: - src: unbound-adblock.sh - dest: /usr/local/bin/unbound-adblock - owner: root - group: bin - mode: '0755' - -- name: Ensure /etc/unbound/adblock.rpz exists with correct permissions - copy: - dest: /etc/unbound/adblock.rpz - content: '' - owner: _adblock - group: root - mode: '0644' - force: yes - -- name: Ensure /var/log/unbound-adblock directory exists - file: - path: /var/log/unbound-adblock - state: directory - owner: root - group: root - mode: '0755' - -- name: Ensure /var/log/unbound-adblock/unbound-adblock.log exists with correct permissions - copy: - dest: /var/log/unbound-adblock/unbound-adblock.log - content: '' - owner: _adblock - group: root - mode: '0640' - force: yes - -- name: Ensure /var/log/unbound-adblock/unbound-adblock.log.0.gz exists with correct permissions - copy: - dest: /var/log/unbound-adblock/unbound-adblock.log.0.gz - content: '' - owner: _adblock - group: root - mode: '0640' - force: yes - -- name: Grant specific sudo permissions to _adblock user for unbound-control - become: yes - lineinfile: - path: /etc/sudoers.d/_adblock_unbound - create: yes - line: "_adblock ALL=(root) NOPASSWD: /usr/sbin/unbound-control -q status" - owner: root - group: root - mode: '0440' - validate: 'visudo -cf %s' - -- name: Grant specific sudo permissions to _adblock user for flush_zone - become: yes - lineinfile: - path: /etc/sudoers.d/_adblock_unbound - create: yes - line: "_adblock ALL=(root) NOPASSWD: /usr/sbin/unbound-control -q flush_zone unbound-adblock" - owner: root - group: root - mode: '0440' - validate: 'visudo -cf %s' - -- name: Grant specific sudo permissions to _adblock user for auth_zone_reload - become: yes - lineinfile: - path: /etc/sudoers.d/_adblock_unbound - create: yes - line: "_adblock ALL=(root) NOPASSWD: /usr/sbin/unbound-control -q auth_zone_reload unbound-adblock" - owner: root - group: root - mode: '0440' - validate: 'visudo -cf %s' - -- name: Check if unbound-control.conf exists to determine if unbound-control-setup has been run - stat: - path: /etc/unbound/unbound-control.conf - register: unbound_control_conf - -- name: Run unbound-control-setup if unbound-control.conf does not exist - become: yes - command: unbound-control-setup - when: unbound_control_conf.stat.exists == False - -- name: Ensure correct ownership and permissions for unbound control key and certificate - file: - path: "{{ item }}" - owner: root - group: unbound - mode: '0640' - state: file - loop: - - /etc/unbound/unbound_control.key - - /etc/unbound/unbound_control.pem - - /etc/unbound/unbound_server.key - - /etc/unbound/unbound_server.pem - loop_control: - label: "Setting permissions on {{ item }}" - -# - name: Add RPZ and remote-control configuration to 00-server.conf -# become: yes -# blockinfile: -# path: /etc/unbound/unbound.conf.d/00-server.conf -# block: | -# # Required modules for RPZ -# module-config: "respip validator iterator" -# rpz: -# name: "unbound-adblock" -# zonefile: "/etc/unbound/adblock.rpz" -# rpz-log: yes -# rpz-log-name: "unbound-adblock" - -# remote-control: -# control-enable: yes -# control-interface: 127.0.0.1 -# insertbefore: "forward-zone" # Insert before the 'forward-zone' section -# create: yes - -- name: Deploy RPZ configuration drop-in - copy: - src: 30-rpz.conf - dest: /etc/unbound/unbound.conf.d/30-rpz.conf - owner: root - group: root - mode: '0644' - -- name: Ensure Unbound is reloaded after configuration changes - become: yes - service: - name: unbound - state: restarted - -- name: Wait until Unbound is fully ready after reload - become: yes - become_user: unbound - command: "unbound-control status" - register: unbound_status - retries: 5 - delay: 2 - until: unbound_status.rc == 0 - failed_when: "'error:' in unbound_status.stderr" - changed_when: false - -- name: Run the unbound-adblock script to parse and load the adblock ruleset - become: yes - become_user: _adblock - command: "/usr/local/bin/unbound-adblock -O linux" - environment: - HOME: /var/empty # Ensure the home directory is set to the correct location for _adblock user - -- name: Add a cron job for _adblock to run unbound-adblock every morning at 5:30 AM - become: yes - cron: - name: "Run unbound-adblock" - user: "_adblock" - minute: "30" - hour: "5" - job: "/usr/local/bin/unbound-adblock -O linux" - state: present - -- name: Ensure the logrotate directory exists - file: - path: /etc/logrotate.d - state: directory - mode: 0755 - -- name: Create logrotate configuration for unbound-adblock - copy: - dest: /etc/logrotate.d/unbound-adblock - content: | - /var/log/unbound-adblock/unbound-adblock.log { - daily - rotate 7 - compress - notifempty - missingok - create 0640 _adblock root - postrotate - systemctl reload unbound > /dev/null 2>/dev/null || true - endscript - } - owner: root - group: root - mode: '0644' - -- name: Test logrotate configuration - command: logrotate --debug /etc/logrotate.conf - register: logrotate_test - changed_when: false - failed_when: logrotate_test.stderr != '' - ignore_errors: true - -- name: Print logrotate test output - debug: - var: logrotate_test.stdout +- block: + - name: Ensure _adblock user exists and add to unbound group + user: + name: "_adblock" + shell: /sbin/nologin + home: /var/empty + create_home: false + password_lock: true + state: present + groups: unbound + append: yes + + - name: Copy unbound-adblock.sh to target host + copy: + src: unbound-adblock.sh + dest: /usr/local/bin/unbound-adblock + owner: root + group: bin + mode: '0755' + + - name: Ensure /etc/unbound/adblock.rpz exists with correct permissions + copy: + dest: /etc/unbound/adblock.rpz + content: '' + owner: _adblock + group: root + mode: '0644' + force: yes + + - name: Ensure /var/log/unbound-adblock directory exists + file: + path: /var/log/unbound-adblock + state: directory + owner: root + group: root + mode: '0755' + + - name: Ensure /var/log/unbound-adblock/unbound-adblock.log exists with correct permissions + copy: + dest: /var/log/unbound-adblock/unbound-adblock.log + content: '' + owner: _adblock + group: root + mode: '0640' + force: yes + + - name: Ensure /var/log/unbound-adblock/unbound-adblock.log.0.gz exists with correct permissions + copy: + dest: /var/log/unbound-adblock/unbound-adblock.log.0.gz + content: '' + owner: _adblock + group: root + mode: '0640' + force: yes + + - name: Grant specific sudo permissions to _adblock user for unbound-control + become: yes + lineinfile: + path: /etc/sudoers.d/_adblock_unbound + create: yes + line: "_adblock ALL=(root) NOPASSWD: /usr/sbin/unbound-control -q status" + owner: root + group: root + mode: '0440' + validate: 'visudo -cf %s' + + - name: Grant specific sudo permissions to _adblock user for flush_zone + become: yes + lineinfile: + path: /etc/sudoers.d/_adblock_unbound + create: yes + line: "_adblock ALL=(root) NOPASSWD: /usr/sbin/unbound-control -q flush_zone unbound-adblock" + owner: root + group: root + mode: '0440' + validate: 'visudo -cf %s' + + - name: Grant specific sudo permissions to _adblock user for auth_zone_reload + become: yes + lineinfile: + path: /etc/sudoers.d/_adblock_unbound + create: yes + line: "_adblock ALL=(root) NOPASSWD: /usr/sbin/unbound-control -q auth_zone_reload unbound-adblock" + owner: root + group: root + mode: '0440' + validate: 'visudo -cf %s' + + - name: Check if unbound-control.conf exists to determine if unbound-control-setup has been run + stat: + path: /etc/unbound/unbound-control.conf + register: unbound_control_conf + + - name: Run unbound-control-setup if unbound-control.conf does not exist + become: yes + command: unbound-control-setup + when: unbound_control_conf.stat.exists == False + + - name: Ensure correct ownership and permissions for unbound control key and certificate + file: + path: "{{ item }}" + owner: root + group: unbound + mode: '0640' + state: file + loop: + - /etc/unbound/unbound_control.key + - /etc/unbound/unbound_control.pem + - /etc/unbound/unbound_server.key + - /etc/unbound/unbound_server.pem + loop_control: + label: "Setting permissions on {{ item }}" + + # - name: Add RPZ and remote-control configuration to 00-server.conf + # become: yes + # blockinfile: + # path: /etc/unbound/unbound.conf.d/00-server.conf + # block: | + # # Required modules for RPZ + # module-config: "respip validator iterator" + # rpz: + # name: "unbound-adblock" + # zonefile: "/etc/unbound/adblock.rpz" + # rpz-log: yes + # rpz-log-name: "unbound-adblock" + + # remote-control: + # control-enable: yes + # control-interface: 127.0.0.1 + # insertbefore: "forward-zone" # Insert before the 'forward-zone' section + # create: yes + + - name: Deploy RPZ configuration drop-in + copy: + src: 30-rpz.conf + dest: /etc/unbound/unbound.conf.d/30-rpz.conf + owner: root + group: root + mode: '0644' + + - name: Ensure Unbound is reloaded after configuration changes + become: yes + service: + name: unbound + state: restarted + + - name: Wait until Unbound is fully ready after reload + become: yes + become_user: unbound + command: "unbound-control status" + register: unbound_status + retries: 5 + delay: 2 + until: unbound_status.rc == 0 + failed_when: "'error:' in unbound_status.stderr" + changed_when: false + + - name: Run the unbound-adblock script to parse and load the adblock ruleset + become: yes + become_user: _adblock + command: "/usr/local/bin/unbound-adblock -O linux" + environment: + HOME: /var/empty # Ensure the home directory is set to the correct location for _adblock user + + - name: Add a cron job for _adblock to run unbound-adblock every morning at 5:30 AM + become: yes + cron: + name: "Run unbound-adblock" + user: "_adblock" + minute: "30" + hour: "5" + job: "/usr/local/bin/unbound-adblock -O linux" + state: present + + - name: Ensure the logrotate directory exists + file: + path: /etc/logrotate.d + state: directory + mode: 0755 + + - name: Create logrotate configuration for unbound-adblock + copy: + dest: /etc/logrotate.d/unbound-adblock + content: | + /var/log/unbound-adblock/unbound-adblock.log { + daily + rotate 7 + compress + notifempty + missingok + create 0640 _adblock root + postrotate + systemctl reload unbound > /dev/null 2>/dev/null || true + endscript + } + owner: root + group: root + mode: '0644' + + - name: Test logrotate configuration + command: logrotate --debug /etc/logrotate.conf + register: logrotate_test + changed_when: false + failed_when: logrotate_test.stderr != '' + ignore_errors: true + + - name: Print logrotate test output + debug: + var: logrotate_test.stdout + tags: ['unbound-adblock'] diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml index b0d14f3..10677f7 100644 --- a/roles/unbound/tasks/main.yml +++ b/roles/unbound/tasks/main.yml @@ -1,19 +1,21 @@ --- -- name: setup configuration - import_tasks: setup.yml +- block: + - name: setup configuration + import_tasks: setup.yml -- name: dynamic file configuration - import_tasks: dynamic.yml + - name: dynamic file configuration + import_tasks: dynamic.yml -- name: static file configuration - import_tasks: static.yml + - name: static file configuration + import_tasks: static.yml -- name: ufw configuration - import_tasks: ufw.yml + - name: ufw configuration + import_tasks: ufw.yml -# Final guarantee that Unbound is enabled and running -- name: Ensure Unbound is enabled and running - service: - name: unbound - state: started - enabled: yes + # Final guarantee that Unbound is enabled and running + - name: Ensure Unbound is enabled and running + service: + name: unbound + state: started + enabled: yes + tags: ['unbound'] diff --git a/roles/vim/tasks/main.yml b/roles/vim/tasks/main.yml index f3ce24c..6b71104 100644 --- a/roles/vim/tasks/main.yml +++ b/roles/vim/tasks/main.yml @@ -1,202 +1,204 @@ --- -- name: install ALE plugin - git: - repo: "https://github.com/dense-analysis/ale.git" - dest: "{{ home_dir }}/.vim/pack/git-plugins/start/ale" - - -- name: install Codeium plugin - git: - repo: "https://github.com/Exafunction/codeium.vim" - dest: "{{ home_dir }}/.vim/pack/Exafunction/start/codeium.vim" - - -- name: install fzf plugin - git: - repo: "https://github.com/junegunn/fzf.vim.git" - dest: "{{ home_dir }}/.vim/bundle/fzf.vim" - - -#- name: install Github CodePilot Plugin -# git: -# repo: "https://github.com/github/copilot.vim.git" -# dest: "/home/{{ local_user }}/.vim/pack/github/start/copilot.vim" - -- name: install vim-gitgutter plugin - git: - repo: "https://github.com/airblade/vim-gitgutter.git" - dest: "{{ home_dir }}/.vim/pack/airblade/start/vim-gitgutter" - -- name: check if vim-gitgutter help plugin is installed - stat: - path: "{{ home_dir }}/.vim/pack/airblade/start/vim-gitgutter/doc/tags" - register: vim_gitgutter_help - -- name: install vim-gitgutter plugin help - shell: - vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/airblade/start/vim-gitgutter/doc" -c quit - when: - - not vim_gitgutter_help.stat.exists - - -- name: install hashivim plugin - git: - repo: "https://github.com/hashivim/vim-terraform.git" - dest: "{{ home_dir }}/.vim/pack/plugins/start/vim-terraform" - - -- name: install indentLine plugin - git: - repo: "https://github.com/Yggdroot/indentLine.git" - dest: "{{ home_dir }}/.vim/pack/vendor/start/indentLine" - -- name: check if indentLine plugin help is installed - stat: - path: "{{ home_dir }}/.vim/pack/vendor/start/indentLine/doc/tags" - register: indentLine_help - -- name: enable indentLine help - shell: - vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/vendor/start/indentLine/doc" -c quit - when: - - not indentLine_help.stat.exists - - -- name: create {{ home_dir }}/.vim/after/syntax directory - file: - state: directory - path: "{{ home_dir }}/.vim/after/syntax" - owner: "{{ local_user }}" - group: "{{ local_user_primary_group }}" - mode: "0770" - -- name: install markdown syntax override # remove red highlighting of underscore - copy: - src: "markdown.vim" - dest: "{{ home_dir }}/.vim/after/syntax/markdown.vim" - owner: "{{ local_user }}" - group: "{{ local_user_primary_group }}" - mode: "0640" - force: true - - -- name: install monokai colorscheme - git: - repo: "https://github.com/sickill/vim-monokai.git" - dest: "{{ home_dir }}/.vim/pack/colors/start/monokai" - -- name: install molokai-dark colorscheme - git: - repo: "https://github.com/pR0Ps/molokai-dark.git" - dest: "{{ home_dir }}/.vim/pack/colors/start/molokai-dark" - - -- name: install nerdtree plugin - git: - repo: "https://github.com/preservim/nerdtree.git" - dest: "{{ home_dir }}/.vim/pack/vendor/start/nerdtree" - -- name: check if nerdtree help plugin is installed - stat: - path: "{{ home_dir }}/.vim/pack/vendor/start/nerdtree/doc/tags" - register: vim_nerdtree_help - -- name: install nerdtree plugin help - shell: - vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/vendor/start/nerdtree/doc" -c quit - when: - - not vim_nerdtree_help.stat.exists - - -- name: install tagbar plugin - git: - repo: "https://github.com/preservim/tagbar.git" - dest: "{{ home_dir }}/.vim/pack/vendor/start/tagbar" - -- name: check if tagbar help plugin is installed - stat: - path: "{{ home_dir }}/.vim/pack/vendor/start/tagbar/doc/tags" - register: vim_tagbar_help - -- name: install tagbar plugin help - shell: - vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/vendor/start/tagbar/doc" -c quit - when: - - not vim_tagbar_help.stat.exists - - -- name: install vim-commentary plugin - git: - repo: "https://github.com/tpope/vim-commentary.git" - dest: "{{ home_dir }}/.vim/pack/tpope/start/commentary" - -- name: check if vim-commentary help plugin is installed - stat: - path: "{{ home_dir }}/.vim/pack/tpope/start/commentary/doc/tags" - register: vim_commentary_help - -- name: install vim-commentary plugin help - shell: - vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/tpope/start/commentary/doc" -c quit - when: - - not vim_commentary_help.stat.exists - - -- name: install vim-fugitive plugin - git: - repo: "https://github.com/tpope/vim-fugitive.git" - dest: "{{ home_dir }}/.vim/pack/tpope/start/fugitive" - -- name: check if vim-fugitive help plugin is installed - stat: - path: "{{ home_dir }}/.vim/pack/tpope/start/fugitive/doc/tags" - register: vim_fugitive_help - -- name: install vim-fugitive plugin help - shell: - vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/tpope/start/fugitive/doc" -c quit - when: - - not vim_fugitive_help.stat.exists - - -- name: install vim-unimpaired plugin - git: - repo: "https://github.com/tpope/vim-unimpaired.git" - dest: "{{ home_dir }}/.vim/pack/tpope/start/unimpaired" - -- name: check if vim-unimpaired help plugin is installed - stat: - path: "{{ home_dir }}/.vim/pack/tpope/start/unimpaired/doc/tags" - register: vim_unimpaired_help - -- name: install vim-unimpaired plugin help - shell: - vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/tpope/start/unimpaired/doc" -c quit - when: - - not vim_unimpaired_help.stat.exists - - -- name: install vimwiki plugin - git: - repo: "https://github.com/vimwiki/vimwiki.git" - dest: "{{ home_dir }}/.vim/pack/plugins/start/vimwiki" - -- name: check if vimwiki plugin help is installed - stat: - path: "{{ home_dir }}/.vim/pack/plugins/start/vimwiki/doc/tags" - register: vimwiki_help - -- name: enable vimwiki help - shell: - vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/plugins/start/vimwiki/doc" -c quit - when: - - not vimwiki_help.stat.exists - -- name: install personal/custom .vimrc to home directory - copy: - src: ".vimrc" - dest: "{{ home_dir }}/.vimrc" - owner: "{{ local_user }}" - group: "{{ local_user_primary_group }}" - mode: "0640" - force: true +- block: + - name: install ALE plugin + git: + repo: "https://github.com/dense-analysis/ale.git" + dest: "{{ home_dir }}/.vim/pack/git-plugins/start/ale" + + + - name: install Codeium plugin + git: + repo: "https://github.com/Exafunction/codeium.vim" + dest: "{{ home_dir }}/.vim/pack/Exafunction/start/codeium.vim" + + + - name: install fzf plugin + git: + repo: "https://github.com/junegunn/fzf.vim.git" + dest: "{{ home_dir }}/.vim/bundle/fzf.vim" + + + #- name: install Github CodePilot Plugin + # git: + # repo: "https://github.com/github/copilot.vim.git" + # dest: "/home/{{ local_user }}/.vim/pack/github/start/copilot.vim" + + - name: install vim-gitgutter plugin + git: + repo: "https://github.com/airblade/vim-gitgutter.git" + dest: "{{ home_dir }}/.vim/pack/airblade/start/vim-gitgutter" + + - name: check if vim-gitgutter help plugin is installed + stat: + path: "{{ home_dir }}/.vim/pack/airblade/start/vim-gitgutter/doc/tags" + register: vim_gitgutter_help + + - name: install vim-gitgutter plugin help + shell: + vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/airblade/start/vim-gitgutter/doc" -c quit + when: + - not vim_gitgutter_help.stat.exists + + + - name: install hashivim plugin + git: + repo: "https://github.com/hashivim/vim-terraform.git" + dest: "{{ home_dir }}/.vim/pack/plugins/start/vim-terraform" + + + - name: install indentLine plugin + git: + repo: "https://github.com/Yggdroot/indentLine.git" + dest: "{{ home_dir }}/.vim/pack/vendor/start/indentLine" + + - name: check if indentLine plugin help is installed + stat: + path: "{{ home_dir }}/.vim/pack/vendor/start/indentLine/doc/tags" + register: indentLine_help + + - name: enable indentLine help + shell: + vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/vendor/start/indentLine/doc" -c quit + when: + - not indentLine_help.stat.exists + + + - name: create {{ home_dir }}/.vim/after/syntax directory + file: + state: directory + path: "{{ home_dir }}/.vim/after/syntax" + owner: "{{ local_user }}" + group: "{{ local_user_primary_group }}" + mode: "0770" + + - name: install markdown syntax override # remove red highlighting of underscore + copy: + src: "markdown.vim" + dest: "{{ home_dir }}/.vim/after/syntax/markdown.vim" + owner: "{{ local_user }}" + group: "{{ local_user_primary_group }}" + mode: "0640" + force: true + + + - name: install monokai colorscheme + git: + repo: "https://github.com/sickill/vim-monokai.git" + dest: "{{ home_dir }}/.vim/pack/colors/start/monokai" + + - name: install molokai-dark colorscheme + git: + repo: "https://github.com/pR0Ps/molokai-dark.git" + dest: "{{ home_dir }}/.vim/pack/colors/start/molokai-dark" + + + - name: install nerdtree plugin + git: + repo: "https://github.com/preservim/nerdtree.git" + dest: "{{ home_dir }}/.vim/pack/vendor/start/nerdtree" + + - name: check if nerdtree help plugin is installed + stat: + path: "{{ home_dir }}/.vim/pack/vendor/start/nerdtree/doc/tags" + register: vim_nerdtree_help + + - name: install nerdtree plugin help + shell: + vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/vendor/start/nerdtree/doc" -c quit + when: + - not vim_nerdtree_help.stat.exists + + + - name: install tagbar plugin + git: + repo: "https://github.com/preservim/tagbar.git" + dest: "{{ home_dir }}/.vim/pack/vendor/start/tagbar" + + - name: check if tagbar help plugin is installed + stat: + path: "{{ home_dir }}/.vim/pack/vendor/start/tagbar/doc/tags" + register: vim_tagbar_help + + - name: install tagbar plugin help + shell: + vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/vendor/start/tagbar/doc" -c quit + when: + - not vim_tagbar_help.stat.exists + + + - name: install vim-commentary plugin + git: + repo: "https://github.com/tpope/vim-commentary.git" + dest: "{{ home_dir }}/.vim/pack/tpope/start/commentary" + + - name: check if vim-commentary help plugin is installed + stat: + path: "{{ home_dir }}/.vim/pack/tpope/start/commentary/doc/tags" + register: vim_commentary_help + + - name: install vim-commentary plugin help + shell: + vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/tpope/start/commentary/doc" -c quit + when: + - not vim_commentary_help.stat.exists + + + - name: install vim-fugitive plugin + git: + repo: "https://github.com/tpope/vim-fugitive.git" + dest: "{{ home_dir }}/.vim/pack/tpope/start/fugitive" + + - name: check if vim-fugitive help plugin is installed + stat: + path: "{{ home_dir }}/.vim/pack/tpope/start/fugitive/doc/tags" + register: vim_fugitive_help + + - name: install vim-fugitive plugin help + shell: + vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/tpope/start/fugitive/doc" -c quit + when: + - not vim_fugitive_help.stat.exists + + + - name: install vim-unimpaired plugin + git: + repo: "https://github.com/tpope/vim-unimpaired.git" + dest: "{{ home_dir }}/.vim/pack/tpope/start/unimpaired" + + - name: check if vim-unimpaired help plugin is installed + stat: + path: "{{ home_dir }}/.vim/pack/tpope/start/unimpaired/doc/tags" + register: vim_unimpaired_help + + - name: install vim-unimpaired plugin help + shell: + vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/tpope/start/unimpaired/doc" -c quit + when: + - not vim_unimpaired_help.stat.exists + + + - name: install vimwiki plugin + git: + repo: "https://github.com/vimwiki/vimwiki.git" + dest: "{{ home_dir }}/.vim/pack/plugins/start/vimwiki" + + - name: check if vimwiki plugin help is installed + stat: + path: "{{ home_dir }}/.vim/pack/plugins/start/vimwiki/doc/tags" + register: vimwiki_help + + - name: enable vimwiki help + shell: + vim -u NONE -c "helptags {{ home_dir }}/.vim/pack/plugins/start/vimwiki/doc" -c quit + when: + - not vimwiki_help.stat.exists + + - name: install personal/custom .vimrc to home directory + copy: + src: ".vimrc" + dest: "{{ home_dir }}/.vimrc" + owner: "{{ local_user }}" + group: "{{ local_user_primary_group }}" + mode: "0640" + force: true + tags: ['vim']