feat: vollst. Installations-Doku, Ansible-Rollen ausimplementiert, claude_workspace-Rolle

- docs/installation.md: Netinstall + Dualboot Schritt-für-Schritt (LUKS nur am Notebook) - docs/postinstall-ansible.md: Ablauf + restmanuelle Schritte - roles/base: APT-Sources mit non-free-firmware + Backports, Locale, Tastatur, Zeitzone, Grundpakete - roles/desktop_kde: Plasma 6 + SDDM (ohne Recommends, kompakt) - roles/hardening: SSH key-only, UFW, unattended-upgrades - roles/dev_tools: Node.js via NodeSource, Python, Perl, Git-Defaults - roles/workstation_apps: Firefox, Thunderbird, LibreOffice, Codecs, KeePassXC - roles/claude_workspace (NEU): Claude Code + ccusage, SSH-Key für Gitea, Workspace-Clone (recurse-submodules), ~/.claude/settings.json - site.yml: alle Rollen mit Tags
2026-05-17 21:46:23 +02:00
parent 0f81a6f6eb
commit 41c9ae303c
12 changed files with 579 additions and 24 deletions
--- a/ansible/roles/claude_workspace/tasks/main.yml
+++ b/ansible/roles/claude_workspace/tasks/main.yml
@@ -0,0 +1,106 @@
+---
+# Setzt voraus: Node.js + git (aus dev_tools), npm verfügbar
+
+- name: Claude Code (npm global)
+  ansible.builtin.command: npm install -g @anthropic-ai/claude-code
+  args:
+    creates: /usr/lib/node_modules/@anthropic-ai/claude-code/package.json
+
+- name: ccusage (npm global, für Statusline-Tokenverbrauch)
+  ansible.builtin.command: npm install -g ccusage
+  args:
+    creates: /usr/lib/node_modules/ccusage/package.json
+
+- name: ~/.ssh existiert
+  become_user: "{{ primary_user }}"
+  ansible.builtin.file:
+    path: "/home/{{ primary_user }}/.ssh"
+    state: directory
+    mode: '0700'
+
+- name: SSH-Key für Gitea (ed25519, ohne Passphrase)
+  become_user: "{{ primary_user }}"
+  ansible.builtin.command: >
+    ssh-keygen -t ed25519
+    -f /home/{{ primary_user }}/.ssh/id_ed25519_gitea
+    -N "" -C "{{ primary_user }}@{{ inventory_hostname }} -> gitea"
+  args:
+    creates: "/home/{{ primary_user }}/.ssh/id_ed25519_gitea"
+
+- name: known_hosts für Gitea vorpopulieren
+  become_user: "{{ primary_user }}"
+  ansible.builtin.shell: |
+    ssh-keyscan -p {{ gitea_ssh_port }} -H {{ gitea_ssh_host }} 2>/dev/null \
+      | grep -v '^#' >> /home/{{ primary_user }}/.ssh/known_hosts
+    sort -u /home/{{ primary_user }}/.ssh/known_hosts \
+      -o /home/{{ primary_user }}/.ssh/known_hosts
+  args:
+    creates: "/home/{{ primary_user }}/.ssh/known_hosts"
+
+- name: SSH-Config für Gitea
+  become_user: "{{ primary_user }}"
+  ansible.builtin.blockinfile:
+    path: "/home/{{ primary_user }}/.ssh/config"
+    create: true
+    mode: '0600'
+    marker: "# {mark} ANSIBLE MANAGED — gitea"
+    block: |
+      Host {{ gitea_ssh_host }}
+        Port {{ gitea_ssh_port }}
+        IdentityFile ~/.ssh/id_ed25519_gitea
+        IdentitiesOnly yes
+        User git
+
+- name: Check ob Workspace schon geklont
+  become_user: "{{ primary_user }}"
+  ansible.builtin.stat:
+    path: "{{ claude_workspace_dest }}/.git"
+  register: ws_git
+
+- name: claude-workspace klonen (mit Submodules)
+  become_user: "{{ primary_user }}"
+  ansible.builtin.git:
+    repo: "{{ claude_workspace_repo }}"
+    dest: "{{ claude_workspace_dest }}"
+    recursive: true
+    update: false
+    accept_hostkey: true
+    key_file: "/home/{{ primary_user }}/.ssh/id_ed25519_gitea"
+  when: not ws_git.stat.exists
+  ignore_errors: true     # scheitert bevor Pubkey in Gitea liegt — wird erneut versucht
+  register: clone_result
+
+- name: ~/.claude existiert
+  become_user: "{{ primary_user }}"
+  ansible.builtin.file:
+    path: "/home/{{ primary_user }}/.claude"
+    state: directory
+    mode: '0700'
+
+- name: Globale Claude-Settings (~/.claude/settings.json)
+  become_user: "{{ primary_user }}"
+  ansible.builtin.copy:
+    dest: "/home/{{ primary_user }}/.claude/settings.json"
+    mode: '0644'
+    content: "{{ claude_settings | to_nice_json }}\n"
+
+- name: Public-Key für Gitea-Upload anzeigen
+  become_user: "{{ primary_user }}"
+  ansible.builtin.command: "cat /home/{{ primary_user }}/.ssh/id_ed25519_gitea.pub"
+  register: pubkey
+  changed_when: false
+
+- name: HINWEIS — Public-Key auf Gitea hochladen
+  ansible.builtin.debug:
+    msg:
+      - "==========================================================="
+      - "Public-Key dieser Maschine ({{ inventory_hostname }}):"
+      - ""
+      - "{{ pubkey.stdout }}"
+      - ""
+      - "→ http://{{ gitea_ssh_host }}:3000/user/settings/keys"
+      - "  → 'Schlüssel hinzufügen', oben einfügen, speichern."
+      - ""
+      - "Danach ggf. Workspace nachholen:"
+      - "  ansible-playbook ... --tags claude_workspace --limit {{ inventory_hostname }}"
+      - "==========================================================="