linux-workstations/ansible/roles/claude_workspace/tasks/main.yml

---
# Setzt voraus: Node.js + git (aus dev_tools), npm verfügbar

- name: Claude Code (npm global)
  ansible.builtin.command: npm install -g @anthropic-ai/claude-code
  args:
    creates: /usr/lib/node_modules/@anthropic-ai/claude-code/package.json

- name: ccusage (npm global, für Statusline-Tokenverbrauch)
  ansible.builtin.command: npm install -g ccusage
  args:
    creates: /usr/lib/node_modules/ccusage/package.json

- name: ~/.ssh existiert
  become_user: "{{ primary_user }}"
  ansible.builtin.file:
    path: "/home/{{ primary_user }}/.ssh"
    state: directory
    mode: '0700'

- name: SSH-Key für Gitea (ed25519, ohne Passphrase)
  become_user: "{{ primary_user }}"
  ansible.builtin.command: >
    ssh-keygen -t ed25519
    -f /home/{{ primary_user }}/.ssh/id_ed25519_gitea
    -N "" -C "{{ primary_user }}@{{ inventory_hostname }} -> gitea"
  args:
    creates: "/home/{{ primary_user }}/.ssh/id_ed25519_gitea"

- name: known_hosts für Gitea vorpopulieren
  become_user: "{{ primary_user }}"
  ansible.builtin.shell: |
    ssh-keyscan -p {{ gitea_ssh_port }} -H {{ gitea_ssh_host }} 2>/dev/null \
      | grep -v '^#' >> /home/{{ primary_user }}/.ssh/known_hosts
    sort -u /home/{{ primary_user }}/.ssh/known_hosts \
      -o /home/{{ primary_user }}/.ssh/known_hosts
  args:
    creates: "/home/{{ primary_user }}/.ssh/known_hosts"

- name: SSH-Config für Gitea
  become_user: "{{ primary_user }}"
  ansible.builtin.blockinfile:
    path: "/home/{{ primary_user }}/.ssh/config"
    create: true
    mode: '0600'
    marker: "# {mark} ANSIBLE MANAGED — gitea"
    block: |
      Host {{ gitea_ssh_host }}
        Port {{ gitea_ssh_port }}
        IdentityFile ~/.ssh/id_ed25519_gitea
        IdentitiesOnly yes
        User git

- name: Check ob Workspace schon geklont
  become_user: "{{ primary_user }}"
  ansible.builtin.stat:
    path: "{{ claude_workspace_dest }}/.git"
  register: ws_git

- name: claude-workspace klonen (mit Submodules)
  become_user: "{{ primary_user }}"
  ansible.builtin.git:
    repo: "{{ claude_workspace_repo }}"
    dest: "{{ claude_workspace_dest }}"
    recursive: true
    update: false
    accept_hostkey: true
    key_file: "/home/{{ primary_user }}/.ssh/id_ed25519_gitea"
  when: not ws_git.stat.exists
  ignore_errors: true     # scheitert bevor Pubkey in Gitea liegt — wird erneut versucht
  register: clone_result

- name: ~/.claude existiert
  become_user: "{{ primary_user }}"
  ansible.builtin.file:
    path: "/home/{{ primary_user }}/.claude"
    state: directory
    mode: '0700'

- name: Globale Claude-Settings (~/.claude/settings.json)
  become_user: "{{ primary_user }}"
  ansible.builtin.copy:
    dest: "/home/{{ primary_user }}/.claude/settings.json"
    mode: '0644'
    content: "{{ claude_settings | to_nice_json }}\n"

- name: Public-Key für Gitea-Upload anzeigen
  become_user: "{{ primary_user }}"
  ansible.builtin.command: "cat /home/{{ primary_user }}/.ssh/id_ed25519_gitea.pub"
  register: pubkey
  changed_when: false

- name: HINWEIS — Public-Key auf Gitea hochladen
  ansible.builtin.debug:
    msg:
      - "==========================================================="
      - "Public-Key dieser Maschine ({{ inventory_hostname }}):"
      - ""
      - "{{ pubkey.stdout }}"
      - ""
      - "→ http://{{ gitea_ssh_host }}:3000/user/settings/keys"
      - "  → 'Schlüssel hinzufügen', oben einfügen, speichern."
      - ""
      - "Danach ggf. Workspace nachholen:"
      - "  ansible-playbook ... --tags claude_workspace --limit {{ inventory_hostname }}"
      - "==========================================================="