feat: Create intranet branch with only portainer and its dependencies

2025-09-01 14:44:13 +02:00 · 2025-09-01 14:44:13 +02:00 · fa0c63ab83
commit fa0c63ab83
parent 52b1298334
25 changed files with 3 additions and 720 deletions
--- a/playbooks/main.yml
+++ b/playbooks/main.yml
@ -1,21 +1,6 @@
- name: Set up reverse Proxy
+- name: Set up Portainer
  hosts: sublimePorte
  become: true
  roles:
-    # - common
+    - docker
-    # - zsh_with_style
+    - portainer
    # - docker
    # - portainer
    #- network
    # - containers
 - name: Set up webservices
  hosts: webservices
  become: true
  roles:
    - gitea
    # - authentik
    # - common
    # - zsh_with_style
    # - docker
    # - portainer
    # - containers
--- a/playbooks/roles/common/defaults/main.yml
+++ b/playbooks/roles/common/defaults/main.yml
@ -1,8 +0,0 @@
 ---
 common_packages:
  - git
  - nano
  - tree
  - htop
  - iputils-ping
  - zsh
--- a/playbooks/roles/common/tasks/main.yml
+++ b/playbooks/roles/common/tasks/main.yml
@ -1,20 +0,0 @@
 ---
 - name: Update apt cache
  apt:
    update_cache: true
    cache_valid_time: 3600
  become: true
 - name: Install Common packages
  apt:
    name: "{{ common_packages }}"
    state: present
  become: true
 - name: Set zsh as the default shell
  shell: chsh -s $(which zsh) {{ ansible_user }}
  become: true
  when: ansible_user != "root"
  register: chsh_result
  failed_when: chsh_result.rc != 0
  changed_when: false
--- a/playbooks/roles/containers/subroles/pihole/defaults/main.yml
+++ b/playbooks/roles/containers/subroles/pihole/defaults/main.yml
@ -1,16 +0,0 @@
 ---
 # Pi-Hole container configuration
 pi_hole_container_name: "pihole"
 pi_hole_image: "pihole/pihole:latest"
 pi_hole_host_port: "314"
 pi_hole_dns_port: "53"
 pi_hole_timezone: "Europe/Berlin"
 pi_hole_volume_dir: "/opt/pi-hole"  # Directory to store Pi-Hole data
 pi_hole_web_password: "{{ vault_pi_hole_web_password }}"
 blocklists:
  - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt
  - https://raw.githubusercontent.com/daylamtayari/Pi-Hole-Blocklist/master/Pi-Hole-Blocklist.txt
  - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/tif.txt
 # Docker network configuration
 docker_network_name: "pi-hole-net"
--- a/playbooks/roles/containers/subroles/pihole/files/stack.yml
+++ b/playbooks/roles/containers/subroles/pihole/files/stack.yml
@ -1,15 +0,0 @@
 services:
  pihole:
    image: pihole/pihole:latest
    ports:
      - '53:53/tcp'
      - '53:53/udp'
      - '67:67/udp'
      - '80:80/tcp'
    environment:
      - TZ=Europe/Berlin
      - WEBPASSWORD={{ vault_pi_hole_web_password }}
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    restart: unless-stopped
--- a/playbooks/roles/containers/subroles/pihole/meta/main.yml
+++ b/playbooks/roles/containers/subroles/pihole/meta/main.yml
@ -1,3 +0,0 @@
 ---
 dependencies:
  - role: portainer
--- a/playbooks/roles/containers/subroles/pihole/tasks/main.yml
+++ b/playbooks/roles/containers/subroles/pihole/tasks/main.yml
@ -1,114 +0,0 @@
 ---
 - name: Ensure Pi-Hole data directory exists
  file:
    path: "{{ pi_hole_volume_dir }}"
    state: directory
    owner: root
    group: root
    mode: '0755'
  become: true
 - name: Generate Docker Compose file for Pi-Hole
  template:
    src: pi-hole-compose.j2
    dest: /opt/pi-hole/docker-compose.yml
    owner: root
    group: root
    mode: '0644'
  become: true
 - name: Ensure Docker network exists
  community.docker.docker_network:
    name: "{{ docker_network_name }}"
    driver: bridge
    state: present
 - name: Ensure systemd-resolved is installed
  ansible.builtin.apt:
    name: systemd-resolved
    state: present
  become: true
 - name: Disable DNSStubListener in resolved.conf
  ansible.builtin.lineinfile:
    path: /etc/systemd/resolved.conf
    regexp: '^#?DNSStubListener='
    line: 'DNSStubListener=no'
    create: true
    mode: '0644'  # Secure file permissions
  become: true
 - name: Restart systemd-resolved service
  ansible.builtin.service:
    name: systemd-resolved
    state: restarted
  become: true
  changed_when: false
 - name: Verify port 53 is no longer in use by systemd-resolved
  ansible.builtin.command: ss -tuln | grep ':53'
  register: port_check
  failed_when: port_check.rc == 0 and '127.0.0.53:53' in port_check.stdout
  changed_when: false
  become: true
 - name: Ensure Docker service directory exists
  file:
    path: /etc/systemd/system/docker.service.d
    state: directory
    owner: root
    group: root
    mode: '0755'
  become: true
 - name: Add custom DNS settings to Docker service
  lineinfile:
    path: /etc/systemd/system/docker.service.d/docker.conf
    create: true
    line: |
      [Service]
      ExecStart=
      ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --dns 8.8.8.8 --dns 8.8.4.4
    regexp: '^ExecStart='
    insertafter: '^\[Service\]'
    state: present
    mode: '0644'
  become: true
 - name: Reload systemd daemon
  systemd:
    daemon_reload: true
  become: true
 - name: Restart Docker service
  service:
    name: docker
    state: restarted
  become: true
 - name: Deploy Pi-Hole container using Docker Compose V2
  community.docker.docker_compose_v2:
    project_src: /opt/pi-hole
    state: present
  become: true
 - name: Ensure Pi-Hole container is running
  community.docker.docker_container_info:
    name: "{{ pi_hole_container_name }}"
  register: container_info
 - name: Restart Pi-Hole container if not running
  community.docker.docker_container:
    name: "{{ pi_hole_container_name }}"
    state: started
    restart: true
  when: not container_info.container.State.Running
 - name: Wait for the container to be fully operational
  command: docker exec {{ pi_hole_container_name }} pihole status
  register: pihole_status
  until: "'Pi-hole blocking is enabled' in pihole_status.stdout"
  retries: 30
  delay: 5
  ignore_errors: true
  changed_when: false
--- a/playbooks/roles/containers/subroles/pihole/templates/pi-hole-compose.j2
+++ b/playbooks/roles/containers/subroles/pihole/templates/pi-hole-compose.j2
@ -1,21 +0,0 @@
 services:
  pihole:
    container_name: {{ pi_hole_container_name }}
    image: {{ pi_hole_image }}
    ports:
      - "{{ pi_hole_host_port }}:80/tcp"
      - "{{ pi_hole_dns_port }}:53/tcp"
      - "{{ pi_hole_dns_port }}:53/udp"
    environment:
      TZ: {{ pi_hole_timezone }}
      WEBPASSWORD: {{ pi_hole_web_password }}
    volumes:
      - "{{ pi_hole_volume_dir }}/etc-pihole:/etc/pihole"
      - "{{ pi_hole_volume_dir }}/etc-dnsmasq.d:/etc/dnsmasq.d"
    networks:
      - {{ docker_network_name }}
    restart: unless-stopped
 networks:
  {{ docker_network_name }}:
    driver: bridge
--- a/playbooks/roles/gitea/defaults/main.yml
+++ b/playbooks/roles/gitea/defaults/main.yml
@ -1,10 +0,0 @@
 # roles/gitea/defaults/main.yml
 gitea_version: "latest"
 gitea_container_name: "gitea"
 gitea_data_path: "/opt/gitea"
 gitea_port: 3000
 postgres_host: "localhost"
 postgres_port: 5432
 postgres_db: "postgres"
 postgres_user: "ansible"
 postgres_password: "{{ vault_postgres_password }}"
--- a/playbooks/roles/gitea/meta/main.yml
+++ b/playbooks/roles/gitea/meta/main.yml
@ -1,3 +0,0 @@
 ---
 dependencies:
  - role: postgres
--- a/playbooks/roles/gitea/tasks/main.yml
+++ b/playbooks/roles/gitea/tasks/main.yml
@ -1,33 +0,0 @@
 - name: Create Gitea data directory
  file:
    path: "{{ gitea_data_path }}"
    state: directory
    owner: "1000"
    group: "1000"
    mode: '0755'
  become: true
 - name: Copy Docker Compose file
  template:
    src: docker-compose.yml.j2
    dest: "{{ gitea_data_path }}/docker-compose.yml"
    mode: '0644'
  become: true
 - name: Deploy Gitea container using Docker Compose V2
  community.docker.docker_compose_v2:
    project_src: "{{ gitea_data_path }}"
    state: present
  become: true
 - name: Ensure Gitea container is running
  community.docker.docker_container_info:
    name: "{{ gitea_container_name }}"
  register: container_info
 - name: Restart Gitea container if not running
  community.docker.docker_container:
    name: "{{ gitea_container_name }}"
    state: started
    restart: true
  when: not container_info.container.State.Running
--- a/playbooks/roles/gitea/templates/docker-compose.yml.j2
+++ b/playbooks/roles/gitea/templates/docker-compose.yml.j2
@ -1,17 +0,0 @@
 services:
  gitea:
    image: gitea/gitea:{{ gitea_version }}
    container_name: {{ gitea_container_name }}
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=postgres
      - DB_HOST={{ postgres_host }}:{{ postgres_port }}
      - DB_NAME={{ postgres_db }}
      - DB_USER={{ postgres_user }}
      - DB_PASSWD={{ postgres_password }}
    restart: always
    volumes:
      - {{ gitea_data_path }}:/data
    ports:
      - "{{ gitea_port }}:3000"
--- a/playbooks/roles/network/defaults/main.yml
+++ b/playbooks/roles/network/defaults/main.yml
@ -1,22 +0,0 @@
 ---
 nginx_proxy_manager_image: "jc21/nginx-proxy-manager:latest"
 nginx_proxy_manager_container_name: "nginx-proxy-manager"
 nginx_proxy_manager_data_path: "/opt/nginx-proxy-manager/data"
 nginx_proxy_manager_letsencrypt_path: "/opt/nginx-proxy-manager/letsencrypt"
 nginx_proxy_manager_compose_path: "/opt/nginx-proxy-manager/docker-compose.yml"
 nginx_proxy_manager_admin_email: "tobend85@gmail.com"
 nginx_proxy_manager_admin_password: "{{ vault_nginx_proxy_manager_admin_password }}"
 nginx_proxy_manager_port: "9900"
 nginx_proxy_manager_ssl_port: "443"
 # Docker network configuration
 docker_network_name: "sublime-net"
 # Wireguard-Easy container configuration
 wireguard_easy_image: "ghcr.io/wg-easy/wg-easy"
 wireguard_easy_version: "latest"
 wireguard_easy_port: "51820"
 wireguard_easy_admin_port: "51821"
 wireguard_easy_data_dir: "/etc/wireguard"
 wireguard_easy_config_dir: "/opt/network"
 wireguard_easy_host: "130.162.231.152"
 wireguard_easy_password: "{{ vault_wireguard_easy_password }}"
 wireguard_easy_password_hash: ""
--- a/playbooks/roles/network/meta/main.yml
+++ b/playbooks/roles/network/meta/main.yml
@ -1,3 +0,0 @@
 ---
 dependencies:
  - role: portainer
--- a/playbooks/roles/network/tasks/main.yml
+++ b/playbooks/roles/network/tasks/main.yml
@ -1,89 +0,0 @@
 - name: Update apt cache
  apt:
    update_cache: true
 - name: Install WireGuard and required packages
  apt:
    name:
      - wireguard
      - wireguard-tools
      - resolvconf
    state: present
 - name: Ensure WireGuard module is loaded
  modprobe:
    name: wireguard
    state: present
 - name: Enable IP forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present
 - name: Ensure wireguard config directory exists
  file:
    path: "{{ wireguard_easy_config_dir }}"
    state: directory
    mode: '0755'
  become: true
 - name: Ensure WireGuard configuration file exists (optional)
  file:
    path: "{{ wireguard_easy_data_dir }}/wg0.conf"
    state: touch
    owner: root
    group: root
    mode: '0644'
 - name: Ensure nginx data directory exists
  file:
    path: "{{ nginx_proxy_manager_data_path }}"
    state: directory
    mode: '0755'
  become: true
 - name: Copy Nginx configuration files
  copy:
    src: nginx/data
    dest: "{{ nginx_proxy_manager_data_path }}"
    owner: root
    group: root
    mode: '0644'
 - name: Ensure Let's Encrypt directory exists
  file:
    path: "{{ nginx_proxy_manager_letsencrypt_path }}"
    state: directory
    mode: '0755'
  become: true
 - name: Copy Let's Encrypt files
  copy:
    src: nginx/letsencrypt
    dest: "{{ nginx_proxy_manager_letsencrypt_path }}"
    owner: root
    group: root
    mode: '0644'
  notify: Restart Nginx
 - name: Generate Docker Compose file for Wireguard and Nginx
  template:
    src: docker-compose.j2
    dest: /opt/network/docker-compose.yml
    owner: root
    group: root
    mode: '0644'
  become: true
 - name: Deploy Containers
  community.docker.docker_compose_v2:
    project_src: /opt/network
    state: present
    restart: true
  become: true
 - name: Ensure Nginx container is running
  community.docker.docker_container_info:
    name: "{{ nginx_proxy_manager_container_name }}"
  register: nginx_container_info
--- a/playbooks/roles/network/templates/docker-compose.j2
+++ b/playbooks/roles/network/templates/docker-compose.j2
@ -1,48 +0,0 @@
 services:
  wireguard-easy:
    image: "{{ wireguard_easy_image }}:{{ wireguard_easy_version }}"
    container_name: wireguard-easy
    devices:
      - /dev/net/tun
    environment:
      - WG_HOST={{ wireguard_easy_host }}
      - PASSWORD_HASH={{ wireguard_easy_password_hash }}
    ports:
      - "{{ wireguard_easy_port }}:51820/udp"
      - "{{ wireguard_easy_admin_port }}:51821/tcp"
      - "80:80"
      - "{{ nginx_proxy_manager_port }}:81"
      - "{{ nginx_proxy_manager_ssl_port }}:443"
    volumes:
      - "{{ wireguard_easy_data_dir }}:/etc/wireguard"
      - "{{ wireguard_easy_config_dir }}:/opt/network"
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.disable_ipv6=0
    networks:
      - {{ docker_network_name }}
    restart: unless-stopped
  nginx-proxy-manager:
    image: "{{ nginx_proxy_manager_image }}"
    container_name: "{{ nginx_proxy_manager_container_name }}"
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    restart: always
    network_mode: service:wireguard-easy
    depends_on:
      - wireguard-easy
    environment:
      INITIAL_ADMIN_EMAIL: {{ nginx_proxy_manager_admin_email }}
      INITIAL_ADMIN_PASSWORD: {{ nginx_proxy_manager_admin_password }}
    volumes:
      - "{{ nginx_proxy_manager_data_path }}:/data"
      - "{{ nginx_proxy_manager_letsencrypt_path }}:/etc/letsencrypt"
 networks:
  {{ docker_network_name }}:
    driver: bridge
--- a/playbooks/roles/postgres/defaults/main.yml
+++ b/playbooks/roles/postgres/defaults/main.yml
@ -1,7 +0,0 @@
 ---
 postgres_container_name: postgres
 postgres_port: 5432
 postgres_user: "ansible"
 postgres_password: "{{ vault_postgres_password }}"
 postgres_data_dir: /var/lib/postgresql/data/pgdata
 postgres_volume: /opt/postgresData
--- a/playbooks/roles/postgres/tasks/main.yml
+++ b/playbooks/roles/postgres/tasks/main.yml
@ -1,14 +0,0 @@
 ---
 - name: Run PostgreSQL Docker container
  docker_container:
    name: "{{ postgres_container_name }}"
    image: postgres
    state: started
    ports:
      - "{{ postgres_port }}:5432"
    env:
      POSTGRES_USER: "{{ postgres_user }}"
      POSTGRES_PASSWORD: "{{ postgres_password }}"
      PGDATA: "{{ postgres_data_dir }}"
    volumes:
      - "{{ postgres_volume }}:{{ postgres_data_dir }}"
--- a/playbooks/roles/zsh_with_style/files/.zshrc
+++ b/playbooks/roles/zsh_with_style/files/.zshrc
@ -1,116 +0,0 @@
 # If you come from bash you might have to change your $PATH.
 # export PATH=$HOME/bin:$HOME/.local/bin:/usr/local/bin:$PATH
 # Path to your Oh My Zsh installation.
 export ZSH="$HOME/.oh-my-zsh"
 #ZSH_THEME="powerlevel9k/powerlevel9k"
 #POWERLEVEL9K_MODE="nerdfont-complete"
 #source $ZSH/themes/powerlevel9k/powerlevel9k.zsh-theme
 # Set name of the theme to load --- if set to "random", it will
 # load a random theme each time Oh My Zsh is loaded, in which case,
 # to know which specific one was loaded, run: echo $RANDOM_THEME
 # See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
 ZSH_THEME="robbyrussell"
 # Set list of themes to pick from when loading at random
 # Setting this variable when ZSH_THEME=random will cause zsh to load
 # a theme from this variable instead of looking in $ZSH/themes/
 # If set to an empty array, this variable will have no effect.
 # ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" )
 # Uncomment the following line to use case-sensitive completion.
 CASE_SENSITIVE="false"
 # Uncomment the following line to use hyphen-insensitive completion.
 # Case-sensitive completion must be off. _ and - will be interchangeable.
 HYPHEN_INSENSITIVE="true"
 # Uncomment one of the following lines to change the auto-update behavior
 # zstyle ':omz:update' mode disabled  # disable automatic updates
 # zstyle ':omz:update' mode auto      # update automatically without asking
 # zstyle ':omz:update' mode reminder  # just remind me to update when it's time
 # Uncomment the following line to change how often to auto-update (in days).
 # zstyle ':omz:update' frequency 13
 # Uncomment the following line if pasting URLs and other text is messed up.
 # DISABLE_MAGIC_FUNCTIONS="true"
 # Uncomment the following line to disable colors in ls.
 # DISABLE_LS_COLORS="true"
 # Uncomment the following line to disable auto-setting terminal title.
 # DISABLE_AUTO_TITLE="true"
 # Uncomment the following line to enable command auto-correction.
 # ENABLE_CORRECTION="true"
 # Uncomment the following line to display red dots whilst waiting for completion.
 # You can also set it to another string to have that shown instead of the default red dots.
 # e.g. COMPLETION_WAITING_DOTS="%F{yellow}waiting...%f"
 # Caution: this setting can cause issues with multiline prompts in zsh < 5.7.1 (see #5765)
 # COMPLETION_WAITING_DOTS="true"
 # Uncomment the following line if you want to disable marking untracked files
 # under VCS as dirty. This makes repository status check for large repositories
 # much, much faster.
 # DISABLE_UNTRACKED_FILES_DIRTY="true"
 # Uncomment the following line if you want to change the command execution time
 # stamp shown in the history command output.
 # You can set one of the optional three formats:
 # "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
 # or set a custom format using the strftime function format specifications,
 # see 'man strftime' for details.
 HIST_STAMPS="dd.mm.yyyy"
 # Would you like to use another custom folder than $ZSH/custom?
 # ZSH_CUSTOM=/path/to/new-custom-folder
 # Which plugins would you like to load?
 # Standard plugins can be found in $ZSH/plugins/
 # Custom plugins may be added to $ZSH_CUSTOM/plugins/
 # Example format: plugins=(rails git textmate ruby lighthouse)
 # Add wisely, as too many plugins slow down shell startup.
 plugins=(git zsh-syntax-highlighting)
 source $ZSH/oh-my-zsh.sh
 # User configuration
 # export MANPATH="/usr/local/man:$MANPATH"
 # You may need to manually set your language environment
 # export LANG=en_US.UTF-8
 # Preferred editor for local and remote sessions
 # if [[ -n $SSH_CONNECTION ]]; then
 #   export EDITOR='vim'
 # else
 #   export EDITOR='nvim'
 # fi
 # Compilation flags
 # export ARCHFLAGS="-arch $(uname -m)"
 # Set personal aliases, overriding those provided by Oh My Zsh libs,
 # plugins, and themes. Aliases can be placed here, though Oh My Zsh
 # users are encouraged to define aliases within a top-level file in
 # the $ZSH_CUSTOM folder, with .zsh extension. Examples:
 # - $ZSH_CUSTOM/aliases.zsh
 # - $ZSH_CUSTOM/macos.zsh
 # For a full list of active aliases, run `alias`.
 #
 # Example aliases
 alias zshconfig="nano ~/.zshrc"
 #alias ls="colorls"
 #function cd { builtin cd "$@" && colorls }
 #PATH=$PATH:~/.local/share/gem/ruby/3.3.0/bin 
 alias cat="batcat"
 alias top="htop"
 archey
 ls
--- a/playbooks/roles/zsh_with_style/files/archey4_4.15.0.0-1_all.deb
+++ b/playbooks/roles/zsh_with_style/files/archey4_4.15.0.0-1_all.deb
--- a/playbooks/roles/zsh_with_style/subroles/ohmyzsh/meta/main.yml
+++ b/playbooks/roles/zsh_with_style/subroles/ohmyzsh/meta/main.yml
@ -1,3 +0,0 @@
 ---
 dependencies:
  - role: zsh_with_style/subroles/zsh
--- a/playbooks/roles/zsh_with_style/subroles/ohmyzsh/tasks/main.yml
+++ b/playbooks/roles/zsh_with_style/subroles/ohmyzsh/tasks/main.yml
@ -1,33 +0,0 @@
 - name: Check if Oh My Zsh is already installed
  stat:
    path: "{{ user_home }}/.oh-my-zsh"
  register: oh_my_zsh_installed
  notify: Debug Oh My Zsh installation status
 - name: Debug Oh My Zsh installation status
  debug:
    msg: "Oh My Zsh is {{ 'installed' if oh_my_zsh_installed.stat.exists else 'not installed' }}"
  when: oh_my_zsh_installed is defined
 - name: Download Oh My Zsh install script using wget
  get_url:
    url: https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh
    dest: /tmp/install-ohmyzsh.sh
    mode: '0755'  # Makes it executable
  when: not oh_my_zsh_installed.stat.exists
 - name: Install Oh My Zsh for the current user
  shell: |
    RUNZSH=no CHSH=no sh /tmp/install-ohmyzsh.sh
  args:
    creates: "{{ user_home }}/.oh-my-zsh"
  when: not oh_my_zsh_installed.stat.exists
  become: true
  become_user: "{{ ansible_user }}"
 - name: Clone zsh-syntax-highlighting repository
  git:
    repo: 'https://github.com/zsh-users/zsh-syntax-highlighting.git'
    dest: "{{ user_home }}/.oh-my-zsh/plugins/zsh-syntax-highlighting"
    version: master
--- a/playbooks/roles/zsh_with_style/subroles/zsh/meta/main.yml
+++ b/playbooks/roles/zsh_with_style/subroles/zsh/meta/main.yml
@ -1,2 +0,0 @@
 ---
 # No dependencies for this subrole
--- a/playbooks/roles/zsh_with_style/subroles/zsh/tasks/zsh.yml
+++ b/playbooks/roles/zsh_with_style/subroles/zsh/tasks/zsh.yml
@ -1,14 +0,0 @@
 ---
 - name: Install zsh
  apt:
    name: zsh
    state: present
 - name: Set zsh as the default shell
  shell: chsh -s $(which zsh) {{ ansible_user }}
  become: true
  when: ansible_user != "root"
  register: chsh_result
  failed_when: chsh_result.rc != 0
  changed_when: false
--- a/playbooks/roles/zsh_with_style/tasks/main.yml
+++ b/playbooks/roles/zsh_with_style/tasks/main.yml
@ -1,91 +0,0 @@
 ---
 - name: Set home directory for the user
  set_fact:
    user_home: "/home/{{ ansible_user }}"
 - name: Set up Zsh
  include_role:
    name: zsh_with_style/subroles/zsh
 - name: Set up Oh My Zsh
  include_role:
    name: zsh_with_style/subroles/ohmyzsh
 - name: Install bat
  apt:
    name: bat
    state: present
    update_cache: true
  become: true
 - name: Ensure ~/.local/bin directory exists
  file:
    path: "{{ user_home }}/.local/bin"
    state: directory
    mode: '0755'
 - name: Copy the archey 4 .deb package to the remote host
  copy:
    src: archey4_4.15.0.0-1_all.deb  # Name of the .deb file in the `files` folder
    dest: /tmp/archey4_4.15.0.0-1_all.deb
    mode: '0644'
 - name: Install archey 4
  apt:
    deb: /tmp/archey4_4.15.0.0-1_all.deb
    state: present
  become: true
 - name: Create symlink from batcat to bat
  file:
    src: /usr/bin/batcat
    dest: "{{ user_home }}/.local/bin/bat"
    state: link
 - name: Deploy custom .zshrc file
  copy:
    src: .zshrc
    dest: ~{{ ansible_user }}/.zshrc
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: '0644'
  when: ansible_user != "root"
 - name: Source .zshrc to apply changes
  shell: |
    source {{ user_home }}/.zshrc
  args:
    executable: /bin/zsh
  become_user: "{{ ansible_user }}"
  become: true
  changed_when: false
 # - name: Ensure Ruby is installed
 #   apt:
 #     name: ruby
 #     state: present
 #   become: yes
 # - name: Get Ruby version
 #   command: ruby -e 'puts RUBY_VERSION'
 #   register: ruby_version_output
 #   become: yes
 # - name: Set Ruby version fact
 #   set_fact:
 #     ruby_version: "{{ ruby_version_output.stdout }}"
 # # - name: Ensure gem binary directory is in the user's PATH
 # #   lineinfile:
 # #     path: "{{ ansible_user_dir }}/.zshrc"
 # #     line: 'export PATH="$HOME/.local/share/gem/ruby/{{ ruby_version }}/bin:$PATH"'
 # #     create: yes
 # #   become: yes
 # #   become_user: "{{ ansible_user }}"
 # - name: Install colorls gem for the current user
 #   gem:
 #     name: colorls
 #   become: yes
 #   become_user: "{{ ansible_user }}"