Update ansible configuration to match current system state

- Updated ethernet interface name to enp0s20u1u1u2
- Changed default shell to fish
- Removed uninstalled packages (zsh, htop, rclone, helm, llama-swap)
- Network config still differs (systemd-networkd/iwd vs nmcli)

ansible/CLAUDE.md

@@ -0,0 +1,123 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Overview
+
+This is an Ansible-based machine provisioning system for Arch Linux systems. It automates the setup of a new machine including hostname, networking (WiFi/Ethernet), user accounts, SSH configuration, and package installation from multiple sources (pacman, AUR, Flatpak, AppImage).
+
+## Architecture
+
+The repository follows Ansible's role-based structure with two primary roles:
+
+### Common Role (`roles/common/`)
+Handles system-level configuration:
+- Hostname configuration
+- Network configuration using NetworkManager (nmcli)
+- User account management with password-hashed credentials
+- SSH daemon configuration with handlers for service restart
+
+**Key Implementation Details:**
+- Network connections use `creates:` parameter to avoid recreating existing NetworkManager connection files
+- User passwords should be hashed (SHA-512) or managed via Ansible Vault
+- SSH configuration changes trigger the `Restart sshd` handler (defined in `roles/common/handlers/main.yml`)
+
+### Packages Role (`roles/packages/`)
+Manages software installation from multiple sources:
+- Ensures `yay` AUR helper is installed (clones from AUR, builds with makepkg)
+- Installs pacman packages from `roles/packages/files/pkglist.txt`
+- Installs AUR packages from `roles/packages/files/aur_pkglist.txt` using yay
+- Installs Flatpak packages from `roles/packages/files/flatpak_pkglist.txt`
+- Downloads AppImages from URLs in `roles/packages/files/appimage_pkglist.txt` to `~/Applications`
+
+**Key Implementation Details:**
+- Yay installation uses a block with conditional execution (checks if yay exists first)
+- Package lists are read line-by-line using `with_lines` module
+- AppImages are set to executable mode (0755) upon download
+
+## Common Commands
+
+### Running the Full Playbook
+```bash
+# Full run with privilege escalation prompt
+ansible-playbook -i inventory playbook.yml --ask-become-pass
+
+# Dry-run to preview changes
+ansible-playbook -i inventory playbook.yml --check
+
+# With encrypted vault variables
+ansible-playbook -i inventory playbook.yml --ask-vault-pass --ask-become-pass
+```
+
+### Running Specific Tasks with Tags
+```bash
+# Network configuration only (WiFi + Ethernet)
+ansible-playbook -i inventory playbook.yml --tags "network" --ask-become-pass
+
+# WiFi configuration only
+ansible-playbook -i inventory playbook.yml --tags "wifi" --ask-become-pass
+
+# Ethernet configuration only
+ansible-playbook -i inventory playbook.yml --tags "ethernet" --ask-become-pass
+
+# User management only
+ansible-playbook -i inventory playbook.yml --tags "users" --ask-become-pass
+
+# SSH daemon configuration only
+ansible-playbook -i inventory playbook.yml --tags "sshd" --ask-become-pass
+
+# Install pacman packages only
+ansible-playbook -i inventory playbook.yml --tags "pacman" --ask-become-pass
+
+# Install AUR packages only
+ansible-playbook -i inventory playbook.yml --tags "aur" --ask-become-pass
+
+# Install Flatpak packages only
+ansible-playbook -i inventory playbook.yml --tags "flatpak" --ask-become-pass
+
+# Download AppImages only
+ansible-playbook -i inventory playbook.yml --tags "appimage" --ask-become-pass
+```
+
+### Syntax Validation
+```bash
+# Check playbook syntax
+ansible-playbook --syntax-check playbook.yml
+
+# Lint all playbooks and roles
+ansible-lint playbook.yml
+```
+
+## Configuration Files
+
+- **`ansible.cfg`**: Sets default inventory location
+- **`inventory`**: Defines target hosts (currently configured for `[new_machine]` group)
+- **`playbook.yml`**: Main orchestration playbook applying both roles
+- **`roles/common/defaults/main.yml`**: Default variables for hostname, network, users, SSH (contains sensitive data)
+- **`roles/packages/defaults/main.yml`**: File paths for package lists
+
+## Security Considerations
+
+**This repository contains sensitive information in plaintext** (`roles/common/defaults/main.yml`):
+- WiFi passwords
+- User password hashes
+- Static IP configurations
+
+When modifying sensitive variables:
+```bash
+# Encrypt sensitive files
+ansible-vault encrypt roles/common/defaults/main.yml
+
+# Edit encrypted files
+ansible-vault edit roles/common/defaults/main.yml
+
+# View encrypted files
+ansible-vault view roles/common/defaults/main.yml
+```
+
+## Target System Requirements
+
+- **OS**: Arch Linux (uses pacman, AUR, systemd)
+- **Network**: NetworkManager for network configuration
+- **Python**: Python 3 interpreter at `/usr/bin/python3`
+- **SSH**: SSH access with sudo privileges

ansible/roles/common/defaults/main.yml

@@ -10,7 +10,7 @@ common_wifi_password: "04251992#04291962#"
 common_wifi_connection_name: "theden"
 
 # Ethernet Configuration
-common_ethernet_ifname: "eth0"
+common_ethernet_ifname: "enp0s20u1u1u2"
 common_ethernet_con_name: "Ethernet"
 common_ethernet_ipv4_address: "192.168.153.117/24"
 common_ethernet_ipv4_gateway: "192.168.153.1"
@@ -18,6 +18,7 @@ common_ethernet_ipv4_dns: "8.8.8.8,1.1.1.1"
 
 # User Configuration
 common_user_name: "will"
+common_user_shell: "/usr/bin/fish"
 common_user_password: "$6$SQB4NRF/A4OI6oSq$Oe9DwyIpNo9CUobOU67kJri4OA91/o3bUWV3SFZmOWamxidShZjLDCG29hFw3f5Ta0uPfjKtQMVdY0ToPM0e71" # This should ideally be hashed or managed by vault
 
 # SSHD Configuration

ansible/roles/common/tasks/main.yml

@@ -31,7 +31,7 @@
   ansible.builtin.user:
     name: "{{ common_user_name }}"
     password: "{{ common_user_password }}"
-    shell: /bin/bash
+    shell: "{{ common_user_shell | default('/bin/bash') }}"
     state: present
     create_home: yes
   tags: [ 'common', 'users' ]

ansible/roles/packages/files/aur_pkglist.txt

@@ -8,7 +8,6 @@ gtk
 k0s-bin
 k0sctl-bin
 kubecolor
-llama-swap
 nautilus-bluetooth
 newelle
 orchis-theme-git

ansible/roles/packages/files/pkglist.txt

@@ -112,8 +112,6 @@ gvfs-nfs
 gvfs-onedrive
 gvfs-smb
 gvfs-wsdd
-helm
-htop
 inetutils
 inkscape
 inotify-tools
@@ -159,7 +157,6 @@ python-standard-cgi
 python-standard-chunk
 python-uv
 qpdf
-rclone
 rdfind
 restic
 rustup
@@ -257,8 +254,3 @@ zenity
 zig
 zip
 zoom
-zsh
-zsh-autosuggestions
-zsh-completions
-zsh-history-substring-search
-zsh-syntax-highlighting