refactor: replace ansible with plain bash scripts#8
Merged
laermannjan merged 22 commits intomainfrom Apr 21, 2026
Merged
Conversation
Drop the ansible/uv/bcrypt/galaxy dependency chain. All setup logic is now
in bash scripts sourced by sysconf.sh. Same functionality, zero runtime
dependencies beyond bash, curl, and git.
- setup/{packages,dotfiles,shell,ssh,system}.sh replace ansible roles
- Platform helpers (is_mac, is_debian, etc.) inlined in sysconf.sh
- SYSCONF_SKIP env var for skipping steps (e.g. fish alias)
- Colored semantic logging (log, log_ok, log_skip, log_warn)
- CI: shellcheck replaces ansible-lint, idempotency test (run twice)
- sudo keepalive loop prevents mid-run password prompts
- TouchID uses sudo_local (survives macOS updates)
- Homebrew always installs noninteractively
- SSH moved to last step (only interactive part)
- Reorder: dotfiles before packages (brew bundle needs Brewfile symlink) - Use $GITHUB_WORKSPACE for SYSCONF_DIR (resolves correctly in containers) - Skip git pull on detached HEAD (CI checkouts)
- Remove @"Development Tools" and @multimedia dnf groups (build tools already in prerequisites, multimedia handled by brew) - Remove postgresql dnf package (libpq from brew covers psql) - Remove man-db and procps (pre-installed on desktop systems) - Always install build tools on Linux, not just when git is missing
- Let brew bundle fail hard instead of swallowing errors - Remove flatpak WSL2 skip, add flatpak metadata fetch - Add brew update before bundle, use quiet for noisy commands - Restore @"Development Tools" and add c-development, development-libs - Remove apt-get update || true, let it fail visibly - Use SYSCONF_DIR for Brewfile path (no dotfiles dependency) - Prefix all logs with [sysconf], full-line color, terse language
- Remove postinstall from uv/rustup in Brewfile, run explicitly in packages.sh - Remove flatpak section (desktop distros ship flathub, brew skips if not installed) - Guard mas entries behind ENV[CI] (mas hangs in headless environments)
…, skip log, apt keyrings dir)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
why
ansible chain rotted after months idle. bash + curl + git always work. replacing with plain bash, sourced scripts, one file per concern.
decisions worth keeping
lib/dir. helpers live next to callers, one file to read.basharg. default emits fish syntax after chsh, breaks the script.uv tool install, not brew. brew wants bison ≥3.8 from source. uv ships wheels.--skipp sshshould error, not silently do nothing.rejected
lib/platform.shsplit - one sysconf.sh is simpler to read--no-buildbeancount in CI - bandaid, removed in favor of uv wheelstest plan