boma/docs/superpowers/plans/2026-06-11-dev-env-role.md
sjat f3f382ae69 Add dev_env role: zsh/tmux/nvim for workstation-class hosts
A new role (separate from base) that gives workstation-class hosts (ubongo
now, mamba later) a clean interactive environment: zsh + oh-my-zsh +
oh-my-posh, tmux + TPM plugins, and neovim. Dotfiles are real files deployed
via GNU stow (not templated); pinned nvim v0.12.2 + oh-my-posh 29.0.1.

Configs re-derived (ADR-013) from AnsibleBaobabV4 + the operator's fisi setup
on boma's terms: no Nerd Font (headless host), no system LSP suite (nvim uses
mason), versions pinned (V4 tracks latest). Applied via playbooks/workstation.yml
to the control group for users sjat + claude. Lint + Molecule (idempotent) green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 13:50:11 +02:00

3.2 KiB

dev_env Role — Implementation Plan (iteration 1)

Built in the same 2026-06-11 session as the ubongo bring-up. A developer interactive environment (zsh/tmux/nvim) for workstation-class hosts.

Goal: Give ubongo (and future mamba) a clean interactive shell/editor setup, reproducibly, as a boma-native Ansible role — so the operator (and the claude agent user) can work comfortably over SSH.

Decisions

  • Separate role, never part of base. base is the security/infra baseline for every host; a dev environment is only for human workstation-class hosts. Servers and service VMs must never get it.
  • Stow, not templating. Dotfiles are real files under files/dotfiles/{zsh,tmux,nvim}/ (re-derived $HOME-relative from fisi's live configs), symlinked into ~ with GNU stow. No Jinja-templated dotfiles (they rot; you'd edit templates not configs).
  • Users: dev_env__users (default []). Set to [sjat, claude] for ubongo in group_vars/control.
  • V4 (ADR-013): configs/package-lists/install-mechanism consulted from V4 and re-derived on boma's terms — not its structure. V4 identifiers stripped from the dotfiles.

Re-derivations vs V4

  • No Nerd Font on ubongo — it's headless; fonts are a client-side concern.
  • No system-wide LSP suite — the operator's nvim uses mason, which self-installs LSPs/formatters inside nvim (needs only nvim + git + a C compiler + node).
  • Pinned versions (ADR-014): nvim v0.12.2, oh-my-posh 29.0.1 (V4 tracks "latest").
  • Plugins self-bootstrap: lazy.nvim installs nvim plugins on first launch; the role only lays down config + pre-clones omz/tmux plugins.

Tasks (role: roles/dev_env/)

  • tasks/main.yml — apt packages (packages tag) → include neovim.yml, oh_my_posh.yml → loop per_user.yml over dev_env__users.
  • tasks/neovim.yml — install pinned nvim release to /opt, symlink, version sentinel.
  • tasks/oh_my_posh.yml — install pinned oh-my-posh binary + deploy zen.toml to /etc.
  • tasks/per_user.yml — set login shell to zsh (users); clone oh-my-zsh + custom plugins + tmux/TPM plugins; copy dotfiles to ~/.dotfiles; stow into ~ (config).
  • defaults/main.yml, meta/main.yml, README.md, requirements.yml.
  • molecule/default/{converge,verify}.yml — create a tester user, apply, assert packages + nvim/omp/zen present + shell=zsh + dotfiles stowed (symlinks).
  • playbooks/workstation.yml — apply dev_env to the control group (ubongo).
  • inventories/production/group_vars/control/vars.ymldev_env__users: [sjat, claude].

Verify / apply

  • make lint; make test ROLE=dev_env (Molecule, Debian 13) must pass.
  • Apply to ubongo: make check/deploy PLAYBOOK=workstation from a host that can SSH to ubongo as sjat with --ask-become-pass (the Ansible-manages-ubongo connection isn't bootstrapped yet — handle at apply time).

Deferred (iteration 2+)

  • A proper workstations inventory group (when mamba joins) instead of reusing control.
  • lazygit, extra CLI tooling, any system LSP/formatters mason can't cover.
  • Pinning tmux plugins to commits (currently master except catppuccin v1.0.3).