feat(ubuntu): Refactor package installation, streamline GitHub deb installs

- Added 'become_password_file' to 'ansible.cfg' for privilege escalation handling.
- Removed separate installation tasks for 'atuin', 'eurkey', 'ghostty', 'git-delta', 'ripgrep', 'starship', 'veracrypt', and 'pacstall', consolidating them into 'curl.yml' and 'git_deb.yml'.
- Introduced 'git_deb.yml' for handling GitHub '.deb' installations dynamically using 'github_deb' variable.
- Improved error handling and pipe safety in curl-based installations ('set -o pipefail').
- Set proper permissions ('mode: 0600') for downloaded files in 'remove_ubuntu_banner.yml' and 'fira_code_fonts.yml'.
- Refactored 'github_releases.yml' to allow optional 'v' prefix handling in 'tag_name'.
- Updated 'main.yml' to remove redundant installations and streamline execution.
- Defined 'github_deb' list in 'vars/main.yml' to manage '.deb' package downloads dynamically.

These changes enhance maintainability, reduce redundancy, and improve package installation flexibility.

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

ansible.cfg

@@ -9,6 +9,10 @@ inventory=./inventory/production
 # If executable, it will be run and the resulting stdout will be used as the password.
 vault_password_file=/media/veracrypt1/scripts/ansible_vault.sh
 
+# (path) The password file to use for the become plugin. --become-password-file.
+# If executable, it will be run and the resulting stdout will be used as the password.
+become_password_file=/media/veracrypt1/scripts/ansible_become.sh
+
 # (list) Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these.
 # This affects vars_files, include_vars, inventory and vars plugins among others.
 yaml_valid_extensions=.yml

roles/ubuntu/tasks/atuin.yml

@@ -1,5 +0,0 @@
----
-- name: Install atuin
-  ansible.builtin.shell: yes | bash -c "curl --proto '=https' --tlsv1.2 -LsSf https://setup.atuin.sh"
-  args:
-    creates: "{{ ansible_env.HOME }}/.config/atuin" # Adjust based on atuin installation

roles/ubuntu/tasks/curl.yml

@@ -0,0 +1,19 @@
+---
+- name: Install starship
+  ansible.builtin.shell: set -o pipefail && curl -fsSL https://starship.rs/install.sh | sh -s -- --yes
+  args:
+    executable: /usr/bin/bash
+    creates: "{{ ansible_env.HOME }}/.config/starship.toml"
+
+- name: Install Pacstall
+  ansible.builtin.shell: yes | bash -c "$(curl -fsSL https://pacstall.dev/q/install)"
+  args:
+    executable: /usr/bin/bash
+    creates: /usr/local/bin/pacstall
+  become: true
+
+- name: Install atuin
+  ansible.builtin.shell: set -o pipefail && curl -fsSL https://setup.atuin.sh | sh -s -- --yes
+  args:
+    executable: /usr/bin/bash
+    creates: "{{ ansible_env.HOME }}/.config/atuin"

roles/ubuntu/tasks/eurkey.yml

@@ -1,16 +0,0 @@
----
-- name: Download EurKey deb
-  ansible.builtin.get_url:
-    url: https://eurkey.steffen.bruentjen.eu/download/debian/eurkey.deb
-    dest: "/tmp/eurkey.deb"
-
-- name: Install EurKey
-  ansible.builtin.apt:
-    deb: "/tmp/eurkey.deb"
-    state: present
-  become: true
-
-- name: Remove EurKey deb
-  ansible.builtin.file:
-    path: "/tmp/eurkey.deb"
-    state: absent

roles/ubuntu/tasks/fira_code_fonts.yml

@@ -9,6 +9,7 @@
   ansible.builtin.get_url:
     url: https://github.com/ryanoasis/nerd-fonts/releases/download/v3.3.0/FiraMono.zip
     dest: "/tmp/FiraMono.zip"
+    mode: "0600"
 
 - name: Extract FiraCode from zip
   ansible.builtin.unarchive:

roles/ubuntu/tasks/ghostty.yml

@@ -1,31 +0,0 @@
----
-- name: Get OS release info
-  ansible.builtin.shell: source /etc/os-release && echo $VERSION_ID
-  args:
-    executable: /bin/bash
-  register: version_id
-  changed_when: false
-
-- name: Get Ghostty DEB URL
-  ansible.builtin.shell: |
-    curl -s https://api.github.com/repos/mkasberg/ghostty-ubuntu/releases/latest |
-    grep -oP "https://github.com/mkasberg/ghostty-ubuntu/releases/download/[^\s/]+/ghostty_[^\s/_]+_{{ aarch }}_{{ version_id.stdout }}.deb"
-  register: ghostty_deb_url
-  changed_when: false
-
-- name: Download Ghostty deb file
-  ansible.builtin.get_url:
-    url: "{{ ghostty_deb_url.stdout }}"
-    dest: "/tmp/{{ ghostty_deb_url.stdout | basename }}"
-    mode: "0755"
-
-- name: Install Ghostty
-  ansible.builtin.apt:
-    deb: "/tmp/{{ ghostty_deb_url.stdout | basename }}"
-    state: present
-  become: true
-
-- name: Remove Ghostty deb file
-  ansible.builtin.file:
-    path: "/tmp/{{ ghostty_deb_url.stdout | basename }}"
-    state: absent

roles/ubuntu/tasks/git_deb.yml

@@ -0,0 +1,35 @@
+---
+- name: "Get latest version: {{ project.name }}"
+  ansible.builtin.shell: |
+    set -o pipefail && curl -s "https://api.github.com/repos/{{ project.repo }}/releases/latest" |
+    grep -Po '"tag_name": *"(VeraCrypt_|v)?\K[^"]*'
+  args:
+    executable: /usr/bin/bash
+  register: project_version
+  changed_when: false
+  when: (project.repo | length > 0) and not item.skip
+
+- name: "Set version: {{ project_version }}"
+  ansible.builtin.set_fact:
+    project_version: "{{ project_version.stdout }}"
+  when: (project.repo | length > 0)  and not item.skip
+
+- name: "Download deb: {{ project.name }}"
+  ansible.builtin.get_url:
+    url: "{{ project.url | replace(project_version_placeholder, project_version) }}"
+    dest: "/tmp/{{ project.name }}.deb"
+    mode: "0666"
+  when: not item.skip
+
+- name: Install {{ project.name }}
+  ansible.builtin.apt:
+    deb: "/tmp/{{ project.name }}.deb"
+    state: present
+  become: true
+  when: not item.skip
+
+- name: Remove deb
+  ansible.builtin.file:
+    path: "/tmp/{{ project.name }}.deb"
+    state: absent
+  when: not item.skip

roles/ubuntu/tasks/git_delta.yml

@@ -1,16 +0,0 @@
----
-- name: Download git-delta deb
-  ansible.builtin.get_url:
-    url: "https://github.com/dandavison/delta/releases/download/0.18.2/git-delta-musl_0.18.2_{{ aarch }}.deb"
-    dest: "/tmp/git-delta-musl_0.18.2_{{ aarch }}.deb"
-
-- name: Install git-delta
-  ansible.builtin.apt:
-    deb: "/tmp/git-delta-musl_0.18.2_{{ aarch }}.deb"
-    state: present
-  become: true
-
-- name: Remove git-delta deb
-  ansible.builtin.file:
-    path: "/tmp/git-delta-musl_0.18.2_{{ aarch }}.deb"
-    state: absent

roles/ubuntu/tasks/github_releases.yml

@@ -1,14 +1,20 @@
 ---
 - name: "Get latest version: {{ project.name }}"
   ansible.builtin.shell: |
-    curl -s "https://api.github.com/repos/{{ project.repo }}/releases/latest" |
+    set -o pipefail && curl -s "https://api.github.com/repos/{{ project.repo }}/releases/latest" |
-    grep -Po '"tag_name": *"v\K[^"]*'
+    grep -Po '"tag_name": *"v?\K[^"]*'
+  args:
+    executable: /usr/bin/bash
   register: project_version
   changed_when: false
 
+- name: "Set version: {{ project_version }}"
+  ansible.builtin.set_fact:
+    project_version: "{{ project_version.stdout }}"
+
 - name: "Download: {{ project.name }}"
   ansible.builtin.get_url:
-    url: "https://github.com/{{ project.repo }}/releases/download/v{{ project_version.stdout }}/{{ project.name }}_{{ project_version.stdout }}_Linux_x86_64.tar.gz"
+    url: "https://github.com/{{ project.repo }}/releases/download/v{{ project_version }}/{{ project.name }}_{{ project_version }}_Linux_x86_64.tar.gz"
     dest: "/tmp/{{ project.name }}.tar.gz"
     mode: "0666"
 

roles/ubuntu/tasks/main.yml

@@ -3,26 +3,24 @@
   ansible.builtin.import_tasks: apt.yml
 - name: Install snap packages
   ansible.builtin.import_tasks: snap.yml
+- name: Curl Installations
+  ansible.builtin.import_tasks: curl.yml
+- name: Github .deb installations
+  ansible.builtin.include_tasks: git_deb.yml
+  vars:
+    project: "{{ item }}"
+  loop: "{{ github_deb }}"
+- name: "Install {{ item }}"
+  ansible.builtin.include_tasks: github_releases.yml
+  vars:
+    project: "{{ item }}"
+  loop: "{{ github_releases }}"
 - name: Install nvim
   ansible.builtin.import_tasks: nvim.yml
 - name: Install Rust
   ansible.builtin.import_tasks: rust.yml
-- name: Ghostty
-  ansible.builtin.import_tasks: ghostty.yml
-- name: Install pacstall
-  ansible.builtin.import_tasks: pacstall.yml
 - name: Install ledger
   ansible.builtin.import_tasks: ledger_cli.yml
-- name: Install git-delta
-  ansible.builtin.import_tasks: git_delta.yml
-- name: Install atuin
-  ansible.builtin.import_tasks: atuin.yml
-- name: Install Starship
-  ansible.builtin.import_tasks: starship.yml
-- name: Install EurKey
-  ansible.builtin.import_tasks: eurkey.yml
-# - name: Install Veracrypt
-#   ansible.builtin.import_tasks: veracrypt.yml
 - name: Install FiraCode
   ansible.builtin.import_tasks: fira_code_fonts.yml
 - name: Remove Ubuntu Pro Banner
@@ -31,12 +29,5 @@
   ansible.builtin.import_tasks: protonvpn.yml
 - name: Install Docker
   ansible.builtin.import_tasks: docker.yml
-- name: "Install {{ item }}"
-  ansible.builtin.include_tasks: github_releases.yml
-  vars:
-    project: "{{ item }}"
-  loop: "{{ github_releases }}"
-- name: Install ripgrep
-  ansible.builtin.import_tasks: ripgrep.yml
 - name: Install Vagrant
   ansible.builtin.import_tasks: hashicorp_vagrant.yml

roles/ubuntu/tasks/pacstall.yml

@@ -1,6 +0,0 @@
----
-- name: Install Pacstall
-  ansible.builtin.shell: yes | bash -c "$(curl -fsSL https://pacstall.dev/q/install)"
-  args:
-    creates: /usr/local/bin/pacstall # Adjust based on pacstall install path
-  become: true

roles/ubuntu/tasks/remove_ubuntu_banner.yml

@@ -9,6 +9,7 @@
   ansible.builtin.file:
     path: /etc/apt/apt.conf.d/20apt-esm-hook.conf
     state: touch
+    mode: "0600"
   become: true
 
 - name: Update apt cache

roles/ubuntu/tasks/ripgrep.yml

@@ -1,15 +0,0 @@
-- name: Download ripgrep deb
-  ansible.builtin.get_url:
-    url: https://github.com/BurntSushi/ripgrep/releases/download/14.1.0/ripgrep_14.1.0-1_{{ aarch }}.deb
-    dest: "/tmp/ripgrep_14.1.0-1_{{ aarch }}.deb"
-
-- name: Install ripgrep
-  ansible.builtin.apt:
-    deb: "/tmp/ripgrep_14.1.0-1_{{ aarch }}.deb"
-    state: present
-  become: true
-
-- name: Remove ripgrep deb
-  ansible.builtin.file:
-    path: "/tmp/ripgrep_14.1.0-1_{{ aarch }}.deb"
-    state: absent

roles/ubuntu/tasks/rust.yml

@@ -1,11 +1,16 @@
 ---
 - name: Install Rust (via rustup)
-  ansible.builtin.shell: yes | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs
+  ansible.builtin.shell: set -o pipefail && yes | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs
   args:
+    executable: /usr/bin/bash
     creates: "{{ ansible_env.HOME }}/.cargo/bin/rustc"
 
 - name: Install bininstall
-  ansible.builtin.shell: yes | curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh
+  ansible.builtin.shell: set -o pipefail &&yes | curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh
+  args:
+    executable: /usr/bin/bash
 
-- name: Install bininstall
+- name: Install dioxus-cli
-  ansible.builtin.shell: yes | cargo binstall dioxus-cli
+  ansible.builtin.shell: set -o pipefail && yes | cargo binstall dioxus-cli
+  args:
+    executable: /usr/bin/bash

roles/ubuntu/tasks/starship.yml

@@ -1,5 +0,0 @@
----
-- name: Install starship
-  ansible.builtin.shell: yes | bash -c "curl -sS https://starship.rs/install.sh"
-  args:
-    creates: "{{ ansible_env.HOME }}/.config/starship.toml" # Adjust based on where starship installs

roles/ubuntu/tasks/veracrypt.yml

@@ -1,16 +0,0 @@
----
-- name: Download Veracrypt deb
-  ansible.builtin.get_url:
-    url: "https://launchpad.net/veracrypt/trunk/1.26.20/+download/veracrypt-1.26.20-Debian-12-{{ aarch }}.deb"
-    dest: "/tmp/veracrypt.deb"
-
-- name: Install Veracrypt
-  ansible.builtin.apt:
-    deb: "/tmp/veracrypt.deb"
-    state: present
-  become: true
-
-- name: Remove Veracrypt deb
-  ansible.builtin.file:
-    path: "/tmp/veracrypt.deb"
-    state: absent

roles/ubuntu/vars/main.yml

@@ -91,3 +91,27 @@ github_releases:
     repo: jesseduffield/lazygit
   - name: lazydocker
     repo: jesseduffield/lazydocker
+
+project_version_placeholder: "<VERSION_PLACEHOLDER>"
+
+github_deb:
+  - name: delta
+    repo: dandavison/delta
+    url: https://github.com/dandavison/delta/releases/download/{{ project_version_placeholder }}/git-delta_{{ project_version_placeholder }}_{{ aarch }}.deb
+    skip: false
+  - name: eurkey
+    repo: ""
+    url: https://eurkey.steffen.bruentjen.eu/download/debian/eurkey.deb
+    skip: false
+  - name: ripgrep
+    repo: BurntSushi/ripgrep
+    url: https://github.com/BurntSushi/ripgrep/releases/download/{{ project_version_placeholder }}/ripgrep_{{ project_version_placeholder }}-1_{{ aarch }}.deb
+    skip: false
+  - name: veracrypt
+    repo: veracrypt/Veracrypt
+    url: https://github.com/veracrypt/VeraCrypt/releases/download/VeraCrypt_{{ project_version_placeholder }}/veracrypt-{{ project_version_placeholder }}-{{ ansible_distribution }}-{{ ansible_distribution_version }}-{{ aarch }}.deb
+    skip: true
+  - name: ghostty
+    repo: mkasberg/ghostty-ubuntu
+    url: https://github.com/mkasberg/ghostty-ubuntu/releases/download/{{ project_version_placeholder }}/ghostty_{{ project_version_placeholder }}_{{ aarch }}_{{ ansible_distribution_version }}.deb
+    skip: true