Adds Ansible playbooks to configure Linux

[kenorb]

Summary by Sourcery

Add Ansible-based automation for configuring Ubuntu 24.x Linux hosts and refresh contributor tooling documentation.

New Features:

• Introduce an Ansible playbook to set up Ubuntu 24.x hosts with package upgrades, common tooling, and optional CUDA Toolkit, VS Code, and Brave installation.
• Provide a configurable variables template for controlling APT packages, release repositories, and NVIDIA CUDA Toolkit installation.
• Add project-local Ansible configuration and dependencies managed via Pipenv.

Enhancements:

• Document Ansible setup, devcontainer usage, and pre-commit validation workflow in the main README.
• Add AGENTS guidance documenting expected automation and validation behavior for contributors and tools.
• Extend markdown linting configuration to support repository-specific formatting rules.

Summary by CodeRabbit

• New Features

  • Automated Linux setup: system upgrades, package installs, optional VS Code and Brave installs, and CUDA toolkit installation with basic validation.

• Documentation

  • Added end-to-end Ansible setup instructions, development/Devcontainer guidance, and repository validation/checklist guidance for agents.

• Chores

  • Added Ansible environment and dependency manifests, an ansible-lint ignore, updated markdown linting rules, extended .gitignore, and removed a legacy Ansible configuration.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds nested Ansible config, Pipfile, playbooks and task files for Ubuntu 24.x system setup (APT, CUDA, VS Code, Brave), example variables and Ansible ignore, and updates repository docs, linting, and gitignore entries.

Changes

Ansible Automation Setup

Layer / File(s)	Summary
Ansible Configuration and Build Foundation .ansible-lint-ignore, .ansible/.ansible.cfg, .ansible/Pipfile	Adds ansible-lint ignore header, nested Ansible defaults/connection/ssh/diff settings, and a Pipfile declaring Python 3.12 with ansible and ansible-lint.
Playbook Orchestration and Validation .ansible/playbooks/setup-linux.yml	Main Setup Linux play targeting localhost with become: true, asserts Ubuntu 24.x, loads variables.yml, and conditionally imports task lists based on variables.
APT Package Management Tasks .ansible/playbooks/tasks/apt-upgrade.yml, .ansible/playbooks/tasks/apt-install.yml	Adds a dist-upgrade task and a configurable package install task that installs packages from apt.install while refreshing the apt cache.
VS Code Repository Setup and Installation .ansible/playbooks/tasks/apt-release-code.yml	Installs prerequisites, creates /etc/apt/keyrings, downloads and dearmors Microsoft's GPG key, configures the signed VS Code APT repo, and installs code.
Brave Browser Repository Setup .ansible/playbooks/tasks/apt-release-brave.yml	Installs curl, deploys Brave's keyring and sources list, and installs brave-browser.
CUDA Toolkit Installation and Validation .ansible/playbooks/tasks/cuda-toolkit.yml	Installs a configurable CUDA toolkit package via APT, runs nvidia-smi for verification, and emits a debug warning when verification fails.
Ansible Variables and Setup Instructions .ansible/variables-example.yml, README.md (Ansible Setup and Development sections)	Provides example variables for apt packages and CUDA; documents steps to copy variables-example.yml, install/sync the Pipenv environment, and run the setup-linux.yml playbook.

Repository Development Infrastructure

Layer / File(s)	Summary
Configuration and Linting Updates .gitignore, .markdownlint.yaml	Adds ignore rules for node_modules/ and .ansible/variables.yml; configures Markdownlint rules (MD013 line_length 120, tables disabled; MD033 allowed; MD046 consistent code-block style).
Developer and Agent Guidance AGENTS.md, README.md (Development section)	Adds AGENTS.md with agent behavior checklist and validation commands; expands README with Devcontainer and pre-commit run -a development guidance.

Sequence Diagram(s)

sequenceDiagram
  participant SetupPlay as Setup Play
  participant TaskImporter as Task Importer
  participant AptService as APT Tasks
  participant CUDAInstaller as CUDA Tasks
  SetupPlay->>TaskImporter: import apt-upgrade / apt-install / releases
  TaskImporter->>AptService: run apt upgrade & package installs
  TaskImporter->>CUDAInstaller: run cuda-toolkit tasks when enabled

Loading

🎯 3 (Moderate) | ⏱️ ~25 minutes

🐰 Ansible carrots line the way,
Playbooks hop and packages stay,
CUDA hums and editors boot,
Brave browses fields in one swift loot,
Dotfiles stitched — automation play.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately describes the main change: adding Ansible playbooks to configure Linux systems, which is the central focus of this changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Reviewer's Guide

Adds an Ansible-based Ubuntu 24.x setup workflow (with CUDA, VS Code, Brave, and apt package management), Pipenv-managed Ansible tooling, and documentation/guidance updates for contributors and agents, while refining markdown linting configuration.

File-Level Changes

Change	Details	Files
Introduce Ansible-based Linux setup playbook for Ubuntu 24.x with modular tasks governed by variables.	Add .ansible/playbooks/setup-linux.yml playbook that targets localhost with sudo, validates Ubuntu 24.x, loads ../variables.yml, and conditionally imports modular tasks for upgrades, package installation, CUDA toolkit, VS Code, and Brave based on vars. Define reusable task files for apt upgrades, apt package installation, CUDA Toolkit installation/verification, and VS Code/Brave repository setup and install. Provide a variables-example.yml template defining apt install list, release channel toggles for Brave/VS Code, and an nvidia.cuda_toolkit flag.	.ansible/playbooks/setup-linux.yml .ansible/playbooks/tasks/apt-upgrade.yml .ansible/playbooks/tasks/apt-install.yml .ansible/playbooks/tasks/cuda-toolkit.yml .ansible/playbooks/tasks/apt-release-code.yml .ansible/playbooks/tasks/apt-release-brave.yml .ansible/variables-example.yml
Add a dedicated, Pipenv-based Ansible environment and configuration for reproducible automation.	Add .ansible/Pipfile and Pipfile.lock specifying ansible and ansible-lint dependencies on Python 3.12. Introduce .ansible/.ansible.cfg to tune Ansible defaults (fact injection, Python interpreter discovery, callbacks, SSH timeouts, and always-on diff). Remove root-level .ansible.cfg in favor of the scoped .ansible/.ansible.cfg configuration. Add .ansible-lint-ignore to support local lint suppression configuration.	.ansible/Pipfile .ansible/Pipfile.lock .ansible/.ansible.cfg .ansible-lint-ignore .ansible.cfg
Document Ansible usage, development tooling, and agent behavior for contributors and autonomous agents.	Update README with an Ansible setup section explaining Pipenv-based setup and example playbook invocation, plus development sections for devcontainer and pre-commit usage. Add AGENTS.md describing expected agent workflows, validation commands, tooling guidance (pre-commit, MCP), and troubleshooting for missing validation tooling. Introduce package-lock.json to capture Node-based tooling dependencies (likely for markdownlint or related tooling).	README.md AGENTS.md package-lock.json
Refine markdownlint rules to support repo documentation style.	Expand .markdownlint.yaml to disable table line-length enforcement, allow Details inline HTML, and enforce consistent code block style while keeping max line length at 120 characters.	.markdownlint.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The CUDA Toolkit role currently hardcodes cuda_toolkit_package in setup-linux.yml and always runs nvidia-smi when nvidia.cuda_toolkit is true; consider moving the package name into variables.yml and guarding the nvidia-smi call with a check for the binary’s presence (e.g., stat/which) so the playbook behaves more predictably on hosts without NVIDIA drivers or GPUs.
• Both the Brave and VS Code repository setup tasks directly manage keys and source files via get_url and command; you might want to standardize these on higher-level Ansible modules like ansible.builtin.deb822_repository or apt_repository + get_url + creates patterns to improve idempotence and reduce the chance of repeated work or partial configuration if a step fails.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The CUDA Toolkit role currently hardcodes `cuda_toolkit_package` in `setup-linux.yml` and always runs `nvidia-smi` when `nvidia.cuda_toolkit` is true; consider moving the package name into `variables.yml` and guarding the `nvidia-smi` call with a check for the binary’s presence (e.g., `stat`/`which`) so the playbook behaves more predictably on hosts without NVIDIA drivers or GPUs.
- Both the Brave and VS Code repository setup tasks directly manage keys and source files via `get_url` and `command`; you might want to standardize these on higher-level Ansible modules like `ansible.builtin.deb822_repository` or `apt_repository` + `get_url` + `creates` patterns to improve idempotence and reduce the chance of repeated work or partial configuration if a step fails.

## Individual Comments

### Comment 1
<location path=".ansible/playbooks/setup-linux.yml" line_range="7-8" />
<code_context>
+  become: true
+  vars_files:
+    - ../variables.yml
+  vars:
+    cuda_toolkit_package: cuda-toolkit-13-1
+  pre_tasks:
+    - name: Validate host OS is Ubuntu 24.x
</code_context>
<issue_to_address>
**suggestion:** Make `cuda_toolkit_package` a configurable variable in the shared variables file rather than hardcoding it in the playbook.

Other tunables (APT packages, release toggles, etc.) already live in `variables.yml` with a `variables-example.yml`. Putting `cuda_toolkit_package` there as well keeps user-facing configuration centralized and easier to override per host/profile.

Suggested implementation:

```
  vars_files:
    - ../variables.yml
  pre_tasks:

```

To fully implement this change, you should also:
1. Add `cuda_toolkit_package` (with a sensible default, e.g. `cuda-toolkit-13-1`) to `variables.yml`.
2. Mirror that entry in `variables-example.yml` so users know it’s a configurable knob.
3. If any hosts/profiles need different CUDA versions, override `cuda_toolkit_package` in the appropriate inventory/group_vars/host_vars as per your existing convention.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion: Make cuda_toolkit_package a configurable variable in the shared variables file rather than hardcoding it in the playbook.

Other tunables (APT packages, release toggles, etc.) already live in variables.yml with a variables-example.yml. Putting cuda_toolkit_package there as well keeps user-facing configuration centralized and easier to override per host/profile.

Suggested implementation:

  vars_files:
    - ../variables.yml
  pre_tasks:

To fully implement this change, you should also:

1. Add cuda_toolkit_package (with a sensible default, e.g. cuda-toolkit-13-1) to variables.yml.
2. Mirror that entry in variables-example.yml so users know it’s a configurable knob.
3. If any hosts/profiles need different CUDA versions, override cuda_toolkit_package in the appropriate inventory/group_vars/host_vars as per your existing convention.

[Copilot]

Pull request overview

Adds an Ansible-based Linux setup workflow for Ubuntu 24.x hosts, alongside documentation and tooling configuration to support local and automated validation.

Changes:

• Introduces .ansible/ playbooks, task files, variables template, inventory, and Pipenv-managed Ansible dependencies.
• Documents Ansible setup, devcontainer usage, and pre-commit validation workflows.
• Updates markdownlint/gitignore configuration and adds ansible-lint ignore scaffolding.

Reviewed changes

Copilot reviewed 14 out of 17 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
README.md	Documents Ansible setup and development validation workflows.
AGENTS.md	Adds contributor/agent guidance for validation and troubleshooting.
.markdownlint.yaml	Expands markdownlint rule configuration.
.gitignore	Ignores Node dependencies and local Ansible variables.
.ansible/variables-example.yml	Provides default package and feature flags for Linux setup.
.ansible/playbooks/setup-linux.yml	Adds the main Ubuntu 24.x setup playbook.
.ansible/playbooks/tasks/apt-upgrade.yml	Adds APT upgrade task.
.ansible/playbooks/tasks/apt-install.yml	Adds configurable APT package installation task.
.ansible/playbooks/tasks/apt-release-code.yml	Adds VS Code APT repository and install tasks.
.ansible/playbooks/tasks/apt-release-brave.yml	Adds Brave APT repository and install tasks.
.ansible/playbooks/tasks/cuda-toolkit.yml	Adds CUDA Toolkit installation and NVIDIA status check tasks.
.ansible/Pipfile	Defines the Ansible Pipenv environment.
.ansible/Pipfile.lock	Locks Ansible environment dependencies.
.ansible/.ansible.cfg	Adds Ansible configuration for the new workflow.
.ansible.cfg	Removes the previous top-level Ansible configuration.
.ansible-lint-ignore	Adds ansible-lint ignore file placeholder.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (2)

.ansible/Pipfile (1)

7-10: ⚡ Quick win

Align Pipfile versions with the pre-commit Ansible toolchain.

Using * here can pull versions that diverge from your pinned pre-commit contract (ansible-lint + constrained ansible-core), which makes local behavior inconsistent.

🔧 Suggested pinning approach

 [packages]
-ansible = "*"
+ansible = "==9.*"  # or a specific tested version used by this repo
 
 [dev-packages]
-ansible-lint = "*"
+ansible-lint = "==6.22.2"

You can verify consistency by comparing resolved Pipenv lock versions with .pre-commit-config.yaml constraints.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ansible/Pipfile around lines 7 - 10, Replace wildcard pins in the Pipfile
dev-packages with explicit versions that match the pre-commit toolchain: pin
ansible-lint to the same version used in your .pre-commit-config.yaml (or the
resolved lock) and pin ansible (or ansible-core) to the constrained version
specified by the pre-commit hook; update the entries for ansible and
ansible-lint in the Pipfile dev-packages to those exact versions (instead of
"*") so local pipenv resolution matches the pre-commit contract, then regenerate
the Pipfile.lock to verify consistency.

.ansible/playbooks/tasks/cuda-toolkit.yml (1)

2-2: 💤 Low value

Hardcoded version in task name may mislead.

The task name specifies "CUDA Toolkit 13.1" but the actual version depends on the cuda_toolkit_package variable value. If the variable points to a different version, the task name becomes inaccurate.

♻️ Generic task name suggestion

-- name: Install CUDA Toolkit 13.1 package
+- name: Install CUDA Toolkit package

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ansible/playbooks/tasks/cuda-toolkit.yml at line 2, The task name "Install
CUDA Toolkit 13.1 package" is hardcoded and can be misleading; update the
Ansible task in .ansible/playbooks/tasks/cuda-toolkit.yml to use a generic or
variable-based name that reflects the actual package being installed (e.g.,
"Install CUDA Toolkit package" or "Install CUDA Toolkit {{ cuda_toolkit_package
}}"), and ensure the change refers to the same task that uses the
cuda_toolkit_package variable so the name always matches the package being
installed.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.ansible/playbooks/setup-linux.yml:
- Around line 29-35: The when clauses on the import_tasks for
"tasks/apt-release-code.yml" and "tasks/apt-release-brave.yml" can raise
undefined-variable errors when apt or apt.releases is missing; update each when
to first guard existence (e.g. apt is defined and apt.releases is defined) and
then evaluate the flag with default(false) and bool — for example: replace
"when: apt.releases.code | default(false) | bool" with a guarded expression like
"when: apt is defined and apt.releases is defined and (apt.releases.code |
default(false) | bool)" and do the analogous change for apt.releases.brave.
- Around line 7-8: The play-level variable cuda_toolkit_package in the play's
vars block is overriding user-provided values from .ansible/variables.yml;
remove the cuda_toolkit_package entry from the play vars and instead provide it
via an included vars_files or a role default (e.g., move the default into the
role's defaults/main.yml or ensure .ansible/variables.yml is listed in
vars_files and contains cuda_toolkit_package), so user-supplied values in
.ansible/variables.yml can override the default.

In @.ansible/playbooks/tasks/apt-release-brave.yml:
- Around line 7-17: The two ansible.builtin.get_url tasks ("Download Brave
browser keyring" and "Download Brave browser sources list") download
security-sensitive artifacts without integrity checks; update each get_url
invocation to include a checksum parameter (use the sha256 keyed form, e.g.
checksum: "sha256:<computed-hash>") pointing to the correct SHA256 of the
respective file so Ansible validates the download before writing to dest,
keeping the existing dest and mode fields unchanged.

In @.ansible/playbooks/tasks/apt-release-code.yml:
- Around line 17-21: The task "Download Microsoft GPG key" using
ansible.builtin.get_url lacks a checksum, so add the get_url checksum field
(e.g. checksum: "sha256:<expected-fingerprint>" or appropriate hash) to pin the
download integrity for /etc/apt/keyrings/packages.microsoft.asc; locate the task
by the name "Download Microsoft GPG key" or the get_url call and update it to
include the checksum value you verified from the Microsoft key distribution.

In @.ansible/playbooks/tasks/cuda-toolkit.yml:
- Around line 2-7: The task uses an undefined variable cuda_toolkit_package
while only a boolean flag nvidia.cuda_toolkit exists; add a package-name
variable (e.g., set cuda_toolkit_package: "cuda-toolkit-13-1" or an appropriate
package string) to the variables example and update the install task to run only
when the boolean is true (e.g., change the conditional to check
nvidia.cuda_toolkit and not ansible_check_mode) so the apt task installs '{{
cuda_toolkit_package }}' only when the flag is enabled.

In @.ansible/variables-example.yml:
- Around line 41-42: The variables file defines only the boolean cuda_toolkit
but the install task expects cuda_toolkit_package; add a new variable named
cuda_toolkit_package alongside cuda_toolkit and set it to the correct CUDA
toolkit package name (e.g., the distribution package you install on target
hosts) so the installation task can reference that variable; ensure the variable
name exactly matches cuda_toolkit_package used in the task.

---

Nitpick comments:
In @.ansible/Pipfile:
- Around line 7-10: Replace wildcard pins in the Pipfile dev-packages with
explicit versions that match the pre-commit toolchain: pin ansible-lint to the
same version used in your .pre-commit-config.yaml (or the resolved lock) and pin
ansible (or ansible-core) to the constrained version specified by the pre-commit
hook; update the entries for ansible and ansible-lint in the Pipfile
dev-packages to those exact versions (instead of "*") so local pipenv resolution
matches the pre-commit contract, then regenerate the Pipfile.lock to verify
consistency.

In @.ansible/playbooks/tasks/cuda-toolkit.yml:
- Line 2: The task name "Install CUDA Toolkit 13.1 package" is hardcoded and can
be misleading; update the Ansible task in
.ansible/playbooks/tasks/cuda-toolkit.yml to use a generic or variable-based
name that reflects the actual package being installed (e.g., "Install CUDA
Toolkit package" or "Install CUDA Toolkit {{ cuda_toolkit_package }}"), and
ensure the change refers to the same task that uses the cuda_toolkit_package
variable so the name always matches the package being installed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 989f635c-700d-4646-89c6-5f3fce2c65f8

📥 Commits

Reviewing files that changed from the base of the PR and between 20a1b9d and 38a7dcd.

⛔ Files ignored due to path filters (2)

• .ansible/Pipfile.lock is excluded by !**/*.lock
• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (15)

• .ansible-lint-ignore
• .ansible.cfg
• .ansible/.ansible.cfg
• .ansible/Pipfile
• .ansible/playbooks/setup-linux.yml
• .ansible/playbooks/tasks/apt-install.yml
• .ansible/playbooks/tasks/apt-release-brave.yml
• .ansible/playbooks/tasks/apt-release-code.yml
• .ansible/playbooks/tasks/apt-upgrade.yml
• .ansible/playbooks/tasks/cuda-toolkit.yml
• .ansible/variables-example.yml
• .gitignore
• .markdownlint.yaml
• AGENTS.md
• README.md

💤 Files with no reviewable changes (1)

• .ansible.cfg

[coderabbitai]

Actionable comments posted: 0

[coderabbitai]

Actionable comments posted: 0

[coderabbitai]

Actionable comments posted: 0