diff options
Diffstat (limited to 'common/packages.yml')
| -rw-r--r-- | common/packages.yml | 1066 |
1 files changed, 1066 insertions, 0 deletions
diff --git a/common/packages.yml b/common/packages.yml new file mode 100644 index 0000000..0fce986 --- /dev/null +++ b/common/packages.yml @@ -0,0 +1,1066 @@ +# Dotfiles Installation Packages Configuration +# This file defines packages to install based on installation profiles and distribution-specific mappings + +#====================================== +# Installation Profiles +#====================================== + +# Core packages needed by all installations +common: + - git + - curl + - wget + +# Essential packages for basic functionality +essentials: + - zsh + - bash + - vim + - openssh + - sudo + - man + - bc + - time + - rsync + - tree + +# Minimal development environment +minimal: + - gcc + - make + - python + - jq + - fzf + - neovim + - tmux + +# Full development environment +dev: + - clang + - meson + - gdb + - cmake + - go + - ninja + - ripgrep + - fd + - nodejs + - emacs + - vscode + - ansible + +# Server-focused packages +server: + - ufw + - net-tools + - htop + - btop + - powertop + - clamav + - ntp + - networkmanager + - smartmontools + - hdparm + - acpi + - parted + - sysstat + - hwinfo + - ansible + +# Desktop environment packages +desktop: + - xorg + - wayland + - xclip + - xterm + - gtk + - firefox + - mpv + - discord + - libinput + - nnn + - ranger + - obs-studio + - unrar + - unzip + - p7zip + - imagemagick + - ffmpeg + - wezterm + - ncdu + - picom + - rofi + - udiskie + - brightnessctl + - wl-clipboard + - nemo + - blueman + - bluez + +# Window managers +wm: + - hyprland + - bspwm + - sxhkd + - polybar + +# Audio/Media packages +media: + - mpd + - pipewire + - ncmpcpp + +# Gaming +gaming: + - wine + - steam + +# Virtualization +virtualization: + - libvirt + - qemu + +# Fonts +fonts: + - hack-font + - nerd-fonts + - font-awesome + - dejavu-fonts + +#====================================== +# Distribution-specific package mappings +# Format: generic_name -> distro_specific_name +#====================================== + +arch: + # Core tools + python: python + nodejs: nodejs + man: man-pages man-db + tree: tree + ntp: ntpsec + hack-font: ttf-hack + nerd-fonts: ttf-nerd-fonts-symbols-mono + font-awesome: ttf-font-awesome + dejavu-fonts: ttf-dejavu + networkmanager: networkmanager + qemu: qemu-full + vscode: code + + # Desktop specific + xorg: xorg xorg-server + wayland: wayland xorg-xwayland + gtk: gtk3 gtk4 + libinput: libinput xf86-input-libinput + bluez: bluez bluez-utils bluez-tools + + # Media + pipewire: pipewire wireplumber + +debian: + # Core tools + python: python3 python3-pip + nodejs: nodejs npm + man: man-pages-dev man-db + tree: tree + ntp: ntp + hack-font: fonts-hack + nerd-fonts: fonts-nerd-font-symbols + font-awesome: fonts-font-awesome + dejavu-fonts: fonts-dejavu + networkmanager: network-manager + qemu: qemu-system + vscode: code + fd: fd-find + openssh: openssh-server + ansible: ansible + +fedora: + # Core tools + python: python3 python3-pip + nodejs: nodejs npm + man: man-pages man-db + tree: tree + ntp: chrony + hack-font: adobe-source-code-pro-fonts + nerd-fonts: powerline-fonts + font-awesome: fontawesome-fonts + dejavu-fonts: dejavu-fonts-common + networkmanager: NetworkManager + qemu: qemu-kvm + vscode: code-oss + fd: fd-find + openssh: openssh-server + ansible: ansible + ninja: ninja-build + + # Desktop specific + xorg: xorg xserver-xorg + wayland: libwayland-dev xwayland + gtk: libgtk-3-dev libgtk-4-dev + libinput: libinput10 xserver-xorg-input-libinput + bluez: bluez bluez-tools + + # Media + pipewire: pipewire wireplumber + + # System tools + ufw: ufw + net-tools: net-tools + btop: btop + powertop: powertop + clamav: clamav + smartmontools: smartmontools + hdparm: hdparm + acpi: acpi + parted: parted + cups: cups + sysstat: sysstat + hwinfo: hwinfo + +rhel: + # Core tools + python: python3 python3-pip + nodejs: nodejs npm + man: man-pages man-db + tree: tree + ntp: chrony + hack-font: adobe-source-code-pro-fonts + nerd-fonts: powerline-fonts + font-awesome: fontawesome-fonts + dejavu-fonts: dejavu-fonts-common + networkmanager: NetworkManager + qemu: qemu-kvm + vscode: code + fd: fd-find + openssh: openssh-server + ansible: ansible + ninja: ninja-build + + # Desktop specific + xorg: xorg-x11-server-Xorg + wayland: wayland-devel xorg-x11-server-Xwayland + gtk: gtk3-devel gtk4-devel + libinput: libinput + bluez: bluez bluez-tools + + # System tools + ufw: firewalld + net-tools: net-tools + btop: htop + powertop: powertop + clamav: clamav + smartmontools: smartmontools + hdparm: hdparm + acpi: acpi + parted: parted + cups: cups + sysstat: sysstat + +opensuse: + # Core tools + python: python3 python3-pip + nodejs: nodejs16 npm16 + man: man-pages man + tree: tree + ntp: chrony + hack-font: adobe-sourcecodepro-fonts + nerd-fonts: powerline-fonts + font-awesome: fontawesome-fonts + dejavu-fonts: dejavu-fonts + networkmanager: NetworkManager + qemu: qemu + vscode: code + openssh: openssh + ansible: ansible + +gentoo: + # Core tools with full package paths + git: dev-vcs/git + curl: net-misc/curl + wget: net-misc/wget + zsh: app-shells/zsh + bash: app-shells/bash + vim: app-editors/vim + neovim: app-editors/neovim + tmux: app-misc/tmux + openssh: net-misc/openssh + sudo: app-admin/sudo + man: sys-apps/man-pages sys-apps/man-db + bc: sys-devel/bc + time: sys-process/time + rsync: net-misc/rsync + tree: app-text/tree + gcc: sys-devel/gcc + clang: sys-devel/clang + make: sys-devel/make + cmake: dev-util/cmake + meson: dev-util/meson + gdb: sys-devel/gdb + ninja: dev-util/ninja + ripgrep: sys-apps/ripgrep + fd: sys-apps/fd + python: dev-lang/python + nodejs: net-libs/nodejs + jq: app-misc/jq + fzf: app-shells/fzf + emacs: app-editors/emacs + vscode: app-editors/vscode + go: dev-lang/go + htop: sys-process/htop + ufw: net-firewall/ufw + net-tools: sys-apps/net-tools + btop: sys-process/btop + powertop: sys-power/powertop + clamav: app-antivirus/clamav + ntp: net-misc/chrony + networkmanager: net-misc/networkmanager + smartmontools: sys-apps/smartmontools + hdparm: sys-apps/hdparm + acpi: sys-power/acpi + parted: sys-block/parted + cups: net-print/cups + sysstat: app-admin/sysstat + hwinfo: sys-apps/hwinfo + hack-font: media-fonts/hack + nerd-fonts: media-fonts/nerd-fonts + font-awesome: media-fonts/fontawesome + dejavu-fonts: media-fonts/dejavu + + # Desktop + xorg: x11-base/xorg-server + wayland: dev-libs/wayland x11-base/xwayland + xclip: x11-misc/xclip + xterm: x11-terms/xterm + gtk: x11-libs/gtk+ + firefox: www-client/firefox + mpv: media-video/mpv + discord: net-im/discord-bin + libinput: dev-libs/libinput x11-drivers/xf86-input-libinput + nnn: app-misc/nnn + ranger: app-misc/ranger + obs-studio: media-video/obs-studio + unrar: app-arch/unrar + unzip: app-arch/unzip + p7zip: app-arch/p7zip + imagemagick: media-gfx/imagemagick + ffmpeg: media-video/ffmpeg + wezterm: x11-terms/wezterm + ncdu: sys-fs/ncdu + picom: x11-misc/picom + rofi: x11-misc/rofi + udiskie: sys-fs/udiskie + brightnessctl: app-misc/brightnessctl + wl-clipboard: gui-apps/wl-clipboard + nemo: gnome-extra/nemo + blueman: net-wireless/blueman + bluez: net-wireless/bluez + + # Window managers + hyprland: gui-wm/hyprland + bspwm: x11-wm/bspwm + sxhkd: x11-misc/sxhkd + polybar: x11-misc/polybar + + # Media + mpd: media-sound/mpd + pipewire: media-video/pipewire media-video/wireplumber + ncmpcpp: media-sound/ncmpcpp + + # Gaming + wine: app-emulation/wine-vanilla + steam: games-util/steam-launcher + + # Virtualization + libvirt: app-emulation/libvirt + qemu: app-emulation/qemu + +alpine: + python: python3 py3-pip + nodejs: nodejs npm + man: man-pages man-db + ntp: chrony + htop: htop + openssh: openssh + ansible: ansible + +void: + python: python3 python3-pip + nodejs: nodejs + man: man-pages + ntp: chrony + openssh: openssh + ripgrep: ripgrep + fd: fd + btop: btop + networkmanager: NetworkManager + ansible: ansible + +macos: + # Homebrew packages + - git + - curl + - wget + - zsh + - bash + - vim + - neovim + - tmux + - openssh + - python3 + - node + - jq + - fzf + - ripgrep + - fd + - bat + - htop + - rsync + - cmake + - ninja + - go + - emacs + - visual-studio-code + - ansible + +windows: + - git + - ripgrep + - fd + - sudo + - win32yank + - microsoft-windows-terminal + - wsl + - firefox + - setdefaultbrowser + - nodejs + - bat + - 7zip + - python + - javaruntime + - autohotkey + - bitwarden + - notepadplusplus + - neovim + +bloatware: + # - Anytime + - BioEnrollment + # - Browser + - ContactSupport + - Cortana + # - Defender + - Feedback + - Flash + # - Gaming # Breaks Xbox Live Account Login + # - Holo + # - InternetExplorer + - Maps + # - MiracastView + - OneDrive + # - SecHealthUI + - Wallet + # - Xbox # Causes a bootloop since upgrade 1511? + +default: + # default Windows 10 apps + # - Microsoft.3DBuilder + - Microsoft.Appconnector + - Microsoft.BingFinance + - Microsoft.BingNews + - Microsoft.BingSports + - Microsoft.BingTranslator + - Microsoft.BingWeather + # - Microsoft.FreshPaint + # - Microsoft.Microsoft3DViewer + - Microsoft.MicrosoftOfficeHub + - Microsoft.MicrosoftSolitaireCollection + - Microsoft.MicrosoftPowerBIForWindows + - Microsoft.MinecraftUWP + # - Microsoft.MicrosoftStickyNotes + # - Microsoft.NetworkSpeedTest + - Microsoft.Office.OneNote + # - Microsoft.OneConnect + - Microsoft.People + # - Microsoft.Print3D + - Microsoft.SkypeApp + - Microsoft.Wallet + # - Microsoft.Windows.Photos + # - Microsoft.WindowsAlarms + # - Microsoft.WindowsCalculator + - Microsoft.WindowsCamera + - microsoft.windowscommunicationsapps + - Microsoft.WindowsMaps + - Microsoft.WindowsPhone + - Microsoft.WindowsSoundRecorder + - Microsoft.WindowsStore + # - Microsoft.XboxApp + # - Microsoft.XboxGameOverlay + # - Microsoft.XboxIdentityProvider + # - Microsoft.XboxSpeechToTextOverlay + - Microsoft.ZuneMusic + - Microsoft.ZuneVideo + + # Threshold 2 apps + - Microsoft.CommsPhone + - Microsoft.ConnectivityStore + - Microsoft.GetHelp + - Microsoft.Getstarted + - Microsoft.Messaging + - Microsoft.Office.Sway + - Microsoft.OneConnect + - Microsoft.WindowsFeedbackHub + + # Redstone apps + - Microsoft.BingFoodAndDrink + - Microsoft.BingTravel + - Microsoft.BingHealthAndFitness + - Microsoft.WindowsReadingList + + # non-Microsoft + - king.com.CandyCrushSaga + - king.com.CandyCrushSodaSaga + - king.com.* + - Facebook.Facebook + + # apps which cannot be removed using Remove-AppxPackage + # - Microsoft.BioEnrollment + # - Microsoft.MicrosoftEdge + # - Microsoft.Windows.Cortana + # - Microsoft.WindowsFeedback + # - Microsoft.XboxGameCallableUI + # - Microsoft.XboxIdentityProvider + # - Windows.ContactSupport + +#====================================== +# Gentoo USE flags configuration +#====================================== +gentoo_use_flags: + git: "curl gpg perl python" + curl: "ssl http2 ipv6" + wget: "ssl ipv6 nls" + zsh: "unicode pcre gdbm" + bash: "net nls readline" + tmux: "vim-syntax" + vim: "python lua ruby perl cscope" + neovim: "lua python ruby" + emacs: "gtk jpeg png svg tiff xpm cairo dbus json ssl xml" + gcc: "cxx fortran graphite jit nptl openmp pch pie ssp" + clang: "static-analyzer" + python: "sqlite ssl readline ncurses xml" + nodejs: "ssl" + htop: "unicode lm-sensors" + openssh: "ssl kerberos ldap pam" + firefox: "dbus gtk3 pulseaudio startup-notification wifi" + mpv: "alsa pulseaudio lua drm wayland X" + gtk: "wayland X cups introspection" + pipewire: "alsa bluetooth jack pulseaudio sound-server" + ffmpeg: "alsa encode mp3 opus pulseaudio theora vorbis webp x264 x265" + networkmanager: "bluetooth dhclient introspection wifi" + bluez: "alsa cups obex readline" + qemu: "aio alsa bluetooth curl gtk jpeg ncurses opengl png pulseaudio sdl spice ssh usb vnc" + libvirt: "firewalld libssh nfs numa parted qemu sasl udev" + +#====================================== +# System tweaks and configurations +#====================================== +system_tweaks: + gnome: + # Power management settings + - gsettings set org.gnome.desktop.session idle-delay 0 + - gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing' + - gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing' + # Interface tweaks + - gsettings set org.gnome.desktop.interface clock-show-weekday true + - gsettings set org.gnome.desktop.interface show-battery-percentage true + + kde: + # Power management + - kwriteconfig5 --file powermanagementprofilesrc --group AC --group DimDisplay --key idleTime 300000 + - kwriteconfig5 --file powermanagementprofilesrc --group AC --group DPMSControl --key idleTime 600000 + + windows: + registry: + # Explorer settings + - path: "HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" + name: "Hidden" + value: 1 + type: "DWORD" + description: "Show hidden files" + - path: "HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" + name: "HideFileExt" + value: 0 + type: "DWORD" + description: "Show file extensions" + - path: "HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" + name: "TaskbarGlomLevel" + value: 2 + type: "DWORD" + description: "Never combine taskbar buttons" + - path: "HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced" + name: "TaskbarSmallIcons" + value: 1 + type: "DWORD" + description: "Use small taskbar icons" + + # Dark mode + - path: "HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize" + name: "AppsUseLightTheme" + value: 0 + type: "DWORD" + description: "Use dark theme for apps" + - path: "HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize" + name: "SystemUsesLightTheme" + value: 0 + type: "DWORD" + description: "Use dark theme for system" + + # Search settings + - path: "HKCU:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Search" + name: "SearchBoxTaskbarMode" + value: 0 + type: "DWORD" + description: "Hide search box from taskbar" + + features: + - name: "Microsoft-Windows-Subsystem-Linux" + description: "Windows Subsystem for Linux" + requires_admin: true + - name: "VirtualMachinePlatform" + description: "Virtual Machine Platform" + requires_admin: true + + hardening: + registry: + # Security hardening registry settings + - path: "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" + name: "EnableLUA" + value: 1 + type: "DWORD" + description: "Enable User Account Control" + - path: "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" + name: "ConsentPromptBehaviorAdmin" + value: 2 + type: "DWORD" + description: "UAC prompt for administrators" + - path: "HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" + name: "DisablePasswordCaching" + value: 1 + type: "DWORD" + description: "Disable password caching" + - path: "HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Lsa" + name: "LimitBlankPasswordUse" + value: 1 + type: "DWORD" + description: "Limit blank password use" + - path: "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\lanmanserver\\parameters" + name: "AutoDisconnectTimeout" + value: 15 + type: "DWORD" + description: "Auto disconnect timeout" + - path: "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" + name: "DontDisplayLastUserName" + value: 1 + type: "DWORD" + description: "Don't display last username" + + services: + disable: + - "Fax" + - "TelnetD" + - "RemoteRegistry" + - "Messenger" + - "NetMeeting Remote Desktop Sharing" + - "Remote Desktop Help Session Manager" + - "Routing and Remote Access" + - "Simple TCP/IP Services" + - "SNMP Service" + + firewall: + - "netsh advfirewall set allprofiles state on" + - "netsh advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=No" + - "netsh advfirewall firewall set rule group=\"Network Discovery\" new enable=No" + + linux: + hardening: + sysctl: + # Network security + - net.ipv4.ip_forward = 0 + - net.ipv4.conf.all.send_redirects = 0 + - net.ipv4.conf.default.send_redirects = 0 + - net.ipv4.conf.all.accept_source_route = 0 + - net.ipv4.conf.default.accept_source_route = 0 + - net.ipv4.conf.all.accept_redirects = 0 + - net.ipv4.conf.default.accept_redirects = 0 + - net.ipv4.conf.all.secure_redirects = 0 + - net.ipv4.conf.default.secure_redirects = 0 + - net.ipv4.conf.all.log_martians = 1 + - net.ipv4.conf.default.log_martians = 1 + - net.ipv4.icmp_echo_ignore_broadcasts = 1 + - net.ipv4.icmp_ignore_bogus_error_responses = 1 + - net.ipv4.conf.all.rp_filter = 1 + - net.ipv4.conf.default.rp_filter = 1 + - net.ipv4.tcp_syncookies = 1 + - net.ipv6.conf.all.accept_ra = 0 + - net.ipv6.conf.default.accept_ra = 0 + - net.ipv6.conf.all.accept_redirects = 0 + - net.ipv6.conf.default.accept_redirects = 0 + + # Kernel security + - kernel.dmesg_restrict = 1 + - kernel.kptr_restrict = 2 + - kernel.yama.ptrace_scope = 1 + - kernel.kexec_load_disabled = 1 + - kernel.unprivileged_bpf_disabled = 1 + - net.core.bpf_jit_harden = 2 + + # Memory protection + - kernel.randomize_va_space = 2 + - vm.mmap_min_addr = 65536 + + packages: + security: + - fail2ban + - ufw + - rkhunter + - chkrootkit + - lynis + - aide + - apparmor + - apparmor-utils + + services: + disable: + - avahi-daemon + - cups + - bluetooth + - whoopsie + - apport + enable: + - ufw + - fail2ban + - apparmor + + filesystem: + - "chmod 700 /root" + - "chmod 644 /etc/passwd" + - "chmod 600 /etc/shadow" + - "chmod 644 /etc/group" + - "chmod 600 /etc/gshadow" + - "find /home -name '.netrc' -delete" + - "find /home -name '.rhosts' -delete" + + macos: + hardening: + defaults: + # Security settings + - domain: "com.apple.screensaver" + key: "askForPassword" + value: 1 + type: "int" + description: "Require password after screensaver" + - domain: "com.apple.screensaver" + key: "askForPasswordDelay" + value: 0 + type: "int" + description: "Require password immediately" + - domain: "com.apple.Safari" + key: "SendDoNotTrackHTTPHeader" + value: 1 + type: "bool" + description: "Enable Do Not Track" + - domain: "com.apple.Safari" + key: "AutoFillPasswords" + value: 0 + type: "bool" + description: "Disable password autofill" + - domain: "com.apple.loginwindow" + key: "GuestEnabled" + value: 0 + type: "bool" + description: "Disable guest account" + - domain: "com.apple.loginwindow" + key: "SHOWFULLNAME" + value: 1 + type: "bool" + description: "Show full name in login window" + + system: + - "sudo spctl --master-enable" # Enable Gatekeeper + - "sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 1" # Enable firewall + - "sudo launchctl load /System/Library/LaunchDaemons/com.apple.locate.plist" # Enable locate database + + services: + disable: + - "com.apple.AirPlayXPCHelper" + - "com.apple.RemoteDesktop.agent" + + packages: + security: + - gpg + - gnupg + - pinentry-mac + +#====================================== +# Service configurations +#====================================== +services: + enable: + all: + - sshd + - networkmanager + server: + - firewalld + - chronyd + desktop: + - bluetooth + - cups + disable: + server: + - bluetooth + - cups + - gdm + minimal: + - cups + - bluetooth + +#====================================== +# Development environment configurations +#====================================== +development: + git_config: + - git config --global init.defaultBranch main + - git config --global pull.rebase false + - git config --global core.editor vim + + rust: + components: + - rustc + - cargo + - clippy + - rustfmt + + nodejs: + global_packages: + - typescript + - eslint + - prettier + + python: + global_packages: + - black + - flake8 + - mypy + - requests + - virtualenvwrapper + +#====================================== +# System update checks and maintenance +#====================================== +system_updates: + linux: + kernel_check: + - "uname -r" # Current kernel + - "ls /boot/vmlinuz-* | tail -1 | sed 's/.*vmlinuz-//'" # Latest available + + distro_updates: + arch: + check: "checkupdates" + update: "pacman -Syu" + kernel_update: "pacman -S linux linux-headers" + debian: + check: "apt list --upgradable" + update: "apt update && apt upgrade -y" + kernel_update: "apt install linux-image-generic linux-headers-generic" + rhel: + check: "dnf check-update" + update: "dnf update -y" + kernel_update: "dnf update kernel kernel-headers" + gentoo: + check: "emerge -pv --update --deep --newuse @world" + update: "emerge --update --deep --newuse @world" + kernel_update: "emerge gentoo-sources && genkernel all" + + macos: + system_updates: + check: "softwareupdate -l" + update: "softwareupdate -ia" + major_check: "softwareupdate --list-full-installers" + + windows: + system_updates: + check: "Get-WindowsUpdate -MicrosoftUpdate" + update: "Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot" + feature_updates: "Get-WindowsUpdate -UpdateType Software" + +#====================================== +# Custom installation commands +#====================================== +custom_installs: + yq: + condition: "! command -v yq" + linux: | + mkdir -p "$HOME/.local/bin" + YQ_VERSION=$(curl -s https://api.github.com/repos/mikefarah/yq/releases/latest | grep 'tag_name' | cut -d'"' -f4) + YQ_BINARY="yq_linux_amd64" + curl -L "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/${YQ_BINARY}" -o "$HOME/.local/bin/yq" + chmod +x "$HOME/.local/bin/yq" + macos: "brew install yq" + windows: "choco install yq" + + homebrew: + condition: "test $(uname) = Darwin && ! command -v brew" + macos: '/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' + + system_updates: + condition: "true" # Always available + description: "Check and install system updates" + linux: | + case "$CFG_DISTRO" in + arch) checkupdates && sudo pacman -Syu ;; + debian|ubuntu) apt list --upgradable && sudo apt update && sudo apt upgrade -y ;; + rhel|fedora|centos) dnf check-update && sudo dnf update -y ;; + gentoo) emerge -pv --update --deep --newuse @world && sudo emerge --update --deep --newuse @world ;; + *) echo "Unsupported distribution for automatic updates" ;; + esac + macos: "softwareupdate -l && sudo softwareupdate -ia" + windows: | + if (Get-Module -ListAvailable -Name PSWindowsUpdate) { + Get-WindowsUpdate -MicrosoftUpdate + Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot + } else { + Write-Host "PSWindowsUpdate module not installed. Install with: Install-Module PSWindowsUpdate" + } + + zsh_plugins: + condition: "command -v zsh" + description: "Install common Zsh plugins" + linux: | + ZPLUG_DIR="$HOME/.config/zsh/plugins"; mkdir -p "$ZPLUG_DIR"; command -v git >/dev/null 2>&1 || exit 0; c(){ n="$1"; u="$2"; [ -d "$ZPLUG_DIR/$n" ] && return 0; env -i PATH="$PATH" HOME="$HOME" GIT_TERMINAL_PROMPT=0 GIT_ASKPASS=/bin/true git -c credential.helper= -c core.askPass= clone --depth 1 --single-branch "$u" "$ZPLUG_DIR/$n" 2>/dev/null || true; }; c zsh-you-should-use https://github.com/MichaelAquilina/zsh-you-should-use.git; c zsh-syntax-highlighting https://github.com/zsh-users/zsh-syntax-highlighting.git; c zsh-autosuggestions https://github.com/zsh-users/zsh-autosuggestions.git + macos: | + ZPLUG_DIR="$HOME/.config/zsh/plugins"; mkdir -p "$ZPLUG_DIR"; command -v git >/dev/null 2>&1 || exit 0; c(){ n="$1"; u="$2"; [ -d "$ZPLUG_DIR/$n" ] && return 0; env -i PATH="$PATH" HOME="$HOME" GIT_TERMINAL_PROMPT=0 GIT_ASKPASS=/bin/true git -c credential.helper= -c core.askPass= clone --depth 1 --single-branch "$u" "$ZPLUG_DIR/$n" 2>/dev/null || true; }; c zsh-you-should-use https://github.com/MichaelAquilina/zsh-you-should-use.git; c zsh-syntax-highlighting https://github.com/zsh-users/zsh-syntax-highlighting.git; c zsh-autosuggestions https://github.com/zsh-users/zsh-autosuggestions.git + + vscode_extensions: + condition: "command -v code" + description: "Install template VSCode extensions" + linux: | + for e in ms-python.python ms-vscode.cpptools golang.Go rust-lang.rust-analyzer esbenp.prettier-vscode eamodio.gitlens ms-azuretools.vscode-docker hashicorp.terraform redhat.ansible; do code --install-extension "$e" --force >/dev/null 2>&1 || true; done + macos: | + for e in ms-python.python ms-vscode.cpptools golang.Go rust-lang.rust-analyzer esbenp.prettier-vscode eamodio.gitlens ms-azuretools.vscode-docker hashicorp.terraform redhat.ansible; do code --install-extension "$e" --force >/dev/null 2>&1 || true; done + + nix_home_manager: + condition: "command -v nix-env" + description: "Bootstrap Home Manager if missing" + linux: | + if ! command -v home-manager >/dev/null 2>&1; then nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager || true; nix-channel --update || true; nix-shell '<home-manager>' -A install || true; fi + macos: | + if ! command -v home-manager >/dev/null 2>&1; then nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager || true; nix-channel --update || true; nix-shell '<home-manager>' -A install || true; fi + + +#====================================== +# Profile-specific package lists +#====================================== +profiles: + essentials: + description: "Essential packages only (git, curl, wget, vim, zsh)" + packages: + - common + - essentials + + minimal: + description: "Minimal setup for basic development" + packages: + - common + - essentials + - minimal + + dev: + description: "Full development environment" + packages: + - common + - essentials + - minimal + - dev + enable_development: true + + server: + description: "Server configuration" + packages: + - common + - essentials + - minimal + - server + enable_services: server + + full: + description: "Complete installation with all packages" + packages: + - common + - essentials + - minimal + - dev + - server + - desktop + - wm + - media + - fonts + enable_development: true + enable_services: desktop + +#====================================== +# Package management helpers +#====================================== +package_managers: + arch: + update: "pacman -Syu" + install: "pacman -S --noconfirm" + search: "pacman -Ss" + + debian: + update: "apt update && apt upgrade -y" + install: "apt install -y" + search: "apt search" + + rhel: + update: "dnf update -y" + install: "dnf install -y" + search: "dnf search" + + fedora: + update: "dnf update -y" + install: "dnf install -y" + search: "dnf search" + + opensuse: + update: "zypper update -y" + install: "zypper install -y" + search: "zypper search" + + gentoo: + update: "emerge --sync && emerge -uDN @world" + install: "emerge" + search: "emerge --search" + + alpine: + update: "apk update && apk upgrade" + install: "apk add" + search: "apk search" + + void: + update: "xbps-install -Su" + install: "xbps-install -y" + search: "xbps-query -Rs" + + macos: + update: "brew update && brew upgrade" + install: "brew install" + search: "brew search" + + windows: + update: "choco upgrade all -y" + install: "choco install -y" + search: "choco search" + nix: + update: "nix-channel --update && nix-env -u" + install: "nix-env -iA" + search: "nix-env -qaP" |