From 5816898404931f6a8cb751af985099599431b51e Mon Sep 17 00:00:00 2001
From: Annika Merris <annika@ansible.local.merr.is>
Date: Wed, 30 Apr 2025 11:51:18 +0000
Subject: [PATCH] first commit

---
 .devcontainer/devcontainer.json               |  24 +++
 .devcontainer/docker/devcontainer.json        |  24 +++
 .devcontainer/podman/devcontainer.json        |  28 +++
 .github/ansible-code-bot.yml                  |   3 +
 .github/workflows/tests.yml                   |  18 ++
 .gitignore                                    | 180 ++++++++++++++++++
 .vscode/extensions.json                       |   3 +
 .vscode/settings.json                         |   3 +
 README.md                                     |  57 ++++++
 ansible-navigator.yaml                        |  10 +
 ansible.cfg                                   |  25 +++
 .../adhdgirl/minilab/README.md                |  80 ++++++++
 .../adguardhome/files/docker-compose.yaml     |  10 +
 .../minilab/roles/adguardhome/tasks/main.yaml |  40 ++++
 .../common/files/ansible/ansible_ed25519.pub  |   1 +
 .../roles/common/files/ansible/doas.conf      |   1 +
 .../roles/common/files/ansible/sudoers        |   1 +
 .../roles/common/files/users/annika/doas.conf |   1 +
 .../common/files/users/annika/id_ed25519.pub  |   1 +
 .../roles/common/files/users/annika/sudoers   |   1 +
 .../common/files/users/annika/wallace.pub     |   1 +
 .../common/files/users/moosetheory/doas.conf  |   1 +
 .../files/users/moosetheory/id_ed25519.pub    |   1 +
 .../common/files/users/moosetheory/sudoers    |   1 +
 .../files/users/moosetheory/wallace.pub       |   1 +
 .../roles/common/tasks/ansible/software.yaml  |  36 ++++
 .../roles/common/tasks/ansible/user.yaml      |  31 +++
 .../minilab/roles/common/tasks/main.yaml      |  36 ++++
 .../minilab/roles/common/tasks/users.yaml     |  57 ++++++
 .../minilab/roles/common/vars/Alpine.yaml     |   5 +
 .../minilab/roles/common/vars/Debian.yaml     |   5 +
 .../minilab/roles/common/vars/main.yaml       |  18 ++
 .../roles/common/vars/users/annika.yaml       |   9 +
 .../roles/common/vars/users/moosetheory.yaml  |   9 +
 .../minilab/roles/docker/tasks/alpine.yaml    |  18 ++
 .../minilab/roles/docker/tasks/debian.yaml    | 102 ++++++++++
 .../minilab/roles/docker/tasks/main.yaml      |  23 +++
 .../adhdgirl/minilab/roles/run/README.md      |  57 ++++++
 .../adhdgirl/minilab/roles/run/tasks/main.yml |  12 ++
 collections/requirements.yml                  |   7 +
 inventory/group_vars/all.yaml                 |  10 +
 inventory/group_vars/alpine.yaml              |   3 +
 inventory/host_vars/fifi.yaml                 |   2 +
 inventory/host_vars/knivi.yaml                |   2 +
 inventory/host_vars/maxim.yaml                |   2 +
 inventory/host_vars/pump.yaml                 |   2 +
 inventory/host_vars/reir.yaml                 |   2 +
 inventory/hosts.yaml                          |  33 ++++
 minilab.yaml                                  |  31 +++
 vault.sh                                      |   3 +
 50 files changed, 1031 insertions(+)
 create mode 100644 .devcontainer/devcontainer.json
 create mode 100644 .devcontainer/docker/devcontainer.json
 create mode 100644 .devcontainer/podman/devcontainer.json
 create mode 100644 .github/ansible-code-bot.yml
 create mode 100644 .github/workflows/tests.yml
 create mode 100644 .gitignore
 create mode 100644 .vscode/extensions.json
 create mode 100644 .vscode/settings.json
 create mode 100644 README.md
 create mode 100644 ansible-navigator.yaml
 create mode 100644 ansible.cfg
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/README.md
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/files/docker-compose.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/tasks/main.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/ansible_ed25519.pub
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/doas.conf
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/sudoers
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/doas.conf
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/id_ed25519.pub
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/sudoers
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/wallace.pub
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/doas.conf
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/id_ed25519.pub
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/sudoers
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/wallace.pub
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/software.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/user.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/main.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Alpine.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Debian.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/vars/main.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/annika.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/moosetheory.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/alpine.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/debian.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/main.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/run/README.md
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/run/tasks/main.yml
 create mode 100644 collections/requirements.yml
 create mode 100644 inventory/group_vars/all.yaml
 create mode 100644 inventory/group_vars/alpine.yaml
 create mode 100644 inventory/host_vars/fifi.yaml
 create mode 100644 inventory/host_vars/knivi.yaml
 create mode 100644 inventory/host_vars/maxim.yaml
 create mode 100644 inventory/host_vars/pump.yaml
 create mode 100644 inventory/host_vars/reir.yaml
 create mode 100644 inventory/hosts.yaml
 create mode 100644 minilab.yaml
 create mode 100755 vault.sh

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 0000000..12851a0
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,24 @@
+{
+  "name": "ansible-dev-container-codespaces",
+  "image": "ghcr.io/ansible/community-ansible-dev-tools:latest",
+  "containerUser": "root",
+  "runArgs": [
+    "--security-opt",
+    "seccomp=unconfined",
+    "--security-opt",
+    "label=disable",
+    "--cap-add=SYS_ADMIN",
+    "--cap-add=SYS_RESOURCE",
+    "--device",
+    "/dev/fuse",
+    "--security-opt",
+    "apparmor=unconfined",
+    "--hostname=ansible-dev-container"
+  ],
+  "updateRemoteUserUID": true,
+  "customizations": {
+    "vscode": {
+      "extensions": ["redhat.ansible", "redhat.vscode-redhat-account"]
+    }
+  }
+}
diff --git a/.devcontainer/docker/devcontainer.json b/.devcontainer/docker/devcontainer.json
new file mode 100644
index 0000000..98ddc15
--- /dev/null
+++ b/.devcontainer/docker/devcontainer.json
@@ -0,0 +1,24 @@
+{
+  "name": "ansible-dev-container-docker",
+  "image": "ghcr.io/ansible/community-ansible-dev-tools:latest",
+  "containerUser": "root",
+  "runArgs": [
+    "--security-opt",
+    "seccomp=unconfined",
+    "--security-opt",
+    "label=disable",
+    "--cap-add=SYS_ADMIN",
+    "--cap-add=SYS_RESOURCE",
+    "--device",
+    "/dev/fuse",
+    "--security-opt",
+    "apparmor=unconfined",
+    "--hostname=ansible-dev-container"
+  ],
+  "updateRemoteUserUID": true,
+  "customizations": {
+    "vscode": {
+      "extensions": ["redhat.ansible", "redhat.vscode-redhat-account"]
+    }
+  }
+}
diff --git a/.devcontainer/podman/devcontainer.json b/.devcontainer/podman/devcontainer.json
new file mode 100644
index 0000000..a29abf6
--- /dev/null
+++ b/.devcontainer/podman/devcontainer.json
@@ -0,0 +1,28 @@
+{
+  "name": "ansible-dev-container-podman",
+  "image": "ghcr.io/ansible/community-ansible-dev-tools:latest",
+  "containerUser": "root",
+  "runArgs": [
+    "--cap-add=CAP_MKNOD",
+    "--cap-add=NET_ADMIN",
+    "--cap-add=SYS_ADMIN",
+    "--cap-add=SYS_RESOURCE",
+    "--device",
+    "/dev/fuse",
+    "--security-opt",
+    "seccomp=unconfined",
+    "--security-opt",
+    "label=disable",
+    "--security-opt",
+    "apparmor=unconfined",
+    "--security-opt",
+    "unmask=/sys/fs/cgroup",
+    "--userns=host",
+    "--hostname=ansible-dev-container"
+  ],
+  "customizations": {
+    "vscode": {
+      "extensions": ["redhat.ansible", "redhat.vscode-redhat-account"]
+    }
+  }
+}
diff --git a/.github/ansible-code-bot.yml b/.github/ansible-code-bot.yml
new file mode 100644
index 0000000..dd75c08
--- /dev/null
+++ b/.github/ansible-code-bot.yml
@@ -0,0 +1,3 @@
+---
+schedule:
+  interval: "daily"
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
new file mode 100644
index 0000000..2b69ec1
--- /dev/null
+++ b/.github/workflows/tests.yml
@@ -0,0 +1,18 @@
+---
+name: "CI"
+
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+  # TO-DO: Below is an example cron scheduler. Uncomment and tweak it as per your requirement
+  # schedule:
+    # - cron: '0 0 * * *'
+
+jobs:
+  ansible-lint:
+    uses: ansible/ansible-content-actions/.github/workflows/ansible_lint.yaml@main
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..dbd6d27
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,180 @@
+ansible_ed25519
+vault-password.txt
+
+.logs/*
+*.retry
+*.vault
+collections/*
+!collections/ansible_collections
+!collections/requirements.yml
+collections/ansible_collections/*
+!collections/ansible_collections/adhdgirl
+collections/ansible_collections/adhdgirl/*
+!collections/ansible_collections/adhdgirl/minilab
+# https://raw.githubusercontent.com/github/gitignore/main/Python.gitignore
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+.pdm.toml
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# MacOS
+.DS_Store
+
+# Ansible
+.ansible/
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
new file mode 100644
index 0000000..c1b8978
--- /dev/null
+++ b/.vscode/extensions.json
@@ -0,0 +1,3 @@
+{
+  "recommendations": ["redhat.ansible", "redhat.vscode-redhat-account"]
+}
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..143dfdf
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+  "ansible.python.interpreterPath": "/home/annika/ansible/minilab/.venv/bin/python"
+}
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0abd553
--- /dev/null
+++ b/README.md
@@ -0,0 +1,57 @@
+# Adhdgirl Minilab Ansible Project
+
+## To Get Machines Added
+
+1. Generate a set of ssh-keys for the ansible user. Copy both to the files directory. (Expects id_rsa and id_rsa.pub)  
+2. Either make sure that the container has your SSH public key for auth, or allows password auth for the user you wish to use.<br>**_NOTE_** Whichever user you are using must be able to run root commands, either using sudo, or by being root.  
+    * For authenticating using SSH keys, execute<br>`ansible-playbook --ask-vault-pass -e 'ansible_user=<user>' --ask-become-pass -e 'ansible_private_key_file=<path_th_ssh_private_key>' minilab.yml`
+    * For authenticating without using SSH keys, execute<br>`ansible-playbook --ask-vault-pass -e 'ansible_user=<user>' --ask-pass --ask-become-pass minilab.yml`
+3. After the first run. the following will work
+    * `ansible-playbook --ask-vault-pass minilab.yml`
+
+## Included content/ Directory Structure
+
+The directory structure follows best practices recommended by the Ansible
+community. Feel free to customize this template according to your specific
+project requirements.
+
+```
+ ansible-project/
+ |── .devcontainer/
+ |    └── docker/
+ |        └── devcontainer.json
+ |    └── podman/
+ |        └── devcontainer.json
+ |    └── devcontainer.json
+ |── .github/
+ |    └── workflows/
+ |        └── tests.yml
+ |    └── ansible-code-bot.yml
+ |── .vscode/
+ |    └── extensions.json
+ |── collections/
+ |   └── requirements.yml
+ |   └── ansible_collections/
+ |       └── project_org/
+ |           └── project_repo/
+ |               └── README.md
+ |               └── roles/sample_role/
+ |                         └── README.md
+ |                         └── tasks/main.yml
+ |── inventory/
+ |   └── groups_vars/
+ |   └── host_vars/
+ |   └── hosts.yml
+ |── ansible-navigator.yml
+ |── ansible.cfg
+ |── devfile.yaml
+ |── linux_playbook.yml
+ |── network_playbook.yml
+ |── README.md
+ |── site.yml
+```
+
+## Compatible with Ansible-lint
+
+Tested with ansible-lint >=24.2.0 releases and the current development version
+of ansible-core.
diff --git a/ansible-navigator.yaml b/ansible-navigator.yaml
new file mode 100644
index 0000000..d9d7057
--- /dev/null
+++ b/ansible-navigator.yaml
@@ -0,0 +1,10 @@
+---
+ansible-navigator:
+  logging:
+    level: debug
+    append: false
+    file: $PWD/.logs/ansible-navigator.log
+
+  playbook-artifact:
+    enable: true
+    save-as: "$PWD/.logs/{playbook_name}-artifact-{time_stamp}.json"
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..3768c43
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,25 @@
+[defaults]
+# Specify the inventory file
+inventory = inventory/hosts.yaml
+
+# Define the directory for host and group variables
+host_vars_inventory = inventory/host_vars
+group_vars_inventory = inventory/group_vars
+
+# Set the logging verbosity level
+# verbosity = 2
+
+log_path = ./ansible.log
+
+# Set the default user for SSH connections
+remote_user = ansible
+
+# Define the default become method
+become_method = sudo
+
+[persistent_connection]
+# Controls how long the persistent connection will remain idle before it is destroyed
+connect_timeout=30
+
+# Controls the amount of time to wait for response from remote device before timing out persistent connection
+command_timeout=30
diff --git a/collections/ansible_collections/adhdgirl/minilab/README.md b/collections/ansible_collections/adhdgirl/minilab/README.md
new file mode 100644
index 0000000..ea1a826
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/README.md
@@ -0,0 +1,80 @@
+# Adhdgirl Minilab Collection
+
+This repository contains the `adhdgirl.minilab` Ansible Collection.
+
+## Tested with Ansible
+
+Tested with ansible-core >=2.14 releases and the current development version of
+ansible-core.
+
+## External requirements
+
+Some modules and plugins require external libraries. Please check the
+requirements for each plugin or module you use in the documentation to find out
+which requirements are needed.
+
+## Included content
+
+Please check the included content on the
+[Ansible Galaxy page for this collection](https://galaxy.ansible.com/adhdgirl/minilab).
+
+## Using this collection
+
+```
+    ansible-galaxy collection install adhdgirl.minilab
+```
+
+You can also include it in a `requirements.yml` file and install it via
+`ansible-galaxy collection install -r requirements.yml` using the format:
+
+```yaml
+collections:
+  - name: adhdgirl.minilab
+```
+
+To upgrade the collection to the latest available version, run the following
+command:
+
+```bash
+ansible-galaxy collection install adhdgirl.minilab --upgrade
+```
+
+You can also install a specific version of the collection, for example, if you
+need to downgrade when something is broken in the latest version (please report
+an issue in this repository). Use the following syntax where `X.Y.Z` can be any
+[available version](https://galaxy.ansible.com/adhdgirl/minilab):
+
+```bash
+ansible-galaxy collection install adhdgirl.minilab:==X.Y.Z
+```
+
+See
+[Ansible Using Collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html)
+for more details.
+
+## Release notes
+
+See the
+[changelog](https://github.com/ansible-collections/adhdgirl.minilab/tree/main/CHANGELOG.rst).
+
+## Roadmap
+
+<!-- Optional. Include the roadmap for this collection, and the proposed release/versioning strategy so users can anticipate the upgrade/update cycle. -->
+
+## More information
+
+<!-- List out where the user can find additional information, such as working group meeting times, slack/Matrix channels, or documentation for the product this collection automates. At a minimum, link to: -->
+
+- [Ansible collection development forum](https://forum.ansible.com/c/project/collection-development/27)
+- [Ansible User guide](https://docs.ansible.com/ansible/devel/user_guide/index.html)
+- [Ansible Developer guide](https://docs.ansible.com/ansible/devel/dev_guide/index.html)
+- [Ansible Collections Checklist](https://docs.ansible.com/ansible/devel/community/collection_contributors/collection_requirements.html)
+- [Ansible Community code of conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html)
+- [The Bullhorn (the Ansible Contributor newsletter)](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn)
+- [News for Maintainers](https://forum.ansible.com/tag/news-for-maintainers)
+
+## Licensing
+
+GNU General Public License v3.0 or later.
+
+See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text.
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/files/docker-compose.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/files/docker-compose.yaml
new file mode 100644
index 0000000..ac33752
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/files/docker-compose.yaml
@@ -0,0 +1,10 @@
+---
+services:
+  adguard:
+    image: adguard/adguardhome:v0.107.59
+    container_name: adguardhome
+    volumes:
+      - /opt/adguard/workdir:/opt/adguardhome/work
+      - /opt/adguard/confdir:/opt/adguardhome/conf
+    network_mode: "host"
+    restart: unless-stopped
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/tasks/main.yaml
new file mode 100644
index 0000000..974b78d
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/tasks/main.yaml
@@ -0,0 +1,40 @@
+---
+- name: Load distro-specific variables
+  ansible.builtin.include_vars: '{{ item }}'
+  tags: always
+  with_first_found:
+    - files:
+        - "{{ ansible_distribution }}.yaml"
+      skip: true
+
+- name: Ensure AdGuard Home is running on this device
+  block:
+    - name: Ensure presense of folders for AdGuard Home
+      tags: packages,docker,adguard
+      ansible.builtin.file:
+        path: "/opt/adguard/{{ item }}"
+        state: directory
+        recurse: true
+        owner: root
+        group: root
+      loop:
+        - "workdir"
+        - "confdir"
+    - name: Ensure compose file is available on the server
+      tags: docker,adguard,settings
+      ansible.builtin.copy:
+        src: docker-compose.yaml
+        dest: /opt/adguard/docker-compose.yaml
+        owner: root
+        group: root
+        mode: u=rw,g=r,o=r
+    - name: Ensure docker containers are pulled and running
+      tags: docker,adguard
+      community.docker.docker_compose_v2:
+        project_src: /opt/adguard
+        pull: always
+
+  rescue:
+    - name: Set that this task failed
+      ansible.builtin.set_fact:
+        task_failed: true
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/ansible_ed25519.pub b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/ansible_ed25519.pub
new file mode 100644
index 0000000..92f0375
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/ansible_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUrVjr7OOouXuax/peH72TgWiVaE1hacB65lXRUQdmP annika@ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/doas.conf b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/doas.conf
new file mode 100644
index 0000000..ef1d3ed
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/doas.conf
@@ -0,0 +1 @@
+permit nopass ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/sudoers b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/sudoers
new file mode 100644
index 0000000..9888393
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/sudoers
@@ -0,0 +1 @@
+ansible ALL=(ALL) NOPASSWD: ALL
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/doas.conf b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/doas.conf
new file mode 100644
index 0000000..7077309
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/doas.conf
@@ -0,0 +1 @@
+permit persist annika
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/id_ed25519.pub b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/id_ed25519.pub
new file mode 100644
index 0000000..838bee1
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1XzepIOOXlSAjVTVKXlCYiPD4gtlt4/1ky9UWaB/2f annika@ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/sudoers b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/sudoers
new file mode 100644
index 0000000..9233480
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/sudoers
@@ -0,0 +1 @@
+annika ALL=(ALL) ALL
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/wallace.pub b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/wallace.pub
new file mode 100644
index 0000000..7003e35
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/wallace.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJ3/ZWJHbXEu5+nPvaNfPQraxy2ThXQlNB/u99nr8ci annika@wallace.local.merr.is
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/doas.conf b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/doas.conf
new file mode 100644
index 0000000..764acde
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/doas.conf
@@ -0,0 +1 @@
+permit persist moosetheory
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/id_ed25519.pub b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/id_ed25519.pub
new file mode 100644
index 0000000..838bee1
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1XzepIOOXlSAjVTVKXlCYiPD4gtlt4/1ky9UWaB/2f annika@ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/sudoers b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/sudoers
new file mode 100644
index 0000000..b149c07
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/sudoers
@@ -0,0 +1 @@
+moosetheory ALL=(ALL) ALL
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/wallace.pub b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/wallace.pub
new file mode 100644
index 0000000..7003e35
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/wallace.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJ3/ZWJHbXEu5+nPvaNfPQraxy2ThXQlNB/u99nr8ci annika@wallace.local.merr.is
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/software.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/software.yaml
new file mode 100644
index 0000000..6e75cb4
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/software.yaml
@@ -0,0 +1,36 @@
+---
+- name: Make sure aptitude is available
+  tags: packages,system,settings,debian
+  ansible.builtin.apt:
+    name: aptitude
+    state: present
+  when: ansible_distribution in debian_derivatives
+- name: Make sure sudo and ssh are available
+  tags: packages,system,settings
+  ansible.builtin.package:
+    name:
+      - "{{ common_elevate_package }}"
+      - "{{ common_ssh_package }}"
+    state: present
+- name: Make sure python3 is available (Alpine)
+  tags: packages,system,settings
+  ansible.builtin.package:
+    name:
+      - python3
+    state: present
+  when: ansible_distribution == 'Alpine'
+- name: Ensure ssh is starting at boot (Alpine)
+  tags: packages,system,settings
+  ansible.builtin.service:
+    name: sshd
+    state: started
+    enabled: true
+  when: ansible_distribution == 'Alpine'
+- name: Ensure ssh is starting at boot (Debian)
+  tags: package,system,settings
+  ansible.builtin.systemd_service:
+    name: ssh
+    state: started
+    enabled: true
+  when: ansible_distribution in debian_derivatives
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/user.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/user.yaml
new file mode 100644
index 0000000..8ba28a0
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/user.yaml
@@ -0,0 +1,31 @@
+---
+- name: Make sure ansible user exists
+  tags: users,system,ansible
+  ansible.builtin.user:
+    name: ansible
+    password: "*"
+- name: Add sudoers file
+  tags: moosetheory,settings,sudo,system,users
+  ansible.builtin.copy:
+    src: ansible/sudoers
+    dest: /etc/sudoers.d/ansible
+    owner: root
+    group: root
+    mode: u=r,g=r,o-rwx
+  when: ansible_distribution in debian_derivatives
+- name: Add doas file
+  tags: ansible,settings,doas,system,users
+  ansible.builtin.copy:
+    src: ansible/doas.conf
+    dest: /etc/doas.d/ansible.conf
+    owner: root
+    group: root
+    mode: u=r,g=r,o-rwx
+  when: ansible_distribution == "Alpine"
+- name: Set authorized key for ansible user
+  tags: users,system,ansible
+  ansible.posix.authorized_key:
+    user: ansible
+    state: present
+    key: "{{ lookup('file', './files/ansible/ansible_ed25519.pub') }}"
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/main.yaml
new file mode 100644
index 0000000..b557fa9
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/main.yaml
@@ -0,0 +1,36 @@
+---
+- name: Load distro-specific variables
+  ansible.builtin.include_vars: '{{ item }}'
+  tags: always
+  with_first_found:
+    - files:
+        - "{{ ansible_distribution }}.yaml"
+      skip: true
+
+- name: Set up common functionality
+  block:
+    # Make sure ansible related stuff exists
+    - name: Ensure presense of software needed by later tasks
+      ansible.builtin.import_tasks: ansible/software.yaml
+    - name: Ensure user exists for future runs of Ansible
+      ansible.builtin.import_tasks: ansible/user.yaml
+
+    # Create users
+    - name: Create users
+      ansible.builtin.include_tasks: users.yaml
+      loop:
+        - annika
+        - moosetheory
+      loop_control:
+        loop_var: user_name
+
+    # Install software not specific to Ansible
+    # - name: Ensure software wanted on all hosts is installed
+    #   ansible.builtin.import_tasks: general/software.yaml
+
+
+  rescue:
+    - name: Set that this task failed
+      ansible.builtin.set_fact:
+        task_failed: true
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml
new file mode 100644
index 0000000..4f558f1
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml
@@ -0,0 +1,57 @@
+---
+- name: Load user-specific variables
+  tags: groups,users
+  ansible.builtin.include_vars:
+    file: "users/{{ user_name }}.yaml"
+- name: Ensure group exists
+  tags: groups,users
+  ansible.builtin.group:
+    name: "{{ user_name }}"
+    state: present
+- name: Ensure user exists
+  tags: users
+  ansible.builtin.user:
+    name: "{{ user_name }}"
+    group: "{{ user_name }}"
+    groups: "adm,{{ common_sudo_group }}"
+    state: present
+    password: "{{ common_user_password | string | password_hash('sha512') }}"
+- name: Adjust shell for Debian hosts
+  tags: settings,users,debian
+  ansible.builtin.user:
+    name: "{{ user_name }}"
+    shell: /bin/bash
+  when: ansible_distribution in debian_derivatives
+- name: Adjust shell for Ansible hosts
+  tags: settings,users,alpine
+  ansible.builtin.user:
+    name: "{{ user_name }}"
+    shell: /bin/ash
+  when: ansible_distribution == "Alpine"
+- name: Ensure user sudoers file is in place for Debian hosts
+  tags: settings,users,debian
+  ansible.builtin.copy:
+    src: "users/{{ user_name }}/sudoers"
+    dest: "/etc/sudoers.d/{{ user_name }}"
+    owner: root
+    group: root
+    mode: u=r,g=r,o-rwx
+  when: ansible_distribution in debian_derivatives
+- name: Ensure user doas config is in place for Alpine hosts
+  tags: settings,users,alpine
+  ansible.builtin.copy:
+    src: "users/{{ user_name }}/doas.conf"
+    dest: "/etc/doas.d/{{ user_name }}.conf"
+    owner: root
+    group: root
+    mode: u=r,g=r,o-rwx
+  when: ansible_distribution == "Alpine"
+- name: Ensure public keys are available for this user
+  tags: settings,users,ssh
+  ansible.posix.authorized_key:
+    user: "{{ user_name }}"
+    state: present
+    key: "{{ lookup('file', item) }}"
+  with_fileglob:
+    - "users/{{ user_name }}/*.pub"
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Alpine.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Alpine.yaml
new file mode 100644
index 0000000..bbd8e7d
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Alpine.yaml
@@ -0,0 +1,5 @@
+---
+common_sudo_group: wheel
+common_ssh_package: openssh
+common_elevate_package: doas
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Debian.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Debian.yaml
new file mode 100644
index 0000000..eb9e006
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Debian.yaml
@@ -0,0 +1,5 @@
+---
+common_sudo_group: sudo
+common_ssh_package: ssh
+common_elevate_package: sudo
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/main.yaml
new file mode 100644
index 0000000..f55bbb1
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/main.yaml
@@ -0,0 +1,18 @@
+---
+common_interactive_users:
+  - annika
+  - moosetheory
+common_annika_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31376262376236616461656131623338386564396462663662363934663065333335373338366166
+          3133373464376565393339323461313837363463353636300a653738616137316261656665323835
+          30356563646237653533303832623433343831346234333965623532363565346633313437353865
+          3333366534323032390a643536643361356532666333306635653634373938613134353565643961
+          6665
+common_moosetheory_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          37633433626261666330346536356463303431396662333334643633393632383731343037353038
+          3462366461343964386535356239353034323638363937380a633238343839363433356338663632
+          66363663356162666437343863663837346430653665356636356565306263646137383438333233
+          3062313935383164650a626365363362326238386137336538323831373430653366383139326365
+          3961
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/annika.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/annika.yaml
new file mode 100644
index 0000000..e2a64ba
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/annika.yaml
@@ -0,0 +1,9 @@
+---
+common_user_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  39313537373231343839663162373238343837626266323631316234333034343536636664336433
+  3531626364383166383165613563373435623663366461360a613731663639633966353239303933
+  63353537626461383332656265653634656530326133646361643365366665353562396536373834
+  3866343531323237360a353737303766393338353436353864336538373166366637663566363166
+  6364
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/moosetheory.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/moosetheory.yaml
new file mode 100644
index 0000000..e2a64ba
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/moosetheory.yaml
@@ -0,0 +1,9 @@
+---
+common_user_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  39313537373231343839663162373238343837626266323631316234333034343536636664336433
+  3531626364383166383165613563373435623663366461360a613731663639633966353239303933
+  63353537626461383332656265653634656530326133646361643365366665353562396536373834
+  3866343531323237360a353737303766393338353436353864336538373166366637663566363166
+  6364
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/alpine.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/alpine.yaml
new file mode 100644
index 0000000..d75915b
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/alpine.yaml
@@ -0,0 +1,18 @@
+---
+- name: Ensure docker is installed
+  tags: alpine,docker,software
+  community.general.apk:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - docker
+    - docker-compose
+    - py3-pip
+    - py3-docker-py
+- name: Start Docker and add to autostart on Alpine
+  tags: alpine,docker,software
+  ansible.builtin.service:
+    name: docker
+    state: started
+    enabled: true
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/debian.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/debian.yaml
new file mode 100644
index 0000000..5ec0ca3
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/debian.yaml
@@ -0,0 +1,102 @@
+---
+- name: Ensure python dependencies are installed
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: true
+  loop:
+    - python3-debian
+    - python3-pip
+- name: Ensure no unofficial Docker packages are installed on Debian hosts
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: absent
+    update_cache: false
+  loop:
+    - docker.io
+    - docker-compose
+    - docker-doc
+    - podman-docker
+- name: Ensure Docker repositories are available on Debian hosts
+  ansible.builtin.deb822_repository:
+    name: docker
+    types: deb
+    uris: https://download.docker.com/linux/debian
+    suites: "{{ ansible_distribution_release }}"
+    components:
+      - stable
+    signed_by: |-
+      -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+      mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
+      lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
+      38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
+      L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
+      UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
+      cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
+      ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
+      vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
+      G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
+      XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
+      q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
+      tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
+      BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
+      v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
+      tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
+      jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
+      6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
+      XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
+      FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
+      g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
+      ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
+      9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
+      G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
+      FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
+      EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
+      M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
+      Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
+      w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
+      z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
+      eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
+      VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
+      1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
+      zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
+      pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
+      ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
+      BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
+      1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
+      YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
+      mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
+      KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
+      JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
+      cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
+      6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
+      U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
+      VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
+      irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
+      SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
+      QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
+      9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
+      24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
+      dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
+      Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
+      H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
+      /nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
+      M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
+      xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
+      jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
+      YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
+      =0YYh
+      -----END PGP PUBLIC KEY BLOCK-----
+- name: Ensure Docker dependencies are available on Debian hosts
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: true
+  loop:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    - docker-buildx-plugin
+    - docker-compose-plugin
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/main.yaml
new file mode 100644
index 0000000..cffa2f9
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/main.yaml
@@ -0,0 +1,23 @@
+---
+- name: Fetch distro-specific variables
+  ansible.builtin.include_vars: '{{ item }}'
+  tags: always
+  with_first_found:
+    - files:
+        - "vars/{{ ansible_distribution }}.yaml"
+      skip: true
+
+- name: Ensure dependencies for docker module are installed
+  block:
+    - name: Ensure debian hosts are properly configured
+      ansible.builtin.import_tasks: ./debian.yaml
+      when: ansible_distribution in debian_derivatives
+    - name: Ensure alpine hosts are properly configured
+      ansible.builtin.import_tasks: ./alpine.yaml
+      when: ansible_distribution == 'Alpine'
+
+  rescue:
+    - name: Set that this task failed
+      ansible.builtin.set_fact:
+        task_failed: true
+# code: language=ansible
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/run/README.md b/collections/ansible_collections/adhdgirl/minilab/roles/run/README.md
new file mode 100644
index 0000000..40df22d
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/run/README.md
@@ -0,0 +1,57 @@
+Adhdgirl.Minilab Run Role
+========================
+
+A brief description of the role is here.
+
+Requirements
+------------
+
+Any prerequisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. host vars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+```yaml
+- name: Execute tasks on servers
+  hosts: servers
+  roles:
+    - role: adhdgirl.minilab.run
+      run_x: 42
+```
+
+Another way to consume this role would be:
+
+```yaml
+- name: Initialize the run role from adhdgirl.minilab
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Trigger invocation of run role
+      ansible.builtin.include_role:
+        name: adhdgirl.minilab.run
+      vars:
+        run_x: 42
+```
+
+License
+-------
+
+# TO-DO: Update the license to the one you want to use (delete this line after setting the license)
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/run/tasks/main.yml b/collections/ansible_collections/adhdgirl/minilab/roles/run/tasks/main.yml
new file mode 100644
index 0000000..c6267bb
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/run/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Debug print task-1
+  ansible.builtin.debug:
+    msg: "This is task-1"
+
+- name: Debug print task-2
+  ansible.builtin.debug:
+    msg: "This is task-2"
+
+- name: Debug print task-3
+  ansible.builtin.debug:
+    msg: "This is task-3"
diff --git a/collections/requirements.yml b/collections/requirements.yml
new file mode 100644
index 0000000..6daef53
--- /dev/null
+++ b/collections/requirements.yml
@@ -0,0 +1,7 @@
+---
+collections:
+  - name: community.general
+  - name: ansible.posix
+  # - name: ansibleguy.nftables
+  #   version: 1.0.3
+  - name: community.docker
diff --git a/inventory/group_vars/all.yaml b/inventory/group_vars/all.yaml
new file mode 100644
index 0000000..ca0172e
--- /dev/null
+++ b/inventory/group_vars/all.yaml
@@ -0,0 +1,10 @@
+---
+# ansible_user: ansible
+# ansible_ssh_private_key_file: /home/annika/ansible/minilab/ansible_ed25519
+debian_derivatives:
+  - "Debian"
+  - "Pop!_OS"
+  - "Ubuntu"
+global_dns_servers:
+  - 10.69.11.4
+# code: language=ansible
diff --git a/inventory/group_vars/alpine.yaml b/inventory/group_vars/alpine.yaml
new file mode 100644
index 0000000..0204b36
--- /dev/null
+++ b/inventory/group_vars/alpine.yaml
@@ -0,0 +1,3 @@
+---
+ansible_python_interpreter: /usr/bin/python3
+ansible_become_method: community.general.doas
diff --git a/inventory/host_vars/fifi.yaml b/inventory/host_vars/fifi.yaml
new file mode 100644
index 0000000..60c695e
--- /dev/null
+++ b/inventory/host_vars/fifi.yaml
@@ -0,0 +1,2 @@
+---
+server_name: fifi
diff --git a/inventory/host_vars/knivi.yaml b/inventory/host_vars/knivi.yaml
new file mode 100644
index 0000000..de5efbc
--- /dev/null
+++ b/inventory/host_vars/knivi.yaml
@@ -0,0 +1,2 @@
+---
+server_name: knivi
diff --git a/inventory/host_vars/maxim.yaml b/inventory/host_vars/maxim.yaml
new file mode 100644
index 0000000..bb79c54
--- /dev/null
+++ b/inventory/host_vars/maxim.yaml
@@ -0,0 +1,2 @@
+---
+server_name: maxim
diff --git a/inventory/host_vars/pump.yaml b/inventory/host_vars/pump.yaml
new file mode 100644
index 0000000..6924871
--- /dev/null
+++ b/inventory/host_vars/pump.yaml
@@ -0,0 +1,2 @@
+---
+server_name: pump
diff --git a/inventory/host_vars/reir.yaml b/inventory/host_vars/reir.yaml
new file mode 100644
index 0000000..919900a
--- /dev/null
+++ b/inventory/host_vars/reir.yaml
@@ -0,0 +1,2 @@
+---
+server_name: reir
diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml
new file mode 100644
index 0000000..6022310
--- /dev/null
+++ b/inventory/hosts.yaml
@@ -0,0 +1,33 @@
+---
+all:
+  hosts:
+    pump:
+      ansible_host: 10.69.11.4
+    maxim:
+      ansible_host: 10.69.10.50
+    docker1:
+      ansible_host: 10.69.10.51
+    fifi:
+      ansible_host: 10.69.10.52
+    knivi:
+      ansible_host: 10.69.10.53
+    reir:
+      ansible_host: 10.69.10.62
+  children:
+    alpine:
+      hosts:
+        pump:
+    debian:
+      hosts:
+        maxim:
+        docker1:
+        fifi:
+        knivi:
+        reir:
+    docker:
+      hosts:
+        pump:
+        docker1:
+    adguard_servers:
+      hosts:
+        pump:
diff --git a/minilab.yaml b/minilab.yaml
new file mode 100644
index 0000000..7911620
--- /dev/null
+++ b/minilab.yaml
@@ -0,0 +1,31 @@
+---
+# Pre-run tasks for all hosts
+- name: Pre-run tasks for all hosts
+  hosts: all
+  tags: always
+  become: true
+  pre_tasks:
+    - name: Update package cache (Alpine)
+      tags: always
+      community.general.apk:
+        update_cache: true
+      when: ansible_distribution == "Alpine"
+
+- name: Common tasks for all hosts
+  hosts: all
+  tags: common
+  become: true
+  roles:
+    - adhdgirl.minilab.common
+- name: Ensure docker is installed and running
+  hosts: docker
+  tags: docker
+  become: true
+  roles:
+    - adhdgirl.minilab.docker
+- name: Configure AdGuard home hosts
+  hosts: pump
+  tags: docker,adguard
+  become: true
+  roles:
+    - adhdgirl.minilab.adguardhome
diff --git a/vault.sh b/vault.sh
new file mode 100755
index 0000000..0882444
--- /dev/null
+++ b/vault.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+ansible-vault encrypt_string --vault-password-file vault-password.txt --stdin-name $1