# <str<vault>> representing password for Linux root user account of VPS
password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          66353462633933306537323461663665643234306166366663653163306436333037313032306338
          3762653037396437633835356630656438623163656536310a306163663234383265386133396634
          34363163343766623739646334643031373239373630663731376239333764346531396363636131
          6163343335356337660a366337336632333236326532373032353332333636366638616265356562
          66616534303035386134623535373935373065326539363065623230633034313433
# <str<vault>> representing API token for VPS cloud service
token: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          33333839333337323062326231626534616166646666343261343966636464346630363033653130
          3035653864396363376633346362353239643939663462370a323935353061313563336435366331
          30393463653661326539326234646438663133616634663439303932656137633839656533376433
          3666643635613039390a323138393033623131326438616331386539666333613630316263613636
          66663263373665343662393638623064356234646165343835623966643761333562323132396466
          63363436333463653130323531343139316466316131313031343232343039396261616231376232
          66383938333661363532303166306563396634663132396166646132663131373738396131626633
          34393265343061356531
# <str> representing name and hostname of VPS to be made in VPS cloud service
instance: sukaato
# <str<enum>> representing region options from or for given VPS cloud service
origin: us-east
# <str<enum>> representing Linux distro or OS image available in VPS service to be used for VPS 
operating_system: linode/debian13
# <list[<str>]> list of control node or local SSH key basenames for root user
keys:
  - id_ecdsa-sha2_sukaato_miniyubikey
  - id_ecdsa-sha2_sukaato_yubikey
# <list<dict>> list of administrative users (in Linux, users that can use "sudo")
admins:
  - username: senpai # <str> arbitrary valid user name
    services: ~ # <list[<str>]> if linux system user, assocated servce
    # <list[<str>]> list of control node or local SSH key basenames for this user
    keys:
      - id_ed25519_sukaato_yubikey
      - id_ed25519_sukaato_miniyubikey
    # <str<vault?>> hashed (and maybe salted) password
    password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          35326430616661626233643261316438323631373736323033666362353732646564366534346333
          3435643432336165633832373634333864623363323461630a643366636136393031656163663161
          30313863393037623661333030383931366535626135366664656538666330613936656238653862
          6232356463633565390a363331306665393832303363316432396363623361396238623064356662
          64363061613136643932613430633236313238306366363237366130623031326135393364326164
          63303037376431373237616463323938623630333666356634363966613761376266346163636563
          63316665653032653533656464336566626166333834653539343961666136653234356362333966
          39313436363935303430393966653762326463616264373739333638373337643666623531383064
          66353136383666626566643666663761313437396137383063373033366336663731
# <dict[<str>:<dict>]> package groups
pkgs:
  # <dict[<str>:<dict>]> representing package groups installed by package manager via repositories
  mngr:
    # <list[<dict>]> representing system-level or essential packages
    core:
      - name: neovim
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: flatpak
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: snapd
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: git
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: fail2ban
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: crowdsec
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: glow
        uri: ~
        key: "https://repo.charm.sh/apt/gpg.key"
        key_path: /etc/apt/keyrings/charm.gpg
        src_entry: "deb [signed-by=/etc/apt/keyrings/charm.gpg] https://repo.charm.sh/apt/ * *"
        src_path: /etc/apt/sources.list.d/charm.list
      - name: vim-vimwiki
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: pandoc
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: tor
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: i2pd
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: radicle
        uri: ~
        key: "https://radicle.dev/apt/radicle-archive-keyring.deb"
        key_path: "{{ ansible_facts['user_dir'] }}/.local_pkgs/"
        src_entry: "deb [signed-by=/usr/share/radicle/radicle-archive-keyring.asc] https://radicle.dev/apt release main"
        src_path: /etc/apt/sources.list
      # - name: syncthing
      #   uri: ~
      #   key: ~
      #   key_path: ~
      #   src_entry: ~
      #   src_path: ~
    userspace:
      - name: podman
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: podman-compose
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: distrobox
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: proftpd-core
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: proftpd-doc
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: proftpd-mod-crypto
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: proftpd-mod-ldap
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: proftpd-mod-sqlite
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: aria2
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: syncplay-server
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: caddy
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: erlang
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: erlang-hex
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: elixir
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: python3.13
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: golang
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: hugo
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: yt-dlp
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: syncthing-discosrv
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
      - name: syncthing-relaysrv
        uri: ~
        key: ~
        key_path: ~
        src_entry: ~
        src_path: ~
        handler: ~
  # <dict[<str>:<dict>]> representing package groups installed by shell scripts
  script:
    # <list[<dict>]> representing user-level or supplemental shell script installations
    userspace:
      - name: nodejs
        src: "https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh"
        pre: ~
        post: ~
      - name: rustup
        src: "https://sh.rustup.rs"
        pre: ~
        post: ~
      - name: julia
        src: "https://install.julialang.org"
        pre: ~
        post: ~
  # <dict[<str>:<dict>]> representing package groups installed from source archives
  archive:
    # <list[<dict>]> representing user-level or supplemental source archives
    userspace:
      - name: surge
        # @NOTE https://github.com/SurgeDM/Surge
        src: "https://github.com/SurgeDM/Surge/releases/download/v0.8.6/Surge_0.8.6_linux_amd64.tar.gz"
        deploy: ~
        pre: ~
        post: ~
  # <dict[<str>:<dict>]> representing package groups installed from source git repositories
  git_repos:
    userspace:
      - name: quartz
        src: "https://github.com/jackyzha0/quartz.git"
        src_path: "{{ ansible_facts['user_dir'] }}/repos/"
        remote: origin
        branch: main
        deploy: ~
        pre: ~
        post: ~
core_pkgs: "{{ (pkgs.mngr.core | default([])) + (pkgs.script.core | default([])) + (pkgs.archive.core | default([])) + (pkgs.git_repos.core | default([])) + (pkgs.containers.core | default([])) + (pkgs.snaps.core | default([])) + (pkgs.flatpaks.core | default([])) }}"