An Ansible playbook, or more specifically,ansible-playbook, runs from whatever Python, collections and system packages happen to be on the control node. That works when one person owns the environment or when a bastion is already pinned. It's a weak team contract: versions drift across laptops, CI runners, and shared hosts.
Ansible Navigator adds execution environments (container images for the control plane), a TUI for inspecting runs, and CLI behavior that lines up with AWX and Ansible Automation Platform (AAP). It runs and inspects the same playbooks and inventories when you want the runtime declared in an image tag instead of implied by the local machine.
This post covers installation, a first playbook, interactive vs stdout mode, custom images, configuration, and a CI-shaped workflow.
The best development machine isn't always the one under your hands. Laptops are wonderful daily drivers, but they're also thermally constrained, battery-bound, and constantly moving between networks. For serious build and test work, especially on Go projects that need real Linux, Windows, and macOS coverage, I keep the compute somewhere stable and let my laptop act as the control plane.
With VS Code Remote Tunnels, you run the VS Code CLI on a remote machine, authenticate it with your GitHub account, and connect to that machine from VS Code or vscode.dev without opening inbound firewall ports, maintaining a VPN profile, or teaching dynamic DNS yet another way to disappoint you.
Remote development used to mean one of two things: SSH into a server and live in a terminal, or carry around a fragile stack of VPNs, jump boxes, port forwards, editor extensions, and local configuration. That worked, but it made the developer's laptop the place where every concern collided.
Modern remote development is a cleaner architectural split:
The laptop is the interface. It provides the screen, keyboard, editor, and whatever local ergonomics make you productive.
The remote node is the execution environment. It owns the CPU, memory, disk, operating system, SDKs, build cache, test dependencies, and long-running processes.
The identity provider brokers access. With Remote Tunnels, GitHub authentication gives you a familiar access path without requiring a public SSH endpoint.
It lets you treat development environments more like durable infrastructure and less like whatever happened to be installed on the laptop.
For my open source work, the benefits are immediate. The builds are fast, but fast is relative when you're compiling repeatedly, running integration tests, linting large module graphs, or validating cross-platform behavior against platform-specific dependencies. A headless machine with more cores, more memory, a warm module cache, and a stable network turns the edit-build-test loop into something predictable. The laptop stays cool. The battery lasts longer. The build cache stays where the builds happen.
On a flight to Vermont, after the death of my nephew this past Winter, I wrote this song about the quiet, isolating gravity of depression. It’s the kind that makes the floor feel like the only safe place to look, because looking up feels like asking for too much.
We spend so much time trying to outrun our own shadows, forgetting that they only exist because there's a light somewhere behind us.
This song is for the heavy hours, for those Lost in Shades of "I'm Okay", and for anyone carrying a weight they can’t quite put into words.
Lyrics
HARD DAYS
I see you staring at the floorboards Like they’re fixin’ to give way Tracing every crooked crack Lost in shades of “I’m okay” The world is getting louder You’re moving in reverse And every breath you’re taking now Feels borrowed, feels like a curse
You’ve been carrying that mountain Since the sun went down Just trying to keep your head Above where you would drown
The hard days don’t get the final say Even when you’re fighting just to make it through the day Hold on like a spark in rain Yeah, the darkness never learns your name
If you’re out there hovering Somewhere this side of gone Listen to me clearly now You don’t have to be so strong There’s a seat here at the table And it’s yours, no questions now And your worth is never measured By your fear or by your doubt
It’s okay to crack and break Okay to feel small This ain’t where your story ends It’s only just a wall
Repeat Chorus
The ceiling’s feeling heavy The air is thick as lead And the lies begin to circle Every corner of your head You think you’re just a burden Like a bad debt or a ghost But you’re the very thing This broken world needs most
Don’t trust the shadows When they’re whispering, no Don’t believe it’s better To just let it go The sun is a promise The night can’t outrun So stay through the shadows Stay ‘til the dawn comes
Yeah, the hard days Don’t get the final say Even when you’re fighting Just to make it through the day Hold on like a spark in rain Yeah, the darkness Was never made to stay
I am a songwriter and a musician, but I am not the voice meant to inhabit these verses.
I've used AI to bridge the gap for the concept demos, crafted to serve as blueprints that capture the genre, tone, and weary soul I hear for each song.
They exist as an invitation, offered in the hope that these lyrics will eventually reach the hands of an artist and storyteller who can bring them fully into the light.
Until then, they remain as they were born: quiet reflections on the grit and grace found just north of the county line.
For most of my life, I thought everybody's brain was about like mine. Loud, busy, and hard to steer.
I figured other people were just better at keeping theirs in the lane. That was the story I had.
They could sit still. They could start the thing they didn't want to start. They could schedule the appointment, make the call, answer the email, finish a small task, then move on with their day like it hadn't cost them anything.
I thought I was lazy. Or weak in some way nobody had named out loud yet.
School taught me how to fake my way around it.
I could read a chapter three times and come away with almost nothing. Then a teacher would tell some sideways story in class, not even part of the lesson, and I'd remember the whole thing years later in detail. I could put off a paper until the night before, write it half-crazed at the kitchen table, and get a better grade than I did on the one I had tried to do the right way.
Nobody called that a pattern, not then.
Teachers said I was bright but scattered. Smart but unfocused. Capable of more, if only I would apply myself.
I heard that enough times that it stopped sounding like an opinion. It sounded like a verdict.
Free trials pile up. Side projects die. Shopping sites you used once still have your card on file. After a few years, you end up with a lot of accounts you don't remember creating and even less confidence in how they're secured.
Most online accounts don't disappear just because you stop using them. They can still hold your data, old passwords or recovery factors, and sometimes your payment details. Every forgotten login is another door you left unlocked.
Breach Exposure: forgotten accounts often still have weak or reused passwords, and many either don't support MFA or have it available but not enabled.
Privacy Leakage: abandoned accounts can keep personal data, billing details, and usage history long after you stop using the service.
Recovery Pain: if one gets hijacked, recovery can fail fast when the old email address, phone number, or other method is no longer yours.
Before deleting any account, confirm you no longer need access to purchased content, invoices, or exported data from that service.
Regular audits aren't exactly fun, but they keep your account footprint smaller and easier to defend.
I used to clean this up in occasional panic sessions. It never stuck. But what finally worked was a simple lifecycle: inventory, classify, decommission, and monitor.
For a long time, publishing this site was simple in the best possible way. ProperDocs built the HTML, Materialx handled the presentation, and a GitHub Actions workflow ran properdocs gh-deploy through task deploy. That command force-pushed the rendered site to a gh-pages branch, then GitHub's Pages backend quietly noticed the branch update and published it.
That model still worked, but the warning lights started blinking in the generated pages build and deployment job. GitHub was warning about Node.js 20 deprecation inside the Pages deployment path.
The noisy warning was only the symptom. The deeper problem was architectural: the deployment was still using a Git branch as an artifact transport.
The fix was to stop publishing a branch at all. The GitHub Action now builds the content, uploads the contents as GitHub Pages artifacts, and then actions/deploy-pages publishes it through GitHub's modern Pages deployment path.
Ansible runs need secrets at runtime: passwords, API tokens, private keys, TLS material, and cloud credentials. You don't have to keep those in Git. External stores, CI variables, and untracked local files are all valid patterns. Ansible Vault is for the case where you want encrypted variables and files versioned next to the playbooks, roles, and inventory that use them, with the vault password kept out of the repository.
This post walks through ansible-vault and the runtime flags that unlock encrypted content during a run: create and edit vaulted files, wire passwords from files or prompts, use vault IDs, and avoid the mistakes that still leak secrets after decryption.
Vault is built into Ansible. It's not a centralized secrets manager, and it doesn't replace runtime discipline around logs, registers, and task output.
Earlier this year, while walking a nearby trail, the wind through the trees pulled my mind toward the world of Twin Peaks. In that atmosphere, a song idea hit me with such clarity that I had to stop and write it down right there.
The song is a "what-if" scenario that peers into the final, silent hours of Agent Dale Cooper. It asks: what if he was truly in love with Audrey Horne, but too afraid to admit it to himself?
I imagined him alone in his hotel room at the Great Northern, just before the end, finally confronting the truth he was too disciplined to reach for when it was right in front of him. In this moment, he realizes that his badge and his protocols weren't just signs of duty, but a shadow he hid behind to avoid the vulnerability of a dream he was too afraid to join.
I wanted to translate that regret into a song that captures being "out of time" in every sense:
Realizing the truth only when the opportunity has vanished.
Being eternally suspended in the static of the Black Lodge, where that final moment of regret loops forever.
It’s a confession meant for a tape recorder that might never be heard, a trade of every Bureau secret for one more chance to sit in a booth at the Double R and tell her it was always her.
Lyrics
OUT OF TIME
Black coffee, white noise, headlights in the rain Late-night diner, Double R calling out my name You move like you remember what I can’t explain Like a photograph that shifted when I looked away
Every little signal bends when you walk in The words turn to static, then they start again If you’re a warning, I don’t care I’m already there
Meet me where the neon lies Nothing here is real tonight In the pines the truth rewinds And your eyes don’t match your eyes Say you’re mine, say you’re mine Even if it’s out of time
Ceiling fan confession turning slow above the bed Tape hiss in the background, words you never said Your touch is like a code I almost understand But the closer I get, the more it slips out of my hands
Repeat Prechorus
Repeat Chorus
Red curtain in my mind, I can’t find the door Steps echo backward across the checkered floor If I say it plain, it breaks, so I speak in waves Pull me through the static, let me make the same mistakes
I am a songwriter and a musician, but I am not the voice meant to inhabit these verses.
I've used AI to bridge the gap for the concept demos, crafted to serve as blueprints that capture the genre, tone, and weary soul I hear for each song.
They exist as an invitation, offered in the hope that these lyrics will eventually reach the hands of an artist and storyteller who can bring them fully into the light.
Until then, they remain as they were born: quiet reflections on the grit and grace found just north of the county line.
I still spend time re-routing #1234: a question filed as a bug, a feature pitch that should've been an Ideas thread, an install problem with no version in the body. Discussion category forms fix what shows up in the forum once someone lands there. This post is about policy and wiring: where contributors go first, and what happens when they open New issue anyway.
Some maintainers want questions, ideas, and suspected bugs in GitHub Discussions, triaged in public, with Issues opened only after the work is real. That takes five pieces: chooser routing, a reserved issue template, discussion forms (see How to Write Effective GitHub Discussion Templates for YAML and the Ideas and Community Help examples), CONTRIBUTING.md, and a pinned rules thread.
I'm wiring up community intake for an upcoming open source project. Issue forms and a pull request template were the easy parts. Community discussions were what I hadn't nailed yet.
I wanted a public place for questions and early ideas without Issues turning into a pile of one-liners. I've set up GitHub Discussions on other repos before; this time I wanted the same structured intake issue forms already give you.
So I used discussion category forms: YAML on the same schema as issue templates, with required fields, defaults, and labels on create, tied to a category instead of an issue chooser. Questions stay in the forum. Work that needs a tracker still opens an issue.
If you've shipped issue templates before, the field types won't surprise you. What's different is the plumbing: .github/DISCUSSION_TEMPLATE/, one YAML file per category, and a filename that must match the category slug—not bug.yml copied from Issues.
