From 82732396afe27f3e508c353593d6e0cb41ac3fa2 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 16 Jan 2021 19:13:40 +0100
Subject: [PATCH] Sync all.yml with plays

---
 all.yml                 | 22 +++++++++++-----
 network.yml             | 57 -----------------------------------------
 plays/gather_fact.yml   |  3 ---
 plays/get_adm_iface.yml | 11 --------
 plays/gitlab.yml        | 14 ++++++++++
 plays/unifi.yml         |  6 +++++
 radius.yml              | 10 --------
 re2o.yml                | 17 +-----------
 services_web.yml        | 15 -----------
 9 files changed, 36 insertions(+), 119 deletions(-)
 delete mode 100755 network.yml
 delete mode 100755 plays/gather_fact.yml
 delete mode 100755 plays/get_adm_iface.yml
 create mode 100755 plays/unifi.yml
 delete mode 100755 radius.yml
 delete mode 100755 services_web.yml

diff --git a/all.yml b/all.yml
index 6259b65a..abe59634 100755
--- a/all.yml
+++ b/all.yml
@@ -1,25 +1,34 @@
 #!/usr/bin/env ansible-playbook
 ---
+# This playbooks runs all playbooks
+# It's a good tool for lazy administrators that just want to check that
+# current running configuration matches Ansible.
+
 # Core playboot to have minimal configuration
 - import_playbook: plays/root.yml
 
+# Common configuration
 - import_playbook: plays/mail.yml
 - import_playbook: plays/nfs.yml
 #- import_playbook: plays/logs.yml  TODO: rsyncd
-- import_playbook: plays/backup.yml
+- import_playbook: plays/backup.yml  # import borgbackup_client/server.yml
 # - import_playbook: plays/network-interfaces.yml  TODO: check this paybook
 - import_playbook: plays/monitoring.yml
 
 # Services that only apply to a subset of server
-# - import_playbook: plays/cas.yml
+- import_playbook: plays/cas.yml
+- import_playbook: plays/certbot.yml
 - import_playbook: plays/dhcp.yml
 - import_playbook: plays/dns.yml
+- import_playbook: plays/dovecot.yml
+- import_playbook: plays/ethercalc.yml
 - import_playbook: plays/etherpad.yml
 - import_playbook: plays/firewall.yml
 - import_playbook: plays/framadate.yml
 - import_playbook: plays/freeradius.yml
 - import_playbook: plays/generate_documentation.yml
 - import_playbook: plays/gitlab.yml
+- import_playbook: plays/home.yml
 - import_playbook: plays/horde.yml
 - import_playbook: plays/keepalived.yml
 - import_playbook: plays/mailman.yml
@@ -28,14 +37,13 @@
 - import_playbook: plays/nginx_rtmp.yml
 - import_playbook: plays/ntp.yml
 - import_playbook: plays/owncloud.yml
+- import_playbook: plays/postfix.yml
 - import_playbook: plays/postgresql.yml
 - import_playbook: plays/re2o.yml
 - import_playbook: plays/reverse-proxy.yml
 - import_playbook: plays/roundcube.yml
+- import_playbook: plays/ssh_known_hosts.yml
 - import_playbook: plays/tv.yml
+- import_playbook: plays/unifi.yml
 - import_playbook: plays/wireguard.yml
-
-# FIXME: should be in plays/ directory
-# Deploy LDAP replica
-- hosts: odlyd.adm.crans.org,soyouz.adm.crans.org,fy.adm.crans.org,thot.adm.crans.org
-  roles: []  # TODO
+- import_playbook: plays/zamok.yml
diff --git a/network.yml b/network.yml
deleted file mode 100755
index a9f21b53..00000000
--- a/network.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- hosts: gitzly.adm.crans.org
-  vars:
-    certbot:
-      dns_rfc2136_name: certbot_adm_challenge.
-      dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
-      mail: root@crans.org
-      certname: adm.crans.org
-      domains: "*.adm.crans.org"
-    bind:
-      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
-  roles:
-    - certbot
-
-# Deploy firewall
-- hosts: gulp.adm.crans.org
-  roles: []  # TODO
-
-# Deploy Unifi Controller
-- hosts: unifi.adm.crans.org
-  roles:
-    - unifi-controller
-
-# Configure routers
-- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
-  roles:
-    - logall
-    - quagga
-
-# Deploy BGP server configuration on IPv4 routers
-- hosts: gulp.adm.crans.org,odlyd.adm.crans.org
-  vars:
-    zebra:
-      password: "{{ vault_zebra_password }}"
-    bgp:
-      as: 204515
-      router_id: 158.255.113.73
-      network: 185.230.76.0/22
-      neighbor: 158.255.113.72
-      remote_as: 8218
-  roles:
-    - quagga-ipv4
-
-# Deploy BGP server configuration on IPv6 routers
-- hosts: ipv6-zayo.adm.crans.org
-  vars:
-    zebra:
-      password: "{{ vault_zebra_password }}"
-    bgp:
-      as: 204515
-      router_id: 138.231.136.200
-      network: 2a0c:700::/32
-      neighbor: 2001:1b48:2:103::bb:1
-      remote_as: 8218
-  roles:
-    - quagga-ipv6
diff --git a/plays/gather_fact.yml b/plays/gather_fact.yml
deleted file mode 100755
index 29404790..00000000
--- a/plays/gather_fact.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- hosts: all
diff --git a/plays/get_adm_iface.yml b/plays/get_adm_iface.yml
deleted file mode 100755
index 4c98d38c..00000000
--- a/plays/get_adm_iface.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- hosts: server
-  tasks:
-    - name: Register adm interface in adm_iface variable
-      shell: set -o pipefail && grep adm /sys/class/net/*/ifalias | sed "s|/sys/class/net/||" | sed "s|/ifalias:.*||"
-      register: adm_iface
-      check_mode: false
-      changed_when: true
-      args:
-        executable: /bin/bash
diff --git a/plays/gitlab.yml b/plays/gitlab.yml
index 3be109e0..1e1b6410 100755
--- a/plays/gitlab.yml
+++ b/plays/gitlab.yml
@@ -5,3 +5,17 @@
   roles:
     - docker
     - gitlab-runner
+
+# This seems strange, don't know if it still used
+# - hosts: gitzly.adm.crans.org
+#   vars:
+#     certbot:
+#       dns_rfc2136_name: certbot_adm_challenge.
+#       dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
+#       mail: root@crans.org
+#       certname: adm.crans.org
+#       domains: "*.adm.crans.org"
+#     bind:
+#       masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
+#   roles:
+#     - certbot
diff --git a/plays/unifi.yml b/plays/unifi.yml
new file mode 100755
index 00000000..28334d98
--- /dev/null
+++ b/plays/unifi.yml
@@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy Unifi Controller
+- hosts: unifi.adm.crans.org
+  roles:
+    - unifi-controller
diff --git a/radius.yml b/radius.yml
deleted file mode 100755
index a26e3549..00000000
--- a/radius.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org
-  vars:
-    certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
-    bind:
-      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
-  roles:
-    - certbot
-    - freeradius
diff --git a/re2o.yml b/re2o.yml
index 576fc219..44f085d7 100755
--- a/re2o.yml
+++ b/re2o.yml
@@ -1,21 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy Re2o
-- hosts: otis.adm.crans.org
-  vars:
-    re2o:
-      owner: root
-      group: nounou
-      version: dev_crans
-      settings_local_owner: root
-      settings_local_group: root
-      db_password: "{{ vault_re2o_db_password }}"
-      django_secret_key: "{{ vault_re2o_django_secret_key }}"
-      aes_key: "{{ vault_re2o_aes_key }}"
-    ldap:
-      master_password: "{{ vault_ldap_master_password }}"
-  roles:
-    - re2o
+# THIS FILE SHOULD BE UPDATED TO NEW INFRA AND THE MERGED TO plays/
 
 # Deploy services config on all servers
 - hosts: server
diff --git a/services_web.yml b/services_web.yml
deleted file mode 100755
index 5e45ef72..00000000
--- a/services_web.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-# Deploy MoinMoin Wiki
-- hosts: soyouz.adm.crans.org
-  roles: []  # TODO
-
-- hosts: cas-srv.adm.crans.org
-  roles: ["django-cas"]
-
-- hosts: ethercalc-srv.adm.crans.org
-  roles: ["ethercalc"]
-
-- import_playbook: plays/horde.yml
-- import_playbook: plays/framadate.yml
-
-- 
GitLab