diff --git a/group_vars/all/root.yml b/group_vars/all/root.yml
new file mode 100644
index 0000000000000000000000000000000000000000..da303bfcb9887fa9878f07227e3f0624ac0fc44b
--- /dev/null
+++ b/group_vars/all/root.yml
@@ -0,0 +1,3 @@
+---
+glob_root:
+ passwd_hash: '{{ vault.root_passwd_hash }}'
diff --git a/plays/baie.yml b/plays/baie.yml
new file mode 100755
index 0000000000000000000000000000000000000000..298fd46d462fcec03b9fbecca8b333f4ba68f367
--- /dev/null
+++ b/plays/baie.yml
@@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: baie
+ roles:
+ - baie
diff --git a/plays/root.yml b/plays/root.yml
index 2f0fbcfbeb1df4ecd711743d2b6dee4aa4bf2f0c..bac656944c22d1bf8343a1552fb5be872d12bd80 100755
--- a/plays/root.yml
+++ b/plays/root.yml
@@ -20,35 +20,16 @@
insertafter: '127.0.0.1 localhost'
when: check_mirror.found == 0
-- hosts: baie
- roles:
- - baie
-
- hosts: virtu
roles:
- proxmox-apt-sources
- hosts: server
- vars:
- # # Will be in /usr/scripts/
- # crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git"
-
- ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
- # crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
roles:
- debian-apt-sources
- - common-tools
- - sudo
- - ntp-client
- # - crans-scripts
- - root-config
- - ssh_known_hosts
-
-- hosts: crans_vm
- roles:
- - qemu-guest-agent
- - serial-tty
+- import_playbook: baie.yml
+- import_playbook: utilities.yml
- import_playbook: slapd.yml
- hosts: server
@@ -61,21 +42,8 @@
roles:
- home-nounous
-- hosts: server,!virtu
- roles:
- - openssh
-
-- hosts: crans_vm
- tasks:
- - name: Remove cloud-init
- apt:
- name: cloud-init
- state: absent
- purge: true
- register: apt_result
- retries: 3
- until: apt_result is succeeded
-
+- import_playbook: scripts.yml
+- import_playbook: vm-setup.yml
- import_playbook: borgbackup_client.yml
- import_playbook: monitoring.yml
- import_playbook: network_interfaces.yml
diff --git a/plays/scripts.yml b/plays/scripts.yml
new file mode 100755
index 0000000000000000000000000000000000000000..4683280a75cfb8bdab2ccd53065ab6bd09ed03ef
--- /dev/null
+++ b/plays/scripts.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: server
+ vars:
+ crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
+ roles:
+ - crans-scripts
diff --git a/plays/utilities.yml b/plays/utilities.yml
new file mode 100755
index 0000000000000000000000000000000000000000..97a3cedbae685bf46114c0f4667140ce2182cdd9
--- /dev/null
+++ b/plays/utilities.yml
@@ -0,0 +1,17 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: server
+ vars:
+ root: '{{ glob_root | default({}) | combine(loc_root | default({})) }}'
+ ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
+ roles:
+ - root
+ - common-tools
+ - sudo
+ - ntp-client
+ - root-config
+ - ssh_known_hosts
+
+- hosts: server,!virtu
+ roles:
+ - openssh
diff --git a/plays/vm_setup b/plays/vm_setup
new file mode 100755
index 0000000000000000000000000000000000000000..13cd8c9c6713bf17e4f01152f37863fe9d07ca41
--- /dev/null
+++ b/plays/vm_setup
@@ -0,0 +1,17 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: crans_vm
+ roles:
+ - qemu-guest-agent
+ - serial-tty
+
+- hosts: crans_vm
+ tasks:
+ - name: Remove cloud-init
+ apt:
+ name: cloud-init
+ state: absent
+ purge: true
+ register: apt_result
+ retries: 3
+ until: apt_result is succeeded
diff --git a/roles/root/tasks/main.yml b/roles/root/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..721309f31ef83e965175a8ccc36048f7db536a58
--- /dev/null
+++ b/roles/root/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Deploys root password hash
+ replace:
+ path: /etc/shadow
+ regexp: '^root:[^:]*:'
+ replace: 'root:{{ root.passwd_hash }}:'