Revert a ton of the changes I just made because they were based on a false premise

README.md

@@ -1,6 +1,6 @@
-# desu.ltd Ansible Management Repository
+# Salt's Ansible Repository
 
-Contains core system configuration for all of desu.ltd and related environments
+Useful for management across all of 9iron, thefuck, and desu.
 
 ## Initialization
 
@@ -9,7 +9,7 @@ Contains core system configuration for all of desu.ltd and related environments
 
 For quick bootstrapping of tools and libraries used in this repo, see [rehashedsalt/ansible-env](https://gitlab.com/rehashedsalt/docker-ansible-env). I use that exact image for CI/CD.
 
-## Machine Setup
+## Deployment
 
 ### Linux Machines
 
@@ -25,14 +25,24 @@ Each Linux machine will require the following to be fulfilled for Ansible to acc
 
 To automate these host-local steps, use the script file `contrib/bootstrap.sh`.
 
-### Other Machines
+### Windows Machines
 
-Unsupported at this time, though things that accept SSH might Just Work.
+lol don't
 
-## Machine Deployment
+### All Machines
 
-Deploying a new server will require that it be added to NetBox and that it is accessible from the Ansible host. From there, running the main playbook `site.yml` will get the machine up to snuff.
+Adding a new server will require these:
+
+* The server is accessible from the Ansible host;
+
+* The server has been added to NetBox OR in `inventory-hard`
+
+* DNS records for the machine are set; and
+
+From there, running the playbook `site.yml` should get the machine up to snuff.
 
 ## Zerotier
 
-A lot of my home network is connected via Zerotier. Initial deployment can be done locally through a bastion machine or similar, but subsequent deploys should run over Zerotier. Once configuration is available, you should log into the machine and modify Netbox to document its Zerotier IP in Netbox, setting it to be the primary IP of the device. The interface name should be `zt0`.
+A lot of my home-network side of things is connected together via ZeroTier; initial deployment/repairs may require specifying an `ansible_host` for the inventory item in question to connect to it locally. Subsequent plays will require connectivity to my home ZeroTier network.
+
+Cloud-managed devices require no such workarounds.

playbooks/all_scanner.yml

@@ -0,0 +1,12 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+- hosts: all
+  gather_facts: no
+  tasks:
+    - name: assure scanner user
+      user: name=scanner state=absent
+      tags: [ scanner, greenbone ]
+    - name: assure scanner user sudoers rule
+      lineinfile: path=/etc/sudoers line="scanner ALL=(ALL:ALL) NOPASSWD:ALL" state=absent
+      tags: [ scanner, greenbone ]

playbooks/cleanup.yml

@@ -7,36 +7,3 @@
     - name: touch ansible timestamp file
       file: path=/var/lib/ansible-last-run state=touch mode='0644'
       changed_when: no
-- hosts: tags_autoreboot
-  gather_facts: no
-  module_defaults:
-    nagios:
-      author: Ansible
-      action: downtime
-      cmdfile: /data/nagios/var/rw/nagios.cmd
-      comment: "Ansible tags_autoreboot task"
-      host: "{{ inventory_hostname }}"
-      minutes: 10
-  serial: 1
-  tasks:
-    - name: check for reboot-required
-      stat: path=/var/run/reboot-required
-      register: s
-    - name: reboot
-      block:
-        - name: attempt to schedule downtime
-          block:
-            - name: register nagios host downtime
-              nagios:
-                service: host
-              delegate_to: web3.dallas.mgmt.desu.ltd
-            - name: register nagios service downtime
-              nagios:
-                service: all
-              delegate_to: web3.dallas.mgmt.desu.ltd
-          rescue:
-            - name: notify of failure to reboot
-              debug: msg="Miscellaneous failure when scheduling downtime"
-        - name: reboot
-          reboot: reboot_timeout=600
-      when: s.stat.exists

playbooks/platforms_ubuntu-22-04.yml

@@ -1,13 +0,0 @@
-#!/usr/bin/env ansible-playbook
-# vim:ft=ansible:
----
-- hosts: platforms_ubuntu-22-04
-  gather_facts: no
-  roles:
-    - role: motd
-      vars:
-        motd_watch_services_extra:
-          - docker
-          - kubelet
-          - postgresql
-      tags: [ motd, common ]

playbooks/site_common.yml

@@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+  # Supplementary tags
+- import_playbook: tags_ansible.yml
+- import_playbook: tags_ansible-pull.yml

playbooks/site_local.yml

@@ -0,0 +1,4 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+- import_playbook: local_dns.yml

playbooks/site_main.yml

@@ -0,0 +1,18 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+  # Main playbooks for machines across my environments
+  # Does not include supplementary management configuration
+  # Home configuration
+- import_playbook: home_db.yml
+- import_playbook: home_fs.yml
+- import_playbook: home_app.yml
+- import_playbook: home_game.yml
+- import_playbook: home_media.yml
+- import_playbook: home_automation.yml
+- import_playbook: home_bastion.yml
+  # Production configuration
+- import_playbook: prod_db.yml
+- import_playbook: prod_web.yml
+- import_playbook: prod_com.yml
+- import_playbook: prod_game.yml

playbooks/site_post.yml

@@ -0,0 +1,8 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+  # Housekeeping tags for one-off tasks
+- import_playbook: tags_docker-prune.yml
+- import_playbook: tags_autoreboot.yml
+  # Last little bit of cleanup
+- import_playbook: cleanup.yml

playbooks/site_pre.yml

@@ -0,0 +1,24 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+  # Preambulatory system configuration
+  # It's implicit that configuration here MUST preceed site_main.yml
+- import_playbook: all.yml
+- import_playbook: all_scanner.yml
+  # Platform configuration
+- import_playbook: platforms_ubuntu-20-04.yml
+- import_playbook: platforms_ubuntu-21-10.yml
+- import_playbook: platforms_proxmox-ve-7.yml
+  # Manufacturer configuration
+- import_playbook: manufacturers_raspi.yml
+- import_playbook: manufacturers_s76.yml
+  # Zerotier network configuration
+- import_playbook: tags_zt-personal.yml
+- import_playbook: tags_zt-management.yml
+  # Tags for fundamental services
+- import_playbook: tags_snmp.yml
+- import_playbook: tags_nagios.yml
+  # Role (in the Netbox sense) configuration
+- import_playbook: device_roles_bastion.yml
+- import_playbook: device_roles_game.yml
+- import_playbook: device_roles_workstation.yml

playbooks/tags_autoreboot.yml

@@ -0,0 +1,36 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+- hosts: tags_autoreboot
+  gather_facts: no
+  module_defaults:
+    nagios:
+      author: Ansible
+      action: downtime
+      cmdfile: /data/nagios/var/rw/nagios.cmd
+      comment: "Ansible tags_autoreboot task"
+      host: "{{ inventory_hostname }}"
+      minutes: 10
+  serial: 1
+  tasks:
+    - name: check for reboot-required
+      stat: path=/var/run/reboot-required
+      register: s
+    - name: reboot
+      block:
+        - name: attempt to schedule downtime
+          block:
+            - name: register nagios host downtime
+              nagios:
+                service: host
+              delegate_to: web3.dallas.mgmt.desu.ltd
+            - name: register nagios service downtime
+              nagios:
+                service: all
+              delegate_to: web3.dallas.mgmt.desu.ltd
+          rescue:
+            - name: notify of failure to reboot
+              debug: msg="Miscellaneous failure when scheduling downtime"
+        - name: reboot
+          reboot: reboot_timeout=600
+      when: s.stat.exists

playbooks/vars/minecraft-dammit.yml

@@ -0,0 +1,36 @@
+# vim:ft=ansible:
+minecraft_enabled: no
+minecraft_name: dammit
+minecraft_version: 1.7.10
+minecraft_jre_xmx: 4G
+minecraft_restart_delay: 30
+minecraft_server_properties:
+  - opt: allow-flight
+    value: "true"
+  - opt: difficulty
+    value: 3
+  - opt: motd
+    value: "I can't believe that I actually exist"
+  - opt: server-port
+    value: 25567
+  - opt: view-distance
+    value: 12
+minecraft_forge_install: yes
+minecraft_forge_version: 10.13.4.1614
+minecraft_forge_versionstring: "{{ minecraft_version }}-{{ minecraft_forge_version }}-{{ minecraft_version }}"
+minecraft_forge_jar_name: "forge-{{ minecraft_forge_versionstring }}-universal.jar"
+minecraft_forge_packurl: "https://www.9iron.club/files/packs/1.7.10-magicpack/latest.zip"
+#minecraft_forge_mods:
+#  - "https://media.forgecdn.net/files/2309/699/worldedit-forge-mc1.7.10-6.1.1-dist.jar"
+minecraft_forge_mods_remove:
+  - DynamicSurroundings-1.7.10-1.0.6.2.jar
+  - favorites-1.2.jar
+  - FullscreenWindowed-1.7.10-1.3.0b.jar
+  - MouseTweaks-2.4.4-mc1.7.10.jar
+  - "Neat 1.0-1.jar"
+  - OptiFine_1.7.10_HD_U_E7.jar
+  - SoundFilters-0.8_for_1.7.X.jar
+  - Stellar+API-0.1.3.8.jar
+  - Stellar+Sky-0.1.5.7.jar
+  - World-Tooltips-1.7.10-1.2.3-79.jar
+  - worldedit-forge-mc1.7.10-6.1.1-dist.jar

playbooks/vars/minecraft-valhelsia.yml

@@ -0,0 +1,23 @@
+# vim:ft=ansible:
+minecraft_enabled: no
+minecraft_name: valhelsia
+minecraft_version: 1.16.3
+minecraft_jre_xmx: 5G
+minecraft_server_properties:
+  - opt: difficulty
+    value: hard
+  - opt: motd
+    value: "Let's get this out onto a tray. Nice, mmkay"
+  - opt: server-port
+    value: 25566
+  - opt: view-distance
+    value: 10
+minecraft_forge_install: yes
+minecraft_forge_version: 34.1.42
+minecraft_forge_packurl: "https://media.forgecdn.net/files/3110/654/Valhelsia_SERVER-pre5-3.1.0.zip"
+minecraft_forge_mods:
+  - "https://media.forgecdn.net/files/3091/862/ftb-gui-library-1603.1.1.25.jar"
+  - "https://media.forgecdn.net/files/3105/153/ftb-chunks-1603.2.0.43.jar"
+  - "https://media.forgecdn.net/files/3113/275/industrial-foregoing-1.16.4-3.2.2-daea863.jar"
+minecraft_forge_mods_remove:
+  - industrial-foregoing-1.16.3-3.1.1-a834e76.jar

playbooks/vars/minecraft-vanilla.yml

@@ -0,0 +1,18 @@
+# vim:ft=ansible:
+minecraft_enabled: no
+minecraft_name: vanilla
+minecraft_version: 1.16.4
+minecraft_jre_xmx: 1G
+minecraft_jre_xms: 512M
+minecraft_server_properties:
+  - opt: difficulty
+    value: normal
+  - opt: motd
+    value: "brett's new serber"
+  - opt: server-port
+    value: 25565
+  - opt: spawn-protection
+    value: 4
+  - opt: view-distance
+    value: 12
+minecraft_paper_install: yes

site.yml

@@ -1,27 +1,13 @@
 #!/usr/bin/env ansible-playbook
 # vim:ft=ansible:
 ---
-  # Local configuration goes first
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'local_*.yml') }}"
-  # Then we run against all hosts, performing foundational tasks
-- import_playbook: all.yml
-  # Then we narrow things down to device-specific configuration
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'device_types_*.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'platforms_*.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'manufacturers_*.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'tags_.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'device_roles_*.yml') }}"
-  # And finally we configure the core services of the machine
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'home_*.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'prod_*.yml') }}"
-  # Once that's all done, we clean up
-  # NOTE: This little cleanup playbook rolls reboots!
-- import_playbook: cleanup.yml
+  # Configuration that happens local to the Ansible controller
+- import_playbook: playbooks/site_local.yml
+  # Preambulatory system configuration
+- import_playbook: playbooks/site_pre.yml
+  # Main environment configuration
+- import_playbook: playbooks/site_main.yml
+  # Supplementary tags
+- import_playbook: playbooks/site_common.yml
+  # Post-play housekeeping and reboots
+- import_playbook: playbooks/site_post.yml