Restructure repository, removing old stuff

_legacy/groups/all.yml

@@ -1,8 +1,8 @@
 ---
 ansible_user: ansible
 
-disable_gnome_user_list: True
-
 protected_users:
   - root
   - ansible
+
+domain: net.enp.one

_legacy/playbooks/templates/motd.j2

@@ -0,0 +1,7 @@
+
+     ////////////   ////     ////   ///////////
+    ////           //////   ////   ////    ////
+   ////////       //// /// ////   ///////////
+  ////           ////   //////   ////
+ ////////////   ////     ////   {{ omni_description | default('Omni Network System') }}
+ _______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\

_legacy/playbooks/update.yml

@@ -0,0 +1,5 @@
+---
+- import_playbook: dependencies.yml
+
+- import_playbook: update-system.yml
+- import_playbook: update-users-local.yml

_legacy/roles/ldap_host/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Install required packages
+  when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
+  become: true
+  dnf:
+    state: latest
+    name:
+      - openldap-servers
+      - openldap-clients
+      - nss-pam-ldapd
+
+- name: Configure 

_legacy/roles/ovirt/tasks/install.yml

@@ -0,0 +1,36 @@
+---
+- name: Install Ovirt on CentOS 8
+  become: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
+  block:
+    - name: Install Ovirt repository
+      dnf:
+        state: latest
+        name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm
+    - name: Update using the new repository
+      dnf:
+        state: latest
+        name: "*"
+        exclude: kernel*
+    - name: Install Ovirt
+      dnf:
+        state: latest
+        name: ovirt-engine
+
+- name: Install Ovrit on CentOS 7
+  become: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  block:
+    - name: Install Ovirt repository
+      yum:
+        state: latest
+        name: http://resources.ovirt.org/pub/yum-repo/ovirt-release43.rpm
+    - name: Update using the new repository
+      yum:
+        state: latest
+        name: "*"
+        exclude: kernel*
+    - name: Install Ovirt
+      yum:
+        state: latest
+        name: ovirt-engine

_legacy/tasks/centos/bindings.yml

@@ -0,0 +1,20 @@
+---
+- name: Install CentOS 8 python bindings
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
+  become: true
+  dnf:
+    state: latest
+    name:
+      - python3-libselinux
+      - python3-policycoreutils
+      - python3-firewall
+
+- name: Install CentoOS 7 python bindings
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  become: true
+  yum:
+    state: latest
+    name:
+      - libselinux-python
+      - policycoreutils-python
+      - python-firewall

_legacy/tasks/fedora/bindings.yml

@@ -1,5 +1,6 @@
 ---
 - name: Install Fedora python bindings
+  when: ansible_distribution == "Fedora"
   become: true
   dnf:
     state: latest

playbooks/configure-auth.yml

@@ -0,0 +1 @@
+---

playbooks/dependencies.yml

@@ -1,51 +0,0 @@
----
-- name: Check meta environment
-  hosts: all
-  tags:
-    - always
-    - initialize
-  tasks:
-    - name: Check required operating system
-      when: required_os is defined
-      assert:
-        that:
-          - required_os.split("_")[0] == ansible_distribution | lower
-          - required_os.split("_")[1] == ansible_distribution_major_version
-        fail_msg: "Host does not meet required OS specified"
-        success_msg: "Required OS validation succeeded"
-
-- name: Ansible python bindings
-  hosts: all
-  tags:
-    - always
-    - initialize
-  tasks:
-    - name: Install CentOS 8 python bindings
-      when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
-      become: true
-      dnf:
-        state: latest
-        name:
-          - python3-libselinux
-          - python3-policycoreutils
-          - python3-firewall
-
-    - name: Install CentoOS 7 python bindings
-      when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
-      become: true
-      yum:
-        state: latest
-        name:
-          - libselinux-python
-          - policycoreutils-python
-          - python3-firewall
-
-    - name: Install Fedora python bindings
-      when: ansible_distribution == "Fedora"
-      become: true
-      dnf:
-        state: latest
-        name:
-          - libselinux-python
-          - policycoreutils-python
-          - python3-firewall

playbooks/files/bashrc.sh

@@ -48,7 +48,6 @@ alias doc='cd ~/Documents'
 alias dn='cd ~/Downloads'
 alias version='uname -orp && lsb_release -a | grep Description'
 alias activate='source ./bin/activate'
-alias ipconfig='ip address show'
 alias cls='clear'
 alias mklink='ln -s'
 alias ls='/usr/bin/ls -lshF --color --group-directories-first --time-style=long-iso'

playbooks/meta.yml

@@ -0,0 +1,15 @@
+---
+- name: Check meta environment
+  hosts: all
+  tags:
+    - always
+    - meta
+  tasks:
+    - name: Check required operating system
+      when: omni_os is defined
+      assert:
+        that:
+          - omni_os.name == ansible_distribution | lower
+          - omni_os.version_major == ansible_distribution_major_version
+        fail_msg: "Host does not meet required OS specified"
+        success_msg: "Required OS validation succeeded"

playbooks/provision.yml

@@ -1,29 +0,0 @@
----
-- import_playbook: initialize.yml
-
-- name: System packages
-  hosts: all
-  tags:
-    - provision
-    - initialize
-  tasks:
-    - name: Load package variables
-      include_vars:
-        file: packages.yml
-    - import_tasks: tasks/centos/repositories.yml
-      when: ansible_distribution == "CentOS"
-    - import_tasks: tasks/centos/packages.yml
-      when: ansible_distribution == "CentOS"
-    - import_tasks: tasks/fedora/packages.yml
-      when: ansible_distribution == "Fedora"
-    # - import_tasks: tasks/debian/packages.yml
-    #   when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
-
-
-#- import_playbook: provision-workstation.yml
-#- import_playbook: provision-server.yml
-#- import_playbook: provision-hypervisor.yml
-- import_playbook: provision-virtual-machine.yml
-
-
-- import_playbook: update.yml

playbooks/templates/motd.j2

@@ -1,8 +0,0 @@
-
-     ////////////   ////     ////   ///////////
-    ////           //////   ////   ////    ////
-   ////////       //// /// ////   ///////////
-  ////           ////   //////   ////
- ////////////   ////     ////   {{ description | default('Omni Network System') }}
- _______________________________{{ description | default('Omni Network System') | length * '\\' }}\
-

playbooks/update-plex.yml

@@ -7,7 +7,7 @@
 #         url: https://plex.tv/api/downloads/5.json
 #         dest: "{{ plex_releases_file | default('/tmp/plexreleases.json') }}"
 
-- hosts: vm-host-plex.net.enp.one
+- hosts: plex
   name: Update Plex Media Server to latest version
   vars:
     plex_releases: "{{ lookup('url', 'https://plex.tv/api/downloads/5.json') | from_json }}"

playbooks/update.yml

@@ -1,5 +1,29 @@
 ---
-- import_playbook: dependencies.yml
+- import_playbook: meta.yml
 
-- import_playbook: update-system.yml
-- import_playbook: update-users-local.yml
+- name: Configure system
+  hosts: all:!network
+  tags:
+    - initialize
+  vars:
+    omni_restart_services: true
+  roles:
+    - role: packages
+      vars:
+        omni_pkg_update: true
+        omni_pkg_exclude: [] # Override the default kernel exclusion
+        omni_pkg_clean: true
+    - role: sshd
+  tasks:
+    - name: Set hostname
+      become: true
+      hostname:
+        name: "{{ ansible_host }}"
+    - name: Install global bashrc
+      become: true
+      copy:
+        src: bashrc.sh
+        dest: /etc/profile.d/ZA-enpn-bashrc.sh
+        mode: 0644
+
+#- import_playbook: configure-auth.yml

roles/packages/defaults/main.yml

@@ -0,0 +1,14 @@
+---
+# Role parameter documentation
+#
+# omni_pkg_repos - whether to install/enable additional repositories
+# omni_pkg_bindings - whether to install required ansible bindings to the system python
+# omni_pkg_update - whether to perform a package update
+# onni_pkg_clean - whether to force clean the package manager cache
+# omni_pkg_exclude - packages to exclude from an update; has no effect if
+#                    ``omni_pkg_update`` is false
+omni_pkg_repos: true
+omni_pkg_bindings: true
+omni_pkg_update: false
+omni_pkg_clean: false
+omni_pkg_exclude: ["kernel*"]

roles/packages/tasks/bindings.yml

@@ -0,0 +1,30 @@
+---
+- name: Install CentOS 8 python bindings
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
+  become: true
+  dnf:
+    state: latest
+    name:
+      - python3-libselinux
+      - python3-policycoreutils
+      - python3-firewall
+
+- name: Install CentOS 7 python bindings
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  become: true
+  yum:
+    state: latest
+    name:
+      - libselinux-python
+      - policycoreutils-python
+      - python-firewall
+
+- name: Install Fedora python bindings
+  when: ansible_distribution == "Fedora"
+  become: true
+  dnf:
+    state: latest
+    name:
+      - libselinux-python
+      - policycoreutils-python
+      - python3-firewall

roles/packages/tasks/centos-8-dracut.yml

@@ -11,6 +11,9 @@
 #
 # NOTE: These tasks only need to be run on Cent8
 #
+# NOTE: We assume- since this file literally has 'centos' in the name- that the
+# ansible_distribution check has already been done at import time
+#
 
 - name: Determine dracut version
   shell:

roles/packages/tasks/centos-repos.yml

@@ -1,26 +0,0 @@
----
-# NOTE: We assume- since this file literally has 'centos' in the name- that the
-# ansible_distribution check has already been done at import time
-
-- name: Enable Extra Packages for Enterprise Linux on CentOS 8
-  become: true
-  when: ansible_distribution_major_version == "8"
-  dnf:
-    state: latest
-    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
-
-- name: Enable the power tools repository on CentOS 8
-  become: true
-  when: ansible_distribution_major_version == "8"
-  lineinfile:
-    path: /etc/yum.repos.d/CentOS-PowerTools.repo
-    regexp: "enabled=(0|1)"
-    line: "enabled=1"
-
-
-- name: Enable Extra Packages for Enterprise Linux on CentOS 7
-  become: true
-  when: ansible_distribution_major_version == "7"
-  dnf:
-    state: latest
-    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmz

roles/packages/tasks/main.yml

@@ -1,23 +1,41 @@
 ---
-- import_tasks: centos-repos.yml
-  when: ansible_distribution == "CentOS"
+- import_tasks: bindings.yml
+  when: omni_pkg_bindings == true
+
+- import_tasks: repos.yml
+  when: omni_pkg_repos == true
 
 - import_tasks: clean.yml
-  when: clean | default(false) == true
+  when: omni_pkg_clean == true
 
 - import_tasks: update.yml
-  when: update | default(false) == true
+  when: omni_pkg_update == true
 
 - name: Install packages on Fedora
   become: true
   when: ansible_distribution == "Fedora"
   dnf:
     state: latest
-    name: "{{ packages_global + packages_fedora }}"
+    name: "{{ omni_packages_global + omni_packages_fedora }}"
 
-- name: Install packages on CentOS
+# NOTE: This is currently horrifically broken. See the ongoing drama around
+# systemd-networkd on cent8. Basically triggering an update- or an install- will give
+# a conflict error due to the spicy-jankaroni-with-extra-cheese edition of
+# systemd-networkd I'm running. We can exclude "systemd*", but we need to install
+# systemd-devel so then we get a package not found error. Its a truly stupid problem
+# that will hopefully all go away when this bug gets fixed and systemd-networkd becomes
+# available in EPEL:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1789146
+- name: Install packages on CentOS 8
   become: true
-  when: ansible_distribution == "CentOS"
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
   dnf:
     state: latest
-    name: "{{ packages_global + packages_centos }}"
+    name: "{{ omni_packages_global + omni_packages_centos_8 }}"
+
+- name: Install packages on CentOS 7
+  become: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  yum:
+    state: latest
+    name: "{{ omni_packages_global + omni_packages_centos_7 }}"

roles/packages/tasks/repos.yml

@@ -0,0 +1,22 @@
+---
+- name: Install repositories on CentOS 8
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
+  become: true
+  block:
+    - name: Enable Extra Packages for Enterprise Linux on CentOS 8
+      dnf:
+        state: latest
+        name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+
+    - name: Enable the power tools repository on CentOS 8
+      lineinfile:
+        path: /etc/yum.repos.d/CentOS-PowerTools.repo
+        regexp: "enabled=(0|1)"
+        line: "enabled=1"
+
+- name: Enable Extra Packages for Enterprise Linux on CentOS 7
+  become: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  dnf:
+    state: latest
+    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmz

roles/packages/tasks/update.yml

@@ -2,13 +2,20 @@
 - import_tasks: centos-8-dracut.yml
   when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
 
+# Gotta hate this, but I have to hardcode the systemd exclusion on cent8
+# Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role)
+# there are a pile of conflicts when you run "dnf update" with it installed. I found
+# two options that work: 1) uninstall systemd-networkd, update, then reinstall it;
+# 2) hardcode the exclusion here. Whenever I thought too hard about the potential
+# consequences of instituting uninstalling-my-network-init-system-as-a-service I
+# started to get a migaine, so I went with option two.
 - name: Upgrade Fedora and CentOS 8 packages
-  when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8") or ansible_distribution == "Fedora"
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
   become: true
   dnf:
     state: latest
     name: "*"
-    exclude: "{{ ','.join(exclude | default(['kernel*'])) }}"
+    exclude: "{{ ','.join(omni_pkg_exclude + ['systemd*']) }}"
 
 - name: Upgrade CentOS 7 packages
   when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
@@ -16,7 +23,15 @@
   yum:
     state: latest
     name: "*"
-    exclude: "{{ ','.join(exclude | default(['kernel*'])) }}"
+    exclude: "{{ ','.join(omni_pkg_exclude) }}"
+
+- name: Upgrade Fedora packages
+  when: ansible_distribution == "Fedora"
+  become: true
+  dnf:
+    state: latest
+    name: "*"
+    exclude: "{{ ','.join(omni_pkg_exclude) }}"
 
 # Yeah I'll get here eventually
 # - name: Upgrade APT packages

roles/packages/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-packages_global:
+omni_packages_global:
   - automake
   - cmake
   - curl
@@ -14,7 +14,7 @@ packages_global:
   - vim
   - vim-minimal
 
-packages_fedora:
+omni_packages_fedora:
   - libselinux-python
   - git-lfs
   - readline-devel
@@ -23,7 +23,18 @@ packages_fedora:
   - python-virtualenv
   - python3-devel
 
-packages_centos:
+omni_packages_centos_8:
+  - bind-utils
+  - bash-completion
+  - nc
+  - nfs-utils
+  - python3
+  - python3-pip
+  - python3-setuptools
+  - python3-virtualenv
+  - wget
+
+omni_packages_centos_7:
   - bind-utils
   - bash-completion
   - nc

roles/sshd/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+omni_restart_services: false

roles/sshd/tasks/main.yml

@@ -26,7 +26,7 @@
       set: "ChallengeResponseAuthentication no"
 
 - name: Restart sshd service
-  when: restart_services | default(false) == true
+  when: omni_restart_services == true
   become: true
   systemd:
     name: sshd

roles/sshd/templates/motd.j2

@@ -3,5 +3,5 @@
     ////           //////   ////   ////    ////
    ////////       //// /// ////   ///////////
   ////           ////   //////   ////
- ////////////   ////     ////   {{ description | default('Omni Network System') }}
- _______________________________{{ description | default('Omni Network System') | length * '\\' }}\
+ ////////////   ////     ////   {{ omni_description | default('Omni Network System') }}
+ _______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\

tasks/centos/bindings.yml

@@ -1,9 +0,0 @@
----
-- name: Install CentOS python bindings
-  become: true
-  dnf:
-    state: latest
-    name:
-      - python3-libselinux
-      - python3-policycoreutils
-      - python3-firewall

vars/users.yml

@@ -1,5 +1,5 @@
 ---
-users:
+omni_users:
   # name: (required) username
   # password: (required) password encrypted using "python -c 'import crypt; print(crypt.crypt(raw_input(), crypt.mksalt(crypt.METHOD_SHA512)))'"
   # targets: (required) list of targets to grant the user permission on