Restructure repository, removing old stuff

_legacy/playbooks/initialize.yml

@@ -0,0 +1,32 @@
+---
+- import_playbook: dependencies.yml
+
+- name: Setup environment
+  hosts: all:!network
+  tags:
+    - initialize
+  vars:
+    restart_services: true
+  roles:
+    - role: packages
+      vars:
+        update: true
+        exclude: [] # Override the default kernel exclusion
+        clean: true
+    - role: sshd
+    - role: networkd
+  tasks:
+    - name: Set hostname
+      become: true
+      hostname:
+        name: "{{ inventory_hostname }}"
+    - name: Install global bashrc
+      become: true
+      copy:
+        src: bashrc.sh
+        dest: /etc/profile.d/ZA-enpn-bashrc.sh
+        mode: 0644
+
+- import_playbook: deploy-local-auth.yml
+
+- import_playbook: deploy-sshkeys.yml

_legacy/playbooks/provision-virtual-machine.yml

@@ -0,0 +1,26 @@
+---
+- hosts: vms
+  name: Replace NetworkManager with systemd-networkd
+  tasks:
+    - name: Install systemd-networkd
+      when: enable_networkd == true
+      block:
+        - import_tasks: tasks/centos/networkd.yml
+          when: ansible_distribution == "CentOS"
+        - import_tasks: tasks/fedora/networkd.yml
+          when: ansible_distribution == "Fedora"
+        # - import_tasks: common/debian/networkd.yml
+        #   when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
+
+    - import_tasks: tasks/networkd/config.yml
+    - import_tasks: tasks/networkd/services.yml
+
+
+- hosts: vms
+  name: Install ovirt agent
+  tasks:
+    - name: Install ovirt-agent
+      become: true
+      yum:
+        name: ovirt-guest-agent
+        state: latest

_legacy/playbooks/templates/motd.j2

@@ -0,0 +1,7 @@
+
+     ////////////   ////     ////   ///////////
+    ////           //////   ////   ////    ////
+   ////////       //// /// ////   ///////////
+  ////           ////   //////   ////
+ ////////////   ////     ////   {{ omni_description | default('Omni Network System') }}
+ _______________________________{{ omni_description | default('Omni Network System') | length * '\\' }}\

_legacy/playbooks/templates/network.j2

@@ -0,0 +1,8 @@
+# ANSIBLE MANAGED FILE - DO NOT EDIT
+[Match]
+Name={{ item.key }}
+
+[Network]
+DHCP=Yes
+
+# EOF

_legacy/playbooks/update-system.yml

@@ -0,0 +1,26 @@
+---
+- hosts: all
+  name: Upgrade packages
+  tasks:
+
+
+    - name: Upgrade YUM packages
+      when: ansible_distribution == "CentOS"
+      become: true
+      yum:
+        state: latest
+        name: "*"
+        exclude: kernel*{{ ',' + exclude_upgrade | default('') }}
+
+    - name: Upgrade DNF packages
+      when: ansible_distribution == "Fedora"
+      become: true
+      dnf:
+        state: latest
+        name: "*"
+        exclude: kernel*{{ ',' + exclude_upgrade | default('') }}
+
+    # - name: Upgrade APT packages
+    #   when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu"
+    #   become: true
+    #   apt:

_legacy/playbooks/update-users-local.yml

@@ -0,0 +1,132 @@
+---
+- import_playbook: dependencies.yml
+
+- hosts: all:!network
+  name: Update local user accounts and access controls
+  tasks:
+    - import_tasks: tasks/users-preprocessing.yml
+
+    - name: Create local user accounts
+      tags: users_create
+      become: true
+      block:
+        - name: Create groups
+          group:
+            name: "{{ item }}"
+            state: present
+          loop: "{{ targets + ['omni'] }}"
+
+        - name: Create users
+          user:
+            name: "{{ item.name }}"
+            comment: "{{ item.fullname | default('') }}"
+            shell: /bin/bash
+            groups: "{{ item.targets | intersect(targets) + ['omni'] }}"
+            system: "{{ item.svc | default(False) }}"
+            state: present
+            generate_ssh_key: "{{ True if generate_keys | bool == true else False }}"
+            ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}"
+            ssh_key_bits: 4096
+            ssh_key_type: ed25519
+            password: "{{ item.password }}"
+          loop: "{{ local_users }}"
+
+    - name: Delete removed user accounts
+      become: true
+      user:
+        name: "{{ item }}"
+        state: absent
+      loop: "{{ local_removed_users | difference(protected_users) }}"
+
+    - name: Grant sudo permissions to admin user accounts
+      become: true
+      user:
+        name: "{{ item.name }}"
+        groups: "{{ 'wheel' if ansible_os_family | lower == 'redhat' else 'sudo' }}"
+        state: present
+      loop: "{{ local_admin_users }}"
+
+    - name: Disable sudo password for ansible
+      become: true
+      lineinfile:
+        create: true
+        path: /etc/sudoers.d/30-ansible
+        line: "ansible ALL=(ALL) NOPASSWD:ALL"
+        mode: 0644
+
+    - name: Disable sudo password for admin users
+      become: true
+      lineinfile:
+        create: true
+        path: /etc/sudoers.d/40-admin
+        line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL"
+        mode: 0644
+        state: "{{ 'absent' if disable_sudo_password | bool == false else 'present' }}"
+      loop: "{{ local_admin_users }}"
+
+    - name: Configure GNOME
+      tags: users_gnome
+      when: ansible_distribution == "Fedora" and disable_gnome_user_list | bool == true
+      become: true
+      block:
+        - name: Configure GDM profile
+          blockinfile:
+            create: true
+            path: /etc/dconf/profile/gdm
+            block: |
+              user-db:user
+              system-db:gdm
+              file-db:/usr/share/gdm/greeter-dconf-defaults
+        - name: Configure GDM keyfile
+          blockinfile:
+            create: true
+            path: /etc/dconf/db/gdm.d/00-login-screen
+            block: |
+              [org/gnome/login-screen]
+              # Do not show the user list
+              disable-user-list=true
+        - name: Delete existing user database
+          file:
+            path: /var/lib/gdm/.config/dconf/user
+            state: absent
+        - name: Restart dconf database
+          shell: dconf update
+
+    - name: Ensure proper ownership of user home directories
+      become: true
+      file:
+        group: "{{ item.name }}"
+        owner: "{{ item.name }}"
+        path: /home/{{ item.name }}
+        recurse: true
+        state: directory
+      loop: "{{ local_users }}"
+
+# - hosts: router.net.enp.one
+#   name: Configure users on router
+#   connection: network_cli
+#   vars:
+#     ansible_network_os: edgeos
+#   tasks:
+#     - import_tasks: tasks/users-preprocessing.yml
+#
+#     - name: Create users
+#       edgeos_config:
+#         lines:
+#           - set system login user {{ item.name }} authentication encrypted-password "{{ item.password }}"
+#           - set system login user {{ item.name }} full-name "{{ item.fullname if item.fullname is defined else "" }}"
+#           - set system login user {{ item.name }} level {{ 'operator' if item.name != 'ansible' else 'admin' }}
+#       loop: "{{ local_users | difference([None]) }}"
+#
+#     - name: Grant administrative access to admin users
+#       edgeos_config:
+#         lines:
+#           - set system login user {{ item.name }} level admin
+#       loop: "{{ local_admin_users | difference([None]) }}"
+#
+#     - name: Assemble key files for loadkey usage
+#       edgeos_command:
+#         commands: sudo tee /tmp/{{ item.name }}.keys<<<"{{ item.sshkeys | join('\n') }}"
+#       loop: "{{ local_admin_users | difference([None]) }}"
+#
+# - import_playbook: deploy-sshkeys.yml

_legacy/playbooks/update-users-network.yml

@@ -0,0 +1,59 @@
+---
+- hosts: router.net.enp.one
+  name: Configure users on router
+  connection: network_cli
+<<<<<<< Updated upstream
+  gather_facts: false
+=======
+  vars:
+    ansible_network_os: edgeos
+>>>>>>> Stashed changes
+  tasks:
+    - import_tasks: tasks/users-preprocessing.yml
+
+    - name: Create users
+      edgeos_config:
+        lines:
+          - set system login user {{ item.name }} authentication encrypted-password "{{ item.password }}"
+          - set system login user {{ item.name }} full-name "{{ item.fullname if item.fullname is defined else "" }}"
+          - set system login user {{ item.name }} level {{ 'operator' if item.name != 'ansible' else 'admin' }}
+      loop: "{{ local_users | difference([None]) }}"
+
+    - name: Grant administrative access to admin users
+      edgeos_config:
+        lines:
+          - set system login user {{ item.name }} level admin
+      loop: "{{ local_admin_users | difference([None]) }}"
+
+<<<<<<< Updated upstream
+    - name: Assemble loadkey files
+      edgeos_command:
+        commands:
+          - sudo tee "{{ item.sshkeys | join('\n') }}"<<</tmp/{{ item.name }}.keys
+      loop: "{{ local_admin_users | difference([None]) }}"
+
+    - name: Load keys
+      edgeos_config:
+        lines:
+          - loadkey {{ item }} /tmp/{{ item }}.keys
+      loop: "{{ local_admin_users | difference([None]) }}"
+=======
+    - name: Assemble key files for loadkey usage
+      edgeos_command:
+        commands: sudo tee /tmp/{{ item.name }}.keys<<<"{{ item.sshkeys | join('\n') }}"
+      loop: "{{ local_admin_users | difference([None]) }}"
+
+    # - name: Assemble loadkey files
+    #   copy:
+    #     src: keys/{{ item }}
+    #     dest: /tmp
+    #   with_items:
+    #     - "{{ local_admin_users | difference([None]) }}"
+
+    # - name: Load keys
+    #   edgeos_config:
+    #     lines:
+    #       - loadkey {{ item }} /tmp/{{ item }}/*.pub
+    #   with_items:
+    #     - "{{ local_admin_users | difference([None]) }}"
+>>>>>>> Stashed changes

_legacy/playbooks/update.yml

@@ -0,0 +1,5 @@
+---
+- import_playbook: dependencies.yml
+
+- import_playbook: update-system.yml
+- import_playbook: update-users-local.yml