Restructure repository, removing old stuff

tasks/centos/bindings.yml

@@ -1,9 +0,0 @@
----
-- name: Install CentOS python bindings
-  become: true
-  dnf:
-    state: latest
-    name:
-      - python3-libselinux
-      - python3-policycoreutils
-      - python3-firewall

tasks/centos/networkd.yml

@@ -1,8 +0,0 @@
----
-- name: Install systemd-networkd
-  become: true
-  yum:
-    state: latest
-    name:
-      - systemd-resolved
-      - systemd-networkd

tasks/centos/packages.yml

@@ -1,9 +0,0 @@
----
-- name: Install global packages using YUM
-  become: true
-  yum:
-    state: latest
-    name: "{{ item }}"
-  with_items:
-    - "{{ packages_global }}"
-    - "{{ packages_yum }}"

tasks/centos/repositories.yml

@@ -1,31 +0,0 @@
----
-- name: Enable Extra Packages for Enterprise Linux
-  become: true
-  dnf_repository:
-    name: epel
-    description: Extra Packages for Enterprise Linux
-    baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
-
-- name: Install Extra Packages for Enterprise Linux GPG key
-  become: true
-  rpm_key:
-    state: present
-    key: https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
-
-- name: Disable yum subscription-manager
-  become: true
-  lineinfile:
-    regex: enabled=1
-    line: enabled=0
-    path: /etc/yum/pluginconf.d/subscription-manager.conf
-    create: yes
-    state: present
-
-- name: Disable yum repo report upload
-  become: true
-  lineinfile:
-    regex: enabled=1
-    line: enabled=0
-    path: /etc/yum/pluginconf.d/enabled_repos_upload.conf
-    create: yes
-    state: present

tasks/fedora/bindings.yml

@@ -1,9 +0,0 @@
----
-- name: Install Fedora python bindings
-  become: true
-  dnf:
-    state: latest
-    name:
-      - libselinux-python
-      - policycoreutils-python
-      - python3-firewall

tasks/fedora/networkd.yml

@@ -1,8 +0,0 @@
----
-- name: Install systemd-networkd
-  become: true
-  dnf:
-    state: latest
-    name:
-      - systemd-resolved
-      - systemd-networkd

tasks/fedora/packages.yml

@@ -1,9 +0,0 @@
----
-- name: Install global packages using DNF
-  become: true
-  dnf:
-    state: latest
-    name: "{{ item }}"
-  with_items:
-    - "{{ packages_global }}"
-    - "{{ packages_dnf }}"

tasks/networkd.yml

@@ -1,55 +0,0 @@
----
-# The directory is deleted ahead of creation to ensure that no old configs
-# remain after runnign ansible
-- name: Delete networkd config directory
-  become: true
-  file:
-    path: /etc/systemd/network
-    state: absent
-
-- name: Create the networkd config directory
-  become: true
-  file:
-    path: /etc/systemd/network
-    state: directory
-
-- name: Make .network files
-  become: true
-  template:
-    src: network.j2
-    dest: "/etc/systemd/network/{{ item.key }}.network"
-  with_dict: "{{ networking }}"
-
-- name: Configure systemd services
-  become: true
-  block:
-    - name: Disable network scripts and NetworkManager
-      service:
-        name: "{{ item }}"
-        enabled: false
-      with_items:
-        - network
-        - NetworkManager
-        - NetworkManager-wait-online
-    - name: Enable systemd-networkd and systemd-resolved
-      service:
-        name: "{{ item }}"
-        enabled: true
-        state: started
-      with_items:
-        - systemd-networkd
-        - systemd-resolved
-        - systemd-networkd-wait-online
-    - name: Symlink so systemd-resolved uses /etc/resolv.conf
-      file:
-        dest: /etc/resolv.conf
-        src: /run/systemd/resolve/resolv.conf
-        state: link
-        force: true
-        setype: net_conf_t
-    - name: Symlink so /etc/resolv.conf uses systemd
-      file:
-        dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
-        src: /usr/lib/systemd/system/systemd-resolved.service
-        state: link
-        force: true

tasks/networkd/config.yml

@@ -1,22 +0,0 @@
----
-# The directory is deleted ahead of creation to ensure that no old configs
-# remain after runnign ansible
-- name: Delete networkd config directory
-  become: true
-  file:
-    path: /etc/systemd/network
-    state: absent
-
-- name: Create the networkd config directory
-  become: true
-  file:
-    path: /etc/systemd/network
-    state: directory
-
-- name: Make .network files
-  when: networking is defined
-  become: true
-  template:
-    src: network.j2
-    dest: "/etc/systemd/network/{{ item.key }}.network"
-  with_dict: "{{ networking }}"

tasks/networkd/services.yml

@@ -1,38 +0,0 @@
----
-- name: Disable network scripts and NetworkManager
-  become: true
-  service:
-    name: "{{ item }}"
-    enabled: false
-  with_items:
-    - network
-    - NetworkManager
-    - NetworkManager-wait-online
-
-- name: Enable systemd-networkd and systemd-resolved
-  become: true
-  service:
-    name: "{{ item }}"
-    enabled: true
-    state: started
-  with_items:
-    - systemd-networkd
-    - systemd-resolved
-    - systemd-networkd-wait-online
-
-- name: Symlink so systemd-resolved uses /etc/resolv.conf
-  become: true
-  file:
-    dest: /etc/resolv.conf
-    src: /run/systemd/resolve/resolv.conf
-    state: link
-    force: true
-    setype: net_conf_t
-
-- name: Symlink so /etc/resolv.conf uses systemd
-  become: true
-  file:
-    dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
-    src: /usr/lib/systemd/system/systemd-resolved.service
-    state: link
-    force: true

tasks/preprocess-local-users.yml

@@ -1,39 +0,0 @@
----
-- name: Load users variables
-  include_vars:
-    file: users.yml
-
-- name: Reconcile user targets with host targets to get host users
-  set_fact:
-    users_local: >-
-      {{
-      users_local | default([]) + ([item] if item.targets | intersect(local_targets) else [])
-      }}
-  loop: "{{ users }}"
-
-- name: Determine local user names
-  set_fact:
-    users_local_names: "{{ users_local_names | default([]) + [item.name] }}"
-  loop: "{{ users_local }}"
-
-- name: Determine administrative users
-  set_fact:
-    users_local_admin: >-
-      {{
-      users_local_admin | default([]) + ([item] if item.admin | default(False) else [])
-      }}
-  loop: "{{ users_local }}"
-
-- name: Determine existing users
-  shell: 'grep omni /etc/group | cut -d: -f4 | tr "," "\n"'
-  changed_when: false
-  register: users_local_existing
-
-- name: Determine removed users
-  set_fact:
-    users_local_removed: >-
-      {{
-      users_local_removed | default([]) +
-      ([item] if item not in users_local_names else [])
-      }}
-  loop: "{{ users_local_existing.stdout_lines }}"

tasks/sshd/banner.yml

@@ -1,14 +0,0 @@
----
-- name: Install SSH Banner
-  become: true
-  template:
-    src: motd.j2
-    dest: /etc/issue.net
-    mode: 0644
-
-- name: Configure SSH banner
-  become: true
-  lineinfile:
-    path: /etc/ssh/sshd_config
-    regexp: '#Banner none'
-    line: 'Banner /etc/issue.net'

tasks/sshd/disable-password-auth.yml

@@ -1,21 +0,0 @@
-- name: Turn off password authentication
-  become: true
-  replace:
-    path: /etc/ssh/sshd_config
-    regexp: "PasswordAuthentication yes"
-    replace: "PasswordAuthentication no"
-
-- name: Turn off challenge response authentication
-  become: true
-  replace:
-    path: /etc/ssh/sshd_config
-    regexp: "ChallengeResponseAuthentication yes"
-    replace: "ChallengeResponseAuthentication no"
-
-- name: Turn off GSSAPI authentication
-  become: true
-  replace:
-    path: /etc/ssh/sshd_config
-    regexp: "GSSAPIAuthentication yes"
-    replace: "GSSAPIAuthentication no"
-

tasks/tasks

@@ -1 +0,0 @@
-tasks