Reorganize provision playbook

Split server-specific configs out into server role

inventory.yaml

@@ -28,11 +28,6 @@ en1:
   children:
 
     cluster:
-      vars:
-        skylab_roles:
-          - server
-          - docker-swarm-manager
-          - datastore
       hosts:
         pegasus:  # jupiter
           ansible_host: 10.42.101.100

playbooks/roles

@@ -1 +0,0 @@
-../roles

roles/server/tasks/main.yaml

@@ -1,6 +1,13 @@
 ---
-- name: Configure sudoers file
+- name: Disable sudo password for WHEEL group
-  ansible.builtin.import_tasks: sudoers.yaml
+  when: ansible_distribution == "Rocky" or ansible_distribution == "CentOS"
+  become: true
+  ansible.builtin.copy:
+    src: wheel-group-no-sudo-password
+    dest: /etc/sudoers.d/30-wheel
+    owner: root
+    group: "{{ ansible_user }}"
+    mode: 0644
 
 - name: Configure SSH server
-  ansible.builtin.import_tasks: sshd.yaml
+  ansible.builtin.import_tasks: sshd.yml

roles/server/tasks/sudoers.yaml

@@ -1,30 +0,0 @@
----
-- name: Disable sudo password for WHEEL group
-  when: ansible_distribution == "Rocky" or ansible_distribution == "CentOS"
-  become: true
-  ansible.builtin.copy:
-    src: wheel-group-no-sudo-password
-    dest: /etc/sudoers.d/30-wheel
-    owner: root
-    group: "{{ ansible_user }}"
-    mode: 0644
-
-# Note that the cleanup tasks need to be after the new installation tasks
-# since one or more files being cleaned up might be being relied on to
-# allow ansible access
-- name: Fetch content of sudoers config directory
-  become: true
-  changed_when: false
-  ansible.builtin.command:
-    cmd: /usr/bin/ls /etc/sudoers.d/
-  register: _sudoers_files_raw
-
-- name: Remove legacy sudoers config files
-  when: item.strip() not in ["30-wheel"]
-  become: true
-  ansible.builtin.file:
-    path: /etc/sudoers.d/{{ item.strip() }}
-    state: absent
-  loop: "{{ _sudoers_files_raw.stdout.split(' ') }}"
-  loop_control:
-    label: "/etc/sudoers.d/{{ item.strip() }}"