Sync all.yml with plays

all.yml

@@ -1,25 +1,34 @@
 #!/usr/bin/env ansible-playbook
 ---
+# This playbooks runs all playbooks
+# It's a good tool for lazy administrators that just want to check that
+# current running configuration matches Ansible.
+
 # Core playboot to have minimal configuration
 - import_playbook: plays/root.yml
 
+# Common configuration
 - import_playbook: plays/mail.yml
 - import_playbook: plays/nfs.yml
 #- import_playbook: plays/logs.yml  TODO: rsyncd
-- import_playbook: plays/backup.yml
+- import_playbook: plays/backup.yml  # import borgbackup_client/server.yml
 # - import_playbook: plays/network-interfaces.yml  TODO: check this paybook
 - import_playbook: plays/monitoring.yml
 
 # Services that only apply to a subset of server
-# - import_playbook: plays/cas.yml
+- import_playbook: plays/cas.yml
+- import_playbook: plays/certbot.yml
 - import_playbook: plays/dhcp.yml
 - import_playbook: plays/dns.yml
+- import_playbook: plays/dovecot.yml
+- import_playbook: plays/ethercalc.yml
 - import_playbook: plays/etherpad.yml
 - import_playbook: plays/firewall.yml
 - import_playbook: plays/framadate.yml
 - import_playbook: plays/freeradius.yml
 - import_playbook: plays/generate_documentation.yml
 - import_playbook: plays/gitlab.yml
+- import_playbook: plays/home.yml
 - import_playbook: plays/horde.yml
 - import_playbook: plays/keepalived.yml
 - import_playbook: plays/mailman.yml
@@ -28,14 +37,13 @@
 - import_playbook: plays/nginx_rtmp.yml
 - import_playbook: plays/ntp.yml
 - import_playbook: plays/owncloud.yml
+- import_playbook: plays/postfix.yml
 - import_playbook: plays/postgresql.yml
 - import_playbook: plays/re2o.yml
 - import_playbook: plays/reverse-proxy.yml
 - import_playbook: plays/roundcube.yml
+- import_playbook: plays/ssh_known_hosts.yml
 - import_playbook: plays/tv.yml
+- import_playbook: plays/unifi.yml
 - import_playbook: plays/wireguard.yml
-
-# FIXME: should be in plays/ directory
-# Deploy LDAP replica
-- hosts: odlyd.adm.crans.org,soyouz.adm.crans.org,fy.adm.crans.org,thot.adm.crans.org
-  roles: []  # TODO
+- import_playbook: plays/zamok.yml

network.yml

@@ -1,57 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- hosts: gitzly.adm.crans.org
-  vars:
-    certbot:
-      dns_rfc2136_name: certbot_adm_challenge.
-      dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
-      mail: root@crans.org
-      certname: adm.crans.org
-      domains: "*.adm.crans.org"
-    bind:
-      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
-  roles:
-    - certbot
-
-# Deploy firewall
-- hosts: gulp.adm.crans.org
-  roles: []  # TODO
-
-# Deploy Unifi Controller
-- hosts: unifi.adm.crans.org
-  roles:
-    - unifi-controller
-
-# Configure routers
-- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
-  roles:
-    - logall
-    - quagga
-
-# Deploy BGP server configuration on IPv4 routers
-- hosts: gulp.adm.crans.org,odlyd.adm.crans.org
-  vars:
-    zebra:
-      password: "{{ vault_zebra_password }}"
-    bgp:
-      as: 204515
-      router_id: 158.255.113.73
-      network: 185.230.76.0/22
-      neighbor: 158.255.113.72
-      remote_as: 8218
-  roles:
-    - quagga-ipv4
-
-# Deploy BGP server configuration on IPv6 routers
-- hosts: ipv6-zayo.adm.crans.org
-  vars:
-    zebra:
-      password: "{{ vault_zebra_password }}"
-    bgp:
-      as: 204515
-      router_id: 138.231.136.200
-      network: 2a0c:700::/32
-      neighbor: 2001:1b48:2:103::bb:1
-      remote_as: 8218
-  roles:
-    - quagga-ipv6

plays/gather_fact.yml

@@ -1,3 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- hosts: all

plays/get_adm_iface.yml

@@ -1,11 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- hosts: server
-  tasks:
-    - name: Register adm interface in adm_iface variable
-      shell: set -o pipefail && grep adm /sys/class/net/*/ifalias | sed "s|/sys/class/net/||" | sed "s|/ifalias:.*||"
-      register: adm_iface
-      check_mode: false
-      changed_when: true
-      args:
-        executable: /bin/bash

plays/gitlab.yml

@@ -5,3 +5,17 @@
   roles:
     - docker
     - gitlab-runner
+
+# This seems strange, don't know if it still used
+# - hosts: gitzly.adm.crans.org
+#   vars:
+#     certbot:
+#       dns_rfc2136_name: certbot_adm_challenge.
+#       dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
+#       mail: root@crans.org
+#       certname: adm.crans.org
+#       domains: "*.adm.crans.org"
+#     bind:
+#       masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
+#   roles:
+#     - certbot

plays/unifi.yml

@@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy Unifi Controller
+- hosts: unifi.adm.crans.org
+  roles:
+    - unifi-controller

radius.yml

@@ -1,10 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- hosts: eap.adm.crans.org, odlyd.adm.crans.org, radius.adm.crans.org
-  vars:
-    certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
-    bind:
-      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
-  roles:
-    - certbot
-    - freeradius

re2o.yml

@@ -1,21 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy Re2o
-- hosts: otis.adm.crans.org
-  vars:
-    re2o:
-      owner: root
-      group: nounou
-      version: dev_crans
-      settings_local_owner: root
-      settings_local_group: root
-      db_password: "{{ vault_re2o_db_password }}"
-      django_secret_key: "{{ vault_re2o_django_secret_key }}"
-      aes_key: "{{ vault_re2o_aes_key }}"
-    ldap:
-      master_password: "{{ vault_ldap_master_password }}"
-  roles:
-    - re2o
+# THIS FILE SHOULD BE UPDATED TO NEW INFRA AND THE MERGED TO plays/
 
 # Deploy services config on all servers
 - hosts: server

services_web.yml

@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-# Deploy MoinMoin Wiki
-- hosts: soyouz.adm.crans.org
-  roles: []  # TODO
-
-- hosts: cas-srv.adm.crans.org
-  roles: ["django-cas"]
-
-- hosts: ethercalc-srv.adm.crans.org
-  roles: ["ethercalc"]
-
-- import_playbook: plays/horde.yml
-- import_playbook: plays/framadate.yml
-