From 6691cca055280cae328f8e849ba6fd37740c294e Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sat, 27 May 2023 23:10:44 -0400
Subject: [PATCH] Minimal shell setup for colo server.

---
 ansible/environments/colo/host_vars/mrmanager |  4 +++
 ansible/environments/colo/hosts               |  2 ++
 ansible/playbook.yaml                         | 16 +++++++++-
 ansible/roles/doas/tasks/common.yaml          | 10 -------
 ansible/roles/doas/tasks/peruser.yaml         | 29 -------------------
 ansible/roles/doas/tasks/peruser_freebsd.yaml |  0
 ansible/roles/doas/tasks/peruser_linux.yaml   |  0
 ansible/roles/users/defaults/main.yaml        |  1 -
 ansible/run.bash                              |  2 ++
 9 files changed, 23 insertions(+), 41 deletions(-)
 create mode 100644 ansible/environments/colo/host_vars/mrmanager
 create mode 100644 ansible/environments/colo/hosts
 delete mode 100644 ansible/roles/doas/tasks/peruser.yaml
 delete mode 100644 ansible/roles/doas/tasks/peruser_freebsd.yaml
 delete mode 100644 ansible/roles/doas/tasks/peruser_linux.yaml

diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager
new file mode 100644
index 0000000..6803a66
--- /dev/null
+++ b/ansible/environments/colo/host_vars/mrmanager
@@ -0,0 +1,4 @@
+os_flavor: "freebsd"
+zfs_snapshot_datasets:
+  - zroot/freebsd/main/be
+sshd_enabled: true
diff --git a/ansible/environments/colo/hosts b/ansible/environments/colo/hosts
new file mode 100644
index 0000000..b34487c
--- /dev/null
+++ b/ansible/environments/colo/hosts
@@ -0,0 +1,2 @@
+[server]
+mrmanager ansible_user=root ansible_host=74.80.180.138
diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index 4a1e174..37e1c66 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -1,4 +1,4 @@
-- hosts: all:!jail:!vm
+- hosts: all:!jail:!vm:!server
   vars:
     ansible_become: True
   roles:
@@ -61,3 +61,17 @@
   roles:
     - portshaker
     - poudriere
+
+- hosts: mrmanager
+  vars:
+    ansible_become: True
+  roles:
+    - sudo
+    - doas
+    - users
+    - package_manager
+    - zfs
+    - zrepl
+    - zsh
+    - network
+    - sshd
diff --git a/ansible/roles/doas/tasks/common.yaml b/ansible/roles/doas/tasks/common.yaml
index 9f00756..265f543 100644
--- a/ansible/roles/doas/tasks/common.yaml
+++ b/ansible/roles/doas/tasks/common.yaml
@@ -9,13 +9,3 @@
 
 - import_tasks: tasks/linux.yaml
   when: 'os_flavor == "linux"'
-
-- include_tasks:
-    file: tasks/peruser.yaml
-    apply:
-      become: yes
-      become_user: "{{ initialize_user }}"
-  when: users is defined
-  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
-  loop_control:
-    loop_var: initialize_user
diff --git a/ansible/roles/doas/tasks/peruser.yaml b/ansible/roles/doas/tasks/peruser.yaml
deleted file mode 100644
index 111e886..0000000
--- a/ansible/roles/doas/tasks/peruser.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-- include_role:
-    name: per_user
-
-# - name: Create directories
-#   file:
-#     name: "{{ account_homedir.stdout }}/{{ item }}"
-#     state: directory
-#     mode: 0700
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - ".config/foo"
-
-# - name: Copy files
-#   copy:
-#     src: "files/{{ item.src }}"
-#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
-#     mode: 0600
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - src: foo.conf
-#       dest: .config/foo/foo.conf
-
-- import_tasks: tasks/peruser_freebsd.yaml
-  when: 'os_flavor == "freebsd"'
-
-- import_tasks: tasks/peruser_linux.yaml
-  when: 'os_flavor == "linux"'
diff --git a/ansible/roles/doas/tasks/peruser_freebsd.yaml b/ansible/roles/doas/tasks/peruser_freebsd.yaml
deleted file mode 100644
index e69de29..0000000
diff --git a/ansible/roles/doas/tasks/peruser_linux.yaml b/ansible/roles/doas/tasks/peruser_linux.yaml
deleted file mode 100644
index e69de29..0000000
diff --git a/ansible/roles/users/defaults/main.yaml b/ansible/roles/users/defaults/main.yaml
index a4fa82f..8390d5c 100644
--- a/ansible/roles/users/defaults/main.yaml
+++ b/ansible/roles/users/defaults/main.yaml
@@ -9,4 +9,3 @@ users:
       - yubikey
       - main_fido
       - backup_fido
-      - homeassistant
diff --git a/ansible/run.bash b/ansible/run.bash
index 2d7eba8..060eb64 100755
--- a/ansible/run.bash
+++ b/ansible/run.bash
@@ -28,6 +28,8 @@ elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then
     ansible-playbook -v -i environments/jail playbook.yaml --diff --limit homeserver_nat_dhcp "${@}"
 elif [ "$target" = "vm_poudriereodo" ]; then
     ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudriereodo "${@}"
+elif [ "$target" = "mrmanager" ]; then
+    ansible-playbook -v -i environments/colo playbook.yaml --diff --limit mrmanager "${@}"
 else
     die 1 "Unrecognized target"
 fi