11 files changed, 211 insertions, 182 deletions

diff --git a/personal_infra/playbooks/apply_puppet.yml b/personal_infra/playbooks/apply_puppet.yml
deleted file mode 100644
index 0aa5d484..00000000
--- a/personal_infra/playbooks/apply_puppet.yml
+++ /dev/null
@@ -1,98 +0,0 @@
----
-- name: apply puppet config
-  hosts: all
-  collections:
-    - ansible.builtin
-    - community.general
-
-  tasks:
-    - name: create local temporary directory
-      tempfile:
-        state: directory
-        path: "{{ inventory_dir }}/tmp"
-      register: local_temp
-      delegate_to: 127.0.0.1
-    - name: create data directory in local temp
-      file:
-        path: "{{ local_temp.path }}/data"
-        state: directory
-      delegate_to: 127.0.0.1
-    - name: create hiera.yaml
-      copy:
-        dest: "{{ local_temp.path }}/hiera.yaml"
-        content: |
-          version: 5
-          hierarchy:
-            - name: hostvars
-              path: hostvars.json
-              data_hash: json_data
-            - name: this
-              path: this.json
-              data_hash: json_data
-      delegate_to: 127.0.0.1
-    - name: dump hostvars
-      copy:
-        dest: "{{ local_temp.path }}/data/hostvars.json"
-        content: "{'hostvars': {{ hostvars }} }"
-      delegate_to: 127.0.0.1
-    - name: dump this
-      copy:
-        dest: "{{ local_temp.path }}/data/this.json"
-        content: "{{ hostvars[inventory_hostname] }}"
-      delegate_to: 127.0.0.1
-    - name: install epel
-      package:
-        name: epel-release
-      when: ansible_distribution_file_variety == 'RedHat'
-    - name: install puppet
-      package:
-        name: puppet
-    - name: get facts
-      command: facter -y
-      register: facter_output
-    - name: create facts directory in local temp
-      file:
-        path: "{{ local_temp.path }}/yaml/facts"
-        state: directory
-      delegate_to: 127.0.0.1
-    - name: dump facts
-      copy:
-        dest: "{{ local_temp.path }}/yaml/facts/{{ inventory_hostname }}.yaml"
-        content: "--- !ruby/object:Puppet::Node::Facts\nvalues:\n  {{ facter_output.stdout | indent(width=2) }}"
-      delegate_to: 127.0.0.1
-    - name: compile catalogs
-      command: puppet catalog compile --modulepath={{ inventory_dir }}/puppet/modules --hiera_config={{ local_temp.path }}/hiera.yaml --manifest={{ inventory_dir }}/puppet/site --terminus compiler --vardir {{ local_temp.path }}/ --facts_terminus yaml {{ inventory_hostname }}
-      delegate_to: 127.0.0.1
-      register: catalog
-    - name: create remote temporary directory
-      tempfile:
-        state: directory
-      register: remote_temp
-    - name: write catalog
-      copy:
-        dest: "{{ remote_temp.path }}/catalog.json"
-        content: "{{ catalog.stdout | regex_replace('\\A.*?\\n', multiline=True) }}"
-    - name: preview catalog
-      command: puppet apply --catalog {{ remote_temp.path }}/catalog.json --noop --test
-      register: catalog_apply
-    - name: display catalog preview
-      debug:
-        msg: "{{ catalog_apply.stdout_lines }}"
-    - name: pause to confirm
-      pause:
-      tags: pause
-    - name: apply catalog
-      command: puppet apply --catalog {{ remote_temp.path }}/catalog.json
-      register: catalog_apply
-    - name: display catalog application
-      debug:
-        msg: "{{ catalog_apply.stdout_lines }}"
-    - name: clean up remote temporary directory
-      file:
-        state: absent
-        path: "{{ remote_temp.path }}"
-    - name: clean up local temporary directory
-      file:
-        state: absent
-        path: "{{ local_temp.path}}"
-      delegate_to: 127.0.0.1
diff --git a/personal_infra/playbooks/join_ipa.yaml b/personal_infra/playbooks/join_ipa.yaml
deleted file mode 100644
index 4bfe8585..00000000
--- a/personal_infra/playbooks/join_ipa.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- name: join ipa
-  hosts: all
-  collections:
-    - ansible.builtin
-    - community.general
-
-  tasks:
-    - name: join
-      # TODO:
-      # -N: no NTP (LXC doesn't need NTP)
-      command: ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password }} --mkhomedir -p {{ freeipa.join_user }}
-    - name: set idmappings
-      blockinfile:
-        path: /etc/pve/lxc/{{ proxmox.id }}.conf
-        block: |
-          lxc.idmap = u 0 100000 65536
-          lxc.idmap = g 0 100000 65536
-          lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
-          lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
-      delegate_to: "{{ proxmox.host }}"
diff --git a/personal_infra/playbooks/proxmox_create_lxc.yml b/personal_infra/playbooks/proxmox_create_lxc.yml
deleted file mode 100644
index c904fa8d..00000000
--- a/personal_infra/playbooks/proxmox_create_lxc.yml
+++ /dev/null
@@ -1,56 +0,0 @@
----
-- name: create lxc
-  hosts: lxc
-  gather_facts: false
-  collections:
-    - ansible.builtin
-    - community.general
-
-  vars:
-    flavors:
-      el8:
-        template: rockylinux-8-default_20210929
-        pct_ostype: centos
-      el9:
-        template: rockylinux-9-default_20221109
-        pct_ostype: centos
-        
-  tasks:
-    - name: download template
-      command: "pveam download local {{ flavors[proxmox.flavor].template }}_amd64.tar.xz"
-      args:
-        creates: "/var/lib/vz/template/cache/{{ flavors[proxmox.flavor].template }}_amd64.tar.xz"
-      delegate_to: "{{ proxmox.host }}"
-    - name: create host
-      command: >
-        pct create {{ proxmox.id }} "/var/lib/vz/template/cache/{{ flavors[proxmox.flavor].template }}_amd64.tar.xz"
-          --hostname {{ inventory_hostname }}
-          --storage local-zfs
-          -net0 name=eth0,bridge=vmbr0,ip=dhcp
-          -onboot 1
-          --unprivileged
-          --password {{ ansible_password }}
-          --nameserver {{ hostvars[proxmox.host].network.self_internal_ip }}
-          --ostype {{ flavors[proxmox.flavor].pct_ostype }}
-      args:
-        creates: "/etc/pve/lxc/{{ proxmox.id }}.conf"
-      delegate_to: "{{ proxmox.host }}"
-    # https://bugzilla.proxmox.com/show_bug.cgi?id=4460
-    - name: set hostname
-      copy:
-        content: "{{ inventory_hostname }}"
-        dest: /rpool/data/subvol-{{ proxmox.id }}-disk-0/etc/hostname
-      delegate_to: "{{ proxmox.host }}"
-    - name: start host
-      command: pct start {{ proxmox.id }}
-      delegate_to: "{{ proxmox.host }}"
-    - name: install ssh
-      command: pct exec {{ proxmox.id }} -- dnf install -y openssh-server
-      retries: 10
-      delay: 1
-      until: result.rc == 0
-      register: result
-      delegate_to: "{{ proxmox.host }}"
-    - name: enable ssh
-      command: pct exec {{ proxmox.id }} -- systemctl enable --now sshd
-      delegate_to: "{{ proxmox.host }}"
diff --git a/personal_infra/playbooks/roles/apply_puppet/tasks/main.yml b/personal_infra/playbooks/roles/apply_puppet/tasks/main.yml
new file mode 100644
index 00000000..627d2929
--- /dev/null
+++ b/personal_infra/playbooks/roles/apply_puppet/tasks/main.yml
@@ -0,0 +1,116 @@
+---
+- name: create local temporary directory
+  tempfile:
+    state: directory
+    path: "{{ inventory_dir }}/tmp"
+  register: local_temp
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: create data directory in local temp
+  file:
+    path: "{{ local_temp.path }}/data"
+    state: directory
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: create hiera.yaml
+  copy:
+    dest: "{{ local_temp.path }}/hiera.yaml"
+    content: |
+      version: 5
+      hierarchy:
+        - name: hostvars
+          path: hostvars.json
+          data_hash: json_data
+        - name: this
+          path: this.json
+          data_hash: json_data
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: dump hostvars
+  copy:
+    dest: "{{ local_temp.path }}/data/hostvars.json"
+    content: "{'hostvars': {{ hostvars }} }"
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: dump this
+  copy:
+    dest: "{{ local_temp.path }}/data/this.json"
+    content: "{{ hostvars[inventory_hostname] }}"
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: install epel
+  package:
+    name: epel-release
+  when: ansible_distribution_file_variety == 'RedHat'
+- name: install puppet
+  package:
+    name: puppet
+- name: get facts
+  command: facter -y
+  register: facter_output
+  tags: puppet_fast
+- name: create facts directory in local temp
+  file:
+    path: "{{ local_temp.path }}/yaml/facts"
+    state: directory
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: dump facts
+  copy:
+    dest: "{{ local_temp.path }}/yaml/facts/{{ inventory_hostname }}.yaml"
+    content: "--- !ruby/object:Puppet::Node::Facts\nvalues:\n  {{ facter_output.stdout | indent(width=2) }}"
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
+- name: compile catalogs
+  command: puppet catalog compile --modulepath={{ inventory_dir }}/puppet/modules --hiera_config={{ local_temp.path }}/hiera.yaml --manifest={{ inventory_dir }}/puppet/site --terminus compiler --vardir {{ local_temp.path }}/ --facts_terminus yaml {{ inventory_hostname }}
+  delegate_to: 127.0.0.1
+  register: catalog
+  tags: puppet_fast
+- name: create remote temporary directory
+  tempfile:
+    state: directory
+  register: remote_temp
+  tags: puppet_fast
+- name: write catalog
+  copy:
+    dest: "{{ remote_temp.path }}/catalog.json"
+    content: "{{ catalog.stdout | regex_replace('\\A.*?\\n', multiline=True) }}"
+  tags: puppet_fast
+- name: preview catalog
+  command: puppet apply --catalog {{ remote_temp.path }}/catalog.json --noop --test
+  register: catalog_apply
+  tags: puppet_fast
+- name: display catalog preview stdout
+  debug:
+    msg: "{{ catalog_apply.stdout_lines }}"
+  tags: puppet_fast
+- name: display catalog preview stderr
+  debug:
+    msg: "{{ catalog_apply.stderr_lines }}"
+  tags: puppet_fast
+- name: pause to confirm
+  pause:
+  tags: pause
+- name: apply catalog
+  command: puppet apply --catalog {{ remote_temp.path }}/catalog.json
+  register: catalog_apply
+  tags: puppet_fast
+- name: display catalog apply stdout
+  debug:
+    msg: "{{ catalog_apply.stdout_lines }}"
+  tags: puppet_fast
+- name: display catalog apply stderr
+  debug:
+    msg: "{{ catalog_apply.stderr_lines }}"
+  tags: puppet_fast
+- name: clean up remote temporary directory
+  file:
+    state: absent
+    path: "{{ remote_temp.path }}"
+  tags: puppet_fast
+- name: clean up local temporary directory
+  file:
+    state: absent
+    path: "{{ local_temp.path}}"
+  delegate_to: 127.0.0.1
+  tags: puppet_fast
diff --git a/personal_infra/playbooks/roles/join_ipa/handlers/main.yml b/personal_infra/playbooks/roles/join_ipa/handlers/main.yml
new file mode 100644
index 00000000..da74d5ee
--- /dev/null
+++ b/personal_infra/playbooks/roles/join_ipa/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart_container
+  delegate_to: "{{ proxmox.host }}"
+  command: pct reboot {{ proxmox.id }}
+
diff --git a/personal_infra/playbooks/roles/join_ipa/tasks/main.yml b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
new file mode 100644
index 00000000..eea24430
--- /dev/null
+++ b/personal_infra/playbooks/roles/join_ipa/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: join
+  # TODO:
+  # -N: no NTP (LXC doesn't need NTP)
+  shell: getent passwd admin || ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password|trim }} --mkhomedir -p {{ freeipa.join_user }}
+- name: set idmappings
+  blockinfile:
+    path: /etc/pve/lxc/{{ proxmox.id }}.conf
+    block: |
+      lxc.idmap = u 0 100000 65536
+      lxc.idmap = g 0 100000 65536
+      lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+      lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+  delegate_to: "{{ proxmox.host }}"
+  notify: restart_container
diff --git a/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml b/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml
new file mode 100644
index 00000000..e0dd86f8
--- /dev/null
+++ b/personal_infra/playbooks/roles/proxmox_create_lxc/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: download template
+  command: "pveam download local {{ flavors[proxmox.flavor].template }}_amd64.tar.xz"
+  args:
+    creates: "/var/lib/vz/template/cache/{{ flavors[proxmox.flavor].template }}_amd64.tar.xz"
+  delegate_to: "{{ proxmox.host }}"
+- name: create host
+  command: >
+    pct create {{ proxmox.id }} "/var/lib/vz/template/cache/{{ flavors[proxmox.flavor].template }}_amd64.tar.xz"
+      --hostname {{ inventory_hostname }}
+      --storage local-zfs
+      -net0 name=eth0,bridge=vmbr0,ip=dhcp
+      -onboot 1
+      --unprivileged
+      --password {{ ansible_password|trim }}
+      --nameserver {{ hostvars[proxmox.host].network.self_internal_ip }}
+      --ostype {{ flavors[proxmox.flavor].pct_ostype }}
+  args:
+    creates: "/etc/pve/lxc/{{ proxmox.id }}.conf"
+  delegate_to: "{{ proxmox.host }}"
+# https://bugzilla.proxmox.com/show_bug.cgi?id=4460
+- name: set hostname
+  copy:
+    content: "{{ inventory_hostname }}"
+    dest: /rpool/data/subvol-{{ proxmox.id }}-disk-0/etc/hostname
+  delegate_to: "{{ proxmox.host }}"
+- name: start host
+  shell: "{ pct status {{ proxmox.id }} | grep running ; } || pct start {{ proxmox.id }}"
+  delegate_to: "{{ proxmox.host }}"
+- name: update packages to prevent automatic updates causing issues later. retry until network available
+  command: pct exec {{ proxmox.id }} -- dnf update -y
+  retries: 10
+  delay: 1
+  until: result.rc == 0
+  register: result
+  delegate_to: "{{ proxmox.host }}"
+- name: install ssh
+  command: pct exec {{ proxmox.id }} -- dnf install -y openssh-server
+  delegate_to: "{{ proxmox.host }}"
+- name: enable ssh
+  command: pct exec {{ proxmox.id }} -- systemctl enable --now sshd
+  delegate_to: "{{ proxmox.host }}"
diff --git a/personal_infra/playbooks/roles/proxmox_create_lxc/vars/main.yml b/personal_infra/playbooks/roles/proxmox_create_lxc/vars/main.yml
new file mode 100644
index 00000000..b9bdcc6a
--- /dev/null
+++ b/personal_infra/playbooks/roles/proxmox_create_lxc/vars/main.yml
@@ -0,0 +1,8 @@
+---
+flavors:
+  el8:
+    template: rockylinux-8-default_20210929
+    pct_ostype: centos
+  el9:
+    template: rockylinux-9-default_20221109
+    pct_ostype: centos
diff --git a/personal_infra/playbooks/roles/verify_root_mail/tasks/main.yml b/personal_infra/playbooks/roles/verify_root_mail/tasks/main.yml
new file mode 100644
index 00000000..da205cf4
--- /dev/null
+++ b/personal_infra/playbooks/roles/verify_root_mail/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: send root mail
+  command:
+    cmd: mail -s "ansible test {{ inventory_hostname }}" root
+    stdin: test
diff --git a/personal_infra/playbooks/site.yaml b/personal_infra/playbooks/site.yaml
new file mode 100644
index 00000000..79edd1b0
--- /dev/null
+++ b/personal_infra/playbooks/site.yaml
@@ -0,0 +1,22 @@
+---
+- name: create lxc
+  hosts: lxc
+  gather_facts: false
+  roles:
+    - proxmox_create_lxc
+
+- name: complete provision
+  hosts: all
+  roles:
+    - role: apply_puppet
+      tags: puppet
+
+- name: join ipa
+  hosts: join_ipa
+  roles:
+    - join_ipa
+
+- name: verify root mail
+  hosts: all
+  roles:
+    - verify_root_mail
diff --git a/personal_infra/playbooks/verify_root_mail.yaml b/personal_infra/playbooks/verify_root_mail.yaml
deleted file mode 100644
index f0522f88..00000000
--- a/personal_infra/playbooks/verify_root_mail.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-- hosts: all
-  tasks:
-  - name: send root mail
-    command:
-      cmd: mail -s "ansible test {{ inventory_hostname }}" root
-      stdin: test