From fd6b5542d977a6bd5f3c4e24e2ba61b980ecb976 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sat, 12 Jul 2025 13:19:43 +0000
Subject: [PATCH] Remove nms hosts

---
 group_vars/nms.yml                            | 43 ----------
 host_vars/nms01.home.foo.sh.yml               | 20 -----
 host_vars/nms02.home.foo.sh.yml               | 20 -----
 hosts.yml                                     |  7 --
 playbooks/nms.yml                             | 85 -------------------
 .../unbound.conf.nms01.home.foo.sh.j2         | 39 ---------
 .../unbound.conf.nms02.home.foo.sh.j2         |  1 -
 7 files changed, 215 deletions(-)
 delete mode 100644 group_vars/nms.yml
 delete mode 100644 host_vars/nms01.home.foo.sh.yml
 delete mode 100644 host_vars/nms02.home.foo.sh.yml
 delete mode 100644 playbooks/nms.yml
 delete mode 100644 roles/unbound/templates/unbound.conf.nms01.home.foo.sh.j2
 delete mode 120000 roles/unbound/templates/unbound.conf.nms02.home.foo.sh.j2

diff --git a/group_vars/nms.yml b/group_vars/nms.yml
deleted file mode 100644
index 85d3b80..0000000
--- a/group_vars/nms.yml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-datadisks:
-  - {size: 10, type: nvme}
-
-chrony_allow:
-  - 172.20.25.0/24
-
-unbound_zones:
-  - 25.20.172.in-addr.arpa
-  - oob.foo.sh
-dhcpd_template: dhcpd.conf.oob.j2
-dhcpd_ldap_filter: >-
-  (&(objectClass=ieee802Device)(objectClass=ipHost)(cn=*.oob.foo.sh))
-
-network_vip_interfaces:
-  - device: eth0
-    vhid: 11
-    ipaddr: 172.20.20.21
-    netmask: 255.255.240.0
-    pass: "{{ vip21_pass }}"
-  - device: eth1
-    vhid: 25
-    ipaddr: 172.20.25.1
-    netmask: 255.255.255.0
-    pass: "{{ vip25_pass }}"
-    priority: "{{ vip25_priority }}"
-
-firewall_in:
-  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 25, from: [172.20.25.0/24]}
-  - {proto: tcp, port: 53, from: [172.20.25.0/24]}
-  - {proto: udp, port: 53, from: [172.20.25.0/24]}
-  - {proto: udp, port: 69, from: [172.20.25.0/24]}
-  - {proto: udp, port: 123, from: [172.20.25.0/24]}
-  - {proto: tcp, port: 443, from: [172.20.25.0/24]}
-  - {proto: udp, port: 514, from: [172.20.25.0/24]}
-  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 9116, from: [172.20.20.0/22]}
-firewall_raw:
-  - "ip daddr 224.0.0.0/8 accept"
-
-sssd_allow_groups:
-  - sysadm
diff --git a/host_vars/nms01.home.foo.sh.yml b/host_vars/nms01.home.foo.sh.yml
deleted file mode 100644
index a644173..0000000
--- a/host_vars/nms01.home.foo.sh.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-vmhost: vmhost01.home.foo.sh
-network_interfaces:
-  - device: eth0
-    vlan: 20
-    mac: "52:54:00:ac:dc:43"
-    nameservers: []
-  - device: eth1
-    vlan: 25
-    ipaddr: 172.20.25.2
-    netmask: 255.255.255.0
-    proto: static
-    nameservers: [172.20.25.1, 172.20.25.2, 172.20.25.3]
-  - device: eth2
-    vlan: 103
-    ipaddr: 192.168.100.2
-    netmask: 255.255.255.248
-    proto: static
-
-vip25_priority: 128
diff --git a/host_vars/nms02.home.foo.sh.yml b/host_vars/nms02.home.foo.sh.yml
deleted file mode 100644
index cb1b86b..0000000
--- a/host_vars/nms02.home.foo.sh.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-vmhost: vmhost02.home.foo.sh
-network_interfaces:
-  - device: eth0
-    vlan: 20
-    mac: "52:54:00:ac:dc:44"
-    nameservers: []
-  - device: eth1
-    vlan: 25
-    ipaddr: 172.20.25.3
-    netmask: 255.255.255.0
-    proto: static
-    nameservers: [172.20.25.1, 172.20.25.2, 172.20.25.3]
-  - device: eth2
-    vlan: 103
-    ipaddr: 192.168.100.3
-    netmask: 255.255.255.248
-    proto: static
-
-vip25_priority: 1
diff --git a/hosts.yml b/hosts.yml
index 37823e4..374c1db 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -91,12 +91,6 @@ mqtt:
 nas:
   hosts:
     nas02.home.foo.sh:
-nms:
-  hosts:
-    nms01.home.foo.sh:
-    nms02.home.foo.sh:
-  vars:
-    snmp_exporter_version: "0.29.0"
 ns:
   hosts:
     ns01.home.foo.sh:
@@ -188,7 +182,6 @@ rocky9:
     mirror:
     mongodb:
     nas:
-    nms:
     ocinode:
     print:
     prometheus:
diff --git a/playbooks/nms.yml b/playbooks/nms.yml
deleted file mode 100644
index 4537054..0000000
--- a/playbooks/nms.yml
+++ /dev/null
@@ -1,85 +0,0 @@
----
-- name: Deploy KVM virtual machines
-  ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
-  vars:
-    myhosts: nms
-
-- name: Configure instance
-  hosts: nms
-  user: root
-  gather_facts: true
-
-  pre_tasks:
-    - name: Mount /export
-      ansible.posix.mount:
-        name: /export
-        src: LABEL=/export
-        fstype: xfs
-        opts: noatime,noexec,nosuid,nodev
-        passno: "0"
-        dump: "0"
-        state: mounted
-
-  vars_files:
-    - "{{ ansible_private }}/vars.yml"
-
-  roles:
-    - base
-    - cups
-    - nginx
-    - role: nginx_site
-      nginx_site_name: oob.foo.sh
-      nginx_site_plaintext: false
-    - role: keytab
-      keytab_principals:
-        - "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
-    - nfs_client
-    - role: autofs
-      autofs_home: false
-    - sssd
-    - mkhomedir
-    - aten_pdu
-    - routeros
-    - snmp_exporter
-
-  tasks:
-    - name: Enable UDP rsyslog server
-      ansible.builtin.import_role:
-        name: rsyslog
-        tasks_from: udp-listen
-
-    - name: Enable postfix mail relay
-      ansible.builtin.import_role:
-        name: postfix
-        tasks_from: relay
-      vars:
-        relay_domains: [foo.sh]
-
-    - name: Import unbound role
-      ansible.builtin.import_role:
-        name: unbound
-
-    - name: Import dhcpd role
-      ansible.builtin.import_role:
-        name: dhcpd
-
-    - name: Install extra packages
-      ansible.builtin.package:
-        name: "{{ item }}"
-        state: installed
-      with_items:
-        - nmap
-        - rcs
-        - unzip
-        - wget
-
-    - name: Create sw-backup script
-      ansible.builtin.copy:
-        dest: /usr/local/bin/sw-backup
-        content: |
-          #!/bin/sh
-          set -eu
-          ssh "admin@${1}" /export > "/srv/backup/${1}.rsc"
-        mode: "0755"
-        owner: root
-        group: "{{ ansible_wheel }}"
diff --git a/roles/unbound/templates/unbound.conf.nms01.home.foo.sh.j2 b/roles/unbound/templates/unbound.conf.nms01.home.foo.sh.j2
deleted file mode 100644
index c29a61c..0000000
--- a/roles/unbound/templates/unbound.conf.nms01.home.foo.sh.j2
+++ /dev/null
@@ -1,39 +0,0 @@
-
-server:
-    interface: 0.0.0.0
-    interface: ::0
-
-    access-control: 127.0.0.0/8 allow
-    access-control: ::1 allow
-    access-control: 172.20.25.1/32 allow
-    access-control: 172.20.25.2/32 allow
-    access-control: 172.20.25.3/32 allow
-    access-control: 172.20.25.0/24 refuse_non_local
-
-    extended-statistics: yes
-
-    hide-identity: yes
-    hide-version: yes
-
-    tls-upstream: yes
-    tls-cert-bundle: {{ tls_bundle }}
-
-    chroot: ""
-
-    unblock-lan-zones: yes
-
-remote-control:
-    control-enable: yes
-    control-interface: /var/run/unbound.sock
-
-forward-zone:
-    name: "."
-    forward-addr: 172.20.20.10@853#dns.home.foo.sh
-    forward-addr: 172.20.20.11@853#dns.home.foo.sh
-    forward-addr: 172.20.20.12@853#dns.home.foo.sh
-
-{% for zone in unbound_zones %}
-auth-zone:
-    name: "{{ zone }}"
-    zonefile: "{{ unbound_zonedir }}/{{ zone }}"
-{% endfor %}
diff --git a/roles/unbound/templates/unbound.conf.nms02.home.foo.sh.j2 b/roles/unbound/templates/unbound.conf.nms02.home.foo.sh.j2
deleted file mode 120000
index 4b3c596..0000000
--- a/roles/unbound/templates/unbound.conf.nms02.home.foo.sh.j2
+++ /dev/null
@@ -1 +0,0 @@
-unbound.conf.nms01.home.foo.sh.j2
\ No newline at end of file