From 88cd48e3e22016802a19a8275de1f33cb1476ca9 Mon Sep 17 00:00:00 2001
From: Fern Garden <mail@fern.garden>
Date: Mon, 9 Jun 2025 19:35:21 +0800
Subject: [PATCH] Clean up hosts, roles

---
 flock.yml                                     | 80 ++++++-------------
 inventory/hosts.yml                           | 14 ----
 requirements.yml                              |  1 -
 .../install_standard_packages/tasks/main.yml  |  2 +
 roles/setup_nfs_client/tasks/main.yml         | 41 ----------
 roles/setup_nfs_server/tasks/main.yml         | 32 --------
 roles/setup_sshd/handlers/main.yml            |  4 -
 roles/setup_sshd/tasks/main.yml               |  1 -
 8 files changed, 25 insertions(+), 150 deletions(-)
 delete mode 100644 roles/setup_nfs_client/tasks/main.yml
 delete mode 100644 roles/setup_nfs_server/tasks/main.yml
 delete mode 100644 roles/setup_sshd/handlers/main.yml

diff --git a/flock.yml b/flock.yml
index 42c96dc..e6d03fb 100644
--- a/flock.yml
+++ b/flock.yml
@@ -1,24 +1,29 @@
 ---
-- hosts: all
+- hosts: all:!technitium.local
   roles:
-    - role: setup_base_system
     - role: lifeofguenter.resolvconf
       vars:
         resolv_nameservers:
           - 10.0.1.111
-    - role: hifis.toolkit.unattended_upgrades
-      become: true
-    - role: hussainweb.chezmoi
-      vars:
-        chezmoi_init_url: https://git.fern.garden/fern/dots
 
-- hosts: all
+- hosts: technitium.local
   roles:
-    - role: install_standard_packages
+    - role: lifeofguenter.resolvconf
+      vars:
+        resolv_nameservers:
+          - 10.0.1.1
 
 - hosts: all
   roles:
     - role: setup_user
+    - role: setup_sshd
+    - role: setup_base_system
+    - role: hifis.toolkit.unattended_upgrades
+      become: true
+    - role: install_standard_packages
+    - role: hussainweb.chezmoi
+      vars:
+        chezmoi_init_url: https://git.fern.garden/fern/dots
 
 - hosts: virtual_machines
   roles:
@@ -31,54 +36,15 @@
       vars:
         docker_users:
           - fern
-
-- hosts: nfs_servers
-  roles:
-    - role: setup_nfs_server
-    - role: geerlingguy.nfs
-      vars:
-        nfs_exports: [
-          "/export/film 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)",
-          "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)",
-          "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)",
-        ]
-
-- hosts: nfs_clients
-  roles:
-    - role: setup_nfs_client
-
-- hosts: jellyfin.local
-  roles:
-    - role: tomhesse.jellyfin
-  tasks:
-    - name: Ensure Jellyfin user is a member of the media group
-      become: yes
-      tags:
-        - media_group
-      ansible.builtin.user:
-        name: jellyfin
-        groups: media
-        append: yes
+        docker_daemon_options:
+          metrics-addr: 0.0.0.0:9323
+          live-restore: true
+          default-address-pools:
+          - base: 172.20.0.0/16
+            size: 24
+          - base: 172.21.0.0/16
+            size: 24
 
 - hosts: weebill.local
-  tasks:
-    - name: Install Webone dependencies
-      ansible.builtin.apt:
-        deb: https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb
-    - name: Install Webone
-      ansible.builtin.apt:
-        update_cache: yes
-        deb: https://github.com/atauenis/webone/releases/download/v0.17.4/webone.0.17.4.linux-arm64.deb
-
-- hosts: stash.local
-  tasks:
-    - name: Add user to render group
-      become: yes
-      ansible.builtin.user:
-        name: fern
-        groups: render
-        append: yes
-
-- hosts: all
   roles:
-    - role: setup_sshd
+    - role: install_software_webone
diff --git a/inventory/hosts.yml b/inventory/hosts.yml
index db7e926..33663b4 100644
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@@ -4,11 +4,8 @@
 ungrouped:
   hosts:
     docker.local:
-    immich.local:
     minecraft.local:
     ff-syncserver.local:
-    jellyfin.local:
-    media-share.local:
     technitium.local:
     weebill.local:
 
@@ -18,20 +15,9 @@ virtual_machines:
   hosts:
     docker.local:
     minecraft.local:
-    media-share.local:
 
 docker:
   hosts:
     docker.local:
-    immich.local:
     minecraft.local:
     weebill.local:
-
-nfs_clients:
-  hosts:
-    docker.local:
-    jellyfin.local:
-
-nfs_servers:
-  hosts:
-    media-share.local:
diff --git a/requirements.yml b/requirements.yml
index 333cd9e..a21d42f 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -3,7 +3,6 @@ roles:
   - name: hussainweb.chezmoi
   - name: geerlingguy.docker
   - name: tomhesse.jellyfin
-  - name: geerlingguy.nfs
 
 collections:
   - name: hifis.toolkit
diff --git a/roles/install_standard_packages/tasks/main.yml b/roles/install_standard_packages/tasks/main.yml
index 9a5f4a8..e09987a 100644
--- a/roles/install_standard_packages/tasks/main.yml
+++ b/roles/install_standard_packages/tasks/main.yml
@@ -16,3 +16,5 @@
     - ncdu
     - nnn
     - neovim
+    - aria2
+    - lynx
diff --git a/roles/setup_nfs_client/tasks/main.yml b/roles/setup_nfs_client/tasks/main.yml
deleted file mode 100644
index 96abf59..0000000
--- a/roles/setup_nfs_client/tasks/main.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-- name: Ensure media group exists
-  become: true
-  tags:
-    - media_group
-  ansible.builtin.group:
-    name: media
-    state: present
-    gid: 1800
-
-- name: Install nfs-common
-  become: true
-  apt:
-    pkg:
-    - nfs-common
-
-- name: Mount /media/tv
-  become: true
-  ansible.posix.mount:
-    src: 10.0.1.101:/export/tv
-    path: /media/tv
-    opts: default
-    state: mounted
-    fstype: nfs
-
-- name: Mount /media/film
-  become: true
-  ansible.posix.mount:
-    src: 10.0.1.101:/export/film
-    path: /media/film
-    opts: default
-    state: mounted
-    fstype: nfs
-
-- name: Mount /media/misc
-  become: true
-  ansible.posix.mount:
-    src: 10.0.1.101:/export/misc
-    path: /media/misc
-    opts: default
-    state: mounted
-    fstype: nfs
diff --git a/roles/setup_nfs_server/tasks/main.yml b/roles/setup_nfs_server/tasks/main.yml
deleted file mode 100644
index 12ac17d..0000000
--- a/roles/setup_nfs_server/tasks/main.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-- name: Ensure media group exists
-  become: true
-  tags:
-    - media_group
-  ansible.builtin.group:
-    name: media
-    state: present
-    gid: 1800
-
-- name: Mount /export/tv
-  become: true
-  ansible.posix.mount:
-    src: UUID=fcee0188-8ca1-4fda-81b7-f5920c79ab48
-    path: /export/tv
-    state: mounted
-    fstype: ext4
-
-- name: Mount /export/film
-  become: true
-  ansible.posix.mount:
-    src: UUID=5d9dd538-79e4-4168-be91-e0b040155cb3
-    path: /export/film
-    state: mounted
-    fstype: ext4
-
-- name: Mount /export/misc
-  become: true
-  ansible.posix.mount:
-    src: UUID=5a43b7dc-3e28-459e-824a-ad45b5475361
-    path: /export/misc
-    state: mounted
-    fstype: ext4
diff --git a/roles/setup_sshd/handlers/main.yml b/roles/setup_sshd/handlers/main.yml
deleted file mode 100644
index 3fc23d6..0000000
--- a/roles/setup_sshd/handlers/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-- name: Restart SSHD
-  service:
-    name: sshd
-    state: restarted
diff --git a/roles/setup_sshd/tasks/main.yml b/roles/setup_sshd/tasks/main.yml
index ac2b379..49eeec8 100644
--- a/roles/setup_sshd/tasks/main.yml
+++ b/roles/setup_sshd/tasks/main.yml
@@ -23,4 +23,3 @@
     regexp: "^PermitRootLogin"
     line: "PermitRootLogin no"
     backup: yes
-  notify: Restart SSHD