Remove obsolete filespedro/terraform-rebased

2 files changed, 0 insertions, 266 deletions

diff --git a/baserock-ops-team.cloud-config b/baserock-ops-team.cloud-config
deleted file mode 100644
index 275deeae..00000000
--- a/baserock-ops-team.cloud-config
+++ /dev/null
@@ -1,16 +0,0 @@
-#cloud-config
-
-# The contents of this cloud-config script should be included in the
-# post-creation 'customisation script' for every instance in the public
-# baserock.org infrastructure. It gives access to all members the Baserock Ops
-# team, so that any member of the team can deploy security updates.
-
-ssh_authorized_keys:
-  # Pedro Alvarez
-  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPuirtOH8D/6iNAb3DE079FcTmDlDgusVBJ2FC0O/FHSxwAgNwHhUbCxHAcO/N+HICSvDmjp16Ki0ti2ZxfworG88shPiMOGQfuJaRv1X15AV7NsO80Llsqy/x8X+WdA5iwpUyKM011vv/pS/DhSCHJFJ/vQFgox12HQSKZuzGIOupCiZfHES5t5oEPAcoQYCC0hO4ZevyeO0ZixrOGf/iyXHyb2BoQJAehixt28YOfdaW7Z29SssCGf7QvtADYg+vF5Tazln51vp1M+fo1oF0aa/VLN3gYuf+BI6x6sEc4N/ZQaCR5+oBP3/gIVlIwOOftzC9G+l6PBOS4368nZTv pedro.alvarez@codethink.co.uk
-
-  # Gary Perkins
-  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQvRqmYpSVpff0MJq9aigjNQX22PdMkDiXpcV7EbDWdE3QLk7D818dljMKy2SvmgiEO7e/5jn8K7b9Dr88GF4dM/Oxc2k2yP9fzMoW+cE/drHBH+zDb9Zw1xa+t1AcMtl0XAEZft/hvpgx+Tp2XaEv6t7O9Ogxw1ahKtbkgDprhrnC9cVctu3VJhu8amY4BYZC9hRZUa02pCQl1i0klYq7E61zF8I25hS6HP0fbD/O+hAt5N3VqmkN+4QmCP8kkXSmyjKOurnXcGKPWonpOyB3cwVk3DO7krsw2qIIVoe/9PIK112oHNJxM01UUF+ZiPGEWawQfHRNG8Y03KQJanaf gary@garyp
-
-  # Sam Thursfield
-  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkDPLAg9ueRzIVdPbfsGboXbnd7HIwQ9oiFh1JP8NvyZ0ZWejmY7m5k6FOTDBp70Rwx1/6+rzLyCsbT5SN+rK0Ywl145A09jODRt2PWZ3ddsUDfXTY7Ycu3MLOsyjIiY5o9zhSmu+/pU90TlvlE16TFUPnyc4PDqI1DALCUf7OxDVihcecn4Fhd0XQI8FBM/c47CjvyD2g+xr2b5Qa7eCfBEFTCqpQegDOQN3Hlq1t1VLLXv+srcQkI+uh4wseJ3GcQ4T/+6w6axlGd6a2v8IjKALxveCKyI5bHirKTMJZg+BCulb+ucoafbRbLcNpmrEVfhUE5O4/ffBExaEiwni1 sam.thursfield@codethink.co.uk
diff --git a/firewall.yaml b/firewall.yaml
deleted file mode 100644
index e06b12e1..00000000
--- a/firewall.yaml
+++ /dev/null
@@ -1,250 +0,0 @@
-# OpenStack firewall setup for baserock.org
-#
-# This rather ugly and verbose Ansible script defines the firewall
-# configuration for the baserock.org cloud.
-#
-# OpenStack security group rules are all ACCEPT rules, and an instance
-# can be in multiple security groups.
-#
-# Note that many systems don't have a floating IP assigned and thus are
-# isolated from the internet. Requests to them are proxied by the
-# frontend-haproxy system.
-#
-# This playbook requires the 'neutron_sec_group' module, available in
-# <https://github.com/openstack-ansible/openstack-ansible-modules/>.
-
-- hosts: localhost
-  gather_facts: false
-  tasks:
-    - name: default security group
-      os_security_group:
-        name: default
-        description: Allow all outgoing traffic, and allow incoming ICMP (ping) and SSH connections
-        state: present
-
-    - name: default security group - allow outgoing ICMP
-      os_security_group_rule:
-        security_group: default
-        direction: egress
-        port_range_min: 0
-        port_range_max: 255
-        ethertype: IPv4
-        protocol: icmp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: default security group - allow outgoing TCP
-      os_security_group_rule:
-        security_group: default
-        direction: egress
-        port_range_min: 1
-        port_range_max: 65535
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: default security group -- allow outgoing UDP
-      os_security_group_rule:
-        security_group: default
-        direction: egress
-        port_range_min: 1
-        port_range_max: 65535
-        ethertype: IPv4
-        protocol: udp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: default security group -- allow incoming ICMP
-      os_security_group_rule:
-        security_group: default
-        direction: ingress
-        port_range_min: 0
-        port_range_max: 255
-        ethertype: IPv4
-        protocol: icmp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: default security group -- allow incoming TCP on port 22 for SSH
-      os_security_group_rule:
-        security_group: default
-        direction: ingress
-        port_range_min: 22
-        port_range_max: 22
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: open security group
-      os_security_group:
-        name: open
-        description: Allow inbound traffic on all ports. DO NOT USE EXCEPT FOR TESTING!!!
-        state: present
-
-    - name: open security group -- allow incoming TCP
-      os_security_group_rule:
-        security_group: open
-        direction: ingress
-        port_range_min: 1
-        port_range_max: 65535
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: open security group -- allow incoming UDP
-      os_security_group_rule:
-        security_group: open
-        direction: ingress
-        port_range_min: 1
-        port_range_max: 65535
-        ethertype: IPv4
-        protocol: udp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: haste-server security group
-      os_security_group:
-        name: haste-server
-        description: Allow incoming TCP requests for haste server
-        state: present
-
-    - name: haste-server security group -- allow incoming TCP on port 7777 for Haste server
-      os_security_group_rule:
-        security_group: haste-server
-        direction: ingress
-        port_range_min: 7777
-        port_range_max: 7777
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: gitlab-bot security group
-      os_security_group:
-        name: gitlab-bot
-        description: Allow incoming TCP requests for gitlab-bot
-        state: present
-
-    - name: gitlab-bot security group -- allow incoming TCP on port 1337 for Gitlab IRC bot
-      os_security_group_rule:
-        security_group: gitlab-bot
-        direction: ingress
-        port_range_min: 1337
-        port_range_max: 1337
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: git-server security group
-      os_security_group:
-        name: git-server
-        description: Allow inbound SSH, HTTP, HTTPS and Git requests.
-        state: present
-
-    - name: git-server security group -- allow incoming TCP on port 22 for Git-over-SSH
-      os_security_group_rule:
-        security_group: git-server
-        direction: ingress
-        port_range_min: 22
-        port_range_max: 22
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: git-server security group -- allow incoming TCP on port 80 for cgit and Git-over-HTTP
-      os_security_group_rule:
-        security_group: git-server
-        direction: ingress
-        port_range_min: 80
-        port_range_max: 80
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: git-server security group -- allow incoming TCP on port 443 for cgit and Git-over-HTTPS
-      os_security_group_rule:
-        security_group: git-server
-        direction: ingress
-        port_range_min: 443
-        port_range_max: 443
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: git-server security group -- allow incoming TCP on port 8080 for morph-cache-server tree & SHA1 queries
-      os_security_group_rule:
-        security_group: git-server
-        direction: ingress
-        port_range_min: 8080
-        port_range_max: 8080
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: git-server security group -- allow incoming TCP on port 9418 for git protocol
-      os_security_group_rule:
-        security_group: git-server
-        direction: ingress
-        port_range_min: 9418
-        port_range_max: 9418
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: shared-artifact-cache security group
-      os_security_group:
-        name: shared-artifact-cache
-        description: Allow inbound HTTP, HTTPS and ostree-over-SSH (which I've assigned to port 22200)
-        state: present
-
-    - name: shared-artifact-cache security group -- allow incoming TCP on port 80 for ostree-over-HTTP
-      os_security_group_rule:
-        security_group: shared-artifact-cache
-        direction: ingress
-        port_range_min: 80
-        port_range_max: 80
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: shared-artifact-cache security group -- allow incoming TCP on port 443 for ostree-over-HTTP
-      os_security_group_rule:
-        security_group: shared-artifact-cache
-        direction: ingress
-        port_range_min: 443
-        port_range_max: 443
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    # The port number here was chosen arbitrarily.
-    - name: shared-artifact-cache security group -- allow incoming TCP on port 22200 for ostree-over-SSH
-      os_security_group_rule:
-        security_group: shared-artifact-cache
-        direction: ingress
-        port_range_min: 22200
-        port_range_max: 22200
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: web-server security group
-      os_security_group:
-        name: web-server
-        description: Allow inbound HTTP and HTTPS.
-        state: present
-
-    - name: web-server security group -- allow incoming TCP on port 80 for HTTP
-      os_security_group_rule:
-        security_group: web-server
-        direction: ingress
-        port_range_min: 80
-        port_range_max: 80
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: web-server security group -- allow incoming TCP on port 443 for HTTPS
-      os_security_group_rule:
-        security_group: web-server
-        direction: ingress
-        port_range_min: 443
-        port_range_max: 443
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0