feat(role): add provisioner role

collections/ansible_collections/nullified/infrastructure/roles/provisioner/defaults/main.yml

@@ -0,0 +1,10 @@
+---
+provisioner_artifacts_dir: '{{ provisioner_artifacts_dir | default("/srv/ansible/artifacts", true) }}'
+provisioner_github_token: "{{ custom_github_token | default('') }}"
+provisioner_helm_binary_path: '{{ provisioner_helm_binary_path | default("/usr/local/bin/helm", true) }}'
+provisioner_helm_version: latest
+provisioner_k8s_states_dir: '{{ provisioner_k8s_states_dir | default("/srv/ansible/states", true) }}'
+provisioner_kubeconfig_repository: '{{ provisioner_kubeconfig_repository | default("/srv/ansible/kubeconfig", true) }}'
+provisioner_kubectl_binary_path: '{{ provisioner_kubectl_binary_path | default("/usr/local/bin/kubectl", true) }}'
+provisioner_kubectl_version: latest
+provisioner_k3sup_binary_path: '{{ provisioner_k3sup_binary_path | default("/usr/local/bin/k3sup") }}'

collections/ansible_collections/nullified/infrastructure/roles/provisioner/handlers/main.yml

@@ -0,0 +1 @@
+---

collections/ansible_collections/nullified/infrastructure/roles/provisioner/meta/main.yml

@@ -0,0 +1,20 @@
+---
+galaxy_info:
+  author: Florian L.
+  namespace: nullified
+  description: Install server related configuration and tooling
+  # issue_tracker_url: http://example.com/issue/tracker
+  license: MIT
+  min_ansible_version: 2.15
+
+  # https://galaxy.ansible.com/api/v1/platforms/
+  platforms:
+    - name: Debian
+      versions:
+        - bookworm
+
+  galaxy_tags:
+    - utils
+    - system
+
+dependencies: []

collections/ansible_collections/nullified/infrastructure/roles/provisioner/tasks/load_facts.yml

@@ -0,0 +1,13 @@
+---
+- name: load provisioner facts
+  block:
+    - name: save current provisioner hostname
+      ansible.builtin.set_fact:
+        provisioner_hostname: '{{ lookup("pipe", "hostname") }}'
+    - name: retrieve provisioner inventory facts
+      ansible.builtin.set_fact:
+        provisioner_facts: '{{ dict(hostvars[provisioner_hostname]) | moreati.jq.jq(JSON_MATCH_QUERY) }}'
+      when: inventory_hostname == ansible_play_hosts_all[0]
+      run_once: true
+  vars:
+    JSON_MATCH_QUERY: 'to_entries | map(select(.key | match("^provisioner_.+")) | .key |= ltrimstr("provisioner_")) | from_entries'

collections/ansible_collections/nullified/infrastructure/roles/provisioner/tasks/main.yml

@@ -0,0 +1,56 @@
+---
+# add https://github.com/databus23/helm-diff
+- name: set default facts
+  ansible.builtin.set_fact:
+    provisioner_playbook_user: '{{ lookup("env", "USER") }}'
+  changed_when: false
+
+- name: install helm
+  ansible.builtin.include_role:
+    name: nullified.infrastructure.helm
+  vars:
+    helm_binary_path: '{{ provisioner_helm_binary_path }}'
+    helm_install_version: '{{ provisioner_helm_version }}'
+
+- name: install kubectl
+  ansible.builtin.include_role:
+    name: nullified.infrastructure.kubectl
+  vars:
+    kubectl_binary_path: '{{ provisioner_kubectl_binary_path }}'
+    kubectl_install_version: '{{ provisioner_kubectl_version }}'
+
+- name: install OpenTofu
+  become: true
+  nullified.infrastructure.github_artifact:
+    github_token: '{{ provisioner_github_token }}'
+    asset_name: 'tofu_{version}_amd64.deb'
+    asset_type: release
+    creates: '{{ provisioner_tofu_binary_path }}' # path used by the .deb, no control over it
+    repository: opentofu/opentofu
+    force: true
+    cmds:
+      - 'dpkg -i {asset_dirname}/{asset_filename}'
+
+- name: retrieve k3sup on Ansible controller
+  become: true
+  nullified.infrastructure.github_artifact:
+    asset_name: k3sup
+    asset_type: release
+    repository: alexellis/k3sup
+    creates: '{{ provisioner_k3sup_binary_path }}'
+    force: true
+    cmds:
+      - "install --mode=755 {asset_dirname}/{asset_filename} {{ provisioner_k3sup_binary_path }}"
+
+- name: create storage directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    mode: '0700'
+    owner: '{{ provisioner_playbook_user }}'
+    group: '{{ provisioner_playbook_user }}'
+    state: directory
+  loop:
+    - '{{ provisioner_artifacts_dir }}'
+    - '{{ provisioner_k8s_states_dir }}'
+    - '{{ provisioner_kubeconfig_repository }}'

collections/ansible_collections/nullified/infrastructure/roles/provisioner/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

collections/ansible_collections/nullified/infrastructure/roles/provisioner/vars/main.yml

@@ -0,0 +1,2 @@
+---
+provisioner_tofu_binary_path: /usr/bin/tofu # path used by the .deb, no control over it