feat(k3s): add deployment rules for Helm and OpenTofu projects

collections/ansible_collections/nullified/infrastructure/roles/k3s/defaults/main.yml

@@ -6,3 +6,4 @@ k3s_extra_args: ''
 k3s_operator_ips: []
 k3s_cluster_cidr: '10.42.0.0/16'
 k3s_service_cidr: '10.43.0.0/16'
+k3s_cluster_additional_helm_charts: []

collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/opentofu.yml

@@ -0,0 +1,75 @@
+- name: deploy OpenTofu resource
+  connection: local
+  block:
+    - name: find terraform binary
+      ansible.builtin.command:
+        cmd: bash -c 'command -v terraform || command -v tofu || echo /usr/local/bin/terraform'
+      register: located_tf_binary
+      when: terraform_binary_path is undefined
+      changed_when: false
+
+    - name: set terraform binary
+      ansible.builtin.set_fact:
+        terraform_binary_path: '{{ terraform_binary_path | default(located_tf_binary.stdout, true) }}'
+      when: terraform_binary_path is undefined
+
+    - name: create temp directory
+      ansible.builtin.tempfile:
+        state: directory
+      register: tmp_file
+      changed_when: false
+      when: item.storage_dir is not defined
+
+    - name: set target directory for git repository
+      ansible.builtin.set_fact:
+        git_clone_dir: '{{ item.storage_dir | default(tmp_file.path, true) }}'
+
+    - name: fetch git repository
+      ansible.builtin.git:
+        repo: '{{ item.git_repository }}'
+        dest: '{{ git_clone_dir }}'
+        version: '{{ item.git_revision }}'
+        force: true
+
+    - name: prepare variables file
+      ansible.builtin.copy:
+        content: '{{ item.tfvars_content }}'
+        dest: '{{ git_clone_dir }}/{{ item.terraform_dir }}/terraform.tfvars'
+        mode: '0500'
+        force: true
+
+    - name: prepare tfstate file
+      ansible.builtin.copy:
+        src: '{{ item.tfstate_path }}'
+        dest: '{{ git_clone_dir }}/{{ item.terraform_dir }}/terraform.tfstate'
+        force: true
+        mode: '0600'
+      when: git_clone_dir not in item.tfstate_path
+
+    - name: deploy k8s resources
+      community.general.terraform:
+        binary_path: "{{ terraform_binary_path }}"
+        project_path: '{{ git_clone_dir }}/{{ item.terraform_dir}}'
+        provider_upgrade: true
+        force_init: true
+
+    - name: backup source stored state
+      ansible.builtin.copy:
+        src: '{{ item.tfstate_path }}'
+        dest: '{{ item.tfstate_path }}.ansible.backup'
+        force: true
+        mode: '0600'
+
+    - name: update source tfstate file
+      ansible.builtin.copy:
+        src: '{{ git_clone_dir }}/{{ item.terraform_dir}}/terraform.tfstate'
+        dest: '{{ item.tfstate_path }}'
+        force: true
+        mode: '0600'
+      when: git_clone_dir not in item.tfstate_path
+
+    - name: cleanup
+      ansible.builtin.file:
+        path: '{{ tmp_file.path }}'
+        state: absent
+      when: item.storage_dir is not defined

collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/server.yml

@@ -42,3 +42,16 @@
   debug: msg="Not supported yet"
   when: k3s_cluster_type is match("ha")
   failed_when: true
+
+- name: install Helm charts
+  connection: local
+  kubernetes.core.helm: '{{ item }}'
+  loop: '{{ k3s_cluster_additional_helm_charts }}'
+  loop_control:
+    label: '{{ item.release_name }}'
+
+- name: install OpenTofu resources
+  include_tasks: opentofu.yml
+  loop: '{{ k3s_cluster_additional_tf_resources }}'
+  loop_control:
+    label: '{{ item.name }}'