ansible-infra/collections/ansible_collections/nullified/infrastructure/roles/k3s/tasks/main.yml

---
- name: gather facts if not already done
  ansible.builtin.setup:
    gather_subset:
      - user_id

- name: group by cluster name
  ansible.builtin.group_by:
    key: "k3s_clusters_{{ k3s_cluster_name }}_{{ k3s_cluster_role }}"
  changed_when: false

- name: determine cluster type and members
  ansible.builtin.set_fact:
    k3s_cluster_type: "{{ 'ha' if groups['k3s_clusters_' ~ k3s_cluster_name ~ '_' ~ k3s_cluster_role] | length > 1 else 'single' }}"
    k3s_cluster_servers: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_server'] }}"
    k3s_cluster_agents: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_agent'] | default([]) }}"
    k3s_nft_servers4: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_server'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv4 }}"
    k3s_nft_agents4: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_agent'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv4 }}"
    k3s_nft_servers6: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_server'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv6 }}"
    k3s_nft_agents6: "{{ groups['k3s_clusters_' ~ k3s_cluster_name ~ '_agent'] | default([]) | map('extract', hostvars, ['k3s_cluster_ip']) | ansible.utils.ipv6 }}"
    k3s_nft_operators4: "{{ k3s_operator_ips | ansible.utils.ipv4 }}"
    k3s_nft_operators6: "{{ k3s_operator_ips | ansible.utils.ipv6 }}"
  changed_when: false

- name: get local controller account information
  connection: local
  ansible.builtin.getent:
    database: passwd
    key: "{{ ansible_facts.user_id }}"
    split: ":"
  changed_when: false
  when: ansible_facts['getent_passwd'] is undefined or ansible_facts['user_id'] not in ansible_facts['getent_passwd']

- name: set controller environment variables
  ansible.builtin.set_fact:
    controller_user_home: "{{ ansible_facts['getent_passwd'][ansible_facts['user_id']][4] }}"
    k3sup_binary: "{{ ansible_facts['getent_passwd'][ansible_facts['user_id']][4] }}/.local/bin/k3sup"
    kubeconfig_repository: "{{ ansible_facts['getent_passwd'][ansible_facts['user_id']][4] }}/.kubeconfig_repository"
  changed_when: false

- name: retrieve k3sup on Ansible controller
  connection: local
  nullified.infrastructure.github_artifact:
    asset_name: k3sup
    asset_type: release
    repository: alexellis/k3sup
    creates: '{{ k3sup_binary }}'
    cmds:
      - mkdir -p $HOME/.local/bin
      - "install --mode=750 {asset_dirname}/{asset_filename} {{ k3sup_binary }}"

- name: setup kubeconfig repository
  connection: local
  ansible.builtin.file:
    path: "{{ kubeconfig_repository }}"
    state: directory
    mode: '0700'

- name: setup permissions
  become: true
  block:
    - name: install sudo
      ansible.builtin.apt:
        update_cache: true
        force_apt_get: true
        cache_valid_time: 3600
        pkg: [ sudo ]
        state: present
    - name: add operator to sudoers
      ansible.builtin.lineinfile:
        backup: true
        path: /etc/sudoers
        regexp: "^{{ k3s_operator_username }}\b.+$"
        line: "{{ k3s_operator_username }} ALL=(ALL) NOPASSWD: ALL"
        state: present
      register: backup_sudoers
      changed_when: false

- name: setup server role
  include_tasks: server.yml
  when: k3s_cluster_role is match("server")
- name: setup agent role
  include_tasks: agent.yml
  when: k3s_cluster_role is match("agent")

- name: reset permissions
  become: true
  command:
    cmd: "mv {{ backup_sudoers.backup }} /etc/sudoers"
    removes: "{{ backup_sudoers.backup }}"
  when: backup_sudoers.backup
  changed_when: false