ansible-infra/ansible_collections/nullified/infrastructure/roles/k3s/tasks/server.yml

---
# TODO: disable swap
- name: setup firewall rules
  become: true
  ansible.builtin.template:
    src: ../templates/nftables.d/k3s_servers.nft.j2
    dest: /etc/nftables.d/k3s_servers.nft
    mode: '0600'
  notify:
    - 'k3s : restart firewall service'
    - 'k3s : restart k3s service'

- name: flush handlers
  ansible.builtin.meta: flush_handlers

- name: install K3S cluster, single server
  connection: local
  ansible.builtin.command:
    argv:
      - "{{ provisioner_facts.k3sup_binary_path }}"
      - install
      - "--merge"
      - "--local-path"
      - "{{ provisioner_facts.kubeconfig_repository }}/{{ k3s_cluster_name }}.kubeconfig"
      - "--context"
      - "{{ k3s_kube_context }}"
      - "--k3s-extra-args"
      - "{{ k3s_extra_args }}"
      - "--user"
      - "{{ k3s_operator_username }}"
      - "--ssh-key"
      - "{{ k3s_operator_ssh_key_path }}"
      - "--host"
      - "{{ inventory_hostname }}.{{ global_dns_domainname }}"
  register: k3s_init
  when: k3s_cluster_type is match("single")
  changed_when: not "No change detected so skipping service start" in k3s_init.stdout

- name: install K3S cluster, HA
  connection: local
  debug: msg="Not supported yet"
  when: k3s_cluster_type is match("ha")
  failed_when: true

- name: install K3S Helm customizations
  become: true
  ansible.builtin.copy:
    dest: "{{ k3s_manifests_dir }}/{{ item.name | regex_replace('[^\\w]', '') }}.yaml"
    content: '{{ item.content }}'
    mode: '0600'
    owner: root
    group: root
  loop: '{{ k3s_cluster_helm_customizations }}'
  loop_control:
    label: '{{ item.name }}'
  no_log: true

- name: install Helm charts
  connection: local
  kubernetes.core.helm: '{{ item }}'
  loop: '{{ k3s_cluster_additional_helm_charts }}'
  loop_control:
    label: '{{ item.release_name }}'
  no_log: true
  tags: [helm]

- name: install OpenTofu resources
  ansible.builtin.include_tasks:
    file: opentofu.yml
    apply:
      tags: [opentofu]
  loop: '{{ k3s_cluster_additional_tf_resources }}'
  loop_control:
    label: '{{ item.name }}'
  tags: [opentofu]