feat: Buncha shit

roles/archive/k3s/copy-config/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+- name: Store kube configuration
+  ansible.builtin.fetch:
+    src: ~/.kube/config
+    dest: ~/.kube/config
+    flat: true
+  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']

roles/archive/k3s/dashboard/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Deploy admin user
+  kubernetes.core.k8s:
+    kubeconfig: /Users/lino.silva/.kube/config
+    state: present
+    definition: "{{ lookup('template', 'dashboard.admin-user.yml') | from_yaml }}"
+
+- name: Deploy admin user role
+  kubernetes.core.k8s:
+    kubeconfig: /Users/lino.silva/.kube/config
+    state: present
+    definition: "{{ lookup('template', 'dashboard.admin-user-role.yml') | from_yaml }}"

roles/archive/k3s/dashboard/templates/dashboard.admin-user-role.yml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: admin-user
+    namespace: kubernetes-dashboard

roles/archive/k3s/dashboard/templates/dashboard.admin-user.yml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard

roles/archive/k3s/master/defaults/main.yml

@@ -0,0 +1,12 @@
+---
+ansible_user: root
+server_init_args: >-
+  {% if groups['master'] | length > 1 %}
+    {% if ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname'] %}
+      --cluster-init
+    {% else %}
+      --server https://{{ hostvars[groups['master'][0]].ansible_host }}:6443
+    {% endif %}
+    --token {{ k3s_token }}
+  {% endif %}
+  {{ extra_server_args | default('') }}

roles/archive/k3s/master/tasks/fetch_k3s_init_logs.yml

@@ -0,0 +1,28 @@
+---
+# Download logs of k3s-init.service from the nodes to localhost.
+# Note that log_destination must be set.
+
+- name: Fetch k3s-init.service logs
+  ansible.builtin.command:
+    cmd: journalctl --all --unit=k3s-init.service
+  changed_when: false
+  register: k3s_init_log
+
+- name: Create {{ log_destination }}
+  delegate_to: localhost
+  run_once: true
+  become: false
+  ansible.builtin.file:
+    path: "{{ log_destination }}"
+    state: directory
+    mode: "0755"
+
+- name: Store logs to {{ log_destination }}
+  delegate_to: localhost
+  become: false
+  ansible.builtin.template:
+    src: content.j2
+    dest: "{{ log_destination }}/k3s-init@{{ ansible_hostname }}.log"
+    mode: 0644
+  vars:
+    content: "{{ k3s_init_log.stdout }}"

roles/archive/k3s/master/tasks/main.yml

@@ -0,0 +1,200 @@
+---
+- name: Clean previous runs of k3s-init
+  systemd:
+    name: k3s-init
+    state: stopped
+  failed_when: false
+
+- name: Clean previous runs of k3s-init
+  command: systemctl reset-failed k3s-init
+  failed_when: false
+  changed_when: false
+  args:
+    warn: false # The ansible systemd module does not support reset-failed
+
+- name: Create manifests directory on first master
+  file:
+    path: /var/lib/rancher/k3s/server/manifests
+    state: directory
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
+
+- name: Copy vip rbac manifest to first master
+  template:
+    src: "vip.rbac.yaml.j2"
+    dest: "/var/lib/rancher/k3s/server/manifests/vip-rbac.yaml"
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
+
+- name: Copy vip manifest to first master
+  template:
+    src: "vip.yaml.j2"
+    dest: "/var/lib/rancher/k3s/server/manifests/vip.yaml"
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
+
+# these will be copied and installed now, then tested later and apply config
+- name: Copy metallb namespace to first master
+  template:
+    src: "metallb.namespace.j2"
+    dest: "/var/lib/rancher/k3s/server/manifests/metallb-namespace.yaml"
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
+
+- name: Copy metallb namespace to first master
+  template:
+    src: "metallb.crds.j2"
+    dest: "/var/lib/rancher/k3s/server/manifests/metallb-crds.yaml"
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
+
+- name: Init cluster inside the transient k3s-init service
+  command:
+    cmd: "systemd-run -p RestartSec=2 \
+      -p Restart=on-failure \
+      --unit=k3s-init \
+      k3s server {{ server_init_args }}"
+    creates: "{{ systemd_dir }}/k3s.service"
+  args:
+    warn: false # The ansible systemd module does not support transient units
+
+- name: Verification
+  block:
+    - name: Verify that all nodes actually joined (check k3s-init.service if this fails)
+      command:
+        cmd: k3s kubectl get nodes -l "node-role.kubernetes.io/master=true" -o=jsonpath="{.items[*].metadata.name}"
+      register: nodes
+      until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['master'] | length)
+      retries: "{{ retry_count | default(40) }}"
+      delay: 20
+      changed_when: false
+  always:
+    - name: Save logs of k3s-init.service
+      include_tasks: fetch_k3s_init_logs.yml
+      when: log_destination
+      vars:
+        log_destination: >-
+          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=True) }}
+    - name: Kill the temporary service used for initialization
+      systemd:
+        name: k3s-init
+        state: stopped
+      failed_when: false
+  when: not ansible_check_mode
+
+- name: Copy K3s service file
+  register: k3s_service
+  template:
+    src: "k3s.service.j2"
+    dest: "{{ systemd_dir }}/k3s.service"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Enable and check K3s service
+  systemd:
+    name: k3s
+    daemon_reload: yes
+    state: restarted
+    enabled: yes
+
+- name: Wait for node-token
+  wait_for:
+    path: /var/lib/rancher/k3s/server/node-token
+
+- name: Register node-token file access mode
+  stat:
+    path: /var/lib/rancher/k3s/server
+  register: p
+
+- name: Change file access node-token
+  file:
+    path: /var/lib/rancher/k3s/server
+    mode: "g+rx,o+rx"
+
+- name: Read node-token from master
+  slurp:
+    src: /var/lib/rancher/k3s/server/node-token
+  register: node_token
+
+- name: Store Master node-token
+  set_fact:
+    token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}"
+
+- name: Restore node-token file access
+  file:
+    path: /var/lib/rancher/k3s/server
+    mode: "{{ p.stat.mode }}"
+
+- name: Create directory .kube
+  file:
+    path: ~{{ ansible_user }}/.kube
+    state: directory
+    owner: "{{ ansible_user }}"
+    mode: "u=rwx,g=rx,o="
+
+- name: Copy config file to user home directory
+  copy:
+    src: /etc/rancher/k3s/k3s.yaml
+    dest: ~{{ ansible_user }}/.kube/config
+    remote_src: yes
+    owner: "{{ ansible_user }}"
+    mode: "u=rw,g=,o="
+
+- name: Configure kubectl cluster to {{ endpoint_url }}
+  command: >-
+    k3s kubectl config set-cluster default
+      --server={{ endpoint_url }}
+      --kubeconfig ~{{ ansible_user }}/.kube/config
+  changed_when: true
+  vars:
+    endpoint_url: >-
+      https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443
+  # Deactivated linter rules:
+  #   - jinja[invalid]: As of version 6.6.0, ansible-lint complains that the input to ipwrap
+  #                     would be undefined. This will not be the case during playbook execution.
+  # noqa jinja[invalid]
+
+- name: Create kubectl symlink
+  file:
+    src: /usr/local/bin/k3s
+    dest: /usr/local/bin/kubectl
+    state: link
+
+- name: Create crictl symlink
+  file:
+    src: /usr/local/bin/k3s
+    dest: /usr/local/bin/crictl
+    state: link
+
+- name: Get contents of manifests folder
+  find:
+    paths: /var/lib/rancher/k3s/server/manifests
+    file_type: file
+  register: k3s_server_manifests
+
+- name: Get sub dirs of manifests folder
+  find:
+    paths: /var/lib/rancher/k3s/server/manifests
+    file_type: directory
+  register: k3s_server_manifests_directories
+
+- name: Remove manifests and folders that are only needed for bootstrapping cluster so k3s doesn't auto apply on start
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  with_items:
+    - "{{ k3s_server_manifests.files }}"
+    - "{{ k3s_server_manifests_directories.files }}"
+  loop_control:
+    label: "{{ item.path }}"

roles/archive/k3s/master/templates/content.j2

@@ -0,0 +1,5 @@
+{#
+    This is a really simple template that just outputs the
+    value of the "content" variable.
+#}
+{{ content }}

roles/archive/k3s/master/templates/k3s.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Lightweight Kubernetes
+Documentation=https://k3s.io
+After=network-online.target
+
+[Service]
+Type=notify
+ExecStartPre=-/sbin/modprobe br_netfilter
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/local/bin/k3s server {{ extra_server_args | default("") }}
+KillMode=process
+Delegate=yes
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=1048576
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+TimeoutStartSec=0
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target

roles/archive/k3s/master/templates/metallb.namespace.j2

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metallb-system
+  labels:
+    app: metallb

roles/archive/k3s/master/templates/vip.rbac.yaml.j2

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-vip
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: system:kube-vip-role
+rules:
+  - apiGroups: [""]
+    resources: ["services", "services/status", "nodes", "endpoints"]
+    verbs: ["list","get","watch", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "get", "watch", "update", "create"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:kube-vip-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:kube-vip-role
+subjects:
+- kind: ServiceAccount
+  name: kube-vip
+  namespace: kube-system

roles/archive/k3s/master/templates/vip.yaml.j2

@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kube-vip-ds
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      name: kube-vip-ds
+  template:
+    metadata:
+      labels:
+        name: kube-vip-ds
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: Exists
+            - matchExpressions:
+              - key: node-role.kubernetes.io/control-plane
+                operator: Exists
+      containers:
+      - args:
+        - manager
+        env:
+        - name: vip_arp
+          value: "true"
+        - name: port
+          value: "6443"
+        - name: vip_interface
+          value: {{ flannel_iface }}
+        - name: vip_cidr
+          value: "{{ apiserver_endpoint | ansible.utils.ipsubnet | ansible.utils.ipaddr('prefix') }}"
+        - name: cp_enable
+          value: "true"
+        - name: cp_namespace
+          value: kube-system
+        - name: vip_ddns
+          value: "false"
+        - name: svc_enable
+          value: "false"
+        - name: vip_leaderelection
+          value: "true"
+        - name: vip_leaseduration
+          value: "15"
+        - name: vip_renewdeadline
+          value: "10"
+        - name: vip_retryperiod
+          value: "2"
+        - name: address
+          value: {{ apiserver_endpoint }}
+        image: ghcr.io/kube-vip/kube-vip:{{ kube_vip_tag_version }}
+        imagePullPolicy: Always
+        name: kube-vip
+        resources: {}
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+            - SYS_TIME
+      hostNetwork: true
+      serviceAccountName: kube-vip
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+  updateStrategy: {}
+status:
+  currentNumberScheduled: 0
+  desiredNumberScheduled: 0
+  numberMisscheduled: 0
+  numberReady: 0

roles/archive/k3s/node/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Copy K3s service file
+  template:
+    src: "k3s.service.j2"
+    dest: "{{ systemd_dir }}/k3s-node.service"
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Enable and check K3s service
+  systemd:
+    name: k3s-node
+    daemon_reload: yes
+    state: restarted
+    enabled: yes

roles/archive/k3s/node/templates/k3s.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Lightweight Kubernetes
+Documentation=https://k3s.io
+After=network-online.target
+
+[Service]
+Type=notify
+ExecStartPre=-/sbin/modprobe br_netfilter
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/local/bin/k3s agent --server https://{{ apiserver_endpoint | ansible.utils.ipwrap }}:6443 --token {{ hostvars[groups['master'][0]]['token'] | default(k3s_token) }} {{ extra_agent_args | default("") }}
+KillMode=process
+Delegate=yes
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=1048576
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+TimeoutStartSec=0
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target

roles/archive/k3s/post/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+# Timeout to wait for MetalLB services to come up
+metal_lb_available_timeout: 120s

roles/archive/k3s/post/tasks/main.yml

@@ -0,0 +1,94 @@
+---
+- name: Create manifests directory for temp configuration
+  file:
+    path: /tmp/k3s
+    state: directory
+    owner: "{{ ansible_user }}"
+    mode: 0755
+  with_items: "{{ groups['master'] }}"
+  run_once: true
+
+- name: Copy metallb CRs manifest to first master
+  template:
+    src: "metallb.crs.j2"
+    dest: "/tmp/k3s/metallb-crs.yaml"
+    owner: "{{ ansible_user }}"
+    mode: 0755
+  with_items: "{{ groups['master'] }}"
+  run_once: true
+
+- name: Test metallb-system namespace
+  command: >-
+    k3s kubectl -n metallb-system
+  changed_when: false
+  with_items: "{{ groups['master'] }}"
+  run_once: true
+
+- name: Wait for MetalLB resources
+  command: >-
+    k3s kubectl wait {{ item.resource }}
+    --namespace='metallb-system'
+    {% if item.name | default(False) -%}{{ item.name }}{%- endif %}
+    {% if item.selector | default(False) -%}--selector='{{ item.selector }}'{%- endif %}
+    {% if item.condition | default(False) -%}{{ item.condition }}{%- endif %}
+    --timeout='{{ metal_lb_available_timeout }}'
+  changed_when: false
+  run_once: true
+  with_items:
+    - description: controller
+      resource: deployment
+      name: controller
+      condition: --for condition=Available=True
+    - description: webhook service
+      resource: pod
+      selector: component=controller
+      condition: --for=jsonpath='{.status.phase}'=Running
+    - description: pods in replica sets
+      resource: pod
+      selector: component=controller,app=metallb
+      condition: --for condition=Ready
+    - description: ready replicas of controller
+      resource: replicaset
+      selector: component=controller,app=metallb
+      condition: --for=jsonpath='{.status.readyReplicas}'=1
+    - description: fully labeled replicas of controller
+      resource: replicaset
+      selector: component=controller,app=metallb
+      condition: --for=jsonpath='{.status.fullyLabeledReplicas}'=1
+    - description: available replicas of controller
+      resource: replicaset
+      selector: component=controller,app=metallb
+      condition: --for=jsonpath='{.status.availableReplicas}'=1
+  loop_control:
+    label: "{{ item.description }}"
+
+- name: Test metallb-system webhook-service endpoint
+  command: >-
+    k3s kubectl -n metallb-system get endpoints webhook-service
+  changed_when: false
+  with_items: "{{ groups['master'] }}"
+  run_once: true
+
+- name: Apply metallb CRs
+  command: >-
+    k3s kubectl apply -f /tmp/k3s/metallb-crs.yaml
+    --timeout='{{ metal_lb_available_timeout }}'
+  register: this
+  changed_when: false
+  run_once: true
+  until: this.rc == 0
+  retries: 5
+
+- name: Test metallb-system resources
+  command: >-
+    k3s kubectl -n metallb-system get {{ item }}
+  changed_when: false
+  run_once: true
+  with_items:
+    - IPAddressPool
+    - L2Advertisement
+
+- name: Remove tmp directory used for manifests
+  file:
+    path: /tmp/k3s
+    state: absent

roles/archive/k3s/post/templates/metallb.crs.j2

@@ -0,0 +1,21 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: first-pool
+  namespace: metallb-system
+spec:
+  addresses:
+{% if metal_lb_ip_range is string %}
+{# metal_lb_ip_range was used in the legacy way: single string instead of a list #}
+{#   => transform to list with single element #}
+{% set metal_lb_ip_range = [metal_lb_ip_range] %}
+{% endif %}
+{% for range in metal_lb_ip_range %}
+  - {{ range }}
+{% endfor %}
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: default
+  namespace: metallb-system

roles/archive/k3s/provision/cgroup/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: Add cgroup rule
+  ansible.builtin.lineinfile:
+    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
+    state: present
+    line: lxc.apparmor.profile{{":"}} unconfined
+
+- name: Add cgroup rule
+  ansible.builtin.lineinfile:
+    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
+    state: present
+    line: lxc.cap.drop{{":"}}
+
+- name: Add cgroup rule
+  ansible.builtin.lineinfile:
+    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
+    state: present
+    line: lxc.mount.auto"{{":"}}" "proc{{":"}}rw sys{{":"}}rw"
+
+- name: Add cgroup rule
+  ansible.builtin.lineinfile:
+    path: /etc/pve/nodes/{{ ansible_hostname }}/lxc/{{ hostvars[ansible_hostname]['k3s_vmid'] }}.conf
+    state: present
+    line: lxc.cgroup2.devices.allow{{":"}} c 10{{":"}}200 rwm

roles/archive/k3s/provision/cloud-init/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Configure cloud-init - IP
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ipconfig0 ip="{{ k3s_vm_host }}"/21,gw=10.0.0.1
+
+- name: Configure cloud-init - User
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ciuser "root"
+
+- name: Configure cloud-init - Password
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --cipassword "{{ ansible_ssh_pass }}"
+
+- name: Copy SSH Pub key
+  ansible.builtin.copy:
+    src: ~/.ssh/id_rsa.pub
+    dest: /tmp/ansible_controller-key.pub
+    mode: 0600
+
+- name: Configure cloud-init - SSH Key
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --sshkey /tmp/ansible_controller-key.pub
+
+- name: Configure networking
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --net0 virtio={{ k3s_mac_addr }},bridge=vmbr0

roles/archive/k3s/provision/create/tasks/main.yml

@@ -0,0 +1,51 @@
+---
+- name: Create containers
+  # community.general.proxmox:
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   node: "{{ item }}"
+  #   api_user: root@pam
+  #   api_password: "{{ proxmox_api_password }}"
+  #   api_host: 10.0.2.2
+  #   password: "{{ lxc_password }}"
+  #   hostname: "{{ hostvars[item]['k3s_hostname'] }}"
+  #   ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
+  #   netif: "{'net0':'name=eth0,\
+  #     gw=10.0.0.1,\
+  #     ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\
+  #     hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\
+  #     bridge=vmbr0'}"
+  #   cores: "{{ hostvars[item]['k3s_cores'] }}"
+  #   memory: "{{ hostvars[item]['k3s_memory'] }}"
+  #   unprivileged: no
+  #   swap: 0
+  #   searchdomain: "home"
+  #   onboot: 1
+  #   features:
+  #     - nesting=1
+  #   disk: local-lvm:{{ hostvars[item]['k3s_disk'] }}
+  #   force: yes
+  # loop: "{{ groups['k3s_hosts'] }}"
+  proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
+    newid: "{{ hostvars[item]['k3s_vmid'] }}"
+    clone: debian-10-openstack-amd64
+    vmid: "{{ hostvars[item]['k3s_template_id'] }}"
+    timeout: 900
+  loop: "{{ groups['k3s_hosts'] }}"
+
+- name: Update VMs
+  proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    memory: "{{ hostvars[item]['k3s_memory'] }}"
+    cores: "{{ hostvars[item]['k3s_cores'] }}"
+    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+    node: "{{ item }}"
+    update: yes
+    agent: yes
+  loop: "{{ groups['k3s_hosts'] }}"

roles/archive/k3s/provision/delete/tasks/main.yml

@@ -0,0 +1,44 @@
+---
+- name: Stop containers
+  # community.general.proxmox:
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   api_user: root@pam
+  #   api_password: "{{ proxmox_api_password }}"
+  #   api_host: 10.0.2.2
+  #   state: stopped
+  proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
+    state: stopped
+    timeout: 240
+  loop: "{{ groups['k3s_hosts'] }}"
+  ignore_errors: true
+
+- name: Remove containers
+  # community.general.proxmox:
+  # vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # api_user: root@pam
+  # api_password: "{{ proxmox_api_password }}"
+  # api_host: "{{ hostvars[item]['ip_addr'] }}"
+  # state: absent
+  proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
+    state: absent
+    timeout: 90
+  loop: "{{ groups['k3s_hosts'] }}"
+  ignore_errors: true
+
+- name: Remove .ssh/known_hosts lines
+  ansible.builtin.lineinfile:
+    path: /Users/lino.silva/.ssh/known_hosts
+    state: absent
+    # regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}'
+    regexp: '^{{ hostvars[item]["k3s_vm_host"] }}'
+  loop: "{{ groups['k3s_hosts'] }}"

roles/archive/k3s/provision/enable-ssh/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
+
+- name: Allow SSH into LXC
+  ansible.builtin.command: lxc-attach -n "{{ k3s_vmid }}" -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
+
+- name: Restart SSH Service
+  ansible.builtin.command: lxc-attach -n "{{ k3s_vmid }}" service ssh restart

roles/archive/k3s/provision/pre/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+# - name: Move storage to local_lvm
+#   ansible.builtin.command: qm disk move "{{ k3s_vmid }}" scsi0 local-lvm
+#   ignore_errors: true
+
+# - name: Resize storage
+#   ansible.builtin.command: qm disk resize "{{ k3s_vmid }}" scsi0 +"{{ k3s_disk }}G"
+
+- name: Allow ipv4 forwarding
+  ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1"
+
+- name: Allow ipv6 forwarding
+  ansible.builtin.shell: "sysctl net.ipv6.conf.all.forwarding=1"
+
+- name: Uncomment ipv4 forward line on /etc/sysctl.conf
+  ansible.builtin.shell: "sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf"
+
+- name: Uncomment ipv6 forward line on /etc/sysctl.conf
+  ansible.builtin.shell: "sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf"

roles/archive/k3s/provision/start/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- name: Start deployments
+  # community.general.proxmox:
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   api_user: root@pam
+  #   api_password: "{{ proxmox_api_password }}"
+  #   api_host: 10.0.2.2
+  #   state: started
+  community.general.cloud.misc.proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
+    state: started
+  loop: "{{ groups['k3s_hosts'] }}"