feat: Shit, multiple things

README.md

@@ -117,4 +117,3 @@ This repo is really standing on the shoulders of giants. Thank you to all those
 
 - https://docs.k3s.io/installation/kube-dashboard
 - https://www.phillipsj.net/posts/k3s-enable-nfs-storage/
-- https://www.authelia.com/integration/kubernetes/chart/

inventory/my-cluster/host_vars/impa

@@ -1,5 +1,5 @@
 ---
 
 ansible_user: root
-ansible_host: 10.0.3.105
+ansible_host: 10.0.3.111
 ansible_ssh_pass: "{{ proxmox_api_password }}"

inventory/my-cluster/host_vars/k3s-master-yuga

@@ -0,0 +1,5 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.3.107
+ansible_ssh_pass: "{{ proxmox_api_password }}"

inventory/my-cluster/host_vars/tingle

@@ -0,0 +1,5 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.3.110
+ansible_ssh_pass: "{{ proxmox_api_password }}"

inventory/my-cluster/host_vars/urbosa

@@ -1,14 +0,0 @@
----
-ansible_user: root
-ansible_host: 10.0.2.5
-ansible_ssh_pass: "{{ proxmox_api_password }}"
-ip_addr: 10.0.2.5
-# k3s_mac_addr: ee:36:d5:79:f8:ff
-# k3s_hostname: k3s-agent-urbosa
-# k3s_lxc_host: 10.0.3.5
-# k3s_vm_host: 10.0.3.105
-# k3s_cores: 3
-# k3s_memory: 2048
-# k3s_disk: 80
-# k3s_vmid: 604
-# k3s_template_id: 904

inventory/my-cluster/host_vars/urbosa-pihole

@@ -1,8 +1,7 @@
 ---
-
 ansible_user: root
 ansible_host: 10.0.2.11
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 mac_addr: 72:2E:3C:F0:2A:B3
 vmid: 201
-node: urbosa
+node: mipha

inventory/my-cluster/host_vars/yuga

@@ -0,0 +1,14 @@
+---
+ansible_user: root
+ansible_host: 10.0.2.7
+ansible_ssh_pass: "{{ proxmox_api_password }}"
+ip_addr: 10.0.2.7
+k3s_mac_addr: 65:AC:EE:EB:AC:C3
+k3s_hostname: k3s-master-yuga
+k3s_lxc_host: 10.0.3.7
+k3s_vm_host: 10.0.3.107
+k3s_cores: 4
+k3s_memory: 12288
+k3s_disk: 120
+k3s_vmid: 607
+k3s_template_id: 907

inventory/my-cluster/hosts.ini

@@ -1,10 +1,13 @@
 [master]
 k3s-master-mipha
 k3s-master-epona
+k3s-master-yuga
 
 [node]
 k3s-agent-revali
 k3s-agent-daruk
+tingle
+impa
 
 [k3s_cluster:children]
 master
@@ -21,13 +24,14 @@ mipha
 epona
 revali
 daruk
+yuga
 
 [baremetal]
 mipha
 epona
-urbosa
 revali
 daruk
+yuga
 
 [pihole]
 epona-pihole

playbook-k3s.yml

@@ -48,9 +48,8 @@
 - hosts: localhost
   become: yes
   roles:
-    - role: longhorn
     - role: traefik
     - role: nginx
     - role: cert-manager
-    - role: authelia
+    - role: authentik
-    - role: redis
+    # - role: redis

reset.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-ansible-playbook reset.yml -i inventory/my-cluster/hosts.ini
+ansible-playbook reset.yml -i inventory/my-cluster/hosts.ini --ask-become-pass --ask-vault-pass

roles/authelia/defaults/main.yml

@@ -1 +0,0 @@
----

roles/authentik/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
-- name: Add traefik helm repo
+- name: Add authentik helm repo
   kubernetes.core.helm_repository:
-    name: authelia
+    name: authentik
-    repo_url: "https://charts.authelia.com"
+    repo_url: "https://charts.goauthentik.io"
 
 - name: Update the repository cache
   kubernetes.core.helm:
@@ -12,9 +12,10 @@
     state: absent
     update_repo_cache: true
 
-- name: Deploy latest version of Authelia chart inside
+- name: Deploy latest version of Authentik chart inside
   kubernetes.core.helm:
     kubeconfig: /Users/lino.silva/.kube/config
-    name: authelia
+    name: authentik
-    chart_ref: authelia/authelia
+    namespace: traefik
+    chart_ref: authentik/authentik
     values: "{{ lookup('template', 'values.yml') | from_yaml }}"

roles/authentik/templates/values.yml

@@ -0,0 +1,22 @@
+authentik:
+  secret_key: "fKkVEXDoUdGYwoNb$97xQuG9uw7zu$rFDe6y7!UZ&6$5*cyx6h"
+  # This sends anonymous usage-data, stack traces on errors and
+  # performance data to sentry.io, and is fully opt-in
+  error_reporting:
+    enabled: true
+  postgresql:
+    password: "uNP9W3zMpp4853QF9f@mpJDEXprca@tX@cEj3#BLFR&WFZVBU^"
+
+ingress:
+  enabled: true
+  hosts:
+    - host: auth.lino.cooking
+      paths:
+        - path: "/"
+          pathType: Prefix
+
+postgresql:
+  enabled: true
+  postgresqlPassword: "uNP9W3zMpp4853QF9f@mpJDEXprca@tX@cEj3#BLFR&WFZVBU^"
+redis:
+  enabled: true

roles/frigate/install-app/templates/docker-compose.yml

@@ -11,6 +11,7 @@ services:
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - /config/config.yml:/config/config.yml:ro
+      - /media/frigate:/media/frigate
       - /db:/db
       - type: tmpfs
         target: /tmp/cache

roles/longhorn/tasks/main.yml

@@ -1,22 +0,0 @@
----
-- name: Add longhorn helm repo
-  kubernetes.core.helm_repository:
-    name: longhorn
-    repo_url: "https://charts.longhorn.io"
-
-- name: Update the repository cache
-  kubernetes.core.helm:
-    kubeconfig: /Users/lino.silva/.kube/config
-    name: dummy
-    namespace: kube-system
-    state: absent
-    update_repo_cache: true
-
-- name: Deploy latest version of Longhorn chart inside longhorn-system namespace (and create it)
-  kubernetes.core.helm:
-    kubeconfig: /Users/lino.silva/.kube/config
-    name: longhorn
-    chart_ref: longhorn/longhorn
-    release_namespace: longhorn-system
-    create_namespace: true
-    chart_version: 1.2.4

roles/prereq/tasks/main.yml

@@ -31,6 +31,12 @@
     update_cache: yes
     state: present
 
+- name: Install network-manager
+  ansible.builtin.apt:
+    name: network-manager
+    update_cache: yes
+    state: present
+
 - name: Set same timezone on every Server
   community.general.system.timezone:
     name: "{{ system_timezone }}"
@@ -113,5 +119,15 @@
     group: root
     mode: a+x
 
+- name: Configure networking without cloud-init because it sucks
+  nmcli:
+    conn_name: "eth0"
+    ifname: eth0
+    type: ethernet
+    state: present
+    autoconnect: yes
+    ip4: "{{ ansible_host }}"
+    gw4: 10.0.0.1
+
 - name: Reboot
   ansible.builtin.reboot: