feat: changed lxc to vm in k3s

roles/frigate/install-docker/tasks/main.yml

@@ -20,3 +20,8 @@
     name: root
     groups: docker
     append: yes
+
+- name: Enable docker on startup
+  ansible.builtin.shell: |
+    systemctl enable docker.service
+    systemctl enable containerd.service

roles/frigate/provision/cgroup/tasks/main.yml

@@ -8,7 +8,6 @@
       lxc.cgroup2.devices.allow: c 226:128 rwm
       lxc.cgroup2.devices.allow: c 29:0 rwm
       lxc.cgroup2.devices.allow: c 189:* rwm
-      lxc.apparmor.profile: unconfined
       lxc.cgroup2.devices.allow: a
       lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file 0, 0
       lxc.mount.entry: /dev/bus/usb/002 dev/bus/usb/002 none bind,optional,create=dir 0, 0

roles/frigate/provision/create/tasks/main.yml

@@ -20,9 +20,9 @@
     swap: 0
     searchdomain: "home"
     onboot: 1
-    mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:16,mp=/db"}'
+    mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:50,mp=/db"}'
     features:
       - nesting=1
       - keyctl=1
-    disk: local-lvm:30
+    disk: local-lvm:50
     force: yes

roles/k3s/master/tasks/main.yml

@@ -75,8 +75,8 @@
         cmd: k3s kubectl get nodes -l "node-role.kubernetes.io/master=true" -o=jsonpath="{.items[*].metadata.name}"
       register: nodes
       until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['master'] | length)
-      retries: "{{ retry_count | default(20) }}"
-      delay: 10
+      retries: "{{ retry_count | default(40) }}"
+      delay: 20
       changed_when: false
   always:
     - name: Save logs of k3s-init.service
@@ -84,7 +84,7 @@
       when: log_destination
       vars:
         log_destination: >-
-          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=False) }}
+          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=True) }}
     - name: Kill the temporary service used for initialization
       systemd:
         name: k3s-init

roles/k3s/provision/cloud-init/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Configure cloud-init - IP
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ipconfig0 ip="{{ k3s_vm_host }}"/21,gw=10.0.0.1
+
+- name: Configure cloud-init - User
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ciuser "root"
+
+- name: Configure cloud-init - Password
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --cipassword "{{ ansible_ssh_pass }}"
+
+- name: Copy SSH Pub key
+  ansible.builtin.copy:
+    src: ~/.ssh/id_rsa.pub
+    dest: /tmp/ansible_controller-key.pub
+    mode: 0600
+
+- name: Configure cloud-init - SSH Key
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --sshkey /tmp/ansible_controller-key.pub
+
+- name: Configure networking
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --net0 virtio={{ k3s_mac_addr }},bridge=vmbr0

roles/k3s/provision/create/tasks/main.yml

@@ -1,27 +1,51 @@
 ---
 - name: Create containers
-  community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
-    node: "{{ item }}"
+  # community.general.proxmox:
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   node: "{{ item }}"
+  #   api_user: root@pam
+  #   api_password: "{{ proxmox_api_password }}"
+  #   api_host: 10.0.2.2
+  #   password: "{{ lxc_password }}"
+  #   hostname: "{{ hostvars[item]['k3s_hostname'] }}"
+  #   ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
+  #   netif: "{'net0':'name=eth0,\
+  #     gw=10.0.0.1,\
+  #     ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\
+  #     hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\
+  #     bridge=vmbr0'}"
+  #   cores: "{{ hostvars[item]['k3s_cores'] }}"
+  #   memory: "{{ hostvars[item]['k3s_memory'] }}"
+  #   unprivileged: no
+  #   swap: 0
+  #   searchdomain: "home"
+  #   onboot: 1
+  #   features:
+  #     - nesting=1
+  #   disk: local-lvm:{{ hostvars[item]['k3s_disk'] }}
+  #   force: yes
+  # loop: "{{ groups['k3s_hosts'] }}"
+  proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
+    newid: "{{ hostvars[item]['k3s_vmid'] }}"
+    clone: debian-10-openstack-amd64
+    vmid: "{{ hostvars[item]['k3s_template_id'] }}"
+    timeout: 900
+  loop: "{{ groups['k3s_hosts'] }}"
+
+- name: Update VMs
+  proxmox_kvm:
     api_user: root@pam
     api_password: "{{ proxmox_api_password }}"
     api_host: 10.0.2.2
-    password: "{{ lxc_password }}"
-    hostname: "{{ hostvars[item]['k3s_hostname'] }}"
-    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
-    netif: "{'net0':'name=eth0,\
-      gw=10.0.0.1,\
-      ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\
-      hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\
-      bridge=vmbr0'}"
-    cores: "{{ hostvars[item]['k3s_cores'] }}"
     memory: "{{ hostvars[item]['k3s_memory'] }}"
-    unprivileged: no
-    swap: 0
-    searchdomain: "home"
-    onboot: 1
-    features:
-      - nesting=1
-    disk: local-lvm:{{ hostvars[item]['k3s_disk'] }}
-    force: yes
-  loop: "{{ groups['baremetal'] }}"
+    cores: "{{ hostvars[item]['k3s_cores'] }}"
+    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+    node: "{{ item }}"
+    update: yes
+    agent: yes
+  loop: "{{ groups['k3s_hosts'] }}"

roles/k3s/provision/delete/tasks/main.yml

@@ -1,29 +1,44 @@
 ---
 - name: Stop containers
-  community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # community.general.proxmox:
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   api_user: root@pam
+  #   api_password: "{{ proxmox_api_password }}"
+  #   api_host: 10.0.2.2
+  #   state: stopped
+  proxmox_kvm:
     api_user: root@pam
     api_password: "{{ proxmox_api_password }}"
     api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
     state: stopped
-  loop: "{{ groups['baremetal'] }}"
+    timeout: 240
+  loop: "{{ groups['k3s_hosts'] }}"
   ignore_errors: true
-  timeout: 90
 
 - name: Remove containers
-  community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # community.general.proxmox:
+  # vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # api_user: root@pam
+  # api_password: "{{ proxmox_api_password }}"
+  # api_host: "{{ hostvars[item]['ip_addr'] }}"
+  # state: absent
+  proxmox_kvm:
     api_user: root@pam
     api_password: "{{ proxmox_api_password }}"
-    api_host: "{{ hostvars[item]['ip_addr'] }}"
+    api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
     state: absent
-  loop: "{{ groups['baremetal'] }}"
+    timeout: 90
+  loop: "{{ groups['k3s_hosts'] }}"
   ignore_errors: true
-  timeout: 90
 
 - name: Remove .ssh/known_hosts lines
   ansible.builtin.lineinfile:
     path: /Users/lino.silva/.ssh/known_hosts
     state: absent
-    regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}'
-  loop: "{{ groups['baremetal'] }}"
+    # regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}'
+    regexp: '^{{ hostvars[item]["k3s_vm_host"] }}'
+  loop: "{{ groups['k3s_hosts'] }}"

roles/k3s/provision/pre/tasks/main.yml

@@ -1,4 +1,11 @@
 ---
+# - name: Move storage to local_lvm
+#   ansible.builtin.command: qm disk move "{{ k3s_vmid }}" scsi0 local-lvm
+#   ignore_errors: true
+
+# - name: Resize storage
+#   ansible.builtin.command: qm disk resize "{{ k3s_vmid }}" scsi0 +"{{ k3s_disk }}G"
+
 - name: Allow ipv4 forwarding
   ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1"
 

roles/k3s/provision/start/tasks/main.yml

@@ -1,9 +1,16 @@
 ---
 - name: Start deployments
-  community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # community.general.proxmox:
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   api_user: root@pam
+  #   api_password: "{{ proxmox_api_password }}"
+  #   api_host: 10.0.2.2
+  #   state: started
+  community.general.cloud.misc.proxmox_kvm:
     api_user: root@pam
     api_password: "{{ proxmox_api_password }}"
     api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
     state: started
-  loop: "{{ groups['baremetal'] }}"
+  loop: "{{ groups['k3s_hosts'] }}"

roles/longhorn/tasks/main.yml

@@ -1,9 +1,4 @@
 ---
-- name: Add longhorn dependencies
-  apt:
-    name: nfs-common open-iscsi util-linux
-    state: present
-
 - name: Add longhorn helm repo
   kubernetes.core.helm_repository:
     name: longhorn

roles/pihole/provision/create/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+- name: Create Piholes
+  community.general.proxmox:
+    vmid: "{{ hostvars[item]['vmid'] }}"
+    node: "{{ hostvars[item]['node'] }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    password: "{{ lxc_password }}"
+    hostname: "{{ item }}"
+    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
+    netif: "{'net0':'name=eth0,\
+      gw=10.0.0.1,\
+      ip={{ hostvars[item]['ansible_host'] }}/21,\
+      hwaddr={{ hostvars[item]['mac_addr'] }},\
+      bridge=vmbr0'}"
+    cores: 1
+    memory: 2048
+    unprivileged: no
+    swap: 512
+    searchdomain: "home"
+    onboot: 1
+    disk: local-lvm:8
+    force: yes
+  loop: "{{ groups['pihole'] }}"

roles/pihole/provision/delete/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+- name: Stop containers
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: stopped
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove containers
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: absent
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove .ssh/known_hosts lines
+  ansible.builtin.lineinfile:
+    path: /Users/lino.silva/.ssh/known_hosts
+    state: absent
+    regexp: "^{{ ansible_host }}"

roles/pihole/provision/enable-ssh/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
+
+- name: Allow SSH into LXC
+  ansible.builtin.command: lxc-attach -n "{{ vmid }}" -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
+
+- name: Restart SSH Service
+  ansible.builtin.command: lxc-attach -n "{{ vmid }}" service ssh restart

roles/pihole/provision/pre/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Allow ipv4 forwarding
+  ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1"
+
+- name: Allow ipv6 forwarding
+  ansible.builtin.shell: "sysctl net.ipv6.conf.all.forwarding=1"
+
+- name: Uncomment ipv4 forward line on /etc/sysctl.conf
+  ansible.builtin.shell: "sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf"
+
+- name: Uncomment ipv6 forward line on /etc/sysctl.conf
+  ansible.builtin.shell: "sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf"

roles/pihole/provision/start/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Start deployments
+  community.general.proxmox:
+    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: started
+  loop: "{{ groups['baremetal'] }}"

roles/prereq/tasks/main.yml

@@ -1,30 +1,62 @@
 ---
+- name: Run the equivalent of "apt-get update" as a separate step
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: Upgrade the OS (apt-get dist-upgrade)
+  ansible.builtin.apt:
+    upgrade: full
+
+- name: Install QMEU Guest Agent
+  ansible.builtin.apt:
+    name: qemu-guest-agent
+    update_cache: yes
+    state: present
+
+- name: Install NFS-Common
+  ansible.builtin.apt:
+    name: nfs-common
+    update_cache: yes
+    state: present
+
+- name: Install open-iscsi
+  ansible.builtin.apt:
+    name: open-iscsi
+    update_cache: yes
+    state: present
+
+- name: Install util-linux
+  ansible.builtin.apt:
+    name: util-linux
+    update_cache: yes
+    state: present
+
 - name: Set same timezone on every Server
-  timezone:
+  community.general.system.timezone:
     name: "{{ system_timezone }}"
   when: (system_timezone is defined) and (system_timezone != "Your/Timezone")
 
 - name: Set SELinux to disabled state
-  selinux:
+  ansible.posix.selinux:
     state: disabled
   when: ansible_os_family == "RedHat"
 
 - name: Enable IPv4 forwarding
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv4.ip_forward
     value: "1"
     state: present
     reload: yes
 
 - name: Enable IPv6 forwarding
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv6.conf.all.forwarding
     value: "1"
     state: present
     reload: yes
 
 - name: Enable IPv6 router advertisements
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv6.conf.all.accept_ra
     value: "2"
     state: present
@@ -35,16 +67,25 @@
     content: "br_netfilter"
     dest: /etc/modules-load.d/br_netfilter.conf
     mode: "u=rw,g=,o="
-  when: ansible_os_family == "RedHat"
 
 - name: Load br_netfilter
-  modprobe:
+  community.general.system.modprobe:
     name: br_netfilter
     state: present
-  when: ansible_os_family == "RedHat"
+
+- name: Add overlay to /etc/modules-load.d/
+  copy:
+    content: "overlay"
+    dest: /etc/modules-load.d/overlay.conf
+    mode: "u=rw,g=,o="
+
+- name: Load overlay
+  community.general.system.modprobe:
+    name: overlay
+    state: present
 
 - name: Set bridge-nf-call-iptables (just to be sure)
-  sysctl:
+  ansible.posix.sysctl:
     name: "{{ item }}"
     value: "1"
     state: present