feat: changed lxc to vm in k3s

2023-01-03 11:59:54 +00:00
parent 508e433bab
commit e596ff0e83
33 changed files with 413 additions and 164 deletions
@@ -0,0 +1,14 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.6
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.6
 k3s_mac_addr: DE:05:FF:02:47:D8
 k3s_hostname: k3s-agent-daruk
 k3s_lxc_host: 10.0.3.6
 k3s_vm_host: 10.0.3.106
 k3s_cores: 8
 k3s_memory: 4096
 k3s_disk: 150
 k3s_vmid: 606
 k3s_template_id: 900
@@ -6,7 +6,9 @@ ip_addr: 10.0.2.2
 k3s_mac_addr: de:05:ff:02:47:d7
 k3s_hostname: k3s-master-epona
 k3s_lxc_host: 10.0.3.2
 k3s_vm_host: 10.0.3.102
 k3s_cores: 4
 k3s_memory: 8192
 k3s_disk: 75
 k3s_vmid: 601
 k3s_template_id: 901
@@ -0,0 +1,8 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.13
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 mac_addr: EA:11:8B:05:5A:88
 vmid: 203
 node: epona
@@ -0,0 +1,5 @@
 ---
 ansible_user: root
 ansible_host: 10.0.3.106
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -1,4 +1,5 @@
 ---
 ansible_user: root
-ansible_host: 10.0.3.4
+ansible_host: 10.0.3.104
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -1,4 +1,5 @@
 ---
 ansible_user: root
-ansible_host: 10.0.3.3
+ansible_host: 10.0.3.105
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -1,4 +1,5 @@
 ---
 ansible_user: root
-ansible_host: 10.0.3.2
+ansible_host: 10.0.3.102
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -1,4 +1,5 @@
 ---
 ansible_user: root
-ansible_host: 10.0.3.1
+ansible_host: 10.0.3.103
 ansible_ssh_pass: "{{ proxmox_api_password }}"
@@ -5,8 +5,10 @@ ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.3
 k3s_mac_addr: 0e:a0:ff:8c:70:df
 k3s_hostname: k3s-master-mipha
-k3s_lxc_host: 10.0.3.1
+k3s_lxc_host: 10.0.3.3
 k3s_vm_host: 10.0.3.103
 k3s_cores: 4
 k3s_memory: 6144
 k3s_disk: 75
 k3s_vmid: 602
 k3s_template_id: 902
@@ -6,7 +6,9 @@ ip_addr: 10.0.2.4
 k3s_mac_addr: 32:47:89:3f:1a:e2
 k3s_hostname: k3s-agent-revali
 k3s_lxc_host: 10.0.3.4
 k3s_vm_host: 10.0.3.104
 k3s_cores: 2
 k3s_memory: 4096
 k3s_disk: 200
 k3s_vmid: 603
 k3s_template_id: 903
@@ -0,0 +1,8 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.12
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 mac_addr: C2:F5:B2:99:92:51
 vmid: 202
 node: revali
@@ -3,10 +3,12 @@ ansible_user: root
 ansible_host: 10.0.2.5
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.5
-k3s_mac_addr: ee:36:d5:79:f8:ff
+# k3s_mac_addr: ee:36:d5:79:f8:ff
-k3s_hostname: k3s-agent-urbosa
+# k3s_hostname: k3s-agent-urbosa
-k3s_lxc_host: 10.0.3.3
+# k3s_lxc_host: 10.0.3.5
-k3s_cores: 3
+# k3s_vm_host: 10.0.3.105
-k3s_memory: 2048
+# k3s_cores: 3
-k3s_disk: 80
+# k3s_memory: 2048
-k3s_vmid: 604
+# k3s_disk: 80
 # k3s_vmid: 604
 # k3s_template_id: 904
@@ -0,0 +1,8 @@
 ---
 ansible_user: root
 ansible_host: 10.0.2.11
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 mac_addr: 72:2E:3C:F0:2A:B3
 vmid: 201
 node: urbosa
@@ -3,8 +3,8 @@ k3s-master-mipha
 k3s-master-epona
 [node]
 k3s-agent-urbosa
 k3s-agent-revali
 k3s-agent-daruk
 [k3s_cluster:children]
 master
@@ -16,8 +16,20 @@ frigate
 [lxc:children]
 k3s_cluster
 [k3s_hosts]
 mipha
 epona
 revali
 daruk
 [baremetal]
 mipha
 epona
 urbosa
 revali
 daruk
 [pihole]
 epona-pihole
 revali-pihole
 urbosa-pihole
@@ -0,0 +1,28 @@
 ---
 - hosts: localhost
  become: yes
  roles:
    - role: frigate/provision/delete
    - role: frigate/provision/create
 - hosts: epona
  become: yes
  roles:
    - role: frigate/provision/cgroup
 - hosts: localhost
  become: yes
  roles:
    - role: frigate/provision/start
 - hosts: epona
  become: yes
  roles:
    - role: frigate/provision/enable-ssh
 - hosts: frigate
  become: yes
  roles:
    - role: frigate/update
    - role: frigate/install-docker
    - role: frigate/install-app
@@ -0,0 +1,56 @@
 ---
 # - hosts: localhost
 #   gather_facts: no
 #   become: yes
 #   roles:
 #     - role: k3s/provision/delete
 - hosts: localhost
  gather_facts: no
  become: yes
  roles:
    - role: k3s/provision/create
 - hosts: k3s_hosts
  gather_facts: yes
  become: yes
  roles:
    - role: k3s/provision/pre
    - role: k3s/provision/cloud-init
 - hosts: localhost
  gather_facts: no
  become: yes
  roles:
    - role: k3s/provision/start
 - hosts: k3s_cluster
  gather_facts: yes
  become: yes
  roles:
    - role: prereq
    - role: download
 - hosts: master
  become: yes
  roles:
    - role: k3s/master
 - hosts: node
  become: yes
  roles:
    - role: k3s/node
 - hosts: master
  become: yes
  roles:
    - role: k3s/post
 - hosts: master
  become: yes
  roles:
    - role: k3s/copy-config
 - hosts: localhost
  become: yes
  roles:
    - role: longhorn
    - role: traefik
    - role: nginx
    - role: cert-manager
    - role: authelia
    - role: redis
@@ -9,3 +9,8 @@
 - name: Execute script
  ansible.builtin.shell: /tmp/get-docker.sh
 - name: Enable docker on startup
  ansible.builtin.shell: |
    systemctl enable docker.service
    systemctl enable containerd.service
@@ -8,7 +8,6 @@
      lxc.cgroup2.devices.allow: c 226:128 rwm
      lxc.cgroup2.devices.allow: c 29:0 rwm
      lxc.cgroup2.devices.allow: c 189:* rwm
      lxc.apparmor.profile: unconfined
      lxc.cgroup2.devices.allow: a
      lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file 0, 0
      lxc.mount.entry: /dev/bus/usb/002 dev/bus/usb/002 none bind,optional,create=dir 0, 0
@@ -20,9 +20,9 @@
    swap: 0
    searchdomain: "home"
    onboot: 1
-    mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:16,mp=/db"}'
+    mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:50,mp=/db"}'
    features:
      - nesting=1
      - keyctl=1
-    disk: local-lvm:30
+    disk: local-lvm:50
    force: yes
@@ -75,8 +75,8 @@
        cmd: k3s kubectl get nodes -l "node-role.kubernetes.io/master=true" -o=jsonpath="{.items[*].metadata.name}"
      register: nodes
      until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['master'] | length)
-      retries: "{{ retry_count | default(20) }}"
+      retries: "{{ retry_count | default(40) }}"
-      delay: 10
+      delay: 20
      changed_when: false
  always:
    - name: Save logs of k3s-init.service
@@ -84,7 +84,7 @@
      when: log_destination
      vars:
        log_destination: >-
-          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=False) }}
+          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=True) }}
    - name: Kill the temporary service used for initialization
      systemd:
        name: k3s-init
@@ -0,0 +1,21 @@
 ---
 - name: Configure cloud-init - IP
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ipconfig0 ip="{{ k3s_vm_host }}"/21,gw=10.0.0.1
 - name: Configure cloud-init - User
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ciuser "root"
 - name: Configure cloud-init - Password
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --cipassword "{{ ansible_ssh_pass }}"
 - name: Copy SSH Pub key
  ansible.builtin.copy:
    src: ~/.ssh/id_rsa.pub
    dest: /tmp/ansible_controller-key.pub
    mode: 0600
 - name: Configure cloud-init - SSH Key
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --sshkey /tmp/ansible_controller-key.pub
 - name: Configure networking
  ansible.builtin.command: qm set "{{ k3s_vmid }}" --net0 virtio={{ k3s_mac_addr }},bridge=vmbr0
@@ -1,27 +1,51 @@
 ---
 - name: Create containers
-  community.general.proxmox:
+  # community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
-    node: "{{ item }}"
+  #   node: "{{ item }}"
  #   api_user: root@pam
  #   api_password: "{{ proxmox_api_password }}"
  #   api_host: 10.0.2.2
  #   password: "{{ lxc_password }}"
  #   hostname: "{{ hostvars[item]['k3s_hostname'] }}"
  #   ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
  #   netif: "{'net0':'name=eth0,\
  #     gw=10.0.0.1,\
  #     ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\
  #     hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\
  #     bridge=vmbr0'}"
  #   cores: "{{ hostvars[item]['k3s_cores'] }}"
  #   memory: "{{ hostvars[item]['k3s_memory'] }}"
  #   unprivileged: no
  #   swap: 0
  #   searchdomain: "home"
  #   onboot: 1
  #   features:
  #     - nesting=1
  #   disk: local-lvm:{{ hostvars[item]['k3s_disk'] }}
  #   force: yes
  # loop: "{{ groups['k3s_hosts'] }}"
  proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    name: "{{ hostvars[item]['k3s_hostname'] }}"
    node: "{{ item }}"
    newid: "{{ hostvars[item]['k3s_vmid'] }}"
    clone: debian-10-openstack-amd64
    vmid: "{{ hostvars[item]['k3s_template_id'] }}"
    timeout: 900
  loop: "{{ groups['k3s_hosts'] }}"
 - name: Update VMs
  proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: "{{ hostvars[item]['k3s_hostname'] }}"
    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\
      hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\
      bridge=vmbr0'}"
    cores: "{{ hostvars[item]['k3s_cores'] }}"
    memory: "{{ hostvars[item]['k3s_memory'] }}"
-    unprivileged: no
+    cores: "{{ hostvars[item]['k3s_cores'] }}"
-    swap: 0
+    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
-    searchdomain: "home"
+    node: "{{ item }}"
-    onboot: 1
+    update: yes
-    features:
+    agent: yes
-      - nesting=1
+  loop: "{{ groups['k3s_hosts'] }}"
    disk: local-lvm:{{ hostvars[item]['k3s_disk'] }}
    force: yes
  loop: "{{ groups['baremetal'] }}"
@@ -1,29 +1,44 @@
 ---
 - name: Stop containers
-  community.general.proxmox:
+  # community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
  #   api_user: root@pam
  #   api_password: "{{ proxmox_api_password }}"
  #   api_host: 10.0.2.2
  #   state: stopped
  proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    name: "{{ hostvars[item]['k3s_hostname'] }}"
    node: "{{ item }}"
    state: stopped
-  loop: "{{ groups['baremetal'] }}"
+    timeout: 240
  loop: "{{ groups['k3s_hosts'] }}"
  ignore_errors: true
  timeout: 90
 - name: Remove containers
-  community.general.proxmox:
+  # community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # vmid: "{{ hostvars[item]['k3s_vmid'] }}"
  # api_user: root@pam
  # api_password: "{{ proxmox_api_password }}"
  # api_host: "{{ hostvars[item]['ip_addr'] }}"
  # state: absent
  proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
-    api_host: "{{ hostvars[item]['ip_addr'] }}"
+    api_host: 10.0.2.2
    name: "{{ hostvars[item]['k3s_hostname'] }}"
    node: "{{ item }}"
    state: absent
-  loop: "{{ groups['baremetal'] }}"
+    timeout: 90
  loop: "{{ groups['k3s_hosts'] }}"
  ignore_errors: true
  timeout: 90
 - name: Remove .ssh/known_hosts lines
  ansible.builtin.lineinfile:
    path: /Users/lino.silva/.ssh/known_hosts
    state: absent
-    regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}'
+    # regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}'
-  loop: "{{ groups['baremetal'] }}"
+    regexp: '^{{ hostvars[item]["k3s_vm_host"] }}'
  loop: "{{ groups['k3s_hosts'] }}"
@@ -1,4 +1,11 @@
 ---
 # - name: Move storage to local_lvm
 #   ansible.builtin.command: qm disk move "{{ k3s_vmid }}" scsi0 local-lvm
 #   ignore_errors: true
 # - name: Resize storage
 #   ansible.builtin.command: qm disk resize "{{ k3s_vmid }}" scsi0 +"{{ k3s_disk }}G"
 - name: Allow ipv4 forwarding
  ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1"
@@ -1,9 +1,16 @@
 ---
 - name: Start deployments
-  community.general.proxmox:
+  # community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
  #   api_user: root@pam
  #   api_password: "{{ proxmox_api_password }}"
  #   api_host: 10.0.2.2
  #   state: started
  community.general.cloud.misc.proxmox_kvm:
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    name: "{{ hostvars[item]['k3s_hostname'] }}"
    node: "{{ item }}"
    state: started
-  loop: "{{ groups['baremetal'] }}"
+  loop: "{{ groups['k3s_hosts'] }}"
@@ -1,9 +1,4 @@
 ---
 - name: Add longhorn dependencies
  apt:
    name: nfs-common open-iscsi util-linux
    state: present
 - name: Add longhorn helm repo
  kubernetes.core.helm_repository:
    name: longhorn
@@ -0,0 +1,25 @@
 ---
 - name: Create Piholes
  community.general.proxmox:
    vmid: "{{ hostvars[item]['vmid'] }}"
    node: "{{ hostvars[item]['node'] }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    password: "{{ lxc_password }}"
    hostname: "{{ item }}"
    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
    netif: "{'net0':'name=eth0,\
      gw=10.0.0.1,\
      ip={{ hostvars[item]['ansible_host'] }}/21,\
      hwaddr={{ hostvars[item]['mac_addr'] }},\
      bridge=vmbr0'}"
    cores: 1
    memory: 2048
    unprivileged: no
    swap: 512
    searchdomain: "home"
    onboot: 1
    disk: local-lvm:8
    force: yes
  loop: "{{ groups['pihole'] }}"
@@ -0,0 +1,26 @@
 ---
 - name: Stop containers
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: stopped
  ignore_errors: true
  timeout: 90
 - name: Remove containers
  community.general.proxmox:
    vmid: "{{ vmid }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: absent
  ignore_errors: true
  timeout: 90
 - name: Remove .ssh/known_hosts lines
  ansible.builtin.lineinfile:
    path: /Users/lino.silva/.ssh/known_hosts
    state: absent
    regexp: "^{{ ansible_host }}"
@@ -0,0 +1,8 @@
 ---
 # Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
 - name: Allow SSH into LXC
  ansible.builtin.command: lxc-attach -n "{{ vmid }}" -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
 - name: Restart SSH Service
  ansible.builtin.command: lxc-attach -n "{{ vmid }}" service ssh restart
@@ -0,0 +1,12 @@
 ---
 - name: Allow ipv4 forwarding
  ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1"
 - name: Allow ipv6 forwarding
  ansible.builtin.shell: "sysctl net.ipv6.conf.all.forwarding=1"
 - name: Uncomment ipv4 forward line on /etc/sysctl.conf
  ansible.builtin.shell: "sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf"
 - name: Uncomment ipv6 forward line on /etc/sysctl.conf
  ansible.builtin.shell: "sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf"
@@ -0,0 +1,9 @@
 ---
 - name: Start deployments
  community.general.proxmox:
    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
    api_user: root@pam
    api_password: "{{ proxmox_api_password }}"
    api_host: 10.0.2.2
    state: started
  loop: "{{ groups['baremetal'] }}"
@@ -1,30 +1,62 @@
 ---
 - name: Run the equivalent of "apt-get update" as a separate step
  ansible.builtin.apt:
    update_cache: yes
 - name: Upgrade the OS (apt-get dist-upgrade)
  ansible.builtin.apt:
    upgrade: full
 - name: Install QMEU Guest Agent
  ansible.builtin.apt:
    name: qemu-guest-agent
    update_cache: yes
    state: present
 - name: Install NFS-Common
  ansible.builtin.apt:
    name: nfs-common
    update_cache: yes
    state: present
 - name: Install open-iscsi
  ansible.builtin.apt:
    name: open-iscsi
    update_cache: yes
    state: present
 - name: Install util-linux
  ansible.builtin.apt:
    name: util-linux
    update_cache: yes
    state: present
 - name: Set same timezone on every Server
-  timezone:
+  community.general.system.timezone:
    name: "{{ system_timezone }}"
  when: (system_timezone is defined) and (system_timezone != "Your/Timezone")
 - name: Set SELinux to disabled state
-  selinux:
+  ansible.posix.selinux:
    state: disabled
  when: ansible_os_family == "RedHat"
 - name: Enable IPv4 forwarding
-  sysctl:
+  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    state: present
    reload: yes
 - name: Enable IPv6 forwarding
-  sysctl:
+  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: "1"
    state: present
    reload: yes
 - name: Enable IPv6 router advertisements
-  sysctl:
+  ansible.posix.sysctl:
    name: net.ipv6.conf.all.accept_ra
    value: "2"
    state: present
@@ -35,16 +67,25 @@
    content: "br_netfilter"
    dest: /etc/modules-load.d/br_netfilter.conf
    mode: "u=rw,g=,o="
  when: ansible_os_family == "RedHat"
 - name: Load br_netfilter
-  modprobe:
+  community.general.system.modprobe:
    name: br_netfilter
    state: present
-  when: ansible_os_family == "RedHat"
+
 - name: Add overlay to /etc/modules-load.d/
  copy:
    content: "overlay"
    dest: /etc/modules-load.d/overlay.conf
    mode: "u=rw,g=,o="
 - name: Load overlay
  community.general.system.modprobe:
    name: overlay
    state: present
 - name: Set bridge-nf-call-iptables (just to be sure)
-  sysctl:
+  ansible.posix.sysctl:
    name: "{{ item }}"
    value: "1"
    state: present
@@ -1,96 +0,0 @@
 ---
 # - hosts: localhost
 #   gather_facts: no
 #   become: yes
 #   roles:
 #     - role: k3s/provision/delete
 # - hosts: localhost
 #   gather_facts: now
 #   become: yes
 #   roles:
 #     - role: k3s/provision/create
 # - hosts: baremetal
 #   gather_facts: yes
 #   become: yes
 #   roles:
 #     - role: k3s/provision/pre
 #     - role: k3s/provision/cgroup
 # - hosts: localhost
 #   gather_facts: no
 #   become: yes
 #   roles:
 #     - role: k3s/provision/start
 # - hosts: baremetal
 #   gather_facts: yes
 #   become: yes
 #   roles:
 #     - role: k3s/provision/enable-ssh
 # - hosts: k3s_cluster
 #   gather_facts: yes
 #   become: yes
 #   roles:
 #     - role: prereq
 #     - role: download
 # - hosts: master
 #   become: yes
 #   roles:
 #     - role: k3s/master
 # - hosts: node
 #   become: yes
 #   roles:
 #     - role: k3s/node
 # - hosts: master
 #   become: yes
 #   roles:
 #     - role: k3s/post
 # - hosts: master
 #   become: yes
 #   roles:
 #     - role: k3s/copy-config
 # - hosts: localhost
 #   become: yes
 #   roles:
 #     - role: longhorn
 #     - role: traefik
 #     - role: nginx
 #     - role: cert-manager
 #     - role: authelia
 #     - role: redis
 - hosts: localhost
  become: yes
  roles:
    - role: frigate/provision/delete
    - role: frigate/provision/create
 - hosts: epona
  become: yes
  roles:
    - role: frigate/provision/cgroup
 - hosts: localhost
  become: yes
  roles:
    - role: frigate/provision/start
 - hosts: epona
  become: yes
  roles:
    - role: frigate/provision/enable-ssh
 - hosts: frigate
  become: yes
  roles:
    - role: frigate/update
    - role: frigate/install-docker
    - role: frigate/install-app