inventory/my-cluster/host_vars/daruk

@@ -0,0 +1,14 @@
+---
+ansible_user: root
+ansible_host: 10.0.2.6
+ansible_ssh_pass: "{{ proxmox_api_password }}"
+ip_addr: 10.0.2.6
+k3s_mac_addr: DE:05:FF:02:47:D8
+k3s_hostname: k3s-agent-daruk
+k3s_lxc_host: 10.0.3.6
+k3s_vm_host: 10.0.3.106
+k3s_cores: 8
+k3s_memory: 4096
+k3s_disk: 150
+k3s_vmid: 606
+k3s_template_id: 900

inventory/my-cluster/host_vars/epona

@@ -6,7 +6,9 @@ ip_addr: 10.0.2.2
 k3s_mac_addr: de:05:ff:02:47:d7
 k3s_hostname: k3s-master-epona
 k3s_lxc_host: 10.0.3.2
+k3s_vm_host: 10.0.3.102
 k3s_cores: 4
 k3s_memory: 8192
 k3s_disk: 75
 k3s_vmid: 601
+k3s_template_id: 901

inventory/my-cluster/host_vars/epona-pihole

@@ -0,0 +1,8 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.2.13
+ansible_ssh_pass: "{{ proxmox_api_password }}"
+mac_addr: EA:11:8B:05:5A:88
+vmid: 203
+node: epona

inventory/my-cluster/host_vars/k3s-agent-daruk

@@ -0,0 +1,5 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.3.106
+ansible_ssh_pass: "{{ proxmox_api_password }}"

inventory/my-cluster/host_vars/k3s-agent-revali

@@ -1,4 +1,5 @@
 ---
+
 ansible_user: root
-ansible_host: 10.0.3.4
+ansible_host: 10.0.3.104
 ansible_ssh_pass: "{{ proxmox_api_password }}"

inventory/my-cluster/host_vars/k3s-agent-urbosa

@@ -1,4 +1,5 @@
 ---
+
 ansible_user: root
-ansible_host: 10.0.3.3
+ansible_host: 10.0.3.105
 ansible_ssh_pass: "{{ proxmox_api_password }}"

inventory/my-cluster/host_vars/k3s-master-epona

@@ -1,4 +1,5 @@
 ---
+
 ansible_user: root
-ansible_host: 10.0.3.2
+ansible_host: 10.0.3.102
 ansible_ssh_pass: "{{ proxmox_api_password }}"

inventory/my-cluster/host_vars/k3s-master-mipha

@@ -1,4 +1,5 @@
 ---
+
 ansible_user: root
-ansible_host: 10.0.3.1
+ansible_host: 10.0.3.103
 ansible_ssh_pass: "{{ proxmox_api_password }}"

inventory/my-cluster/host_vars/mipha

@@ -5,8 +5,10 @@ ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.3
 k3s_mac_addr: 0e:a0:ff:8c:70:df
 k3s_hostname: k3s-master-mipha
-k3s_lxc_host: 10.0.3.1
+k3s_lxc_host: 10.0.3.3
+k3s_vm_host: 10.0.3.103
 k3s_cores: 4
 k3s_memory: 6144
 k3s_disk: 75
 k3s_vmid: 602
+k3s_template_id: 902

inventory/my-cluster/host_vars/revali

@@ -6,7 +6,9 @@ ip_addr: 10.0.2.4
 k3s_mac_addr: 32:47:89:3f:1a:e2
 k3s_hostname: k3s-agent-revali
 k3s_lxc_host: 10.0.3.4
+k3s_vm_host: 10.0.3.104
 k3s_cores: 2
 k3s_memory: 4096
 k3s_disk: 200
 k3s_vmid: 603
+k3s_template_id: 903

inventory/my-cluster/host_vars/revali-pihole

@@ -0,0 +1,8 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.2.12
+ansible_ssh_pass: "{{ proxmox_api_password }}"
+mac_addr: C2:F5:B2:99:92:51
+vmid: 202
+node: revali

inventory/my-cluster/host_vars/urbosa

@@ -3,10 +3,12 @@ ansible_user: root
 ansible_host: 10.0.2.5
 ansible_ssh_pass: "{{ proxmox_api_password }}"
 ip_addr: 10.0.2.5
-k3s_mac_addr: ee:36:d5:79:f8:ff
-k3s_hostname: k3s-agent-urbosa
-k3s_lxc_host: 10.0.3.3
-k3s_cores: 3
-k3s_memory: 2048
-k3s_disk: 80
-k3s_vmid: 604
+# k3s_mac_addr: ee:36:d5:79:f8:ff
+# k3s_hostname: k3s-agent-urbosa
+# k3s_lxc_host: 10.0.3.5
+# k3s_vm_host: 10.0.3.105
+# k3s_cores: 3
+# k3s_memory: 2048
+# k3s_disk: 80
+# k3s_vmid: 604
+# k3s_template_id: 904

inventory/my-cluster/host_vars/urbosa-pihole

@@ -0,0 +1,8 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.2.11
+ansible_ssh_pass: "{{ proxmox_api_password }}"
+mac_addr: 72:2E:3C:F0:2A:B3
+vmid: 201
+node: urbosa

inventory/my-cluster/hosts.ini

@@ -3,8 +3,8 @@ k3s-master-mipha
 k3s-master-epona
 
 [node]
-k3s-agent-urbosa
 k3s-agent-revali
+k3s-agent-daruk
 
 [k3s_cluster:children]
 master
@@ -16,8 +16,20 @@ frigate
 [lxc:children]
 k3s_cluster
 
+[k3s_hosts]
+mipha
+epona
+revali
+daruk
+
 [baremetal]
 mipha
 epona
 urbosa
 revali
+daruk
+
+[pihole]
+epona-pihole
+revali-pihole
+urbosa-pihole

playbook-frigate.yml

@@ -0,0 +1,28 @@
+---
+- hosts: localhost
+  become: yes
+  roles:
+    - role: frigate/provision/delete
+    - role: frigate/provision/create
+
+- hosts: epona
+  become: yes
+  roles:
+    - role: frigate/provision/cgroup
+
+- hosts: localhost
+  become: yes
+  roles:
+    - role: frigate/provision/start
+
+- hosts: epona
+  become: yes
+  roles:
+    - role: frigate/provision/enable-ssh
+
+- hosts: frigate
+  become: yes
+  roles:
+    - role: frigate/update
+    - role: frigate/install-docker
+    - role: frigate/install-app

playbook-k3s.yml

@@ -0,0 +1,56 @@
+---
+# - hosts: localhost
+#   gather_facts: no
+#   become: yes
+#   roles:
+#     - role: k3s/provision/delete
+- hosts: localhost
+  gather_facts: no
+  become: yes
+  roles:
+    - role: k3s/provision/create
+- hosts: k3s_hosts
+  gather_facts: yes
+  become: yes
+  roles:
+    - role: k3s/provision/pre
+    - role: k3s/provision/cloud-init
+- hosts: localhost
+  gather_facts: no
+  become: yes
+  roles:
+    - role: k3s/provision/start
+- hosts: k3s_cluster
+  gather_facts: yes
+  become: yes
+  roles:
+    - role: prereq
+    - role: download
+- hosts: master
+  become: yes
+  roles:
+    - role: k3s/master
+
+- hosts: node
+  become: yes
+  roles:
+    - role: k3s/node
+
+- hosts: master
+  become: yes
+  roles:
+    - role: k3s/post
+
+- hosts: master
+  become: yes
+  roles:
+    - role: k3s/copy-config
+- hosts: localhost
+  become: yes
+  roles:
+    - role: longhorn
+    - role: traefik
+    - role: nginx
+    - role: cert-manager
+    - role: authelia
+    - role: redis

roles/frigate/install-docker/tasks/main.yml

@@ -20,3 +20,8 @@
     name: root
     groups: docker
     append: yes
+
+- name: Enable docker on startup
+  ansible.builtin.shell: |
+    systemctl enable docker.service
+    systemctl enable containerd.service

roles/frigate/provision/cgroup/tasks/main.yml

@@ -8,7 +8,6 @@
       lxc.cgroup2.devices.allow: c 226:128 rwm
       lxc.cgroup2.devices.allow: c 29:0 rwm
       lxc.cgroup2.devices.allow: c 189:* rwm
-      lxc.apparmor.profile: unconfined
       lxc.cgroup2.devices.allow: a
       lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file 0, 0
       lxc.mount.entry: /dev/bus/usb/002 dev/bus/usb/002 none bind,optional,create=dir 0, 0

roles/frigate/provision/create/tasks/main.yml

@@ -20,9 +20,9 @@
     swap: 0
     searchdomain: "home"
     onboot: 1
-    mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:16,mp=/db"}'
+    mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:50,mp=/db"}'
     features:
       - nesting=1
       - keyctl=1
-    disk: local-lvm:30
+    disk: local-lvm:50
     force: yes

roles/k3s/master/tasks/main.yml

@@ -75,8 +75,8 @@
         cmd: k3s kubectl get nodes -l "node-role.kubernetes.io/master=true" -o=jsonpath="{.items[*].metadata.name}"
       register: nodes
       until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['master'] | length)
-      retries: "{{ retry_count | default(20) }}"
-      delay: 10
+      retries: "{{ retry_count | default(40) }}"
+      delay: 20
       changed_when: false
   always:
     - name: Save logs of k3s-init.service
@@ -84,7 +84,7 @@
       when: log_destination
       vars:
         log_destination: >-
-          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=False) }}
+          {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=True) }}
     - name: Kill the temporary service used for initialization
       systemd:
         name: k3s-init

roles/k3s/provision/cloud-init/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Configure cloud-init - IP
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ipconfig0 ip="{{ k3s_vm_host }}"/21,gw=10.0.0.1
+
+- name: Configure cloud-init - User
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --ciuser "root"
+
+- name: Configure cloud-init - Password
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --cipassword "{{ ansible_ssh_pass }}"
+
+- name: Copy SSH Pub key
+  ansible.builtin.copy:
+    src: ~/.ssh/id_rsa.pub
+    dest: /tmp/ansible_controller-key.pub
+    mode: 0600
+
+- name: Configure cloud-init - SSH Key
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --sshkey /tmp/ansible_controller-key.pub
+
+- name: Configure networking
+  ansible.builtin.command: qm set "{{ k3s_vmid }}" --net0 virtio={{ k3s_mac_addr }},bridge=vmbr0

roles/k3s/provision/create/tasks/main.yml

@@ -1,27 +1,51 @@
 ---
 - name: Create containers
-  community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
-    node: "{{ item }}"
+  # community.general.proxmox:
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   node: "{{ item }}"
+  #   api_user: root@pam
+  #   api_password: "{{ proxmox_api_password }}"
+  #   api_host: 10.0.2.2
+  #   password: "{{ lxc_password }}"
+  #   hostname: "{{ hostvars[item]['k3s_hostname'] }}"
+  #   ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
+  #   netif: "{'net0':'name=eth0,\
+  #     gw=10.0.0.1,\
+  #     ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\
+  #     hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\
+  #     bridge=vmbr0'}"
+  #   cores: "{{ hostvars[item]['k3s_cores'] }}"
+  #   memory: "{{ hostvars[item]['k3s_memory'] }}"
+  #   unprivileged: no
+  #   swap: 0
+  #   searchdomain: "home"
+  #   onboot: 1
+  #   features:
+  #     - nesting=1
+  #   disk: local-lvm:{{ hostvars[item]['k3s_disk'] }}
+  #   force: yes
+  # loop: "{{ groups['k3s_hosts'] }}"
+  proxmox_kvm:
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
+    newid: "{{ hostvars[item]['k3s_vmid'] }}"
+    clone: debian-10-openstack-amd64
+    vmid: "{{ hostvars[item]['k3s_template_id'] }}"
+    timeout: 900
+  loop: "{{ groups['k3s_hosts'] }}"
+
+- name: Update VMs
+  proxmox_kvm:
     api_user: root@pam
     api_password: "{{ proxmox_api_password }}"
     api_host: 10.0.2.2
-    password: "{{ lxc_password }}"
-    hostname: "{{ hostvars[item]['k3s_hostname'] }}"
-    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
-    netif: "{'net0':'name=eth0,\
-      gw=10.0.0.1,\
-      ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\
-      hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\
-      bridge=vmbr0'}"
-    cores: "{{ hostvars[item]['k3s_cores'] }}"
     memory: "{{ hostvars[item]['k3s_memory'] }}"
-    unprivileged: no
-    swap: 0
-    searchdomain: "home"
-    onboot: 1
-    features:
-      - nesting=1
-    disk: local-lvm:{{ hostvars[item]['k3s_disk'] }}
-    force: yes
-  loop: "{{ groups['baremetal'] }}"
+    cores: "{{ hostvars[item]['k3s_cores'] }}"
+    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+    node: "{{ item }}"
+    update: yes
+    agent: yes
+  loop: "{{ groups['k3s_hosts'] }}"

roles/k3s/provision/delete/tasks/main.yml

@@ -1,29 +1,44 @@
 ---
 - name: Stop containers
-  community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # community.general.proxmox:
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   api_user: root@pam
+  #   api_password: "{{ proxmox_api_password }}"
+  #   api_host: 10.0.2.2
+  #   state: stopped
+  proxmox_kvm:
     api_user: root@pam
     api_password: "{{ proxmox_api_password }}"
     api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
     state: stopped
-  loop: "{{ groups['baremetal'] }}"
+    timeout: 240
+  loop: "{{ groups['k3s_hosts'] }}"
   ignore_errors: true
-  timeout: 90
 
 - name: Remove containers
-  community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # community.general.proxmox:
+  # vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # api_user: root@pam
+  # api_password: "{{ proxmox_api_password }}"
+  # api_host: "{{ hostvars[item]['ip_addr'] }}"
+  # state: absent
+  proxmox_kvm:
     api_user: root@pam
     api_password: "{{ proxmox_api_password }}"
-    api_host: "{{ hostvars[item]['ip_addr'] }}"
+    api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
     state: absent
-  loop: "{{ groups['baremetal'] }}"
+    timeout: 90
+  loop: "{{ groups['k3s_hosts'] }}"
   ignore_errors: true
-  timeout: 90
 
 - name: Remove .ssh/known_hosts lines
   ansible.builtin.lineinfile:
     path: /Users/lino.silva/.ssh/known_hosts
     state: absent
-    regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}'
-  loop: "{{ groups['baremetal'] }}"
+    # regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}'
+    regexp: '^{{ hostvars[item]["k3s_vm_host"] }}'
+  loop: "{{ groups['k3s_hosts'] }}"

roles/k3s/provision/pre/tasks/main.yml

@@ -1,4 +1,11 @@
 ---
+# - name: Move storage to local_lvm
+#   ansible.builtin.command: qm disk move "{{ k3s_vmid }}" scsi0 local-lvm
+#   ignore_errors: true
+
+# - name: Resize storage
+#   ansible.builtin.command: qm disk resize "{{ k3s_vmid }}" scsi0 +"{{ k3s_disk }}G"
+
 - name: Allow ipv4 forwarding
   ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1"
 

roles/k3s/provision/start/tasks/main.yml

@@ -1,9 +1,16 @@
 ---
 - name: Start deployments
-  community.general.proxmox:
-    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  # community.general.proxmox:
+  #   vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+  #   api_user: root@pam
+  #   api_password: "{{ proxmox_api_password }}"
+  #   api_host: 10.0.2.2
+  #   state: started
+  community.general.cloud.misc.proxmox_kvm:
     api_user: root@pam
     api_password: "{{ proxmox_api_password }}"
     api_host: 10.0.2.2
+    name: "{{ hostvars[item]['k3s_hostname'] }}"
+    node: "{{ item }}"
     state: started
-  loop: "{{ groups['baremetal'] }}"
+  loop: "{{ groups['k3s_hosts'] }}"

roles/longhorn/tasks/main.yml

@@ -1,9 +1,4 @@
 ---
-- name: Add longhorn dependencies
-  apt:
-    name: nfs-common open-iscsi util-linux
-    state: present
-
 - name: Add longhorn helm repo
   kubernetes.core.helm_repository:
     name: longhorn

roles/pihole/provision/create/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+- name: Create Piholes
+  community.general.proxmox:
+    vmid: "{{ hostvars[item]['vmid'] }}"
+    node: "{{ hostvars[item]['node'] }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    password: "{{ lxc_password }}"
+    hostname: "{{ item }}"
+    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
+    netif: "{'net0':'name=eth0,\
+      gw=10.0.0.1,\
+      ip={{ hostvars[item]['ansible_host'] }}/21,\
+      hwaddr={{ hostvars[item]['mac_addr'] }},\
+      bridge=vmbr0'}"
+    cores: 1
+    memory: 2048
+    unprivileged: no
+    swap: 512
+    searchdomain: "home"
+    onboot: 1
+    disk: local-lvm:8
+    force: yes
+  loop: "{{ groups['pihole'] }}"

roles/pihole/provision/delete/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+- name: Stop containers
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: stopped
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove containers
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: absent
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove .ssh/known_hosts lines
+  ansible.builtin.lineinfile:
+    path: /Users/lino.silva/.ssh/known_hosts
+    state: absent
+    regexp: "^{{ ansible_host }}"

roles/pihole/provision/enable-ssh/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
+
+- name: Allow SSH into LXC
+  ansible.builtin.command: lxc-attach -n "{{ vmid }}" -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
+
+- name: Restart SSH Service
+  ansible.builtin.command: lxc-attach -n "{{ vmid }}" service ssh restart

roles/pihole/provision/pre/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Allow ipv4 forwarding
+  ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1"
+
+- name: Allow ipv6 forwarding
+  ansible.builtin.shell: "sysctl net.ipv6.conf.all.forwarding=1"
+
+- name: Uncomment ipv4 forward line on /etc/sysctl.conf
+  ansible.builtin.shell: "sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf"
+
+- name: Uncomment ipv6 forward line on /etc/sysctl.conf
+  ansible.builtin.shell: "sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf"

roles/pihole/provision/start/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Start deployments
+  community.general.proxmox:
+    vmid: "{{ hostvars[item]['k3s_vmid'] }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: started
+  loop: "{{ groups['baremetal'] }}"

roles/prereq/tasks/main.yml

@@ -1,30 +1,62 @@
 ---
+- name: Run the equivalent of "apt-get update" as a separate step
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: Upgrade the OS (apt-get dist-upgrade)
+  ansible.builtin.apt:
+    upgrade: full
+
+- name: Install QMEU Guest Agent
+  ansible.builtin.apt:
+    name: qemu-guest-agent
+    update_cache: yes
+    state: present
+
+- name: Install NFS-Common
+  ansible.builtin.apt:
+    name: nfs-common
+    update_cache: yes
+    state: present
+
+- name: Install open-iscsi
+  ansible.builtin.apt:
+    name: open-iscsi
+    update_cache: yes
+    state: present
+
+- name: Install util-linux
+  ansible.builtin.apt:
+    name: util-linux
+    update_cache: yes
+    state: present
+
 - name: Set same timezone on every Server
-  timezone:
+  community.general.system.timezone:
     name: "{{ system_timezone }}"
   when: (system_timezone is defined) and (system_timezone != "Your/Timezone")
 
 - name: Set SELinux to disabled state
-  selinux:
+  ansible.posix.selinux:
     state: disabled
   when: ansible_os_family == "RedHat"
 
 - name: Enable IPv4 forwarding
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv4.ip_forward
     value: "1"
     state: present
     reload: yes
 
 - name: Enable IPv6 forwarding
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv6.conf.all.forwarding
     value: "1"
     state: present
     reload: yes
 
 - name: Enable IPv6 router advertisements
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv6.conf.all.accept_ra
     value: "2"
     state: present
@@ -35,16 +67,25 @@
     content: "br_netfilter"
     dest: /etc/modules-load.d/br_netfilter.conf
     mode: "u=rw,g=,o="
-  when: ansible_os_family == "RedHat"
 
 - name: Load br_netfilter
-  modprobe:
+  community.general.system.modprobe:
     name: br_netfilter
     state: present
-  when: ansible_os_family == "RedHat"
+
+- name: Add overlay to /etc/modules-load.d/
+  copy:
+    content: "overlay"
+    dest: /etc/modules-load.d/overlay.conf
+    mode: "u=rw,g=,o="
+
+- name: Load overlay
+  community.general.system.modprobe:
+    name: overlay
+    state: present
 
 - name: Set bridge-nf-call-iptables (just to be sure)
-  sysctl:
+  ansible.posix.sysctl:
     name: "{{ item }}"
     value: "1"
     state: present

site.yml

@@ -1,96 +0,0 @@
----
-# - hosts: localhost
-#   gather_facts: no
-#   become: yes
-#   roles:
-#     - role: k3s/provision/delete
-
-# - hosts: localhost
-#   gather_facts: now
-#   become: yes
-#   roles:
-#     - role: k3s/provision/create
-
-# - hosts: baremetal
-#   gather_facts: yes
-#   become: yes
-#   roles:
-#     - role: k3s/provision/pre
-#     - role: k3s/provision/cgroup
-
-# - hosts: localhost
-#   gather_facts: no
-#   become: yes
-#   roles:
-#     - role: k3s/provision/start
-
-# - hosts: baremetal
-#   gather_facts: yes
-#   become: yes
-#   roles:
-#     - role: k3s/provision/enable-ssh
-
-# - hosts: k3s_cluster
-#   gather_facts: yes
-#   become: yes
-#   roles:
-#     - role: prereq
-#     - role: download
-
-# - hosts: master
-#   become: yes
-#   roles:
-#     - role: k3s/master
-
-# - hosts: node
-#   become: yes
-#   roles:
-#     - role: k3s/node
-
-# - hosts: master
-#   become: yes
-#   roles:
-#     - role: k3s/post
-
-# - hosts: master
-#   become: yes
-#   roles:
-#     - role: k3s/copy-config
-
-# - hosts: localhost
-#   become: yes
-#   roles:
-#     - role: longhorn
-#     - role: traefik
-#     - role: nginx
-#     - role: cert-manager
-#     - role: authelia
-#     - role: redis
-
-- hosts: localhost
-  become: yes
-  roles:
-    - role: frigate/provision/delete
-    - role: frigate/provision/create
-
-- hosts: epona
-  become: yes
-  roles:
-    - role: frigate/provision/cgroup
-
-- hosts: localhost
-  become: yes
-  roles:
-    - role: frigate/provision/start
-
-- hosts: epona
-  become: yes
-  roles:
-    - role: frigate/provision/enable-ssh
-
-- hosts: frigate
-  become: yes
-  roles:
-    - role: frigate/update
-    - role: frigate/install-docker
-    - role: frigate/install-app