---
k3s_version: v1.24.6+k3s1
# this is the user that has ssh access to these machines
ansible_user: lino
systemd_dir: /etc/systemd/system

# Set your timezone
system_timezone: "Europe/Lisbon"

# interface which will be used for flannel
flannel_iface: "eth0"

# apiserver_endpoint is virtual ip-address which will be configured on each master
apiserver_endpoint: "10.0.3.1"

# k3s_token is required  masters can talk together securely
# this token should be alpha numeric only
k3s_token: "7qXiuKpSY9uLwdVSNSnEF5RkttoERixCpc2EVJW7vh7Ws4NMN3"

# The IP on which the node is reachable in the cluster.
# Here, a sensible default is provided, you can still override
# it for each of your hosts, though.
k3s_node_ip: '{{ ansible_facts[flannel_iface]["ipv4"]["address"] }}'

# Disable the taint manually by setting: k3s_master_taint = false
k3s_master_taint: false

# these arguments are recommended for servers as well as agents:
extra_args: >-
  --flannel-iface={{ flannel_iface }}
  --node-ip={{ k3s_node_ip }}

# change these to your liking, the only required are: --disable servicelb, --tls-san {{ apiserver_endpoint }}
extra_server_args: >-
  {{ extra_args }}
  {{ '--node-taint node-role.kubernetes.io/master=true:NoSchedule' if k3s_master_taint else '' }}
  --tls-san {{ apiserver_endpoint }}
  --disable servicelb
  --disable traefik
extra_agent_args: >-
  {{ extra_args }}

# image tag for kube-vip
kube_vip_tag_version: "v0.5.5"

# image tag for metal lb
metal_lb_speaker_tag_version: "v0.13.6"
metal_lb_controller_tag_version: "v0.13.6"

# metallb ip range for load balancer
metal_lb_ip_range: "10.0.4.1-10.0.4.254"

lxc_password: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  38303735306236303463613632623161643633663631303931396564346565666236643562316264
  6533643331306364653564653763356537303932313531350a393261643137636232616335376461
  66383966333765626539363561613361393665616333303964373761356166623766663232303063
  3138353333373935660a383230393330646538303933336366383736643333623663333934663131
  3064

proxmox_api_password: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  35376334616332386130656335663736343337396532663266383934643632363664646631653935
  6533343936353734343761343465646365616130643130360a316234333036303738663566666364
  61653638373830383733323563373862346662363339656632643661336533363162616435616531
  6331326462356366320a303331616366356333306638386130666538633833623162653934616338
  3566

traefik_http_auth_user: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  38323532616336373939646333613338626431363466633631343162636235623563393135653231
  3961383965356631613164303566393632323938386664360a373037616335643662613564353130
  30353832376431633834336234386161313062373437613132623733646166303639313364373637
  3933626639646536320a303163353835633837356530613931346165353939363235373561333836
  39366266303064393334383835323330353934643862323330343337393761353166393333376131
  33303439393531303031653361393530313930363039646566613831373366326432653634653165
  313735383263623836363030386531613033

cloudflare_api_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  38363363386466666266613930386237623430646531303734613863306530666530376433633339
  3166373361393839363439326661396136616637393865630a666637366132643035343832666335
  33376139643533313730313135653064393239316162376339653965313366643565643664666534
  6631393564333230370a303634643030346166383235643666356164393232643832333238313664
  38346161306138653735303861646638653830633938326566663136393862643264353437623963
  3462616435653132623563316231343739333761653365333437