deploy-crunchbits.yml

# Install tailscale on all public IPs
- hosts: public_hosts
  become: yes
  roles:
  # disabled tailscale, it was causing problems
  # - role: artis3n.tailscale
  #   vars:
  #     # Example pulling the API key from the env vars on the host running Ansible
  #     tailscale_authkey: "{{ tailscale_key }}"
  #     tailscale_args: "--accept-dns=false" # don't want tailscale messing up our kube dns

# Perform OS actions
- hosts: k3s_agents,k3s_servers
  gather_facts: yes
  become: yes

  tasks: 
  - { import_role: { name: node-crunchbits }, tags: [ node-crunchbits ] }

# Deploy k3s
- hosts: k3s_servers
  become: yes

  vars:
      local_home: "{{ lookup('env','HOME') }}"
      haproxy_k8s_backends: |
            {% for master in groups["k3s_servers"] %}
            server k8s-api-{{ hostvars[master]["inventory_hostname_short"]}} {{ hostvars[master]["cluster_ip"] }}:6443 check
            {% endfor %} 

  tasks:

  - name: set host architecture
    set_fact:
      host_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else 'arm64' if ansible_architecture == 'aarch64' else ansible_architecture }}"
    tags: always

  - { import_role: { name: keepalived }, tags: [ keepalived ] }
  - { import_role: { name: haproxy }, tags: [ haproxy ] }
  - { import_role: { name: k3s-server-experiment }, tags: [ k3s-server-experiment ] }  
  - { import_role: { name: controller }, tags: [ controller ] }
  - { import_role: { name: cilium-pre-flux }, tags: [ cilium-pre-flux ] }    
  - { import_role: { name: sealed-secrets }, tags: [ sealed-secrets ] }  
  - { import_role: { name: flux }, tags: [ flux ] }
  # - { import_role: { name: authentik }, tags: [ authentik ] }

# Now install workers
- hosts: k3s_agents
  gather_facts: yes
  become: yes

  tasks: 
  - { import_role: { name: k3s-agent }, tags: [ k3s-agent ] }