good start

ansible.cfg

@@ -0,0 +1,5 @@
+# Add roles directory
+[defaults]
+inventory = ./inventory/hosts
+roles_path = ./roles
+

inventory/hosts

@@ -0,0 +1,20 @@
+[proxy]
+klustermaster
+
+
+[raspberry]
+localhost
+192.168.1.124
+
+[raspberry:vars]
+ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q klustermaster"'
+
+[fedora-server]
+localhost
+192.168.1.124
+
+[fedora-server:vars]
+ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q klustermaster"'
+
+[proxmox]
+

plays/fedora-k3s-server-setup.yml

@@ -0,0 +1,15 @@
+- name: Customization and hardening of fresh fedora install running on a VM
+  hosts: fedora-server
+  become: yes
+  user: pi
+  
+  vars_prompt:
+    - name: "k3s_token"
+      prompt: "Enter k3s token"
+      private: yes
+  
+  roles:
+    # - role: ssh-key-copy
+    # - role: fail2ban
+    - role: k3s-ha
+      # k3s_token: "{{ k3s_token }}"

plays/raspberry-setup.yml

@@ -0,0 +1,7 @@
+- name: Basic setup with general nice-to-haves of a fresh raspberry-pi os install
+  hosts: raspberry
+  become: yes
+  user: pi
+  roles:
+    - role: ssh-key-copy
+    - role: raspberry

roles/fedora-vm-setup/tasks/main.yml

@@ -0,0 +1,25 @@
+- mame: Proxmox VM provisioning
+  community.general.proxmox_kvm:
+    api_host: "{{ proxmox_host }}"
+    api_user: "{{ proxmox_user }}"
+    api_token: "{{ proxmox_token }}"
+    node: "{{ proxmox_node }}"
+    name: "{{ item }}"
+    cores: 6
+    # 2 * 6 = 12 -> leaving 4 cores for OMV + hypervisor itself
+    net:
+      net0: 'virtio,bridge=vmbr1,rate=200'
+      net1: 'e1000,bridge=vmbr2'
+      # TODO check me!
+    sshkeys: "{{ lookup('file', '~/.ssh/default.pub') }}"
+    ipconfig:
+      ipconfig0: 'ip=10.0.0.1/24'
+    sata:
+      sata0: 'VMs_LVM:10,format=raw'
+    # automatically boot from fedora iso:
+    boot: cdn
+    # first try dist, then cdrom
+    cdrom: fedora_37_server_x86-64.iso
+  loop:
+    - fedora-node-1
+    - fedora-node-2

roles/k3s-ha/tasks/main.yml

@@ -0,0 +1,13 @@
+- name: Download k3s install script
+  get_url:
+    url: https://get.k3s.io
+    dest: /tmp/install-k3s.sh
+    mode: 0755
+
+- name: Create k3s config file
+  template:
+    src: ../templates/config.yml.j2
+    dest: /tmp/config.yml
+
+- name: Execute k3s install script providing a config.yml
+  shell: /tmp/install-k3s.sh --config /tmp/config.yml server

roles/k3s-ha/templates/config.yml.j2

@@ -0,0 +1,7 @@
+disable:
+    - traefik
+    - servicelb
+
+cluster-init: "{{ inventory_hostname == groups['fedora-server'][0] }}"
+server: "{{ groups['fedora-server'][0] }}"
+token: {{ k3s_token }}

roles/raspberry/tasks/main.yml

@@ -0,0 +1,2 @@
+- name: update
+  include_tasks: update.yml

roles/raspberry/tasks/update.yml

@@ -0,0 +1,7 @@
+- name: Update all installed packages
+  become: yes
+  apt:
+    update_cache: yes
+    name: '*'
+    state: latest
+  

roles/ssh-key-copy/tasks/copy.yml

@@ -0,0 +1,7 @@
+- name: add ssh keys
+  ansible.posix.authorized_key:
+    user: "{{ ansible_user }}"
+    state: present
+    # copy file present on the controller to the remote host
+    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
+    key: "{{ lookup('file', '~/.ssh/default.pub') }}"

roles/ssh-key-copy/tasks/main.yml

@@ -0,0 +1,2 @@
+- name: copy
+  include_tasks: copy.yml