From 11bda1cc7b1445a9da654788e5407f45f1e2d4f7 Mon Sep 17 00:00:00 2001
From: Remy Moll <me@moll.re>
Date: Wed, 26 Apr 2023 15:34:45 +0200
Subject: [PATCH] good start

---
 ansible.cfg                          |  5 +++++
 inventory/hosts                      | 20 ++++++++++++++++++++
 plays/fedora-k3s-server-setup.yml    | 15 +++++++++++++++
 plays/raspberry-setup.yml            |  7 +++++++
 roles/fedora-vm-setup/tasks/main.yml | 25 +++++++++++++++++++++++++
 roles/k3s-ha/tasks/install.yml       |  0
 roles/k3s-ha/tasks/main.yml          | 13 +++++++++++++
 roles/k3s-ha/templates/config.yml.j2 |  7 +++++++
 roles/raspberry/tasks/main.yml       |  2 ++
 roles/raspberry/tasks/update.yml     |  7 +++++++
 roles/ssh-key-copy/tasks/copy.yml    |  7 +++++++
 roles/ssh-key-copy/tasks/main.yml    |  2 ++
 12 files changed, 110 insertions(+)
 create mode 100644 ansible.cfg
 create mode 100644 inventory/hosts
 create mode 100644 plays/fedora-k3s-server-setup.yml
 create mode 100644 plays/raspberry-setup.yml
 create mode 100644 roles/fedora-vm-setup/tasks/main.yml
 create mode 100644 roles/k3s-ha/tasks/install.yml
 create mode 100644 roles/k3s-ha/tasks/main.yml
 create mode 100644 roles/k3s-ha/templates/config.yml.j2
 create mode 100644 roles/raspberry/tasks/main.yml
 create mode 100644 roles/raspberry/tasks/update.yml
 create mode 100644 roles/ssh-key-copy/tasks/copy.yml
 create mode 100644 roles/ssh-key-copy/tasks/main.yml

diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..2821f61
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,5 @@
+# Add roles directory
+[defaults]
+inventory = ./inventory/hosts
+roles_path = ./roles
+
diff --git a/inventory/hosts b/inventory/hosts
new file mode 100644
index 0000000..ef287a2
--- /dev/null
+++ b/inventory/hosts
@@ -0,0 +1,20 @@
+[proxy]
+klustermaster
+
+
+[raspberry]
+localhost
+192.168.1.124
+
+[raspberry:vars]
+ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q klustermaster"'
+
+[fedora-server]
+localhost
+192.168.1.124
+
+[fedora-server:vars]
+ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q klustermaster"'
+
+[proxmox]
+
diff --git a/plays/fedora-k3s-server-setup.yml b/plays/fedora-k3s-server-setup.yml
new file mode 100644
index 0000000..9740a12
--- /dev/null
+++ b/plays/fedora-k3s-server-setup.yml
@@ -0,0 +1,15 @@
+- name: Customization and hardening of fresh fedora install running on a VM
+  hosts: fedora-server
+  become: yes
+  user: pi
+  
+  vars_prompt:
+    - name: "k3s_token"
+      prompt: "Enter k3s token"
+      private: yes
+  
+  roles:
+    # - role: ssh-key-copy
+    # - role: fail2ban
+    - role: k3s-ha
+      # k3s_token: "{{ k3s_token }}"
\ No newline at end of file
diff --git a/plays/raspberry-setup.yml b/plays/raspberry-setup.yml
new file mode 100644
index 0000000..b64f3d0
--- /dev/null
+++ b/plays/raspberry-setup.yml
@@ -0,0 +1,7 @@
+- name: Basic setup with general nice-to-haves of a fresh raspberry-pi os install
+  hosts: raspberry
+  become: yes
+  user: pi
+  roles:
+    - role: ssh-key-copy
+    - role: raspberry
\ No newline at end of file
diff --git a/roles/fedora-vm-setup/tasks/main.yml b/roles/fedora-vm-setup/tasks/main.yml
new file mode 100644
index 0000000..09162f5
--- /dev/null
+++ b/roles/fedora-vm-setup/tasks/main.yml
@@ -0,0 +1,25 @@
+- mame: Proxmox VM provisioning
+  community.general.proxmox_kvm:
+    api_host: "{{ proxmox_host }}"
+    api_user: "{{ proxmox_user }}"
+    api_token: "{{ proxmox_token }}"
+    node: "{{ proxmox_node }}"
+    name: "{{ item }}"
+    cores: 6
+    # 2 * 6 = 12 -> leaving 4 cores for OMV + hypervisor itself
+    net:
+      net0: 'virtio,bridge=vmbr1,rate=200'
+      net1: 'e1000,bridge=vmbr2'
+      # TODO check me!
+    sshkeys: "{{ lookup('file', '~/.ssh/default.pub') }}"
+    ipconfig:
+      ipconfig0: 'ip=10.0.0.1/24'
+    sata:
+      sata0: 'VMs_LVM:10,format=raw'
+    # automatically boot from fedora iso:
+    boot: cdn
+    # first try dist, then cdrom
+    cdrom: fedora_37_server_x86-64.iso
+  loop:
+    - fedora-node-1
+    - fedora-node-2
\ No newline at end of file
diff --git a/roles/k3s-ha/tasks/install.yml b/roles/k3s-ha/tasks/install.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/k3s-ha/tasks/main.yml b/roles/k3s-ha/tasks/main.yml
new file mode 100644
index 0000000..b33a621
--- /dev/null
+++ b/roles/k3s-ha/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: Download k3s install script
+  get_url:
+    url: https://get.k3s.io
+    dest: /tmp/install-k3s.sh
+    mode: 0755
+
+- name: Create k3s config file
+  template:
+    src: ../templates/config.yml.j2
+    dest: /tmp/config.yml
+
+- name: Execute k3s install script providing a config.yml
+  shell: /tmp/install-k3s.sh --config /tmp/config.yml server
diff --git a/roles/k3s-ha/templates/config.yml.j2 b/roles/k3s-ha/templates/config.yml.j2
new file mode 100644
index 0000000..47c0c43
--- /dev/null
+++ b/roles/k3s-ha/templates/config.yml.j2
@@ -0,0 +1,7 @@
+disable:
+    - traefik
+    - servicelb
+
+cluster-init: "{{ inventory_hostname == groups['fedora-server'][0] }}"
+server: "{{ groups['fedora-server'][0] }}"
+token: {{ k3s_token }}
diff --git a/roles/raspberry/tasks/main.yml b/roles/raspberry/tasks/main.yml
new file mode 100644
index 0000000..cee30aa
--- /dev/null
+++ b/roles/raspberry/tasks/main.yml
@@ -0,0 +1,2 @@
+- name: update
+  include_tasks: update.yml
\ No newline at end of file
diff --git a/roles/raspberry/tasks/update.yml b/roles/raspberry/tasks/update.yml
new file mode 100644
index 0000000..feb3766
--- /dev/null
+++ b/roles/raspberry/tasks/update.yml
@@ -0,0 +1,7 @@
+- name: Update all installed packages
+  become: yes
+  apt:
+    update_cache: yes
+    name: '*'
+    state: latest
+  
diff --git a/roles/ssh-key-copy/tasks/copy.yml b/roles/ssh-key-copy/tasks/copy.yml
new file mode 100644
index 0000000..146aff0
--- /dev/null
+++ b/roles/ssh-key-copy/tasks/copy.yml
@@ -0,0 +1,7 @@
+- name: add ssh keys
+  ansible.posix.authorized_key:
+    user: "{{ ansible_user }}"
+    state: present
+    # copy file present on the controller to the remote host
+    # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
+    key: "{{ lookup('file', '~/.ssh/default.pub') }}"
diff --git a/roles/ssh-key-copy/tasks/main.yml b/roles/ssh-key-copy/tasks/main.yml
new file mode 100644
index 0000000..c4c46a4
--- /dev/null
+++ b/roles/ssh-key-copy/tasks/main.yml
@@ -0,0 +1,2 @@
+- name: copy
+  include_tasks: copy.yml
\ No newline at end of file