Homelab/snippets/cloud-init-etcd-witness.yaml

package_upgrade: true
packages:
  - ansible
  - git
  - curl
  - wget
  - ca-certificates
  - gnupg
  - lsb-release
users:
  - name: ansible
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash
    ssh_authorized_keys:
      - YOUR_SSH_PUBLIC_KEY
    groups: sudo
timezone: Europe/Paris
write_files:
  - path: /etc/node-role
    content: witness
    permissions: "0644"
  - path: /etc/ansible-pull.conf
    content: |
      REPO_URL=YOUR_FORGEJO_REPO_URL
      FORGEJO_TOKEN=YOUR_FORGEJO_TOKEN
      K3S_VERSION=v1.28.5+k3s1
      K3S_TOKEN=YOUR_K3S_TOKEN
    permissions: "0600"
  - path: /usr/local/bin/ansible-pull-wrapper.sh
    content: |
      #!/bin/bash
      set -e
      source /etc/ansible-pull.conf
      export K3S_TOKEN
      export FORGEJO_TOKEN
      export REPO_URL
      WORK_DIR="/var/lib/ansible-local"
      mkdir -p $WORK_DIR
      cd $WORK_DIR
      REPO_WITH_AUTH=$(echo $REPO_URL | sed "s|https://|https://git:$FORGEJO_TOKEN@|")
      if [ -d ".git" ]; then
        git pull origin main 2>&1 | logger -t ansible-pull
      else
        git clone $REPO_WITH_AUTH . 2>&1 | logger -t ansible-pull
      fi
      ansible-playbook ansible/site.yml -i localhost, --connection=local -e "k3s_version=$K3S_VERSION" 2>&1 | logger -t ansible-pull
    permissions: "0755"
runcmd:
  - echo '*/15 * * * * root /usr/local/bin/ansible-pull-wrapper.sh' > /etc/cron.d/ansible-pull
  - sleep 60 && /usr/local/bin/ansible-pull-wrapper.sh &
Ajout snippets cloud-init 2025-12-09 13:44:57 +01:00			`package_upgrade: true`
			`packages:`
			`- ansible`
			`- git`
			`- curl`
			`- wget`
			`- ca-certificates`
			`- gnupg`
			`- lsb-release`
			`users:`
			`- name: ansible`
			`sudo: ALL=(ALL) NOPASSWD:ALL`
			`shell: /bin/bash`
			`ssh_authorized_keys:`
			`- YOUR_SSH_PUBLIC_KEY`
			`groups: sudo`
			`timezone: Europe/Paris`
			`write_files:`
			`- path: /etc/node-role`
			`content: witness`
			`permissions: "0644"`
			`- path: /etc/ansible-pull.conf`
			`content: \|`
			`REPO_URL=YOUR_FORGEJO_REPO_URL`
			`FORGEJO_TOKEN=YOUR_FORGEJO_TOKEN`
			`K3S_VERSION=v1.28.5+k3s1`
			`K3S_TOKEN=YOUR_K3S_TOKEN`
			`permissions: "0600"`
			`- path: /usr/local/bin/ansible-pull-wrapper.sh`
			`content: \|`
			`#!/bin/bash`
			`set -e`
			`source /etc/ansible-pull.conf`
			`export K3S_TOKEN`
			`export FORGEJO_TOKEN`
			`export REPO_URL`
			`WORK_DIR="/var/lib/ansible-local"`
			`mkdir -p $WORK_DIR`
			`cd $WORK_DIR`
			`REPO_WITH_AUTH=$(echo $REPO_URL \| sed "s\|https://\|https://git:$FORGEJO_TOKEN@\|")`
			`if [ -d ".git" ]; then`
			`git pull origin main 2>&1 \| logger -t ansible-pull`
			`else`
			`git clone $REPO_WITH_AUTH . 2>&1 \| logger -t ansible-pull`
			`fi`
			`ansible-playbook ansible/site.yml -i localhost, --connection=local -e "k3s_version=$K3S_VERSION" 2>&1 \| logger -t ansible-pull`
			`permissions: "0755"`
			`runcmd:`
			`- echo '/15 * * * root /usr/local/bin/ansible-pull-wrapper.sh' > /etc/cron.d/ansible-pull`
			`- sleep 60 && /usr/local/bin/ansible-pull-wrapper.sh &`