# Cloud-init configuration for K3s Server 2 locals { base_user_data = { package_upgrade = true packages = [ "ansible", "git", "curl", "wget", "ca-certificates", "gnupg", "lsb-release" ] users = [ { name = "ansible" sudo = "ALL=(ALL) NOPASSWD:ALL" shell = "/bin/bash" ssh_authorized_keys = [var.ssh_public_key] groups = "sudo" } ] timezone = "Europe/Paris" } ansible_pull_script = <<-EOT #!/bin/bash set -e source /etc/ansible-pull.conf export K3S_TOKEN export FORGEJO_TOKEN export REPO_URL WORK_DIR="/var/lib/ansible-local" mkdir -p $WORK_DIR cd $WORK_DIR REPO_WITH_AUTH=$(echo $REPO_URL | sed "s|https://|https://git:$FORGEJO_TOKEN@|") if [ -d ".git" ]; then git pull origin main 2>&1 | logger -t ansible-pull else git clone $REPO_WITH_AUTH . 2>&1 | logger -t ansible-pull fi ansible-playbook ansible/site.yml -i localhost, --connection=local -e "k3s_version=$K3S_VERSION" 2>&1 | logger -t ansible-pull EOT k3s_server_user_data = { write_files = [ { path = "/etc/node-role" content = "server" permissions = "0644" }, { path = "/etc/ansible-pull.conf" content = "REPO_URL=${var.forgejo_repo_url}\nFORGEJO_TOKEN=${var.forgejo_token}\nK3S_VERSION=${var.k3s_version}\nK3S_TOKEN=${var.k3s_token}" permissions = "0600" }, { path = "/usr/local/bin/ansible-pull-wrapper.sh" content = local.ansible_pull_script permissions = "0755" } ] runcmd = [ "echo '*/15 * * * * root /usr/local/bin/ansible-pull-wrapper.sh' > /etc/cron.d/ansible-pull", "sleep 60 && /usr/local/bin/ansible-pull-wrapper.sh &" ] } } resource "local_file" "k3s_server_cloud_init" { filename = "${path.module}/.generated/cloud-init-k3s-server-2.yaml" content = yamlencode(merge(local.base_user_data, local.k3s_server_user_data)) }