---
# Main playbook for K3s GitOps infrastructure
# This playbook is executed by ansible-pull on each VM

- name: Configure K3s Infrastructure
  hosts: localhost
  connection: local
  become: true

  vars:
    # Read node role from file created by cloud-init
    node_role: "{{ lookup('file', '/etc/node-role', errors='ignore') | default('undefined') }}"

  pre_tasks:
    - name: Display node information
      debug:
        msg: "Configuring node {{ ansible_hostname }} with role {{ node_role }}"

    - name: Validate node role
      assert:
        that:
          - node_role in ['server', 'witness']
        fail_msg: "Invalid node role: {{ node_role }}. Expected 'server' or 'witness'"

    - name: Update apt cache
      apt:
        update_cache: yes
        cache_valid_time: 3600

  roles:
    # Common role applies to all nodes
    - role: common

    # K3s server role (server + worker)
    - role: k3s-server
      when: node_role == 'server'

    # etcd witness role (etcd only, no k8s workloads)
    - role: etcd-witness
      when: node_role == 'witness'

  post_tasks:
    - name: Display completion message
      debug:
        msg: "Configuration complete for {{ ansible_hostname }} ({{ node_role }})"