95 lines
1.8 KiB
YAML
95 lines
1.8 KiB
YAML
---
|
|
# Common configuration for all nodes
|
|
|
|
- name: Set timezone
|
|
timezone:
|
|
name: "{{ timezone }}"
|
|
|
|
- name: Install common packages
|
|
apt:
|
|
name: "{{ common_packages }}"
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Disable swap
|
|
shell: |
|
|
swapoff -a
|
|
sed -i '/swap/d' /etc/fstab
|
|
when: not swap_enabled
|
|
changed_when: false
|
|
|
|
- name: Load kernel modules
|
|
modprobe:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- overlay
|
|
- br_netfilter
|
|
|
|
- name: Configure kernel modules to load at boot
|
|
copy:
|
|
dest: /etc/modules-load.d/k3s.conf
|
|
content: |
|
|
overlay
|
|
br_netfilter
|
|
mode: '0644'
|
|
|
|
- name: Configure sysctl parameters
|
|
sysctl:
|
|
name: "{{ item.key }}"
|
|
value: "{{ item.value }}"
|
|
state: present
|
|
reload: yes
|
|
sysctl_file: /etc/sysctl.d/99-k3s.conf
|
|
loop: "{{ sysctl_config | dict2items }}"
|
|
|
|
- name: Configure unattended-upgrades
|
|
include_tasks: unattended-upgrades.yml
|
|
when: unattended_upgrades_enabled
|
|
|
|
- name: Create k3s directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: '0755'
|
|
loop:
|
|
- /etc/rancher/k3s
|
|
- /var/lib/rancher/k3s
|
|
|
|
- name: Configure firewall rules (ufw)
|
|
block:
|
|
- name: Install ufw
|
|
apt:
|
|
name: ufw
|
|
state: present
|
|
|
|
- name: Allow SSH
|
|
ufw:
|
|
rule: allow
|
|
port: '22'
|
|
proto: tcp
|
|
|
|
- name: Allow K3s API
|
|
ufw:
|
|
rule: allow
|
|
port: '6443'
|
|
proto: tcp
|
|
|
|
- name: Allow K3s etcd
|
|
ufw:
|
|
rule: allow
|
|
port: '2379:2380'
|
|
proto: tcp
|
|
|
|
- name: Allow K3s metrics
|
|
ufw:
|
|
rule: allow
|
|
port: '10250'
|
|
proto: tcp
|
|
|
|
- name: Enable ufw
|
|
ufw:
|
|
state: enabled
|
|
policy: deny
|
|
direction: incoming
|
|
when: false # Disabled by default, enable if needed
|