kryptonian.dev / k8s-cluster
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Move things around and probably break more things.

Skyler Mäntysaari 617df806 eb02b228

+75 -484
+14
.idea/deployment.xml
··· 1 + <?xml version="1.0" encoding="UTF-8"?> 2 + <project version="4"> 3 + <component name="PublishConfigData" remoteFilesAllowedToDisappearOnAutoupload="false"> 4 + <serverData> 5 + <paths name="samip537@lakka.kapsi.fi:22"> 6 + <serverdata> 7 + <mappings> 8 + <mapping local="$PROJECT_DIR$" web="/" /> 9 + </mappings> 10 + </serverdata> 11 + </paths> 12 + </serverData> 13 + </component> 14 + </project>
+53
.taskfiles/Ansible/Taskfile.yaml
··· 1 + --- 2 + # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 + version: "3" 4 + 5 + vars: 6 + PYTHON_BIN: python3 7 + 8 + env: 9 + PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH" 10 + VIRTUAL_ENV: "{{.ROOT_DIR}}/.venv" 11 + ANSIBLE_COLLECTIONS_PATH: "{{.ROOT_DIR}}/.venv/galaxy" 12 + ANSIBLE_ROLES_PATH: "{{.ROOT_DIR}}/.venv/galaxy/ansible_roles" 13 + ANSIBLE_VARS_ENABLED: "host_group_vars,community.sops.sops" 14 + # K8S_AUTH_KUBECONFIG: "{{.ROOT_DIR}}/kubeconfig" 15 + 16 + tasks: 17 + 18 + deps: 19 + desc: Set up Ansible dependencies for the environment 20 + cmds: 21 + - task: .venv 22 + 23 + run: 24 + desc: Run an Ansible playbook for configuring a cluster 25 + summary: | 26 + Args: 27 + cluster: Cluster to run command against (required) 28 + playbook: Playbook to run (required) 29 + prompt: Run Ansible playbook '{{.playbook}}' against the '{{.cluster}}' cluster... continue? 30 + deps: ["deps"] 31 + cmd: | 32 + .venv/bin/ansible-playbook \ 33 + --inventory {{.ANSIBLE_DIR}}/{{.cluster}}/inventory/hosts.yaml \ 34 + {{.ANSIBLE_DIR}}/{{.cluster}}/playbooks/{{.playbook}}.yaml {{.CLI_ARGS}} 35 + preconditions: 36 + - { msg: "Argument (cluster) is required", sh: "test -n {{.cluster}}" } 37 + - { msg: "Argument (playbook) is required", sh: "test -n {{.playbook}}" } 38 + - { msg: "Venv not found", sh: "test -d {{.ROOT_DIR}}/.venv" } 39 + - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_DIR}}/{{.cluster}}/inventory/hosts.yaml" } 40 + - { msg: "Playbook not found", sh: "test -f {{.ANSIBLE_DIR}}/{{.cluster}}/playbooks/{{.playbook}}.yaml" } 41 + 42 + .venv: 43 + internal: true 44 + cmds: 45 + - true && {{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv 46 + - .venv/bin/python3 -m pip install --upgrade pip setuptools wheel 47 + - .venv/bin/python3 -m pip install --upgrade --requirement {{.ANSIBLE_DIR}}/requirements.txt 48 + - .venv/bin/ansible-galaxy install --role-file "{{.ANSIBLE_DIR}}/requirements.yaml" --force 49 + sources: 50 + - "{{.ANSIBLE_DIR}}/requirements.txt" 51 + - "{{.ANSIBLE_DIR}}/requirements.yaml" 52 + generates: 53 + - "{{.ROOT_DIR}}/.venv/pyvenv.cfg"
.taskfiles/externalsecrets/Taskfile.yaml .taskfiles/ExternalSecrets/Taskfile.yaml
.taskfiles/flux/Taskfile.yaml .taskfiles/Flux/Taskfile.yaml
.taskfiles/k8s/Taskfile.yaml .taskfiles/Kubernetes/Taskfile.yaml
+8 -11
Taskfile.yml
··· 6 6 KUBERNETES_DIR: "{{.ROOT_DIR}}/k8s" 7 7 ANSIBLE_DIR: "{{.ROOT_DIR}}provision/ansible" 8 8 9 + env: 10 + KUBECONFIG: "{{.KUBERNETES_DIR}}/k8s/nebula/kubeconfig:{{.KUBERNETES_DIR}}/k8s/media/kubeconfig" 11 + 9 12 includes: 10 - ansible: .taskfiles/AnsibleTasks.yml 11 - flux: 12 - dir: .taskfiles/flux 13 - taskfile: .taskfiles/flux 14 - k8s: 15 - taskfile: .taskfiles/k8s 16 - dir: .taskfiles/k8s 17 - externalsecrets: 18 - taskfile: .taskfiles/externalsecrets 19 - dir: .taskfiles/externalsecrets 20 - volsync: .taskfiles/VolSync/Tasks.yaml 13 + ansible: .taskfiles/Ansible/Taskfile.yaml 14 + external-secrets: .taskfiles/ExternalSecrets/Taskfile.yaml 15 + flux: .taskfiles/Flux/Taskfile.yaml 16 + kubernetes: .taskfiles/Kubernetes/Taskfile.yaml 17 + volsync: .taskfiles/VolSync/Taskfile.yaml 21 18 22 19 tasks: 23 20 default:
-36
provision/ansible-media/ansible.cfg
··· 1 - 2 - [defaults] 3 - # General settings 4 - nocows = True 5 - executable = /bin/bash 6 - stdout_callback = yaml 7 - force_valid_group_names = ignore 8 - # File/Directory settings 9 - log_path = ~/.ansible/ansible.log 10 - inventory = ./inventory 11 - roles_path = ~/.ansible/roles:./roles 12 - collections_path = ~/.ansible/collections 13 - remote_tmp = ~/.ansible/tmp 14 - local_tmp = ~/.ansible/tmp 15 - # Fact Caching settings 16 - fact_caching = jsonfile 17 - fact_caching_connection = ~/.ansible/facts_cache 18 - # SSH settings 19 - remote_port = 22 20 - timeout = 60 21 - host_key_checking = False 22 - # Plugin settings 23 - vars_plugins_enabled = host_group_vars,community.sops.sops 24 - 25 - [inventory] 26 - unparsed_is_failed = true 27 - 28 - [privilege_escalation] 29 - become = True 30 - become_ask = True 31 - [ssh_connection] 32 - scp_if_ssh = smart 33 - retries = 3 34 - ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o Compression=yes -o ServerAliveInterval=15s 35 - pipelining = True 36 - control_path = %(directory)s/%%h-%%r
provision/ansible-media/inventory/group_vars/kubernetes/k3s.yml provision/ansible/media/inventory/group_vars/kubernetes/k3s.yml
provision/ansible-media/inventory/group_vars/master/k3s.yml provision/ansible/media/inventory/group_vars/master/k3s.yml
provision/ansible-media/inventory/group_vars/worker/k3s.yml provision/ansible/media/inventory/group_vars/worker/k3s.yml
provision/ansible-media/inventory/hosts.yml provision/ansible/media/inventory/hosts.yml
provision/ansible-media/playbooks/cluster-reboot.yml provision/ansible/media/playbooks/cluster-reboot.yml
provision/ansible-media/playbooks/k3s-install.yml provision/ansible/media/playbooks/k3s-install.yml
provision/ansible-media/playbooks/k3s-nuke.yaml provision/ansible/media/playbooks/k3s-nuke.yaml
provision/ansible-media/playbooks/ubuntu-prepare.yml provision/ansible/media/playbooks/ubuntu-prepare.yml
provision/ansible-media/playbooks/ubuntu-upgrade.yml provision/ansible/media/playbooks/ubuntu-upgrade.yml
-1
provision/ansible-media/requirements.txt
··· 1 - docker==7.0.0
-13
provision/ansible-media/requirements.yml
··· 1 - --- 2 - roles: 3 - - src: xanmanning.k3s 4 - version: v3.4.3 5 - collections: 6 - - name: community.docker 7 - version: 3.5.0 8 - - name: community.general 9 - version: 8.1.0 10 - - name: community.kubernetes 11 - version: 2.0.1 12 - - name: community.sops 13 - version: 1.6.7
-14
provision/ansible-media/roles/ubuntu/files/cgroup-kill-on-shutdown.service
··· 1 - [Unit] 2 - Description=Kill cgroup procs on shutdown for %i 3 - DefaultDependencies=false 4 - Before=shutdown.target umount.target 5 - [Service] 6 - # Instanced units are not part of system.slice for some reason 7 - # without this, the service isn't started at shutdown 8 - Slice=system.slice 9 - ExecStart=/bin/bash -c 'pids=$(cat /sys/fs/cgroup/system.slice/%i/cgroup.procs); echo $pids | xargs -r kill;' 10 - ExecStart=/bin/sleep 5 11 - ExecStart=/bin/bash -c 'pids=$(cat /sys/fs/cgroup/system.slice/%i/cgroup.procs); echo $pids | xargs -r kill -9;' 12 - Type=oneshot 13 - [Install] 14 - WantedBy=shutdown.target
-1
provision/ansible-media/roles/ubuntu/files/nut/nut.conf
··· 1 - MODE=netclient
-33
provision/ansible-media/roles/ubuntu/files/nut/secrets.sops.yaml
··· 1 - upsmon_slave_user: ENC[AES256_GCM,data:P6yYAQBE4OiIyQ==,iv:PKcMDie6+EKxxNihhgxc/AVmnOm8Wgu+b6HbID1I2cI=,tag:dRLdoSAeCOhlfBMJkdFofA==,type:str] 2 - upsmon_slave_password: ENC[AES256_GCM,data:JePAO04=,iv:8deviBgMfobPoquvI3fArux1gfN0teVcH6CfwmrDmSw=,tag:hf6rdq3O3Jp9hPZ6eZJzQg==,type:str] 3 - sops: 4 - kms: [] 5 - gcp_kms: [] 6 - azure_kv: [] 7 - hc_vault: [] 8 - age: [] 9 - lastmodified: "2022-12-05T08:24:19Z" 10 - mac: ENC[AES256_GCM,data:khy/8kAw16jUJ1MTxsjO1+2p5ObzbQVErAZ8M/Gc2MbAlSYZq6jzk5P39rRhZ/UqvhRpML1TuNOD7n3B8zFHEaCgwK0HPTP2XjU3G57U/Z1xDnjzoMZkiAAepsR5UXDBQ/eYQwm5xttPD0NmolLGOdhluM6HhXXTaqR0FZ2K4hM=,iv:3N2K98IGnf0z9V+ZztTk1PSQg+KWxSlhNVAnzrTGcyw=,tag:uAzc9pHERPZXQ8gaFB+p1A==,type:str] 11 - pgp: 12 - - created_at: "2022-12-05T08:24:18Z" 13 - enc: | 14 - -----BEGIN PGP MESSAGE----- 15 - 16 - hQIMAzGbrIJF3UKrAQ/+PoZSNVfCehRaTwBrAqykJ5vUR5HcQCg/Q+XFSR3dBlTr 17 - iYMBoxPYWgMGA/qit1wGbSqgt652T58qMCBX/Zn5jonS0iTsqh1Q9FnTDIrdxMsz 18 - v83LwLwQwZz1N2J1B+FlGtTXJNG6SNV4ejvUjMxk0AEFNb08te6RV/Z0ihkp1GPN 19 - 0q5QzQs3nw3m6iAQo+h/bJJlpiiGlBxMMVnf+rVXNaxZapRICbSmbSPDYRDSa2yp 20 - pmm9/F7bAtWvTEr3H8RO/Dm7YkINVwQhmhFwF2CzyBVtOvbiWkuzOuku7bn+1jPv 21 - QtAIU3J5BXyXIwHSE+zX69kHHNLYkJ+w7V2jIDXd1eRxOg4BT3bibKOIg0LYsvwu 22 - norra0TvrH3kb8O5hw6O93bl7VLYHRWHjxh/Jkcaxb/XRPbkX6NYxZ9UN7iG50fa 23 - oEfMRyL6/BEUxezlrvm8j+mDI19L9zGaZUgctYDw+RgQXeNTIhgn9ZAB5qGR9Bpv 24 - oFIkeUd3uwXGZygT38Mszu97IR7Un+Bo24Mhim4P7MEdFUUK3DhUX6Va7WGTVBvp 25 - pCKycAgPicw00eoZnbmTx8T/2W7MQVnY+e9AY455aUCa0hyMGdehsF9f9q/ysNvu 26 - 1DBKmaq5+XBWqhUDB7bnQzdZkTZWdDJ1Og1R0KB607HEHteTistB4KXdYMgYgIfS 27 - XgEHGPlOhxTX9m8egmk70dz2jU7o84/zV4GkXjeS9nXhp5BPFJ0WQ0iA4RcO0GZ7 28 - wUrVOomLA2s734QMS1KBpvDhHizir5b5MYVY1NIUuQOctO4jCttzL2qSmYgNOOA= 29 - =QasZ 30 - -----END PGP MESSAGE----- 31 - fp: 6CD908E8381A8B4FA3F20A891CF4D098419C9124 32 - unencrypted_regex: ^(kind)$ 33 - version: 3.7.1
-20
provision/ansible-media/roles/ubuntu/files/nut/upssched-cmd
··· 1 - #!/bin/sh 2 - case $1 in 3 - onbatt) 4 - logger -t upssched-cmd "UPS running on battery" 5 - ;; 6 - earlyshutdown) 7 - logger -t upssched-cmd "UPS on battery too long, early shutdown" 8 - /usr/sbin/upsmon -c fsd 9 - ;; 10 - shutdowncritical) 11 - logger -t upssched-cmd "UPS on battery critical, forced shutdown" 12 - /usr/sbin/upsmon -c fsd 13 - ;; 14 - upsgone) 15 - logger -t upssched-cmd "UPS has been gone too long, can't reach" 16 - ;; 17 - *) 18 - logger -t upssched-cmd "Unrecognized command: $1" 19 - ;; 20 - esac
-14
provision/ansible-media/roles/ubuntu/files/nut/upssched.conf
··· 1 - CMDSCRIPT /etc/nut/upssched-cmd 2 - PIPEFN /etc/nut/upssched.pipe 3 - LOCKFN /etc/nut/upssched.lock 4 - 5 - AT ONBATT * START-TIMER onbatt 30 6 - AT ONLINE * CANCEL-TIMER onbatt online 7 - AT ONLINE * CANCEL-TIMER earlyshutdown online 8 - AT ONBATT * START-TIMER earlyshutdown 30 9 - AT LOWBATT * EXECUTE onbatt 10 - AT COMMBAD * START-TIMER commbad 30 11 - AT COMMOK * CANCEL-TIMER commbad commok 12 - AT NOCOMM * EXECUTE commbad 13 - AT SHUTDOWN * EXECUTE powerdown 14 - AT SHUTDOWN * EXECUTE powerdown
-2
provision/ansible-media/roles/ubuntu/files/sysctl.d/99-hugepages.conf.yaml
··· 1 - # Longhorn v2 data engine needs this as a min req 2 - vm.nr_hugepages = 512
-2
provision/ansible-media/roles/ubuntu/files/sysctl.d/fs-sysctl-k3s.yaml
··· 1 - fs.inotify.max_user_watches=100000 2 - fs.inotify.max_user_instances=100000
-11
provision/ansible-media/roles/ubuntu/handlers/main.yml
··· 1 - --- 2 - - name: Restart node 3 - ansible.builtin.reboot: 4 - msg: Restart node due to system changes 5 - 6 - - name: Restart unattended-upgrades 7 - ansible.builtin.service: 8 - name: unattended-upgrades.service 9 - daemon_reload: true 10 - enabled: true 11 - state: restarted
-10
provision/ansible-media/roles/ubuntu/tasks/cgroup-killer.yml
··· 1 - --- 2 - - name: Copy systemd service 3 - copy: 4 - src: "{{ role_path }}/files/cgroup-kill-on-shutdown.service" 5 - dest: /etc/systemd/system/cgroup-kill-on-shutdown@.service 6 - owner: root 7 - 8 - - name: Reload systemd 9 - systemd: 10 - daemon_reload: true
-20
provision/ansible-media/roles/ubuntu/tasks/filesystem.yml
··· 1 - --- 2 - - name: Update max_user_watches 3 - ansible.posix.sysctl: 4 - name: fs.inotify.max_user_watches 5 - value: "65536" 6 - state: present 7 - sysctl_file: /etc/sysctl.d/98-kubernetes-fs.conf 8 - 9 - - name: Disable swap at runtime 10 - ansible.builtin.command: swapoff -a 11 - when: ansible_swaptotal_mb > 0 12 - 13 - - name: Disable swap on boot 14 - ansible.posix.mount: 15 - name: "{{ item }}" 16 - fstype: swap 17 - state: absent 18 - loop: 19 - - swap 20 - - none
-19
provision/ansible-media/roles/ubuntu/tasks/kernel.yml
··· 1 - --- 2 - - name: Enable kernel modules runtime 3 - community.general.modprobe: 4 - name: "{{ item }}" 5 - state: present 6 - loop: 7 - - br_netfilter 8 - - overlay 9 - - rbd 10 - 11 - - name: Enable kernel modules on boot 12 - ansible.builtin.copy: 13 - mode: 0644 14 - content: "{{ item }}" 15 - dest: "/etc/modules-load.d/{{ item }}.conf" 16 - loop: 17 - - br_netfilter 18 - - overlay 19 - - rbd
-6
provision/ansible-media/roles/ubuntu/tasks/locale.yml
··· 1 - --- 2 - - name: Set timezone 3 - community.general.timezone: 4 - name: "{{ timezone }}" 5 - when: 6 - - timezone is defined
-36
provision/ansible-media/roles/ubuntu/tasks/main.yml
··· 1 - --- 2 - - include: locale.yml 3 - tags: 4 - - locale 5 - 6 - - include: packages.yml 7 - tags: 8 - - packages 9 - 10 - - import_tasks: kernel.yml 11 - tags: 12 - - kernel 13 - 14 - - include: network.yml 15 - tags: 16 - - network 17 - 18 - - include: filesystem.yml 19 - tags: 20 - - filesystem 21 - 22 - - include: unattended-upgrades.yml 23 - tags: 24 - - unattended-upgrades 25 - 26 - - include: user.yml 27 - tags: 28 - - user 29 - 30 - - include: cgroup-killer.yml 31 - tags: 32 - - cgroup-killer 33 - 34 - - include: misc-system.yml 35 - tags: 36 - - system
-8
provision/ansible-media/roles/ubuntu/tasks/misc-system.yml
··· 1 - --- 2 - - name: File sysctl notify fixes 3 - copy: 4 - src: "{{ role_path }}/files/sysctl.d/fs-sysctl-k3s.yaml" 5 - dest: /etc/sysctl.d/99-k3s.yaml 6 - - name: sysctl apply 7 - command: | 8 - sysctl -p
-61
provision/ansible-media/roles/ubuntu/tasks/network.yml
··· 1 - --- 2 - - name: Set hostname to inventory hostname 3 - ansible.builtin.hostname: 4 - name: "{{ inventory_hostname }}" 5 - when: 6 - - ansible_hostname != inventory_hostname 7 - 8 - - name: Update /etc/hosts to include hostname 9 - ansible.builtin.blockinfile: 10 - path: /etc/hosts 11 - create: true 12 - block: | 13 - 127.0.0.1 localhost 14 - 127.0.1.1 {{ inventory_hostname }} 15 - # The following lines are desirable for IPv6 capable hosts 16 - ::1 ip6-localhost ip6-loopback 17 - fe00::0 ip6-localnet 18 - ff00::0 ip6-mcastprefix 19 - ff02::1 ip6-allnodes 20 - ff02::2 ip6-allrouters 21 - ff02::3 ip6-allhosts 22 - 23 - - name: Set system controls for Kubernetes 24 - ansible.posix.sysctl: 25 - name: "{{ item.key }}" 26 - value: "{{ item.value }}" 27 - sysctl_file: /etc/sysctl.d/99-kubernetes.conf 28 - reload: true 29 - with_dict: "{{ sysctl_config }}" 30 - vars: 31 - sysctl_config: 32 - net.ipv4.ip_forward: 1 33 - net.ipv4.conf.all.forwarding: 1 34 - net.ipv6.conf.all.forwarding: 1 35 - net.bridge.bridge-nf-call-iptables: 1 36 - net.bridge.bridge-nf-call-ip6tables: 1 37 - net.ipv4.conf.default.rp_filter: 0 38 - net.ipv4.conf.all.rp_filter: 0 39 - 40 - - name: Make sure lldpd is installed 41 - apt: 42 - name: lldpd 43 - state: present 44 - tags: 45 - - lldpd 46 - 47 - - name: Copy lldpd config 48 - template: 49 - src: lldpd.conf 50 - dest: /etc/default/lldpd 51 - owner: root 52 - group: root 53 - tags: 54 - - lldpd 55 - 56 - - name: Restart lldpd 57 - systemd: 58 - name: lldpd 59 - state: restarted 60 - tags: 61 - - lldpd
-32
provision/ansible-media/roles/ubuntu/tasks/nut-config.yaml
··· 1 - --- 2 - - name: Copy nut config /etc/nut/nut.conf 3 - copy: 4 - src: "{{ role_path }}/files/nut/nut.conf" 5 - dest: /etc/nut/nut.conf 6 - owner: nut 7 - 8 - - name: Copy /etc/nut/upssched.conf 9 - copy: 10 - src: "{{ role_path }}/files/nut/upssched.conf" 11 - dest: /etc/nut/upssched.conf 12 - backup: true 13 - 14 - - name: Copy /etc/nut/upssched-cmd 15 - when: "'master' not in group_names" 16 - copy: 17 - src: "{{ role_path }}/files/nut/upssched-cmd" 18 - dest: /etc/nut/upssched-cmd 19 - 20 - - name: Load encrypted vars 21 - community.sops.load_vars: 22 - file: "{{ role_path }}/files/nut/secrets.sops.yaml" 23 - 24 - - name: Copy nut main monitor config /etc/nut/upsmon.conf 25 - template: 26 - src: "{{ role_path }}/templates/upsmon.conf" 27 - dest: /etc/nut/upsmon.conf 28 - 29 - - name: Restart nut-client 30 - systemd: 31 - name: nut-client 32 - state: restarted
-51
provision/ansible-media/roles/ubuntu/tasks/packages.yml
··· 1 - --- 2 - - name: Upgrade all system packages 3 - ansible.builtin.apt: 4 - upgrade: full 5 - update_cache: true 6 - 7 - - name: Install common packages 8 - ansible.builtin.apt: 9 - name: 10 - - apt-transport-https 11 - - arptables 12 - - ebtables 13 - - ca-certificates 14 - - curl 15 - - ebtables 16 - - gdisk 17 - - hdparm 18 - - htop 19 - - iputils-ping 20 - - ipvsadm 21 - - lvm2 22 - - nano 23 - - net-tools 24 - - nfs-common 25 - - nvme-cli 26 - - open-iscsi 27 - - psmisc 28 - - smartmontools 29 - - socat 30 - - software-properties-common 31 - - unattended-upgrades 32 - - unzip 33 - install_recommends: false 34 - 35 - #- name: Install nut-related packages 36 - # apt: 37 - # name: 38 - # - nut-client 39 - # - nut 40 - # install_recommends: false 41 - 42 - - name: Install RasPi specific packages 43 - ansible.builtin.apt: 44 - name: 45 - - linux-modules-extra-raspi 46 - install_recommends: false 47 - notify: Restart node 48 - when: "'raspi' in ansible_kernel" 49 - 50 - - name: Restart node if necessary 51 - ansible.builtin.meta: flush_handlers
-26
provision/ansible-media/roles/ubuntu/tasks/unattended-upgrades.yml
··· 1 - --- 2 - - block: 3 - - name: Copy 20auto-upgrades unattended-upgrades config 4 - ansible.builtin.blockinfile: 5 - path: /etc/apt/apt.conf.d/20auto-upgrades 6 - mode: 0644 7 - create: true 8 - block: | 9 - APT::Periodic::Update-Package-Lists "1"; 10 - APT::Periodic::Download-Upgradeable-Packages "1"; 11 - APT::Periodic::AutocleanInterval "7"; 12 - APT::Periodic::Unattended-Upgrade "1"; 13 - - name: Copy 50unattended-upgrades unattended-upgrades config 14 - ansible.builtin.blockinfile: 15 - path: /etc/apt/apt.conf.d/50unattended-upgrades 16 - mode: 0644 17 - create: true 18 - block: | 19 - Unattended-Upgrade::Automatic-Reboot "false"; 20 - Unattended-Upgrade::Remove-Unused-Dependencies "true"; 21 - Unattended-Upgrade::Allowed-Origins { 22 - "${distro_id} stable"; 23 - "${distro_id} ${distro_codename}-security"; 24 - "${distro_id} ${distro_codename}-updates"; 25 - }; 26 - notify: Restart unattended-upgrades
-16
provision/ansible-media/roles/ubuntu/tasks/user.yml
··· 1 - --- 2 - - name: Add user to sudoers 3 - ansible.builtin.copy: 4 - content: "{{ ansible_user }} ALL=(ALL:ALL) NOPASSWD:ALL" 5 - dest: "/etc/sudoers.d/{{ ansible_user }}_nopasswd" 6 - mode: "0440" 7 - 8 - - name: Add additional user SSH public keys 9 - ansible.posix.authorized_key: 10 - user: "{{ ansible_user }}" 11 - key: "{{ item }}" 12 - loop: "{{ ssh_authorized_keys }}" 13 - when: 14 - - ssh_authorized_keys is defined 15 - - ssh_authorized_keys is iterable 16 - - ssh_authorized_keys | length > 0
-1
provision/ansible-media/roles/ubuntu/templates/lldpd.conf
··· 1 - DAEMON_ARGS="-I {{ ansible_default_ipv4.interface }}"
-40
provision/ansible-media/roles/ubuntu/templates/upsmon.conf
··· 1 - RUN_AS_USER root 2 - 3 - MONITOR ups@{{ nut_server_ip }} 1 {{ upsmon_slave_user }} {{ upsmon_slave_password }} slave 4 - 5 - MINSUPPLIES 1 6 - SHUTDOWNCMD "/sbin/shutdown -h" 7 - NOTIFYCMD /usr/sbin/upssched 8 - POLLFREQ 2 9 - POLLFREQALERT 1 10 - HOSTSYNC 15 11 - DEADTIME 15 12 - POWERDOWNFLAG /etc/killpower 13 - 14 - NOTIFYMSG ONLINE "UPS on line power" 15 - NOTIFYMSG ONBATT "UPS on battery" 16 - NOTIFYMSG LOWBATT "UPS battery is low" 17 - NOTIFYMSG FSD "UPS: forced shutdown in progress" 18 - NOTIFYMSG COMMOK "Communications with UPS established" 19 - NOTIFYMSG COMMBAD "Communications with UPS lost" 20 - NOTIFYMSG SHUTDOWN "Auto logout and shutdown proceeding" 21 - NOTIFYMSG REPLBATT "UPS battery needs to be replaced" 22 - NOTIFYMSG NOCOMM "UPS is unavailable" 23 - NOTIFYMSG NOPARENT "upsmon parent process died - shutdown impossible" 24 - 25 - NOTIFYFLAG ONLINE SYSLOG+WALL+EXEC 26 - NOTIFYFLAG ONBATT SYSLOG+WALL+EXEC 27 - NOTIFYFLAG LOWBATT SYSLOG 28 - NOTIFYFLAG FSD SYSLOG+WALL+EXEC 29 - NOTIFYFLAG COMMOK SYSLOG+WALL+EXEC 30 - NOTIFYFLAG COMMBAD SYSLOG+WALL+EXEC 31 - NOTIFYFLAG SHUTDOWN SYSLOG+WALL+EXEC 32 - NOTIFYFLAG REPLBATT SYSLOG+WALL 33 - NOTIFYFLAG NOCOMM SYSLOG+WALL+EXEC 34 - NOTIFYFLAG NOPARENT SYSLOG+WALL 35 - 36 - RBWARNTIME 43200 37 - 38 - NOCOMMWARNTIME 600 39 - 40 - FINALDELAY 5
provision/ansible/inventory/group_vars/all.yaml provision/ansible/nebula/inventory/group_vars/all.yaml
provision/ansible/inventory/group_vars/kubernetes/k3s.yml provision/ansible/nebula/inventory/group_vars/kubernetes/k3s.yml
provision/ansible/inventory/group_vars/master/k3s.yml provision/ansible/nebula/inventory/group_vars/master/k3s.yml
provision/ansible/inventory/group_vars/worker/k3s.yml provision/ansible/nebula/inventory/group_vars/worker/k3s.yml
provision/ansible/inventory/hosts.yml provision/ansible/nebula/inventory/hosts.yml
provision/ansible/playbooks/cluster-reboot.yml provision/ansible/nebula/playbooks/cluster-reboot.yml
provision/ansible/playbooks/k3s-install.yml provision/ansible/nebula/playbooks/k3s-install.yml
provision/ansible/playbooks/k3s-nuke.yaml provision/ansible/nebula/playbooks/k3s-nuke.yaml
provision/ansible/playbooks/ubuntu-prepare.yml provision/ansible/nebula/playbooks/ubuntu-prepare.yml
provision/ansible/playbooks/ubuntu-upgrade.yml provision/ansible/nebula/playbooks/ubuntu-upgrade.yml