chore: replace control plane setup

infrastructure/configs/core-user.yaml.tmpl

@@ -1,5 +1,5 @@
 variant: flatcar
-version: 1.0.0
+version: 1.1.0
 
 passwd:
   users:

infrastructure/configs/cp/k3s-flatcar.yaml

@@ -0,0 +1,69 @@
+variant: flatcar
+version: 1.1.0
+
+systemd:
+  units:
+    - name: litestream.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Litestream
+
+        [Service]
+        Restart=always
+        TimeoutSec=1800
+        TimeoutStartSec=180
+        ExecStartPre=/bin/bash -c "mkdir -p /opt/litestream && curl -L https://github.com/benbjohnson/litestream/releases/download/${litestream_version}/litestream-${litestream_version}-linux-arm64.tar.gz | tar -xvz -C /opt/litestream/"
+        ExecStartPre=/opt/litestream/litestream restore -replica s3 -if-db-not-exists -if-replica-exists /var/lib/rancher/k3s/server/db/state.db
+        ExecStart=/opt/litestream/litestream replicate
+
+        [Install]
+        WantedBy=multi-user.target
+    - name: k3s-install.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Run K3s script
+        Wants = network-online.target
+        After = network.target network-online.target litestream.service
+        ConditionPathExists=/opt/k3s-install.sh
+        ConditionPathExists=!/opt/k3s/bin/k3s
+        
+        [Service]
+        Type=forking
+        Restart=always
+        TimeoutSec=1800
+        TimeoutStartSec=120
+        ExecStartPre=-/sbin/modprobe br_netfilter
+        ExecStartPre=-/sbin/modprobe overlay
+        ExecStartPre=mkdir -p /opt/k3s
+        LimitNOFILE=1048576
+        LimitNPROC=infinity
+        LimitCORE=infinity
+        TasksMax=infinity
+        TimeoutStartSec=180
+        RemainAfterExit=yes
+        KillMode=process
+        Environment="K3S_TOKEN=${k3s_token}"
+        Environment="INSTALL_K3S_VERSION=${k3s_version}"
+        Environment="INSTALL_K3S_BIN_DIR=/opt/k3s"
+        Environment="INSTALL_K3S_EXEC=server --data-dir /var/lib/rancher/k3s --advertise-address 172.23.2.10 --node-ip ${node_ip} --node-taint=node-type=k3s-controlplane:NoSchedule %{for san in k3s_sans }--tls-san='${san}' %{endfor} --disable-cloud-controller --disable servicelb --kubelet-arg=cloud-provider=external"
+        ExecStart=/usr/bin/sh -c "/opt/k3s-install.sh"
+        
+        [Install]
+        WantedBy=multi-user.target
+
+storage:
+  files:
+    - path: /etc/hostname
+      mode: 0644
+      contents:
+        inline: ${host}
+    - path: /opt/k3s-install.sh
+      mode: 0777
+      contents:
+        source: https://get.k3s.io
+    - path: /etc/litestream.yml
+      mode: 0644
+      contents:
+        source: data:;base64,${litestream_config}

infrastructure/configs/cp/litestream.yml

@@ -0,0 +1,12 @@
+access-key-id: ${accessKey}
+secret-access-key: ${secretKey}
+
+dbs:
+ - path: /var/lib/rancher/k3s/server/db/state.db
+   replicas:
+     - type: s3
+       endpoint: ${endpoint}
+       bucket: k3s
+       region: us-east-1
+       retention: 72h
+       snapshot-interval: 1h

infrastructure/configs/workers/k3s-flatcar.yaml

@@ -1,5 +1,5 @@
 variant: flatcar
-version: 1.0.0
+version: 1.1.0
 
 systemd:
   units:
@@ -19,6 +19,7 @@ systemd:
         KillMode=process
         Environment="K3S_URL=https://172.23.2.10:6443"
         Environment="K3S_TOKEN=${k3s_token}"
+        Environment="INSTALL_K3S_VERSION=${k3s_version}"
         Environment="INSTALL_K3S_EXEC=agent --node-ip=${node_ip} --kubelet-arg --cloud-provider=external"
         ExecStart=/usr/bin/sh -c "/opt/k3s-install.sh"
         [Install]

infrastructure/dns.tf

@@ -71,7 +71,7 @@ resource "hetznerdns_record" "wildcard_ipv4" {
   name    = "*"
   type    = "A"
   value   = "65.109.42.5"
-  ttl = 300
+  ttl     = 300
 }
 
 resource "hetznerdns_record" "wildcard_ipv6" {
@@ -79,7 +79,7 @@ resource "hetznerdns_record" "wildcard_ipv6" {
   name    = "*"
   type    = "AAAA"
   value   = "2a01:4f9:c01d:4f1::1"
-  ttl = 300
+  ttl     = 300
 }
 
 resource "hetznerdns_record" "k8s" {
@@ -87,5 +87,5 @@ resource "hetznerdns_record" "k8s" {
   name    = "k8s"
   type    = "AAAA"
   value   = "2a01:4f9:c012:7d4b::1"
-  ttl = 60
+  ttl     = 60
 }

infrastructure/k8s_cluster.tf

@@ -1,49 +0,0 @@
-resource "hcloud_network" "k8s_net" {
-  name     = "k8s-net"
-  ip_range = "172.16.0.0/12"
-}
-
-resource "hcloud_network_subnet" "k8s_internal" {
-  network_id   = hcloud_network.k8s_net.id
-  type         = "cloud"
-  network_zone = "eu-central"
-  ip_range     = "172.23.2.0/23"
-}
-
-resource "hcloud_ssh_key" "default" {
-  name       = "Default Management"
-  public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"
-}
-
-resource "hcloud_server" "nodes" {
-  for_each = var.vms
-
-  name        = each.key
-  server_type = each.value.server_type
-  datacenter  = "hel1-dc2"
-  image       = "ubuntu-22.04"
-
-  backups = each.value.backups
-
-  ssh_keys = [
-    hcloud_ssh_key.default.id
-  ]
-
-  labels = {
-    "node_type" = each.value.node_type
-    "cluster"   = "icb4dc0.de"
-  }
-
-  public_net {
-    ipv4_enabled = true
-    ipv6_enabled = true
-  }
-}
-
-resource "hcloud_server_network" "k8s_internal" {
-  for_each = var.vms
-
-  server_id  = hcloud_server.nodes[each.key].id
-  network_id = hcloud_network.k8s_net.id
-  ip         = each.value.private_ip
-}

infrastructure/k8s_control_plane.tf

@@ -0,0 +1,104 @@
+resource "hcloud_server" "control-plane" {
+  for_each    = var.k3s_control_plane
+  name        = each.key
+  server_type = each.value.server_type
+  location    = each.value.location
+  image       = "ubuntu-22.04"
+
+  backups = false
+
+  ssh_keys = [
+    hcloud_ssh_key.provisioning_key.id,
+    hcloud_ssh_key.default.id
+  ]
+
+  labels = {
+    "node_type" = "control-plane"
+    "cluster"   = "icb4dc0.de"
+  }
+
+  network {
+    network_id = hcloud_network.k8s_net.id
+    ip         = each.value.private_ip
+    alias_ips = each.value.alias_ips
+  }
+
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = false
+  }
+
+  # boot into rescue OS
+  rescue = "linux64"
+
+  connection {
+    host        = self.ipv4_address
+    private_key = tls_private_key.provisioning.private_key_pem
+    timeout     = "2m"
+  }
+
+  provisioner "file" {
+    content     = data.ct_config.machine-ignitions-cp[each.key].rendered
+    destination = "/root/ignition.json"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "set -ex",
+      "apt-get install -y gawk",
+      "curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/flatcar/init/flatcar-master/bin/flatcar-install",
+      "chmod +x flatcar-install",
+      "curl -L https://github.com/benbjohnson/litestream/releases/download/${var.litestream_version}/litestream-${var.litestream_version}-linux-arm64.tar.gz | tar -xvz -C /root",
+      "./flatcar-install -s -i /root/ignition.json -C ${var.release_channel}",
+      "reboot",
+    ]
+    on_failure = continue
+  }
+
+  provisioner "remote-exec" {
+    connection {
+      host        = self.ipv4_address
+      private_key = tls_private_key.provisioning.private_key_pem
+      timeout     = "3m"
+      user        = "core"
+    }
+
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+    ]
+  }
+}
+
+data "ct_config" "machine-ignitions-cp" {
+  for_each = var.k3s_control_plane
+  strict   = true
+  content = templatefile(
+    "${path.module}/configs/cp/k3s-flatcar.yaml",
+    {
+      "host"               = "${each.key}"
+      "k3s_token"          = "${var.k3s_token}"
+      "litestream_version" = "${var.litestream_version}",
+      "litestream_config" = base64encode(
+        templatefile(
+          "${path.module}/configs/cp/litestream.yml",
+          {
+            "accessKey" = var.litestream_access_key,
+            "secretKey" = var.litestream_secret_key,
+            "endpoint"  = var.litestream_endpoint
+          }
+        )
+      )
+      "node_ip"     = "${each.value.private_ip}"
+      "k3s_version" = "${var.control_plane_k3s_version}",
+      "k3s_sans"    = var.k3s_sans,
+    }
+  )
+  snippets = [
+    templatefile(
+      "${path.module}/configs/core-user.yaml.tmpl",
+      {
+        ssh_keys = jsonencode(concat(var.ssh_keys, [tls_private_key.provisioning.public_key_openssh]))
+      }
+    )
+  ]
+}

infrastructure/k8s_flatcar_machines.tf

@@ -23,13 +23,13 @@ resource "local_file" "provisioning_key_pub" {
 }
 
 resource "hcloud_server" "machine" {
-  for_each    = var.k3os_workers
+  for_each    = var.k3s_workers
   name        = each.key
   server_type = each.value.server_type
   location    = each.value.location
   image       = "ubuntu-22.04"
 
-  backups = each.value.backups
+  backups = false
 
   ssh_keys = [
     hcloud_ssh_key.provisioning_key.id,
@@ -37,7 +37,7 @@ resource "hcloud_server" "machine" {
   ]
 
   labels = {
-    "node_type" = each.value.node_type
+    "node_type" = "worker"
     "cluster"   = "icb4dc0.de"
   }
 
@@ -60,6 +60,11 @@ resource "hcloud_server" "machine" {
     timeout     = "2m"
   }
 
+  provisioner "file" {
+    source      = "${path.module}/configs/cp/traefik.yaml"
+    destination = "/root/traefik.yaml"
+  }
+
   provisioner "file" {
     content     = data.ct_config.machine-ignitions[each.key].rendered
     destination = "/root/ignition.json"
@@ -92,15 +97,16 @@ resource "hcloud_server" "machine" {
 }
 
 data "ct_config" "machine-ignitions" {
-  for_each = var.k3os_workers
+  for_each = var.k3s_workers
   strict   = true
   content = templatefile(
-    "${path.module}/configs/k3s-flatcar.yaml",
+    "${path.module}/configs/workers/k3s-flatcar.yaml",
     {
-      "host"       = "${each.key}"
+      "host"        = "${each.key}"
-      "k3s_token"  = "${var.k3s_token}"
+      "k3s_token"   = "${var.k3s_token}"
-      "datacenter" = "hel1-dc2"
+      "datacenter"  = "hel1-dc2"
-      "node_ip"    = "${each.value.private_ip}"
+      "node_ip"     = "${each.value.private_ip}"
+      "k3s_version" = "${var.worker_k3s_version}"
     }
   )
   snippets = [

infrastructure/k8s_network.tf

@@ -0,0 +1,16 @@
+resource "hcloud_network" "k8s_net" {
+  name     = "k8s-net"
+  ip_range = "172.16.0.0/12"
+}
+
+resource "hcloud_network_subnet" "k8s_internal" {
+  network_id   = hcloud_network.k8s_net.id
+  type         = "cloud"
+  network_zone = "eu-central"
+  ip_range     = "172.23.2.0/23"
+}
+
+resource "hcloud_ssh_key" "default" {
+  name       = "Default Management"
+  public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"
+}

infrastructure/tf.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+export AWS_ACCESS_KEY=$(rbw get --raw "CloudFlare TFState" | jq -r ".data.username")
+export AWS_SECRET_KEY=$(rbw get --raw "CloudFlare TFState" | jq -r ".data.password")
+export HETZNER_DNS_API_TOKEN=$(rbw get --raw "Hetzner DNS" | jq -r '.fields[0].value')
+export TF_VAR_hcloud_token="$(rbw get "HCloud API")"
+export TF_VAR_k3s_token="$(rbw get "K3s Token")"
+export TF_VAR_litestream_access_key="$(rbw get --raw "Litestream" | jq -r ".data.username")"
+export TF_VAR_litestream_secret_key="$(rbw get "Litestream")"
+export TF_VAR_litestream_endpoint="$(rbw get --raw "Litestream" | jq -r ".fields[0].value")"
+
+tofu $@

infrastructure/vars.tf

@@ -6,6 +6,39 @@ variable "k3s_token" {
   sensitive = true
 }
 
+variable "litestream_access_key" {
+  sensitive = true
+  type      = string
+}
+
+variable "litestream_secret_key" {
+  sensitive = true
+  type      = string
+}
+
+variable "litestream_endpoint" {
+  type = string
+}
+
+variable "litestream_version" {
+  type    = string
+  default = "v0.3.13"
+}
+
+variable "control_plane_k3s_version" {
+  type    = string
+  default = "v1.28.4+k3s2"
+}
+
+variable "worker_k3s_version" {
+  type    = string
+  default = "v1.28.4+k3s2"
+}
+
+variable "k3s_sans" {
+  type = list(string)
+}
+
 variable "vms" {
   type = map(object({
     node_type   = string
@@ -15,11 +48,18 @@ variable "vms" {
   }))
 }
 
-variable "k3os_workers" {
+variable "k3s_control_plane" {
+  type = map(object({
+    server_type = string
+    private_ip  = string
+    location    = string
+    alias_ips   = set(string)
+  }))
+}
+
+variable "k3s_workers" {
   type = map(object({
-    node_type   = string
     server_type = string
-    backups     = bool
     private_ip  = string
     location    = string
   }))

infrastructure/versions.tf

@@ -3,15 +3,15 @@ terraform {
   required_version = ">= 0.14"
 
   backend "s3" {
-    bucket = "tfstate"
+    bucket                      = "tfstate"
-    key = "terraform.tfstate"
+    key                         = "terraform.tfstate"
-    region = "us-east-1"
+    region                      = "us-east-1"
-    endpoint = "https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com"
+    endpoint                    = "https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com"
-    skip_metadata_api_check = true
+    skip_metadata_api_check     = true
-    skip_region_validation = true
+    skip_region_validation      = true
     skip_credentials_validation = true
     use_path_style              = true
-    skip_s3_checksum = true
+    skip_s3_checksum            = true
   }
 
   required_providers {
@@ -25,7 +25,7 @@ terraform {
     }
     ct = {
       source  = "poseidon/ct"
-      version = "0.11.0"
+      version = "0.13.0"
     }
 
     null = {

infrastructure/vms.auto.tfvars

@@ -1,25 +1,34 @@
-k3os_workers = {
+k3s_control_plane = {
-  "worker1-gen5" = {
+  "cp1-cax11-hel1-gen2" = {
-    backups     = false
+    server_type = "cax11",
-    node_type   = "worker"
+    private_ip  = "172.23.2.11"
+    location    = "hel1"
+    alias_ips = ["172.23.2.10"]
+  }
+}
+
+k3s_sans = [
+  "127.0.0.1",
+  "2a01:4f9:c012:7d4b::1",
+  "k8s.icb4dc0.de"
+]
+
+k3s_workers = {
+  "w1-cx21-hel1-gen1" = {
     server_type = "cx21"
-    private_ip  = "172.23.2.23"
+    private_ip  = "172.23.2.20"
     location    = "hel1"
   }
 
-  "w2-cax21-hel1-gen5" = {
+  "w2-cax21-hel1-gen6" = {
-    backups     = false
-    node_type   = "worker"
     server_type = "cax21"
-    private_ip  = "172.23.2.24"
+    private_ip  = "172.23.2.21"
     location    = "hel1"
   }
 
-  "w3-cax21-hel1-gen5" = {
+  "w3-cax21-hel1-gen6" = {
-    backups     = false
-    node_type   = "worker"
     server_type = "cax21"
-    private_ip  = "172.23.2.25"
+    private_ip  = "172.23.2.22"
     location    = "hel1"
   }
 }
@@ -29,10 +38,10 @@ vms = {
     node_type   = "control-plane"
     server_type = "cpx11",
     backups     = true,
-    private_ip  = "172.23.2.10"
+    private_ip  = "172.23.2.15"
   }
 }
 
-ssh_keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"]
+ssh_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQoNCLuHgcaDn4JTjCeQKJsIsYU0Jmub5PUMzIIZbUBb+TGMh6mCAY/UbYaq/n4jVnskXopzPGJbx4iPBG5HrNzqYZqMjkk8uIeeT0mdIcNv9bXxuCxCH1iHZF8LlzIZCmQ0w3X6VQ1izcJgvjrAYzbHN3gqCHOXtNkqIUkwaadIWCEjg33OVSlM4yrIDElr6+LHzv84VNh/PhemixCVVEMJ83GjhDtpApMg9WWW3es6rpJn4TlYEMV+aPNU4ZZEWFen/DFBKoX+ulkiJ8CwpY3eJxSzlBijs5ZKH89OOk/MXN1lnREElFqli+jE8EbZKQzi59Zmx8ZOb52qVNot8XZT0Un4EttAIEeE8cETqUC4jK+6RbUrsXtclVbU9i57LWRpl65LYSIJEFmkTxvYdkPXqGbvlW024IjgSo8kds121w95+Rpo6419cSYsQWowS8+aXfEv2Q8SE81QH7ObYfWFXsPBAmmNleQNN3E5HOoaxpWQjv3aTUGuxm4PCzKLdP0LsHmTfGJB7Priaj+9i8xLjDWe7zXDde2Gp9FmdedDr06uEkVSRFnS35Dwfd7M7xP6NsilfMOdWzJWWy/BAYxtnWcrEFxhaEr4vgs8Ub+KBtKhr740x3Mr8up+mythConAs4LOj37lWK4kJ8cI7TXjcSJi9nTIPd39us7tp3Aw== cardno:24_781_961"]
 
 release_channel = "stable"

k8s/inventory/group_vars/all.yml

@@ -1,157 +1,157 @@
 $ANSIBLE_VAULT;1.1;AES256
-38303064643634643931393932353266653032316631303432633136323165376165653136396533
+65356136623464336332663762636163643365656365346566346435333139363738623565623632
-6436393762353630373231366530366239316337303066360a336132663334336462656533303134
+3665353033663838373062646437326365626133393439640a646333306237373835366263313961
-66643134373439633931366638316365306330303334613033396238333361333434653833393039
+64663937383538646565636664373164366236316533663134343435653264646562336162663432
-3538396130653538330a616264386230396633346131663032663764353937313162333630333365
+6232376134353139330a663838613034383162333065396561306464666264396432306234636163
-35323064636531363937613563333336636634393763613730386237393633653136616165313034
+65656264646638666230313565356537303461396438633031663066323063393530626137633736
-65396166373334386236396266616639333866616434666337626433323233363461316666383034
+33613562353264666338663430646335653034666663633938616462633737666234616661393435
-63373131376239353330316236306464303739386139663439616339363636666137613137336336
+61653232376362646437353930343439353731333062636239303038613436376531643734326263
-65393462386436376137656363333362393265396537323632646561373030303263613466383534
+36373463623864303937373434326335303334323236636137353838393463303739363936333739
-35353834646461363661356430646463383663626135663133643633633335383763326438646462
+36643563663462396635666436366330633964653063393464653665653938613731316538616165
-64393062646264386364343638326562646130313330316162633636356233363661613033303965
+61313164623038376366343332656262316130373230346266633536363934313032633565616136
-32346565373839663233336338366536333636306333353839633761326638393538343638343436
+62363635303733643039633961613864303665656362346161636635353765663238636135363133
-38313466393836336137643162663862313732303161356161343234393965393337346161666535
+34316364383461653039656233333261373637613334363931383065333733653466353462383066
-34336534356463653331643163653032643631343832323838633862353339303632353033343761
+36386435333434633061666334366565653737313133613566643537656366376638316230363164
-66356465323838313966623832396338316436616162633866386262306134623134393430393737
+38306261383264366437613333346465653438393637393735303763343536633838393764626137
-66333664333133376638306238393534303230386133346661636435373035323736306230613132
+64656633646531623634346437616664313266323733376637636336326532323364363531396236
-66633838303939636564346333666636336434303839303565363063666430623866356232646336
+38373262363364663733643039663663356639313934656233616639396235373435663737656536
-39316636616239646538636537396336363933376136663263633830623235303038613030326337
+63383037386637663239616531363862663630336165323539336231636232303066393761346538
-37633264376534303061343539653538633137316464386438653639613035613962646431626436
+31366535356465326463323537393263386536376235313137656437666662626137346366326231
-38656437323963663935353430303462653865353666346362343536623836653733366538323239
+64646338303062316363343661393434633130376639626631343833623761663837366636316332
-37316330303131333238303263653235303063616230663139396130646432626664636531343934
+38646463373561306661333665303662616564633333633339373830653532303131343337346434
-30383665316364303661373330373838383565323637636532333961363863316235366264373634
+61633037386665383862333436386335613164303236373066653963353863653239366337376362
-62313936386334326332313235366461613636376533333262623262636539656336633531643435
+33646562376561383265643766373466646639326231623261623634326439633133386234306338
-36613435383763303761646263653139633233346661306265333365376135306238663465313331
+34656262373532663331333764666166623932373166353634323437353433313733343262663333
-64326139306338633664646437363639373564643131616436343163313838346137396462373536
+30313237396331333734363132353538643734336539633334393061656366306664386532363930
-33376530636130623437623561343239663163346232316664326533316339353165623735343236
+36343965383635613933376336626162646334363966323737396539356634356635313235666666
-37626136626662633561616233666338353863633330323933373863316462623361633066646632
+33633363336234613962383962336331323934383337396238653062643533363432376533336533
-63386565626537363932643534633730346564326163383064303735656164636439353039333138
+36613932663633353239383636653936306539393333343431653733663334373261396532343165
-61656238356462303836633361663938346436666638316233356631646365666636376134396133
+34653736383732666130626435653332303938366432613234616265316564396437373634356464
-37346366663363306336326532666439353333666137663832363064316331316337613763633863
+65396466663137666334646265333238336639396233313863653938336431653561643034343338
-33333665316432373965356261613638613261633937383365653936666538346432353838613162
+66326462346135646230613230396565353061326137306562313832383361613332393165386236
-63376534313135646331626662623037376363323465653963376431633835643238386161383630
+61396534666632613261356536636331326464323638363632306533303066663339306333373138
-39313436643566326630336639663464316538323262623238666662653364626432353963626333
+35666563636666383763346638326264343331646134396337306561643535383238353532396137
-30663335613265383138626532653061643933336664346266396263363130386162613637353561
+31623962393666386266663263643236356666343130333833646231393762646639653138356130
-65643464376536323139613566653633633533666438323838666230383638316266646334326632
+31643339386231306533346637396138633534663431623932363164323638323130643930396532
-36306130383138656565366638323766656261636564346464616339633465303539343137636465
+65633536396236633564303631313035653666666634636361633135613862356432666436633565
-35346238326161356634313136323331393539663965353635616439393765643731373238663131
+61633930643664633630363164396537326536633764633338653231376535623065313634353539
-36383036663166373562376333393236383266653337613766386636303638666362613264336231
+35343532363532356137383139366264323130623334373530383436616537353930643866373636
-32373164326538613432356136353935623930663965323932653133343836636566353739383766
+33366137396433323433353630356532386231393133663635303063383033656633333733623235
-65386266383665653835386634653531623161346165383335376165316538316130353432343533
+38386636653461323730326239313432643734303335653030303632393032383863363462373138
-35306431663135626162636165613464326538633163383563383166353236643038616631653233
+64316137396262393164303733303831306132643030393338626130333462636337336236656638
-36613330373130376364303662356464343462303039383934316432346539393130336662376364
+33336464613038326134303234316362643361323063316664346366333561626565396561356132
-32306537656436393438373565373735363530323366336431363165393033326661343732366333
+65363431373565313231653664303039663539306232393865353864323664323636353938623936
-31333031326633616536636338393932643337376237666533383238343761663538303235633036
+63336532363033313765636430313138383734333462633466373761396536356536333965333434
-61366433326662623663376331316363643633356335353939336462636335656263313665663333
+37313431376137643766353865333535363832653830376538663738643861336463306332306363
-36306361353432663639616339616338346663346532356534303165393664636263333861343066
+33366439633730373737383664623332643137373334333335343965316436386466643238366565
-31636266643861316539353639616163393535393935343763313863656438613733643866323363
+30363861346333363137646462323964623131346130316465303038616535643165303462336336
-36316337393936623836356332373239663365303863616563343833336337633731303063376431
+66306132343963623737633837626162626630363837653761346335626432636631393339303731
-66653139353764313631333134383262666331316632623438316537343039396539643130376631
+32326235383961623438646264656235336361313764653861396333623630303964343131643038
-38623134393339363033623136393538633830363764323661623332356139303035653236623265
+30313036643131363965313365636638383966316566316635333866353539653330306132346661
-63653366343133303564626231396336666533316534356230363664333231313862393631346432
+65623832326135663365386134356230633834326137353838626164323831303830643633313934
-37336231656262633763356162656264623363633237643661393337323034613338336239376331
+33623333356437383534336536303338346233346365336632363762386335663961663435373334
-65663833613564353139666332613062373162333831393636363835373237636464356235323836
+32373532636436653361353061396365313761313666623835363861633363353261643561346532
-61363532383939653638376464393232303636353836613936623362646661316534313366643337
+66336430356462356237663031373864396663396130636264636666386363643862343233306535
-37633534333465306330303433353264636534303037616639316464336161393339636462393738
+62343532386330323364336461623661623761306236366135393634346535303132376462356666
-31336563303134336133313737653933373137393532623238396464636665613166633438623132
+64613535313639313632666266666263356539313839353632313836333862643730333431346164
-65346161646362653661376639366636653336373364636439316363656530386334333233336530
+31666136636464366161383161653338663861653835623831626266373432663461616561643738
-36663137643736356264636438363837363561353666333232343639343361646534396166316163
+34626639666330383766356332346231396132326132623937343134353230333833383164383632
-34373262336332373961326631363065613364316131633838616539333632373835653333616535
+37353737333037303032623366656565643833303866613133636561363836323163323138643766
-31343034373939353834313532383264343939303931366632386362663065303637356362306564
+38313237623262653062306137343539313237396561353837353530316361363731306465343435
-36376365393865323036613165303538343938343132663137626635643031653637383961613861
+63633966366265633865643665663765616236376366313165336330653132373466333638656334
-65303366363236386431373761346261353466613035616331613835333332303235613834346439
+62366430383430313665393061623562373733373365363264396631643837623433316634343236
-33646634393434323164363631393639616661336233346562646461613231613064646331633932
+66363334636232666230366336346334623637323333346639383933663664393263353837346432
-35376538663764303137616138353030353664646564356534363139643836613937303838343239
+35666630366461383739363737323537636361383532393433363134363662343666356332613661
-32623739376332633531363766343862353530313837353535346337623337333238353231303636
+37666538653834373133343737366435386338353932393861646638623561323134363264343230
-62616134323730623732313633343230613735663766353665636538383761346131313634393036
+35386265343061306334383736613739623038646434633130356462336534393634383439323735
-61646163343332653339643933326665366536383365376535643265613535396137663962666538
+64356332636563656435333465303834336166666630343066663164656532656666653162626531
-32626166326462306331313133343736323664646234376239623861643833383839373439343139
+38353064323034636563353062613736613663383433303837353433376562316430633961303565
-33386536366435653861363738333338316162383365636632343431376131656562616432313163
+31663335313839633265363766613964613236356539613464366666613166656139303034303438
-39623066386638396662653338656533373135393338623037383037353865626566366131363639
+65633830303135323163353064623633663964313539653461643437336438373035646135383830
-64393462656135623237623832373063626166633166663337653633396332393364316331326136
+35316134353636333431366638393134666336383433373539366564653533336666326663343864
-30316563386434333534656163656639663031323265643462626136616435376262346336633534
+30633032373736663663616438333564316661633261376131313833633365383234636562633239
-64626533623535323061373834326139326634396564343861356366323461313334326165633336
+66626661373438643236613566356130646334616234626434336235343930346361316530653861
-33323639613765623431363661613065386561373639646333333132313263356535396363333134
+39643630633364313530653634616462343736363031626436643931353764303633323662383334
-61346237323565383632393031373635656135383162633066653730366562336265653136393934
+66613264623239353166336534633135643436653965323534363034306536643438386366386239
-30613231643132633936326531303131663139633630323734643166316636626338373136333266
+38626265666535643166303139373964393633666564656135653031626337383931376335626635
-62623165363536393766626438613934613532323566646634383263663331623461393335666265
+34363363613136393139653732663735616332653563353634366634303662656338323562656536
-61653063633030633866353630623038653463383131613332626630323835373836656138333335
+31366336346536663934373133346239396162363130343532616539376465623638396432313664
-63323335393737323134333065633733343631333638373463356531313562383532653137653063
+65323563306539373162343663613462373133333039643434366666383666653366626564396532
-33363065306662353633666535373961643862613161626664613634303233376664373566336666
+38613830653330316461336430393465393732646566646637653961323231356439616463373132
-64643862346563666261363938306464383931383035326262316135343662343338393164336233
+39346162653838353636323238336662663237333164383338333534383730353665383566393134
-63373361303034306134396365323466303139363062383537353862393964316664313238393233
+64323638326461383931636132396262306563643834333136643031666236643239663766353063
-37313732633732303535316437663865653537613330616466623531656461636530623163393465
+38343966613632343862343538636564663031383865383835636563333066396535383261633065
-66353233616133343935663061666130643536623634396363383930373761623732323066666264
+30343764336338356566646333636538643534613563616136333539663061303333373533653331
-38666332353038666665636561323561383037353864316365343635313764653966366531396331
+35653162386132643439373261396539363361353635653164613464613232323362656136653930
-32306531323763353736333231386663616662663834616263316565393736323239636163323031
+36646437313861613235643766386137386536333131326338656233396633623136316638663338
-34616437316564666335343735356435306231616331363038393136663733643934356462313566
+36393238626261313766346133313530653862653033366166623032393736316565663461643230
-37623032363135306633343964343464333434396366303162613135633365343436376363656164
+37323232333761343732303864373138306435623334396262623566346263386334313139393936
-30646334613266613638326665313930343163303238336362633061366337346338313430663165
+61303637633637383039653033656230343161366530643631343735303637613262653464323438
-37336536343632356538343536373033363263376630626666643563646331306438653262386530
+34343837613231343238613033356131346266643330383738363838343963343536653339636539
-61346362653338383865656131363165353634393739323465613865373437633166643861356536
+36613065393661616463656336353739646663323062373839656638306362653637323233653239
-64333139636233646166376361393937643937383765306362613662383537663765363961353263
+64323862343835633433643561356530623536376436323439373838626162353465356539333435
-30313637646536373233343033653936613233373635616366343463323837616537396539643036
+33643465646439373531303661613933623631303161363635613836623534346533643835396438
-33346435636164333362303461323237383937343366356534633435633631616233383539636562
+32396164623639643132343635633134313065326232343562363332303964633639303562653032
-66356461303735323863633465356133303339333139326133366465353435373962663435383863
+39643939336633376231646537303563363531343762326166653465646533386633323762326336
-34323931653465306336356132396235623135333061623538616632613834393630393663373638
+37656138653035613830343561626335373335383433323566393034616637323237616265643439
-32316331343438386564386238323764313033396535663461626163393166386534373061636530
+63633830316539313539666539303066346234363234333533626233663833353463376235313835
-64633236636139393164613862623338313839623233353963363866363530663032633264356563
+66313031336636666462396339333433326437343362346232653136363839333364356333316531
-62366636626230383032353930656134363061366262643234343838306566366463333430373630
+35396435626130383837366562363864633362663963353465653161636139313165666234633738
-32316563616461313764306434633133366361383938616339383161653563313930313165353962
+63386630373335663961623131666230383765396130363333653662643039343336353964383737
-37326466393438383762656335653763316236633139363562306332373030313639666363346633
+38656666333331666338633066376339303530653666643232363564393262306464616538346131
-63656531633934633261653331383531653831663331373932613665643430323063376331656438
+30656461613138663031356535306634613566616137376363386635356330666137386261323938
-33666639646530613735366665666238336263663066373234663332373533313031633565643535
+62343933323931336666343834373136353933633039363065356662626164303365303861336337
-61653465623462633131393864393964316561643562343966316166373035656436376361336564
+39646464653331656433643433333161663633616264323634356230326466626431326136316536
-32363339363666616335376630613137333761333239653534376666386438396438333363313530
+35336639626161643466323536356262363961313763353162643662346361346366356531333061
-61643638353139313931323765313336653263636433633765666535643532636362656539633632
+39306433653962343137343631363364613266656361363733666366353434663861306365323436
-31393964373434366435613763343737646235313236613361666334656237333438303265313630
+64383866646532316164353633633230616665316333646538633762323139323164306665323534
-35366233393561303432383834656537373562336633316437316432383031383431653931393763
+30353332633333323065326564366631666539623235653436343833323164393864343531376363
-66616664363735663261383732333438356237653830326336666666343761653963393533653037
+64643732343233643633616534656562333461613736363361653133666366356365343663663130
-35643339346566396634356137323661663037373830373438613866376333613838356362303934
+36313732626136646166633230323333353433313464313861623432653762633365613661663936
-33373361633437326265353035653033656436346539396166626634633530316465656630326134
+63633438326133353262386337353330306133303130343736656365663062663633313362356262
-37353265363533653938363337643039336464633962663130383032643664663536323664303138
+31623934333239313439646133383438636536356430376261363633336437663364323239393238
-39323661316636316361393534376338346666636336656234363166356461383732313164393231
+37376634613634393035376433336630636234653461633366373333333061363133623032653263
-61633936336162663464353631313931373533313861633335383662343131653566343863326432
+33393333646633646666316430303262636237613439373938336162633834313339663939623366
-33333961323231623239356437393166636463323465613234346434373264323565633162626535
+32653832663735356263613836643063306263393836366637366563646363313638646234313261
-64643337366439633736623933393761623266363036313763376535643834366633663937376564
+30356337663138393935623065313662646439613435653831306231653535356536396137353134
-61336238336130323632653138326536656165346237663463336336303363623838633665393330
+38623439636139666530613237346161353737393339656235613836636338353930373739376138
-65376236303564336434613566613565363366613065356334623734616134373239663430373631
+35663366633463323337656131356231616138316562393565343937366563663933316438643538
-37333862386364653262336436313639656565356233376239363565396638393761616466653763
+62316130303333633435643265383030323435306665303833633261626463393733383435356135
-33323238626434316334376264653831346236616332383533333964643832356330363439393433
+30376139656338333035623130343238336332626234363663326334636139326231626264633564
-34666532396661333439346430656637343033323831663962613838616132663365393465613435
+66643739626163393266633333393061333862383937363432633436396663333966353330376539
-64656534316164343839633063323431613135633665613630656265366334333262636363346531
+32373738623766643165313761373961313466633939383362663237383332313461356235656638
-30356331373464663736656661373661356265393064346539313034356334633437313838346338
+31613765616461363964626434643435326664373864653662633631336634333134366439613539
-61663137353733383333363836343130326662343633336637616134393163663939316663333738
+62303137626537633166653061363466313563333537653835343162383062363263663539393861
-61316333663862643038663466343733636465383739376363396534373061666430336163376265
+39643832623238363937653864356433646563623239376534353933333661313737376562376435
-39663066303534343936323032393038396139373733663133336330363436643638643561343465
+35656534623163386438303532373763313831653739306236353632393734393833643635383935
-62343930653539356664643934613433336462363634616439346338303161656632616435633831
+65633565373331656330363130323064306131666232623330303136643765333938633031613939
-31343934313636323665303037303862376236333765323436343734303535663565303237656237
+33313662343538626465666165343339306563336161656564363332653635336661336336333563
-30373431643631623232646265393839653538383636333230663563393531653637303237376465
+33313362306137643538313164346536376434633164343733633830383238386237393565376133
-36353235623839653630353663306135353131343537656338343631386263653833393234333238
+64333534633534666332663434323937346139656265366130623564353038353338616132613132
-30353232303433396434393730666662373230343838616264363466393365326239333537363138
+30663638336233613336616666383233663936653039333436616566646438373838616232303636
-35363163333564373865366265373566363763326466653164313636626337336636623834643335
+32303538393762303138326533646338306263663339666366646466613734663463613762653534
-36643564323839316435633032376433393938393030643531636265663635366331346137396339
+61356338356334306461353739326236303832396238633835303231356537303463656466333532
-38663831643237646239353463343662633931613464326132376139303764643930636265656466
+65346161643261343461343837653264356132633934363862383233376435343036323936396132
-35646530643330356662623238646635316134663962613164323566653231363464313530356263
+34313864396166326533393839633364343964613635643363636638346437366635333238656134
-64376335636266613333653361353739306131373364316335623764306566366535633530376432
+37373938343166663432353636346631636536623962626234623431613663326331636437393638
-32356363626633633138623132666638623236353539366531643637383030636239656138386537
+61373637323032316161383037306539636430306332313536656231636263356362386362633839
-34303431623039316565613036626531666638343835633133393533306334323866623630393462
+32643338633335366637306139613262373965313434616261613663623636626661356531306332
-65343832663434323338313433376135333439336133636438373938386233386633633337346362
+36626539383262316165656333333763323761626335336335363233346639376339663831383863
-30303062633735363339323934393730373761333133333166636639623764383330383732343061
+37343237326461343763373938386336366264393231323135336265636438616431343636303361
-39623735356238333333616362646137376562333432313535323835383263633165323930303461
+37663733616230333530333935386464313539383863363066353436383364396238663463396336
-32396662643664333566653239306137636430313434393335633161336330386637343261633737
+36633234303762633937333662343163646633313530663365663061316431613133653064346634
-32323337383834366563626565363639663536346538386466623936396636666339353037646166
+65643265303566646464633638663734323136613738323235343036333937663534323064643364
-30346238323164663839386364333963313336666435393935613730616433346630613463383938
+37383438343135633435313837333234363038346534393739346139303534356664326132623363
-65343736343764373465316261383731626631363661613639393162643566646365333061323035
+65643166386331373230373439333132316663636239653032363232333563333334353337386466
-66623030363961356335663334376530313961366235646431336538336162383632363264643639
+33643939633436653736386235663830383833343031356636346231323637323434663034326533
-65646531373964323635386134343032313137633239363030633539383639373965656135316334
+34626139613337303337653035323932343737626132343264633364633139376161353061303535
-62343131643333383131323662366163326137343933323539383063373066363561643665363063
+33373739626462653338343335343463363163626537613838373235613831383132313633633830
-36653036643930313835343631383631326231653762323433336238396332386133303132373462
+32653365303639393233323166643366363733656534366439666266316139666531376164613065
-62333366383133326161343537623833323431323732393433333839656464373433396531653262
+63353661386162333133626339333133393964636433653165653266633163393863623562636633
-64313930656162326637656534323263393336303235653362323632316138663166363864653164
+65306337366362373236393633323038356137316631363533636239323434316133616539396131
-31383462373033616137623339633031343235623537353130333235613464636333383064376137
+32356133666165316163633365653734313736323563393234396338663535333636383938353938
-64313365356335636235616333313965366264366134376235333565323132313636643239376639
+32646435663465653364366439386565363933303531643439363961363264653766643239346231
-64373439636230623537663834653763616133356537313566306261343933386130623566373165
+61303765333232353161343961363431663164646433343263636362346164613130386239313861
-35663263393034306134633630643463383063643339623533383235646266363234336562303636
+36313234396261363563343139656562626562656161663630643730343938303065363963353563
-65623238343936353933313465363330333361323262656535653133396538366462306564643265
+37663163616533326265636566376132636434343939653034383963393062383533643566303134
-32636362633239633162
+34373830663834653561

k8s/roles/coder/tasks/main.yml

@@ -1,39 +0,0 @@
----
-- name: Create Coder namespace
-  kubernetes.core.k8s:
-    name: coder
-    api_version: v1
-    kind: Namespace
-    state: present
-    definition:
-      metadata:
-        labels:
-          prometheus: default
-
-- name: Create Coder secret
-  kubernetes.core.k8s:
-    state: present
-    definition:
-      apiVersion: v1
-      kind: Secret
-      metadata:
-        name: coder-secrets
-        namespace: coder
-      data:
-        DB_URL: "{{ coder.db.url | b64encode }}"
-        OIDC_CLIENT_ID: "{{ coder.auth.clientId | b64encode }}"
-        OIDC_CLIENT_SECRET: "{{ coder.auth.clientSecret | b64encode }}"
-
-- name: Add Coder chart repo
-  kubernetes.core.helm_repository:
-    name: coderv2
-    repo_url: https://helm.coder.com/v2
-
-- name: Deploy Coder chart
-  kubernetes.core.helm:
-    name: coder
-    chart_ref: coderv2/coder
-    release_namespace: coder
-    chart_version: 2.3.1
-    update_repo_cache: true
-    release_values: "{{ lookup('template', 'values.coder.yml.j2') | from_yaml }}"

k8s/roles/coder/templates/values.coder.yml.j2

@@ -1,63 +0,0 @@
----
-coder:
-  ingress:
-    enable: true
-    host: ide.icb4dc0.de
-    wildcardHost: "*.ide.icb4dc0.de"
-    annotations:
-      gethomepage.dev/description: Remote IDE
-      gethomepage.dev/enabled: "true"
-      gethomepage.dev/group: Apps
-      gethomepage.dev/icon: coder.png
-      gethomepage.dev/name: Coder
-  env:
-    - name: CODER_WILDCARD_ACCESS_URL
-      value: '*.ide.icb4dc0.de'
-    - name: CODER_ACCESS_URL
-      value: "https://ide.icb4dc0.de"
-    - name: CODER_PG_CONNECTION_URL
-      valueFrom:
-        secretKeyRef:
-          name: coder-secrets
-          key: DB_URL
-    - name: CODER_DISABLE_PASSWORD_AUTH
-      value: "true"
-    - name: CODER_OIDC_ISSUER_URL
-      value: "https://code.icb4dc0.de/"
-    - name: CODER_OIDC_SIGN_IN_TEXT
-      value: "Sign in with Gitea"
-    - name: CODER_OIDC_ICON_URL
-      value: https://gitea.io/images/gitea.png
-    - name: CODER_OIDC_CLIENT_ID
-      valueFrom:
-        secretKeyRef:
-          name: coder-secrets
-          key: OIDC_CLIENT_ID
-    - name: CODER_OIDC_CLIENT_SECRET
-      valueFrom:
-        secretKeyRef:
-          name: coder-secrets
-          key: OIDC_CLIENT_SECRET
-    - name: CODER_GITAUTH_0_ID
-      value: primary-forgejo
-    - name: CODER_GITAUTH_0_TYPE
-      value: gitlab
-    - name: CODER_GITAUTH_0_AUTH_URL
-      value: https://code.icb4dc0.de/login/oauth/authorize
-    - name: CODER_GITAUTH_0_TOKEN_URL
-      value: https://code.icb4dc0.de/login/oauth/access_token
-    - name: CODER_GITAUTH_0_VALIDATE_URL
-      value: https://code.icb4dc0.de/login/oauth/userinfo
-    - name: CODER_GITAUTH_0_CLIENT_ID
-      valueFrom:
-        secretKeyRef:
-          name: coder-secrets
-          key: OIDC_CLIENT_ID
-    - name: CODER_GITAUTH_0_CLIENT_SECRET
-      valueFrom:
-        secretKeyRef:
-          name: coder-secrets
-          key: OIDC_CLIENT_SECRET
-
-  service:
-    type: ClusterIP

k8s/roles/fider/files/kustomization.yaml

@@ -3,9 +3,11 @@ kind: Kustomization
 
 namespace: fider
 
-commonLabels:
+labels:
-  app.kubernetes.io/instance: icb4dc0de-feedback
+- includeSelectors: true
-  app.kubernetes.io/managed-by: kustomize
+  pairs:
+    app.kubernetes.io/instance: icb4dc0de-feedback
+    app.kubernetes.io/managed-by: kustomize
 
 resources:
   - "resources/deployment.yaml"

k8s/roles/k3s/control-plane/defaults/main.yaml

@@ -1,2 +0,0 @@
----
-k3s_server_location: /var/lib/rancher/k3s

k8s/roles/k3s/control-plane/tasks/main.yml

@@ -1,94 +0,0 @@
----
-- name: Copy K3s service file
-  register: k3s_service
-  template:
-    src: "k3s.service.j2"
-    dest: "{{ systemd_dir }}/k3s.service"
-    owner: root
-    group: root
-    mode: 0644
-
-- name: Copy Traefik customization
-  ansible.builtin.copy:
-    src: traefik.yaml
-    dest: /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
-    owner: root
-    group: root
-    mode: 0644
-
-- name: Render control plain config
-  ansible.builtin.template:
-    src: cp-config.yaml.j2
-    dest: /etc/rancher/k3s/config.yaml
-    owner: root
-    group: root
-    mode: 0644
-
-- name: Enable and check K3s service
-  systemd:
-    name: k3s
-    daemon_reload: true
-    state: restarted
-    enabled: true
-
-- name: Wait for node-token
-  wait_for:
-    path: "{{ k3s_server_location }}/server/node-token"
-
-- name: Register node-token file access mode
-  stat:
-    path: "{{ k3s_server_location }}/server/node-token"
-  register: p
-
-- name: Change file access node-token
-  file:
-    path: "{{ k3s_server_location }}/server/node-token"
-    mode: "g+rx,o+rx"
-
-- name: Read node-token from control-plane
-  slurp:
-    path: "{{ k3s_server_location }}/server/node-token"
-  register: node_token
-
-- name: Store control-plane node-token
-  set_fact:
-    token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}"
-
-- name: Restore node-token file access
-  file:
-    path: "{{ k3s_server_location }}/server/node-token"
-    mode: "{{ p.stat.mode }}"
-
-- name: Create directory .kube
-  file:
-    path: ~{{ ansible_user }}/.kube
-    state: directory
-    owner: "{{ ansible_user }}"
-    mode: "u=rwx,g=rx,o="
-
-- name: Copy config file to user home directory
-  copy:
-    src: /etc/rancher/k3s/k3s.yaml
-    dest: ~{{ ansible_user }}/.kube/config
-    remote_src: yes
-    owner: "{{ ansible_user }}"
-    mode: "u=rw,g=,o="
-
-- name: Replace https://localhost:6443 by https://master-ip:6443
-  command: >-
-    k3s kubectl config set-cluster default
-      --server=https://{{ master_ip }}:6443
-      --kubeconfig ~{{ ansible_user }}/.kube/config
-  changed_when: true
-
-- name: Create kubectl symlink
-  file:
-    src: /usr/local/bin/k3s
-    dest: /usr/local/bin/kubectl
-    state: link
-
-- name: Create crictl symlink
-  file:
-    src: /usr/local/bin/k3s
-    dest: /usr/local/bin/crictl
-    state: link

k8s/roles/k3s/control-plane/templates/k3s.service.j2

@@ -1,24 +0,0 @@
-[Unit]
-Description=Lightweight Kubernetes
-Documentation=https://k3s.io
-After=network-online.target
-
-[Service]
-Type=notify
-ExecStartPre=-/sbin/modprobe br_netfilter
-ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s server --data-dir {{ k3s_server_location }} --advertise-address {{ k8s_ip }} --node-ip {{ k8s_ip }} {{ extra_server_args | default("") }}
-KillMode=process
-Delegate=yes
-# Having non-zero Limit*s causes performance problems due to accounting overhead
-# in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNOFILE=1048576
-LimitNPROC=infinity
-LimitCORE=infinity
-TasksMax=infinity
-TimeoutStartSec=0
-Restart=always
-RestartSec=5s
-
-[Install]
-WantedBy=multi-user.target

k8s/roles/minio-config/tasks/main.yaml

@@ -1,10 +0,0 @@
----
-- name: Manage buckets
-  amazon.aws.s3_bucket:
-    name: "{{ item.name }}"
-    state: '{{ item.state | default("present") }}'
-    endpoint_url: http://localhost:9000
-    access_key: "{{ minio.rootUser }}"
-    secret_key: "{{ minio.rootPassword }}"
-  loop: 
-    - name: zipline

k8s/roles/postgres-config/tasks/main.yaml

@@ -1,37 +0,0 @@
----
-- name: Create users
-  community.postgresql.postgresql_user:
-    name: "{{ item.name }}"
-    password: "{{ item.password }}"
-    login_host: "127.0.0.1"
-    login_password: "{{ PostgresPassword }}"
-  loop: 
-    - name: gitea
-      password: "{{ gitea.dbPassword }}"
-    - name: "{{ grafana.db.user }}"
-      password: "{{ grafana.db.password }}"
-    - name: "{{ hedgedoc.db.user }}"
-      password: "{{ hedgedoc.db.password }}"
-    - name: "{{ nocodb.db.user }}"
-      password: "{{ nocodb.db.password }}"
-    - name: "{{ zipline.db.user }}"
-      password: "{{ zipline.db.password }}"
-
-- name: Create databases
-  community.postgresql.postgresql_db:
-    name: "{{ item.name }}"
-    owner: "{{ item.owner }}"
-    encoding: UTF-8
-    login_host: "127.0.0.1"
-    login_password: "{{ PostgresPassword }}"
-  loop: 
-    - name: gitea
-      owner: gitea
-    - name: grafana
-      owner: "{{ grafana.db.user }}"
-    - name: hedgedoc
-      owner: "{{ hedgedoc.db.user }}"
-    - name: noco
-      owner: "{{ nocodb.db.user }}"
-    - name: zipline
-      owner: "{{ zipline.db.user }}"