ansible/roles/common/tasks/main.yml

---
- name: Update apt cache
  apt:
    update_cache: true
    cache_valid_time: 3600

- name: Upgrade packages
  apt:
    upgrade: dist
  when: common_upgrade_packages | default(false)

- name: Install required packages
  apt:
    name:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg
      - lsb-release
      - software-properties-common
      - jq
      - htop
      - vim
    state: present

- name: Disable swap
  command: swapoff -a
  changed_when: true

- name: Remove swap from fstab
  mount:
    name: swap
    fstype: swap
    state: absent

- name: Load br_netfilter module
  modprobe:
    name: br_netfilter
    state: present

- name: Persist br_netfilter module
  copy:
    dest: /etc/modules-load.d/k8s.conf
    content: |
      br_netfilter
      overlay
    mode: "0644"

- name: Configure sysctl for Kubernetes
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
    reload: true
  loop:
    - { name: net.bridge.bridge-nf-call-iptables, value: 1 }
    - { name: net.bridge.bridge-nf-call-ip6tables, value: 1 }
    - { name: net.ipv4.ip_forward, value: 1 }

- name: Check if tailscale is installed
  command: which tailscale
  register: tailscale_binary
  changed_when: false
  failed_when: false
  when: tailscale_auth_key | length > 0

- name: Install tailscale
  shell: curl -fsSL https://tailscale.com/install.sh | sh
  when:
    - tailscale_auth_key | length > 0
    - tailscale_binary.rc != 0
  changed_when: true

- name: Check tailscale connection state
  command: tailscale status --json
  register: tailscale_status
  changed_when: false
  failed_when: false
  when: tailscale_auth_key | length > 0

- name: Connect node to tailnet
  command: tailscale up --authkey {{ tailscale_auth_key }} --hostname {{ inventory_hostname }} --ssh={{ tailscale_ssh | ternary('true', 'false') }} --accept-routes={{ tailscale_accept_routes | ternary('true', 'false') }}
  when:
    - tailscale_auth_key | length > 0
    - tailscale_status.rc != 0 or '"BackendState":"Running"' not in tailscale_status.stdout
  changed_when: true
feat: Add HA Kubernetes cluster with Terraform + Ansible - 3x CX23 control plane nodes (HA) - 4x CX33 worker nodes - k3s with embedded etcd - Hetzner CCM for load balancers - Gitea CI/CD workflows - Backblaze B2 for Terraform state 2026-02-28 20:24:55 +00:00			`---`
			`- name: Update apt cache`
			`apt:`
			`update_cache: true`
			`cache_valid_time: 3600`

			`- name: Upgrade packages`
			`apt:`
			`upgrade: dist`
			`when: common_upgrade_packages \| default(false)`

			`- name: Install required packages`
			`apt:`
			`name:`
			`- apt-transport-https`
			`- ca-certificates`
			`- curl`
			`- gnupg`
			`- lsb-release`
			`- software-properties-common`
			`- jq`
			`- htop`
			`- vim`
			`state: present`

			`- name: Disable swap`
			`command: swapoff -a`
			`changed_when: true`

			`- name: Remove swap from fstab`
			`mount:`
			`name: swap`
			`fstype: swap`
			`state: absent`

			`- name: Load br_netfilter module`
			`modprobe:`
			`name: br_netfilter`
			`state: present`

			`- name: Persist br_netfilter module`
			`copy:`
			`dest: /etc/modules-load.d/k8s.conf`
			`content: \|`
			`br_netfilter`
			`overlay`
			`mode: "0644"`

			`- name: Configure sysctl for Kubernetes`
			`sysctl:`
			`name: "{{ item.name }}"`
			`value: "{{ item.value }}"`
			`state: present`
			`reload: true`
			`loop:`
			`- { name: net.bridge.bridge-nf-call-iptables, value: 1 }`
			`- { name: net.bridge.bridge-nf-call-ip6tables, value: 1 }`
			`- { name: net.ipv4.ip_forward, value: 1 }`
fix: avoid server replacement; install tailscale via Ansible 2026-03-01 04:51:19 +00:00
			`- name: Check if tailscale is installed`
			`command: which tailscale`
			`register: tailscale_binary`
			`changed_when: false`
			`failed_when: false`
			`when: tailscale_auth_key \| length > 0`

			`- name: Install tailscale`
			`shell: curl -fsSL https://tailscale.com/install.sh \| sh`
			`when:`
			`- tailscale_auth_key \| length > 0`
			`- tailscale_binary.rc != 0`
			`changed_when: true`

			`- name: Check tailscale connection state`
			`command: tailscale status --json`
			`register: tailscale_status`
			`changed_when: false`
			`failed_when: false`
			`when: tailscale_auth_key \| length > 0`

			`- name: Connect node to tailnet`
			`command: tailscale up --authkey {{ tailscale_auth_key }} --hostname {{ inventory_hostname }} --ssh={{ tailscale_ssh \| ternary('true', 'false') }} --accept-routes={{ tailscale_accept_routes \| ternary('true', 'false') }}`
			`when:`
			`- tailscale_auth_key \| length > 0`
			`- tailscale_status.rc != 0 or '"BackendState":"Running"' not in tailscale_status.stdout`
			`changed_when: true`