ansible/roles/common/tasks/main.yml

---
- name: Check if cloud-init is installed
  command: which cloud-init
  register: cloud_init_binary
  changed_when: false
  failed_when: false

- name: Wait for cloud-init to finish first-boot tasks
  command: cloud-init status --wait
  register: cloud_init_wait
  changed_when: false
  failed_when: >-
    cloud_init_wait.rc not in [0, 2] or
    (
      'status: done' not in cloud_init_wait.stdout and
      'status: disabled' not in cloud_init_wait.stdout
    )
  when: cloud_init_binary.rc == 0

- name: Update apt cache
  apt:
    update_cache: true
    cache_valid_time: 3600
    lock_timeout: 600

- name: Upgrade packages
  apt:
    upgrade: dist
    lock_timeout: 600
  when: common_upgrade_packages | default(false)

- name: Install required packages
  apt:
    name:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg
      - lsb-release
      - software-properties-common
      - jq
      - nfs-common
      - htop
      - vim
    state: present
    lock_timeout: 600

- name: Check active swap
  command: swapon --noheadings
  register: active_swap
  changed_when: false
  failed_when: false

- name: Disable swap
  command: swapoff -a
  changed_when: true
  when: active_swap.stdout | trim | length > 0

- name: Remove swap from fstab
  lineinfile:
    path: /etc/fstab
    regexp: '^\s*[^#]\S+\s+\S+\s+swap\s+.*$'
    state: absent

- name: Load br_netfilter module
  modprobe:
    name: br_netfilter
    state: present

- name: Persist br_netfilter module
  copy:
    dest: /etc/modules-load.d/k8s.conf
    content: |
      br_netfilter
      overlay
    mode: "0644"

- name: Configure sysctl for Kubernetes
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
    reload: true
  loop:
    - { name: net.bridge.bridge-nf-call-iptables, value: 1 }
    - { name: net.bridge.bridge-nf-call-ip6tables, value: 1 }
    - { name: net.ipv4.ip_forward, value: 1 }

- name: Check if tailscale is installed
  command: which tailscale
  register: tailscale_binary
  changed_when: false
  failed_when: false
  when: tailscale_auth_key | length > 0

- name: Install tailscale
  shell: curl -fsSL https://tailscale.com/install.sh | sh
  when:
    - tailscale_auth_key | length > 0
    - tailscale_binary.rc != 0
  changed_when: true

- name: Check tailscale connection state
  command: tailscale status --json
  register: tailscale_status
  changed_when: false
  failed_when: false
  when: tailscale_auth_key | length > 0

- name: Parse tailscale connection state
  set_fact:
    tailscale_backend_state: "{{ (tailscale_status.stdout | from_json).BackendState | default('') }}"
  when:
    - tailscale_auth_key | length > 0
    - tailscale_status.rc == 0
    - tailscale_status.stdout | length > 0

- name: Connect node to tailnet
  command: tailscale up --authkey {{ tailscale_auth_key }} --hostname {{ inventory_hostname }} --ssh={{ tailscale_ssh | ternary('true', 'false') }} --accept-routes={{ tailscale_accept_routes | ternary('true', 'false') }}
  when:
    - tailscale_auth_key | length > 0
    - tailscale_status.rc != 0 or (tailscale_backend_state | default('')) != 'Running'
  changed_when: true
feat: Add HA Kubernetes cluster with Terraform + Ansible 2026-02-28 20:24:55 +00:00			`---`
fix: wait for cloud-init before package install during bootstrap 2026-04-22 03:34:53 +00:00			`- name: Check if cloud-init is installed`
			`command: which cloud-init`
			`register: cloud_init_binary`
			`changed_when: false`
			`failed_when: false`

			`- name: Wait for cloud-init to finish first-boot tasks`
			`command: cloud-init status --wait`
fix: accept cloud-init exit code 2 after first boot 2026-04-22 03:40:55 +00:00			`register: cloud_init_wait`
fix: wait for cloud-init before package install during bootstrap 2026-04-22 03:34:53 +00:00			`changed_when: false`
fix: accept cloud-init exit code 2 after first boot 2026-04-22 03:40:55 +00:00			`failed_when: >-`
			`cloud_init_wait.rc not in [0, 2] or`
			`(`
			`'status: done' not in cloud_init_wait.stdout and`
			`'status: disabled' not in cloud_init_wait.stdout`
			`)`
fix: wait for cloud-init before package install during bootstrap 2026-04-22 03:34:53 +00:00			`when: cloud_init_binary.rc == 0`

feat: Add HA Kubernetes cluster with Terraform + Ansible 2026-02-28 20:24:55 +00:00			`- name: Update apt cache`
			`apt:`
			`update_cache: true`
			`cache_valid_time: 3600`
fix: wait for cloud-init before package install during bootstrap 2026-04-22 03:34:53 +00:00			`lock_timeout: 600`
feat: Add HA Kubernetes cluster with Terraform + Ansible 2026-02-28 20:24:55 +00:00
			`- name: Upgrade packages`
			`apt:`
			`upgrade: dist`
fix: wait for cloud-init before package install during bootstrap 2026-04-22 03:34:53 +00:00			`lock_timeout: 600`
feat: Add HA Kubernetes cluster with Terraform + Ansible 2026-02-28 20:24:55 +00:00			`when: common_upgrade_packages \| default(false)`

			`- name: Install required packages`
			`apt:`
			`name:`
			`- apt-transport-https`
			`- ca-certificates`
			`- curl`
			`- gnupg`
			`- lsb-release`
			`- software-properties-common`
			`- jq`
feat: migrate cluster baseline from Hetzner to Proxmox 2026-04-22 03:02:13 +00:00			`- nfs-common`
feat: Add HA Kubernetes cluster with Terraform + Ansible 2026-02-28 20:24:55 +00:00			`- htop`
			`- vim`
			`state: present`
fix: wait for cloud-init before package install during bootstrap 2026-04-22 03:34:53 +00:00			`lock_timeout: 600`
feat: Add HA Kubernetes cluster with Terraform + Ansible 2026-02-28 20:24:55 +00:00
fix: make Ansible reruns faster and idempotent 2026-04-24 11:44:11 +00:00			`- name: Check active swap`
			`command: swapon --noheadings`
			`register: active_swap`
			`changed_when: false`
			`failed_when: false`

feat: Add HA Kubernetes cluster with Terraform + Ansible 2026-02-28 20:24:55 +00:00			`- name: Disable swap`
			`command: swapoff -a`
			`changed_when: true`
fix: make Ansible reruns faster and idempotent 2026-04-24 11:44:11 +00:00			`when: active_swap.stdout \| trim \| length > 0`
feat: Add HA Kubernetes cluster with Terraform + Ansible 2026-02-28 20:24:55 +00:00
			`- name: Remove swap from fstab`
fix: clean up Ansible bootstrap warnings 2026-04-24 11:07:13 +00:00			`lineinfile:`
			`path: /etc/fstab`
			`regexp: '^\s[^#]\S+\s+\S+\s+swap\s+.$'`
feat: Add HA Kubernetes cluster with Terraform + Ansible 2026-02-28 20:24:55 +00:00			`state: absent`

			`- name: Load br_netfilter module`
			`modprobe:`
			`name: br_netfilter`
			`state: present`

			`- name: Persist br_netfilter module`
			`copy:`
			`dest: /etc/modules-load.d/k8s.conf`
			`content: \|`
			`br_netfilter`
			`overlay`
			`mode: "0644"`

			`- name: Configure sysctl for Kubernetes`
			`sysctl:`
			`name: "{{ item.name }}"`
			`value: "{{ item.value }}"`
			`state: present`
			`reload: true`
			`loop:`
			`- { name: net.bridge.bridge-nf-call-iptables, value: 1 }`
			`- { name: net.bridge.bridge-nf-call-ip6tables, value: 1 }`
			`- { name: net.ipv4.ip_forward, value: 1 }`
fix: avoid server replacement; install tailscale via Ansible 2026-03-01 04:51:19 +00:00
			`- name: Check if tailscale is installed`
			`command: which tailscale`
			`register: tailscale_binary`
			`changed_when: false`
			`failed_when: false`
			`when: tailscale_auth_key \| length > 0`

			`- name: Install tailscale`
			`shell: curl -fsSL https://tailscale.com/install.sh \| sh`
			`when:`
			`- tailscale_auth_key \| length > 0`
			`- tailscale_binary.rc != 0`
			`changed_when: true`

			`- name: Check tailscale connection state`
			`command: tailscale status --json`
			`register: tailscale_status`
			`changed_when: false`
			`failed_when: false`
			`when: tailscale_auth_key \| length > 0`

fix: make Ansible reruns faster and idempotent 2026-04-24 11:44:11 +00:00			`- name: Parse tailscale connection state`
			`set_fact:`
			`tailscale_backend_state: "{{ (tailscale_status.stdout \| from_json).BackendState \| default('') }}"`
			`when:`
			`- tailscale_auth_key \| length > 0`
			`- tailscale_status.rc == 0`
			`- tailscale_status.stdout \| length > 0`

fix: avoid server replacement; install tailscale via Ansible 2026-03-01 04:51:19 +00:00			`- name: Connect node to tailnet`
			`command: tailscale up --authkey {{ tailscale_auth_key }} --hostname {{ inventory_hostname }} --ssh={{ tailscale_ssh \| ternary('true', 'false') }} --accept-routes={{ tailscale_accept_routes \| ternary('true', 'false') }}`
			`when:`
			`- tailscale_auth_key \| length > 0`
fix: make Ansible reruns faster and idempotent 2026-04-24 11:44:11 +00:00			`- tailscale_status.rc != 0 or (tailscale_backend_state \| default('')) != 'Running'`
fix: avoid server replacement; install tailscale via Ansible 2026-03-01 04:51:19 +00:00			`changed_when: true`