HetznerTerra/ansible/roles/common/tasks/main.yml

---
- name: Check if cloud-init is installed
  command: which cloud-init
  register: cloud_init_binary
  changed_when: false
  failed_when: false

- name: Wait for cloud-init to finish first-boot tasks
  command: cloud-init status --wait
  changed_when: false
  when: cloud_init_binary.rc == 0

- name: Update apt cache
  apt:
    update_cache: true
    cache_valid_time: 3600
    lock_timeout: 600

- name: Upgrade packages
  apt:
    upgrade: dist
    lock_timeout: 600
  when: common_upgrade_packages | default(false)

- name: Install required packages
  apt:
    name:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg
      - lsb-release
      - software-properties-common
      - jq
      - nfs-common
      - htop
      - vim
    state: present
    lock_timeout: 600

- name: Disable swap
  command: swapoff -a
  changed_when: true

- name: Remove swap from fstab
  mount:
    name: swap
    fstype: swap
    state: absent

- name: Load br_netfilter module
  modprobe:
    name: br_netfilter
    state: present

- name: Persist br_netfilter module
  copy:
    dest: /etc/modules-load.d/k8s.conf
    content: |
      br_netfilter
      overlay
    mode: "0644"

- name: Configure sysctl for Kubernetes
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
    reload: true
  loop:
    - { name: net.bridge.bridge-nf-call-iptables, value: 1 }
    - { name: net.bridge.bridge-nf-call-ip6tables, value: 1 }
    - { name: net.ipv4.ip_forward, value: 1 }

- name: Check if tailscale is installed
  command: which tailscale
  register: tailscale_binary
  changed_when: false
  failed_when: false
  when: tailscale_auth_key | length > 0

- name: Install tailscale
  shell: curl -fsSL https://tailscale.com/install.sh | sh
  when:
    - tailscale_auth_key | length > 0
    - tailscale_binary.rc != 0
  changed_when: true

- name: Check tailscale connection state
  command: tailscale status --json
  register: tailscale_status
  changed_when: false
  failed_when: false
  when: tailscale_auth_key | length > 0

- name: Connect node to tailnet
  command: tailscale up --authkey {{ tailscale_auth_key }} --hostname {{ inventory_hostname }} --ssh={{ tailscale_ssh | ternary('true', 'false') }} --accept-routes={{ tailscale_accept_routes | ternary('true', 'false') }}
  when:
    - tailscale_auth_key | length > 0
    - tailscale_status.rc != 0 or '"BackendState":"Running"' not in tailscale_status.stdout
  changed_when: true