---
- name: Converge
  hosts: all
  vars:
    kernel_custom_config:
      - file: 90-kubelet
        content:
          - name: vm.panic_on_oom
            value: 0
          - name: vm.overcommit_memory
            value: 1
          - name: kernel.panic
            value: 10
          - name: kernel.panic_on_oops
            value: 1
          - name: kernel.keys.root_maxbytes
            value: 25000000
    k3s_reset: False
    k3s_packages_extra:
      - https://github.com/k3s-io/k3s-selinux/releases/download/v1.5.stable.1/k3s-selinux-1.5-1.el9.noarch.rpm
    k3s_server_nodes:
      - "rocky9-k3s"
    k3s_server_flannel_backend_enabled: False
    k3s_server_network_policy_enabled: False
    k3s_server_cloud_controller_enabled: True
    k3s_server_workload_enabled: True
    k3s_server_manifests_templates:
      - "calico-installation.yaml.j2"
    k3s_server_manifests_urls:
      - url: https://raw.githubusercontent.com/projectcalico/calico/v3.27.2/manifests/tigera-operator.yaml
        dest: tigera-operator.yaml
      # - url: https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm.yaml
      #   dest: hcloud-ccm.yaml
    k3s_init_log_enabled: True
    k3s_selinux_enabled: True
    k3s_protect_kernel_defaults: True
    # k3s_server_resource_creations:
    #   - kind: Secret
    #     name: hcloud
    #     definition:
    #       metadata:
    #         namespace: kube-system
    #       apiVersion: v1
    #       type: Opaque
    #       data:
    #         token: "{{ hcloud_token | b64encode }}"
    k3s_node_labels:
      node.kubernetes.io/exclude-from-external-load-balancers: "true"
    k3s_iscsi_enabled: True
  pre_tasks:
    - name: Override host variables
      ansible.builtin.set_fact:
        k3s_node_ip: "{{ ansible_default_ipv4.address }}"
  roles:
    - role: xoxys.kernel
    - role: xoxys.k3s