main.yml

---
# Configures the VPS and ensures all the software we need running on it, is
# running on it.

- name: Configure journald
  import_tasks: journald.yml

- name: Update apt packages cache and install needed packages
  # apt-transport-https is needed for docker apt repo
  # curl and git is needed for helm plugin install
  tags:
    - firewall
  apt:
    state: present
    name:
      - apt-transport-https
      - curl
      - dnsutils
      - git
      - haveged
      - nftables
      - rsync
      - snapd
      - unattended-upgrades
    # Update again after 1 day
    cache_valid_time: 86400
    update_cache: yes

- name: Remove unwanted packages
  tags:
    - package
  package:
    state: absent
    name: "{{ item }}"
  with_items:
    # In order to save disk space we remove traditional syslog packages
    # and only rely on systemd journald
    # see https://open.greenhost.net/openappstack/openappstack/-/issues/575
    - rsyslog
    - syslog-ng

- name: Install python deps
  tags:
    - package
  package:
    name: "{{ item }}"
  with_items:
    - python3-pip

# We work around a Debian Bullseye issue with installing snaps on Xen nodes:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983357 (Debian link)
# https://code.greenhost.net/greenhost/sysops/-/issues/915#note_108038 (GH # internal link)
- name: Get kbd device name
  shell: journalctl -k | awk '/Xen.Virtual.Keyboard/ {print $11}'
  args:
    # Only run this if kubectl snap has not been installed yet
    creates: /snap/bin/kubectl
  register: kbd_device
  failed_when: false
  changed_when: false

- name: Install kubectl snap
  # kubectl needs to get installed as "classic" snap
  command: "{{ item }}"
  args:
    creates: /snap/bin/kubectl
  with_items:
    # mount and umount commands are part of the workaround mentioned above
    - sudo mount --bind /dev/zero /sys/{{ kbd_device.stdout }}/uevent
    - snap install --classic kubectl
    - sudo umount /sys/{{ kbd_device.stdout }}/uevent

- name: Create kubectl symlink to /usr/local/bin
  file:
    state: link
    src: /snap/bin/kubectl
    dest: /usr/local/bin/kubectl

- name: Get current helm version
  tags:
    - helm
  # {{ '{{' }} escapes the curly braces needed by the `--template` argument
  shell: "helm version --template \"{{ '{{' }} .Version {{ '}}' }}\""
  failed_when: false
  register: helm_version
  changed_when: false

- name: Show current helm version
  tags:
    - helm
    - debug
  debug:
    msg: 'Current helm version is: {{ helm_version.stdout }}'

- name: Download helm install script
  tags:
    - helm
  get_url:
    url: https://raw.githubusercontent.com/helm/helm/master/scripts/get
    dest: /usr/local/bin/get-helm
    force: yes
    mode: '0755'
  become: true
  when: helm_version.stdout != helm.version

- name: Install helm
  tags:
    - helm
  command: /usr/local/bin/get-helm --version {{ helm.version }}
  when: helm_version.stdout != helm.version

- name: Configure firewall
  import_tasks: firewall.yml

- name: Write docker registries.yaml
  tags:
    - k3s
    - docker
  template:
    src: registries.yaml
    dest: /etc/rancher/k3s/registries.yaml
    mode: '0740'
  when: docker_mirror.enabled