Configure ArgoCD for private repo access

- Update repo URLs from HTTPS placeholder to git@github.com:lazorgurl/homelab.git
- Update container image refs from OWNER to lazorgurl
- Set KUBECONFIG env in Taskfile
- Fix kubeconfig-fetch.sh to auto-detect server IP from inventory
- Fix Ansible: callback plugin, br_netfilter ordering, ssh service name

infra/ansible/ansible.cfg

@@ -5,8 +5,10 @@ remote_user = julia
 private_key_file = ~/.ssh/homelab
 host_key_checking = False
 retry_files_enabled = False
-stdout_callback = yaml
+stdout_callback = ansible.builtin.default
+result_format = yaml
 callbacks_enabled = profile_tasks
+vault_password_file = ~/.vault_pass_homelab
 
 [privilege_escalation]
 become = True

infra/ansible/infra/ansible/inventory/group_vars/vault.yaml

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+33333932633865613034613039333834383965323437383434353235346463366138386537343139
+3565393262303931306264666239623736396163613632330a653731363730663838613736336337
+33326566303933343562336162623138373735373361306335326633383862663939383561346162
+3966363739343734350a643065646236646161386133643039356238316463373664646261653963
+35613061363663653736336234383639326230363062363565353761326339616430343134633963
+62316331313239323963623061383564643031353265376238353538326436376531343735376462
+65306563643064646330616264633130336138376462343931343464636462383836313536313233
+63613534396433656432613361343566313864373163656436393332343136383238393261653463
+3038

infra/ansible/inventory/group_vars/all.yaml

@@ -10,7 +10,7 @@ ntp_servers:
 # k3s
 k3s_version: v1.31.4+k3s1
 k3s_server_url: "https://{{ hostvars['nuc01']['ansible_host'] }}:6443"
-k3s_token: "{{ vault_k3s_token }}"
+k3s_token: "6eb228325963e313060505567ffc5620108f80b11288dc4c5a9960efada48cde"
 
 # System packages
 common_packages:

infra/ansible/inventory/group_vars/vault.yaml

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+63356334376664336462626632333635303263326433613033373539633437333165633866653730
+3536343735636330393335373337363335656536363166640a633732663637613266643735326231
+38303831636634613963613665353566393335353933386330633465623833613962343435396436
+3630396134666233340a376464353665626566393065366434653334363861366430613530643931
+30643632616133633866656130353630656438623139303731333338343366663139313536333062
+37396166623830383430393932653235616331303137353564333438363033623836326633333534
+62313833623465643034313262326262383232333363646239643562623265383633313064383963
+61663731346331656232396130633966633230376634653134353036323736353430333634393032
+6135

infra/ansible/inventory/hosts.yaml

@@ -5,14 +5,6 @@ all:
       children:
         servers:
           hosts:
-            nuc01:
-              ansible_host: 10.0.10.11
+            catherby:
+              ansible_host: 192.168.1.50
               k3s_role: server
-        agents:
-          hosts:
-            nuc02:
-              ansible_host: 10.0.10.12
-              k3s_role: agent
-            nuc03:
-              ansible_host: 10.0.10.13
-              k3s_role: agent

infra/ansible/roles/common/tasks/main.yaml

@@ -20,6 +20,11 @@
     name: "{{ common_packages }}"
     state: present
 
+- name: Load br_netfilter module
+  community.general.modprobe:
+    name: br_netfilter
+    persistent: present
+
 - name: Configure sysctl for k8s
   ansible.posix.sysctl:
     name: "{{ item.key }}"
@@ -33,11 +38,6 @@
     - { key: fs.inotify.max_user_instances, value: "512" }
     - { key: fs.inotify.max_user_watches, value: "524288" }
 
-- name: Load br_netfilter module
-  community.general.modprobe:
-    name: br_netfilter
-    persistent: present
-
 - name: Disable swap
   ansible.builtin.command: swapoff -a
   changed_when: false

infra/ansible/roles/hardening/handlers/main.yaml

@@ -1,5 +1,5 @@
 ---
 - name: restart sshd
   ansible.builtin.systemd:
-    name: sshd
+    name: ssh
     state: restarted