Initial monorepo scaffold

Turborepo + pnpm monorepo for k3s homelab cluster on Intel NUCs.

- Apps: Next.js web frontend, Express API (TypeScript, Dockerfiles, k8s manifests)
- Packages: shared UI, ESLint config, TypeScript config, Drizzle DB schemas
- Infra/Ansible: bare-metal provisioning with roles for common, k3s-server, k3s-agent, hardening
- Infra/Kubernetes: ArgoCD GitOps (app-of-apps + ApplicationSets), platform components
  (cert-manager, Traefik, CloudNativePG, Valkey, Longhorn, Sealed Secrets), namespaces
- Observability: kube-prometheus-stack, Loki, Promtail as ArgoCD Applications
- CI/CD: GitHub Actions for PR builds, preview deploys, production deploys
- DX: Taskfile, utility scripts, copier templates, Ubiquiti network docs

infra/ansible/playbooks/bootstrap.yaml

@@ -0,0 +1,7 @@
+---
+- name: Bootstrap all nodes
+  hosts: k3s_cluster
+  become: true
+  roles:
+    - common
+    - hardening

infra/ansible/playbooks/k3s-agent.yaml

@@ -0,0 +1,6 @@
+---
+- name: Install k3s agent nodes
+  hosts: agents
+  become: true
+  roles:
+    - k3s-agent

infra/ansible/playbooks/k3s-server.yaml

@@ -0,0 +1,6 @@
+---
+- name: Install k3s server nodes
+  hosts: servers
+  become: true
+  roles:
+    - k3s-server

infra/ansible/playbooks/k3s-upgrade.yaml

@@ -0,0 +1,49 @@
+---
+- name: Upgrade k3s cluster
+  hosts: k3s_cluster
+  become: true
+  serial: 1
+  vars:
+    k3s_upgrade_version: "{{ k3s_version }}"
+  tasks:
+    - name: Cordon node
+      ansible.builtin.command:
+        cmd: k3s kubectl cordon {{ inventory_hostname }}
+      delegate_to: "{{ groups['servers'][0] }}"
+      changed_when: true
+
+    - name: Drain node
+      ansible.builtin.command:
+        cmd: >-
+          k3s kubectl drain {{ inventory_hostname }}
+          --ignore-daemonsets
+          --delete-emptydir-data
+          --timeout=120s
+      delegate_to: "{{ groups['servers'][0] }}"
+      changed_when: true
+
+    - name: Upgrade k3s
+      ansible.builtin.command:
+        cmd: /tmp/k3s-install.sh
+      environment:
+        INSTALL_K3S_VERSION: "{{ k3s_upgrade_version }}"
+        K3S_TOKEN: "{{ k3s_token }}"
+        INSTALL_K3S_EXEC: "{{ 'server ' + k3s_server_args if k3s_role == 'server' else 'agent ' + k3s_agent_args }}"
+        K3S_URL: "{{ '' if k3s_role == 'server' else k3s_server_url }}"
+      changed_when: true
+
+    - name: Wait for node to be ready
+      ansible.builtin.command:
+        cmd: k3s kubectl get node {{ inventory_hostname }} -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
+      delegate_to: "{{ groups['servers'][0] }}"
+      register: node_ready
+      retries: 30
+      delay: 10
+      until: node_ready.stdout == "True"
+      changed_when: false
+
+    - name: Uncordon node
+      ansible.builtin.command:
+        cmd: k3s kubectl uncordon {{ inventory_hostname }}
+      delegate_to: "{{ groups['servers'][0] }}"
+      changed_when: true

infra/ansible/playbooks/reset.yaml

@@ -0,0 +1,38 @@
+---
+- name: Reset k3s cluster (DESTRUCTIVE)
+  hosts: k3s_cluster
+  become: true
+  tasks:
+    - name: Confirm reset
+      ansible.builtin.pause:
+        prompt: "This will DESTROY the k3s cluster. Type 'yes' to continue"
+      register: confirm
+      run_once: true
+
+    - name: Abort if not confirmed
+      ansible.builtin.fail:
+        msg: "Reset aborted"
+      when: confirm.user_input != "yes"
+      run_once: true
+
+    - name: Uninstall k3s agent
+      ansible.builtin.command:
+        cmd: /usr/local/bin/k3s-agent-uninstall.sh
+      when: k3s_role == 'agent'
+      ignore_errors: true
+      changed_when: true
+
+    - name: Uninstall k3s server
+      ansible.builtin.command:
+        cmd: /usr/local/bin/k3s-uninstall.sh
+      when: k3s_role == 'server'
+      ignore_errors: true
+      changed_when: true
+
+    - name: Clean up data directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: absent
+      loop:
+        - /var/lib/rancher
+        - /etc/rancher

infra/ansible/playbooks/site.yaml

@@ -0,0 +1,9 @@
+---
+- name: Full cluster deployment
+  ansible.builtin.import_playbook: bootstrap.yaml
+
+- name: Install k3s servers
+  ansible.builtin.import_playbook: k3s-server.yaml
+
+- name: Install k3s agents
+  ansible.builtin.import_playbook: k3s-agent.yaml