Initial monorepo scaffold
Turborepo + pnpm monorepo for k3s homelab cluster on Intel NUCs. - Apps: Next.js web frontend, Express API (TypeScript, Dockerfiles, k8s manifests) - Packages: shared UI, ESLint config, TypeScript config, Drizzle DB schemas - Infra/Ansible: bare-metal provisioning with roles for common, k3s-server, k3s-agent, hardening - Infra/Kubernetes: ArgoCD GitOps (app-of-apps + ApplicationSets), platform components (cert-manager, Traefik, CloudNativePG, Valkey, Longhorn, Sealed Secrets), namespaces - Observability: kube-prometheus-stack, Loki, Promtail as ArgoCD Applications - CI/CD: GitHub Actions for PR builds, preview deploys, production deploys - DX: Taskfile, utility scripts, copier templates, Ubiquiti network docs
This commit is contained in:
Julia McGhee
55
infra/ansible/roles/common/tasks/main.yaml
Normal file
55
infra/ansible/roles/common/tasks/main.yaml
Normal file
@@ -0,0 +1,55 @@
|
||||
---
|
||||
- name: Set timezone
|
||||
community.general.timezone:
|
||||
name: "{{ timezone }}"
|
||||
|
||||
- name: Configure NTP
|
||||
ansible.builtin.template:
|
||||
src: timesyncd.conf.j2
|
||||
dest: /etc/systemd/timesyncd.conf
|
||||
mode: "0644"
|
||||
notify: restart timesyncd
|
||||
|
||||
- name: Update apt cache
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: Install common packages
|
||||
ansible.builtin.apt:
|
||||
name: "{{ common_packages }}"
|
||||
state: present
|
||||
|
||||
- name: Configure sysctl for k8s
|
||||
ansible.posix.sysctl:
|
||||
name: "{{ item.key }}"
|
||||
value: "{{ item.value }}"
|
||||
sysctl_set: true
|
||||
reload: true
|
||||
loop:
|
||||
- { key: net.bridge.bridge-nf-call-iptables, value: "1" }
|
||||
- { key: net.bridge.bridge-nf-call-ip6tables, value: "1" }
|
||||
- { key: net.ipv4.ip_forward, value: "1" }
|
||||
- { key: fs.inotify.max_user_instances, value: "512" }
|
||||
- { key: fs.inotify.max_user_watches, value: "524288" }
|
||||
|
||||
- name: Load br_netfilter module
|
||||
community.general.modprobe:
|
||||
name: br_netfilter
|
||||
persistent: present
|
||||
|
||||
- name: Disable swap
|
||||
ansible.builtin.command: swapoff -a
|
||||
changed_when: false
|
||||
|
||||
- name: Remove swap from fstab
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/fstab
|
||||
regexp: '\sswap\s'
|
||||
state: absent
|
||||
|
||||
- name: Enable iscsid service (for Longhorn)
|
||||
ansible.builtin.systemd:
|
||||
name: iscsid
|
||||
enabled: true
|
||||
state: started
|
||||
Reference in New Issue
Block a user