✨ new talos cluster

ansible/inventory/group_vars/all/all.sops.yml

@@ -1,24 +0,0 @@
-kind: Secret
-secret_domain: ENC[AES256_GCM,data:SjdnR9pDjveodvo=,iv:GKvdD7c3bmaQN+CAYoKwAy78em9vYljGyl6VfGmJk9E=,tag:hz92J7d1NokEeyB6vxr3Uw==,type:str]
-secret_cluster_domain: ENC[AES256_GCM,data:o+bvKkMvPfZ9+oobxsZj,iv:iJTqLF0+3v/kMHWJIUXQK3++CoLI+fC6IOrQgpiXofw=,tag:XWEid6zEhdpxka88rW2mkw==,type:str]
-secret_email_domain: ENC[AES256_GCM,data:xQwrd9Tgcgpq+I63KA8=,iv:w8fs1kXFwuRBNiswZMu5i/bOazqUPRxEwMWm0z/igxg=,tag:FaWpGtK7ldOEcHgXxZX6/A==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dGgya0lVNUtvMEhmWFpm
-            dE8wdkppSEZiMjVteS9pZkxFaUltQ0VlUzNFCk1oVzVHTVIxVnIvL21YemtZVmJz
-            a3lmMnJaNGI2NXlUKzduS1ZVa1o5amcKLS0tICtLS2pRZjk4U285TzJnV0J3MUkw
-            c3JkOFZzYnpINjQ5QnNkaE9IYUdXL3MKsBelDv/z5nTYC6/1Zm8kmzqEoLBVPnhy
-            v0v/6n1GksmzslbNdKhy+xtxHYrqouhc2P4hNi0R8p8u76RXERN5fg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-09-24T21:41:39Z"
-    mac: ENC[AES256_GCM,data:YWFS0eyejY3d7HrAewpKhs4Z0ATLZRFAhx/hO8+7OMHnCw+LSXzv0YCygVOTilUJ6By56CRwqF0B9gY/zQUF9mCklyFeHpogmPL92cbAe/gsgKpJI+Nnqrdrch2J8gRv485NI8EQ8sYqSZ0RNsyDiOOyY3OW86L4vqZBqb31O/4=,iv:EGKIAUqY7UQU2+1qpo2VYMvAMomn6vbmGv3uKCpLOOs=,tag:4MNWlJ5Knbymkr/T22P+FA==,type:str]
-    pgp: []
-    unencrypted_regex: ^(kind)$
-    version: 3.7.3

ansible/inventory/group_vars/all/calico.yml

@@ -1,14 +0,0 @@
----
-# -- Encapsulation type
-calico_encapsulation: "None"
-# -- BGP Peer IP
-# -- (usually your router IP address)
-calico_bgp_peer_ip: 192.168.8.1
-# -- BGP Autonomous System Number
-# -- (must be the same across all BGP peers)
-calico_bgp_as_number: 64512
-# -- BGP Network you want services to consume
-# -- (this network should not exist or be defined anywhere in your network)
-calico_bgp_external_ips: 192.168.169.0/24
-# -- CIDR of the host node interface Calico should use
-calico_node_cidr: 10.69.0.0/16

ansible/inventory/group_vars/all/k3s.yml

@@ -1,79 +0,0 @@
----
-#
-# Below vars are for the xanmanning.k3s role
-# ...see https://github.com/PyratLabs/ansible-role-k3s#globalcluster-variables
-#
-
-# Use a specific version of k3s
-# renovate: datasource=github-releases depName=k3s-io/k3s
-k3s_release_version: "v1.25.3+k3s1"
-
-# -- Install using hard links rather than symbolic links.
-# ...if you are using the system-upgrade-controller you will need to
-# use hard links rather than symbolic links as the controller will
-# not be able to follow symbolic links.
-k3s_install_hard_links: true
-
-# -- Escalate user privileges for all tasks.
-k3s_become: true
-
-# -- Enable debugging
-k3s_debug: false
-
-# -- Enabled embedded etcd
-# k3s_etcd_datastore: false
-
-# -- Enable for single or even number of masters
-k3s_use_unsupported_config: false
-
-# -- /var/lib/rancher/k3s/server/manifests
-k3s_server_manifests_templates:
-  - "calico/calico-installation.yaml.j2"
-  - "calico/calico-bgpconfiguration.yaml.j2"
-  - "calico/calico-bgppeer.yaml.j2"
-
-# -- /var/lib/rancher/k3s/server/manifests
-k3s_server_manifests_urls:
-  - url: https://docs.projectcalico.org/archive/v3.24/manifests/tigera-operator.yaml
-    filename: tigera-operator.yaml
-
-# -- /etc/rancher/k3s/registries.yaml
-# k3s_registries:
-#   mirrors:
-#     "docker.io":
-#       endpoint:
-#         - "https://mirror.{{ SECRET_PRIVATE_DOMAIN }}"
-#     "*":
-#       endpoint:
-#         - "https://mirror.{{ SECRET_PRIVATE_DOMAIN }}"
-#   config:
-#     "https://registry.{{ SECRET_PRIVATE_DOMAIN }}":
-#       auth:
-#         username: "{{ SECRET_NEXUS_USERNAME }}"
-#         password: "{{ SECRET_NEXUS_PASSWORD }}"
-
-timezone: Europe/Paris
-
-public_ssh_keys:
-  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+GMHgvbtf6f7xUMAQR+vZFfD/mIIfIDNX5iP8tDRXZ claude@claude-thinkpad-fedora"
-  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINo7E0oAOzaq0XvUHkWvZSC8u1XxX8dDCq3bSyK2BCen claude@claude-fixe-fedora"
-
-packages:
-  - "https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm"
-  - "https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm"
-  - dnf-automatic
-  - dnf-plugin-system-upgrade
-  - dnf-utils
-  - fish
-  - hdparm
-  - htop
-  - intel-gpu-tools
-  - ipvsadm
-  - lm_sensors
-  - nano
-  - nvme-cli
-  - python3-libselinux
-  - socat
-  - cockpit-pcp
-
-k3s_registration_address: 192.168.9.100

ansible/inventory/group_vars/all/wireguard.sops.yml

@@ -1,22 +0,0 @@
-kind: Secret
-wireguard_private_key: ENC[AES256_GCM,data:n7+yDJlb50mm2CiFRJ8YbvtzZaJOD2Hlz1/jbwtCSerRPTbJpDnCaL78EdI=,iv:5D8M8lKJPiduyGp6D2Woi/VEHkAVHi3v5NB2LRY+UNA=,tag:NkvkhueDrDf/1Ly9zv5YCw==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPNWlaV1YvWUw0NEJOR2Rz
-            aHd5eU9SdjFuTDgyZDhzUjVIMmFMczg5MmlZCm5vT1VTdjh4WkhCNWsrOG9SaWFM
-            L0FpSGVuR3hPN04zNHRCd3JMQXVLZVEKLS0tIFFhY1plTzdScmJrWW8xMXpIUXBP
-            RHR1bnp1VXZJNUI5dmVXcXRvU2NFem8KFdpVMZL4By87eR2mFB5P2ViZxA04p2uI
-            oe1Wg5bmqLNsfr+Z/Ai6Xc8D9ojuPvNXUkrzdLq5i6M+mi1ultazxQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-07-22T12:36:41Z"
-    mac: ENC[AES256_GCM,data:Pdlc1pFCdB6C4Zzm2HkBh8NJn/uE3KVXwWmWlUqbjHRRCqxED1X7lMVxNHgy/ZmmuB1StoZrzwGUVTGRhpcWGX9D614TrKgjPtkr4dxdshYIfIXPsskVnNfULQcvitTjprLj3JKXbZgjO86hGo5c1SgZpEiapuNdvYSHH6EGjyU=,iv:72i8p3q9Tg1kU6BExNtlakXLLt19Aic5xmgU2Hv2VqI=,tag:yu0KkQVK2/Z0mr/scwIekQ==,type:str]
-    pgp: []
-    unencrypted_regex: ^(kind)$
-    version: 3.7.3