refactor(k3s): streamline inventory and primary server IP handling

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

roles/k3s_loadbalancer/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart nginx
+  ansible.builtin.systemd:
+    name: nginx
+    state: restarted
+  become: true

roles/k3s_loadbalancer/tasks/configuration.yml

@@ -0,0 +1,20 @@
+---
+- name: Template the nginx config file with dynamic upstreams
+  ansible.builtin.template:
+    src: templates/nginx.conf.j2
+    dest: "{{ k3s_loadbalancer_nginx_config_path }}"
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify:
+    - Restart nginx
+  vars:
+    k3s_server_ips: "{{ groups['k3s_server'] | map('extract', hostvars, 'ansible_default_ipv4') | map(attribute='address') | unique | list }}"
+
+- name: Enable nginx
+  ansible.builtin.systemd:
+    name: nginx
+    daemon_reload: true
+    enabled: true
+  become: true

roles/k3s_loadbalancer/tasks/installation.yml

@@ -0,0 +1,12 @@
+---
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: true
+  become: true
+
+- name: Install Nginx
+  ansible.builtin.apt:
+    name:
+      - nginx-full
+    state: present
+  become: true

roles/k3s_loadbalancer/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Installation
+  ansible.builtin.include_tasks: installation.yml
+- name: Configure
+  ansible.builtin.include_tasks: configuration.yml

roles/k3s_loadbalancer/templates/nginx.conf.j2

@@ -0,0 +1,87 @@
+include /etc/nginx/modules-enabled/*.conf;
+
+events {}
+
+stream {
+# TCP Load Balancing for the K3s API
+  upstream k3s_servers {
+    {% for ip in k3s_server_ips %}
+    server {{ ip }}:{{ k3s.loadbalancer.default_port }};
+    {% endfor %}
+  }
+
+  server {
+    listen {{k3s.loadbalancer.default_port}};
+    proxy_pass k3s_servers;
+  }
+
+  upstream dns_servers {
+    {% for ip in k3s_server_ips %}
+    server {{ ip }}:53;
+    {% endfor %}
+  }
+
+  server {
+    listen 53 udp;
+    proxy_pass dns_servers;
+  }
+}
+
+# http {
+#   upstream k3s_servers_http {
+#     least_conn;
+#     {% for ip in k3s_server_ips %}
+#     server {{ ip }}:80;
+#     {% endfor %}
+#   }
+#
+#   upstream k3s_servers_https {
+#     least_conn;
+#     {% for ip in k3s_server_ips %}
+#     server {{ ip }}:443;
+#     {% endfor %}
+#   }
+#
+#   server {
+#     listen 80;
+#
+#     location / {
+#       proxy_pass http://k3s_servers_http;
+#       proxy_set_header Host $http_host;
+#       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#       proxy_set_header X-Forwarded-Proto http;
+#     }
+#   }
+#
+#   server {
+#     listen 443 ssl;
+#
+#     server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de;
+#
+#     ssl_certificate /etc/nginx/ssl/staging_tls.crt;
+#     ssl_certificate_key /etc/nginx/ssl/staging_tls.key;
+#
+#     location / {
+#       proxy_pass https://k3s_servers_https;
+#       proxy_set_header Host $host;
+#       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#       proxy_set_header X-Forwarded-Proto https;
+#     }
+#   }
+#
+#   server {
+#     listen 443 ssl;
+#
+#     server_name k3s.seyshiro.de *.k3s.seyshiro.de;
+#
+#     ssl_certificate /etc/nginx/ssl/production_tls.crt;
+#     ssl_certificate_key /etc/nginx/ssl/production_tls.key;
+#
+#     location / {
+#       proxy_pass https://k3s_servers_https;
+#       proxy_set_header Host $host;
+#       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#       proxy_set_header X-Forwarded-Proto https;
+#     }
+#   }
+# }

roles/k3s_loadbalancer/vars/main.yml

@@ -0,0 +1 @@
+k3s_loadbalancer_nginx_config_path: "/etc/nginx/nginx.conf"