feat(k3s): Added 2 nodes (2/2)

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

.ansible-lint

@@ -13,6 +13,8 @@ skip_list:
   - fqcn-builtins
   - no-handler
   - var-naming
+  - no-changed-when
+  - risky-shell-pipe
 
 # Enforce certain rules that are not enabled by default.
 enable_list:

.gitattributes

@@ -0,0 +1,8 @@
+vars/group_vars/proxmox/secrets_vm.yml diff=ansible-vault merge=binary
+vars/group_vars/all/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/docker/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/k3s/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/k3s/secrets_token.yml diff=ansible-vault merge=binary
+vars/group_vars/kubernetes/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/proxmox/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/proxmox/secrets_vm.yml diff=ansible-vault merge=binary

.pre-commit-config.yaml

@@ -10,7 +10,7 @@ repos:
     hooks:
       - id: ansible-galaxy-install
         name: Install ansible-galaxy collections
-        entry: ansible-galaxy collection install -r requirements.yml
+        entry: ansible-galaxy collection install -r requirements.yaml
         language: system
         pass_filenames: false
         always_run: true
@@ -18,6 +18,6 @@ repos:
     rev: v6.22.2
     hooks:
       - id: ansible-lint
-        files: \.(yaml|yml)$
+        files: \.(yaml)$
         additional_dependencies:
           - ansible-core==2.15.8

README.md

@@ -66,6 +66,17 @@ The following roles are defined:
     ansible-playbook -i vars/k3s.ini playbooks/kubernetes_setup.yml
     ```
 
+## Notes
+
+### Vault Git Diff
+
+This repo has a `.gitattributes` which points at the repos ansible-vault files.
+These can be temporarily decrypted for git diff by adding this in conjunction with the `.gitattributes`:
+```sh
+# https://stackoverflow.com/questions/29937195/how-to-diff-ansible-vault-changes
+git config --global diff.ansible-vault.textconv "ansible-vault view"
+```
+
 ## Disclaimer
 
 This project is highly customized for the author's specific environment. Using it without modification is not recommended.

ansible.cfg

@@ -14,7 +14,7 @@ vault_password_file=/media/veracrypt1/scripts/ansible_vault.sh
 
 # (list) Check all of these extensions when looking for 'variable' files which should be YAML or JSON or vaulted versions of these.
 # This affects vars_files, include_vars, inventory and vars plugins among others.
-yaml_valid_extensions=.yml
+yaml_valid_extensions=.yaml
 
 # (boolean) Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host
 host_key_checking=False

playbooks/docker-host.yaml

@@ -3,9 +3,9 @@
   hosts: docker_host
   gather_facts: true
   roles:
-    - role: common
+    # - role: common
-      tags:
+    #   tags:
-        - common
+    #     - common
     - role: docker_host
       tags:
         - docker_host

playbooks/docker.yaml

@@ -0,0 +1,5 @@
+---
+- name: Setup Docker Hosts
+  ansible.builtin.import_playbook: docker-host.yaml
+- name: Setup Docker load balancer
+  ansible.builtin.import_playbook: docker-lb.yaml

playbooks/docker.yml

@@ -1,5 +0,0 @@
----
-- name: Setup Docker Hosts
-  ansible.builtin.import_playbook: docker-host.yml
-- name: Setup Docker load balancer
-  ansible.builtin.import_playbook: docker-lb.yml

playbooks/proxmox-k3s-add-agent.yaml

@@ -0,0 +1,6 @@
+---
+- name: Create new VM(s)
+  ansible.builtin.import_playbook: proxmox.yaml
+
+- name: Provision VM
+  ansible.builtin.import_playbook: k3s-agents.yaml

roles/common/tasks/extra_packages.yaml

@@ -79,12 +79,13 @@
     path: ~/.config/nvim
   register: nvim_config
 
-- name: Clone LazyVim starter to Neovim config directory
+- name: Clone personal Neovim config directory
   ansible.builtin.git:
-    repo: https://github.com/LazyVim/starter
+    repo: https://codeberg.org/tudattr/nvim
     dest: ~/.config/nvim
     clone: true
     update: false
+    version: 1.0.0
   when: not nvim_config.stat.exists
 
 - name: Remove .git directory from Neovim config

roles/common/tasks/main.yaml

@@ -0,0 +1,13 @@
+---
+- name: Configure Time
+  ansible.builtin.include_tasks: time.yaml
+- name: Configure Packages
+  ansible.builtin.include_tasks: packages.yaml
+- name: Configure Hostname
+  ansible.builtin.include_tasks: hostname.yaml
+- name: Configure Extra-Packages
+  ansible.builtin.include_tasks: extra_packages.yaml
+- name: Configure Bash
+  ansible.builtin.include_tasks: bash.yaml
+- name: Configure SSH
+  ansible.builtin.include_tasks: sshd.yaml

roles/common/tasks/main.yml

@@ -1,13 +0,0 @@
----
-- name: Configure Time
-  ansible.builtin.include_tasks: time.yml
-- name: Configure Packages
-  ansible.builtin.include_tasks: packages.yml
-- name: Configure Hostname
-  ansible.builtin.include_tasks: hostname.yml
-- name: Configure Extra-Packages
-  ansible.builtin.include_tasks: extra_packages.yml
-- name: Configure Bash
-  ansible.builtin.include_tasks: bash.yml
-- name: Configure SSH
-  ansible.builtin.include_tasks: sshd.yml

roles/common/vars/main.yaml

@@ -15,3 +15,4 @@ common_packages:
   - ripgrep
   - nfs-common
   - open-iscsi
+  - parted

roles/docker_host/tasks/40_directory_setup.yaml

@@ -5,7 +5,6 @@
     state: directory
     mode: "0755"
   loop:
-    - /media/docker
     - /media/series
     - /media/movies
     - /media/songs
@@ -38,4 +37,5 @@
     - /media/series
     - /media/movies
     - /media/songs
+    - /media/downloads
   become: true

roles/docker_host/tasks/main.yaml

@@ -0,0 +1,21 @@
+---
+- name: Setup VM
+  ansible.builtin.include_tasks: 10_setup.yaml
+
+- name: Install docker
+  ansible.builtin.include_tasks: 20_installation.yaml
+
+- name: Setup user and group for docker
+  ansible.builtin.include_tasks: 30_user_group_setup.yaml
+
+- name: Setup directory structure for docker
+  ansible.builtin.include_tasks: 40_directory_setup.yaml
+
+# - name: Deploy configs
+#   ansible.builtin.include_tasks: 50_provision.yaml
+
+- name: Deploy docker compose
+  ansible.builtin.include_tasks: 60_deploy_compose.yaml
+
+- name: Publish metrics
+  ansible.builtin.include_tasks: 70_export.yaml

roles/docker_host/tasks/main.yml

@@ -1,21 +0,0 @@
----
-- name: Setup VM
-  ansible.builtin.include_tasks: 10_setup.yml
-
-- name: Install docker
-  ansible.builtin.include_tasks: 20_installation.yml
-
-- name: Setup user and group for docker
-  ansible.builtin.include_tasks: 30_user_group_setup.yml
-
-- name: Setup directory structure for docker
-  ansible.builtin.include_tasks: 40_directory_setup.yml
-
-- name: Deploy configs
-  ansible.builtin.include_tasks: 50_provision.yml
-
-- name: Deploy docker compose
-  ansible.builtin.include_tasks: 60_deploy_compose.yml
-
-- name: Publish metrics
-  ansible.builtin.include_tasks: 70_export.yml

roles/docker_host/vars/main.yaml

@@ -1,7 +1,5 @@
 docker_host_package_common_dependencies:
   - nfs-common
-  - firmware-misc-nonfree
-  - linux-image-amd64
 
 apt_lock_files:
   - /var/lib/dpkg/lock

roles/k3s_agent/tasks/main.yaml

@@ -0,0 +1,3 @@
+---
+- name: Install k3s agent
+  include_tasks: installation.yaml

roles/k3s_agent/tasks/main.yml

@@ -1,3 +0,0 @@
----
-- name: Install k3s agent
-  include_tasks: installation.yml

roles/k3s_loadbalancer/tasks/main.yaml

@@ -1,9 +1,9 @@
 ---
 - name: Installation
-  ansible.builtin.include_tasks: installation.yml
+  ansible.builtin.include_tasks: installation.yaml
 
 - name: Configure
-  ansible.builtin.include_tasks: configuration.yml
+  ansible.builtin.include_tasks: configuration.yaml
 
 - name: Setup DNS on Netcup
   community.general.netcup_dns:

roles/k3s_server/tasks/main.yaml

@@ -14,16 +14,16 @@
   register: k3s_status
 
 - name: Install primary k3s server
-  include_tasks: primary_installation.yml
+  include_tasks: primary_installation.yaml
   when: ansible_default_ipv4.address == k3s_primary_server_ip
 
 - name: Get token from primary k3s server
-  include_tasks: pull_token.yml
+  include_tasks: pull_token.yaml
 
 - name: Install seconary k3s servers
-  include_tasks: secondary_installation.yml
+  include_tasks: secondary_installation.yaml
   when: ansible_default_ipv4.address != k3s_primary_server_ip
 
 - name: Set kubeconfig on localhost
-  include_tasks: create_kubeconfig.yml
+  include_tasks: create_kubeconfig.yaml
   when: ansible_default_ipv4.address == k3s_primary_server_ip

roles/k3s_server/vars/main.yaml

@@ -1 +1 @@
-k3s_server_token_vault_file: ../vars/group_vars/k3s/secrets_token.yml
+k3s_server_token_vault_file: ../vars/group_vars/k3s/secrets_token.yaml

roles/k3s_storage/tasks/main.yaml

@@ -0,0 +1,5 @@
+---
+- name: Install dependencies
+  ansible.builtin.include_tasks: requirements.yaml
+- name: Install k3s
+  ansible.builtin.include_tasks: installation.yaml

roles/k3s_storage/tasks/main.yml

@@ -1,5 +0,0 @@
----
-- name: Install dependencies
-  ansible.builtin.include_tasks: requirements.yml
-- name: Install k3s
-  ansible.builtin.include_tasks: installation.yml

roles/kubernetes_argocd/tasks/main.yaml

@@ -33,7 +33,7 @@
 
 - name: Apply ArgoCD Ingress
   kubernetes.core.k8s:
-    definition: "{{ lookup('ansible.builtin.template', 'ingress.yml.j2') | from_yaml }}"
+    definition: "{{ lookup('ansible.builtin.template', 'ingress.yaml.j2') | from_yaml }}"
     state: present
     namespace: "{{ argocd_namespace }}"
   register: apply_manifests
@@ -53,7 +53,7 @@
 
 - name: Apply ArgoCD repository
   kubernetes.core.k8s:
-    definition: "{{ lookup('ansible.builtin.template', 'repository.yml.j2') | from_yaml }}"
+    definition: "{{ lookup('ansible.builtin.template', 'repository.yaml.j2') | from_yaml }}"
     state: present
     namespace: "{{ argocd_namespace }}"
   register: apply_manifests
@@ -63,7 +63,7 @@
 
 - name: Apply ArgoCD Root Application
   kubernetes.core.k8s:
-    definition: "{{ lookup('ansible.builtin.template', 'root_application.yml.j2') | from_yaml }}"
+    definition: "{{ lookup('ansible.builtin.template', 'root_application.yaml.j2') | from_yaml }}"
     state: present
     namespace: "{{ argocd_namespace }}"
   register: apply_manifests

roles/node_exporter/tasks/main.yaml

@@ -0,0 +1,6 @@
+- name: Get Version
+  ansible.builtin.include_tasks: get_version.yaml
+- name: Install
+  ansible.builtin.include_tasks: install.yaml
+- name: Setup Service
+  ansible.builtin.include_tasks: systemd.yaml

roles/node_exporter/tasks/main.yml

@@ -1,6 +0,0 @@
-- name: Get Version
-  ansible.builtin.include_tasks: get_version.yml
-- name: Install
-  ansible.builtin.include_tasks: install.yml
-- name: Setup Service
-  ansible.builtin.include_tasks: systemd.yml

roles/proxmox/README.md

@@ -2,11 +2,6 @@
 
 This role facilitates the management of Proxmox VE resources, including virtual machines (VMs) and LXC containers. It automates the setup of Proxmox nodes and the creation, configuration, and destruction of guests.
 
-## Requirements
-
-- `community.general.proxmox_vm_info`
-- `community.general.proxmox_kvm`
-
 ## Role Variables
 
 | Variable | Description | Default Value |

roles/proxmox/files/check_proxmox_vm.sh

@@ -65,11 +65,11 @@ restart_vm() {
 }
 
 # Main execution
-log_message "Starting monitoring of VM $VM_ID on port $PORT..."
+# log_message "Starting monitoring of VM $VM_ID on port $PORT..."
 
 # Check if port 22 is open
 if ! check_port; then
 	restart_vm
-else
+# else
-	log_message "Port $PORT is reachable. VM is running normally."
+# 	log_message "Port $PORT is reachable. VM is running normally."
 fi

roles/proxmox/tasks/00_setup_machines.yaml

@@ -0,0 +1,8 @@
+---
+- name: Prepare Localhost
+  ansible.builtin.include_tasks: ./01_setup_localhost.yaml
+  when: is_localhost
+
+- name: Prepare Localhost
+  ansible.builtin.include_tasks: ./05_setup_node.yaml
+  when: is_proxmox_node

roles/proxmox/tasks/00_setup_machines.yml

@@ -1,8 +0,0 @@
----
-- name: Prepare Localhost
-  ansible.builtin.include_tasks: ./01_setup_localhost.yml
-  when: is_localhost
-
-- name: Prepare Localhost
-  ansible.builtin.include_tasks: ./05_setup_node.yml
-  when: is_proxmox_node

roles/proxmox/tasks/05_setup_node.yaml

@@ -7,4 +7,4 @@
   loop: "{{ proxmox_node_dependencies }}"
 
 - name: Ensure Harware Acceleration on node
-  ansible.builtin.include_tasks: 06_hardware_acceleration.yml
+  ansible.builtin.include_tasks: 06_hardware_acceleration.yaml

roles/proxmox/tasks/06_hardware_acceleration.yaml

@@ -23,6 +23,7 @@
       vfio_virqfd
     create: true
     backup: true
+    mode: 644
   register: vfio_result
 
 - name: Update initramfs

roles/proxmox/tasks/10_create_secrets.yaml

@@ -6,7 +6,7 @@
     mode: "0600"
 
 - name: Update Vault data
-  ansible.builtin.include_tasks: 15_create_secret.yml
+  ansible.builtin.include_tasks: 15_create_secret.yaml
   loop: "{{ vms | map(attribute='name') }}"
   loop_control:
     loop_var: "vm_name"

roles/proxmox/tasks/15_create_secret.yaml

@@ -1,7 +1,6 @@
 ---
 - name: Decrypt vm vault file
   ansible.builtin.shell: cd ../; ansible-vault decrypt "./playbooks/{{ proxmox_vault_file }}"
-  ignore_errors: true
   no_log: true
 
 - name: Load existing vault content
@@ -43,5 +42,4 @@
 
 - name: Encrypt vm vault file
   ansible.builtin.shell: cd ../; ansible-vault encrypt "./playbooks/{{ proxmox_vault_file }}"
-  ignore_errors: true
   no_log: true

roles/proxmox/tasks/40_prepare_vm_creation.yaml

@@ -1,6 +1,6 @@
 ---
 - name: Download Cloud Init Isos
-  ansible.builtin.include_tasks: 42_download_isos.yml
+  ansible.builtin.include_tasks: 42_download_isos.yaml
   loop: "{{ proxmox_cloud_init_images | dict2items | map(attribute='value') }}"
   loop_control:
     loop_var: distro

roles/proxmox/tasks/50_create_vms.yaml

@@ -5,13 +5,13 @@
     name: vm_secrets
 
 # - name: Destroy vms (Only during rapid testing)
-#   ansible.builtin.include_tasks: 54_destroy_vm.yml
+#   ansible.builtin.include_tasks: 54_destroy_vm.yaml
 #   loop: "{{ vms }}"
 #   loop_control:
 #     loop_var: "vm"
 
 - name: Create vms
-  ansible.builtin.include_tasks: 55_create_vm.yml
+  ansible.builtin.include_tasks: 55_create_vm.yaml
   loop: "{{ vms }}"
   loop_control:
     loop_var: "vm"

roles/proxmox/tasks/54_destroy_vm.yaml

@@ -1,6 +1,6 @@
 ---
 - name: Gather info about VM
-  community.general.proxmox_vm_info:
+  community.proxmox.proxmox_vm_info:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -9,7 +9,7 @@
   register: vm_info
 
 - name: Stop VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -21,7 +21,7 @@
   when: vm_info.proxmox_vms | length > 0
 
 - name: Destroy VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"

roles/proxmox/tasks/55_create_vm.yaml

@@ -1,6 +1,6 @@
 ---
 - name: Create VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -27,5 +27,5 @@
   register: proxmox_deploy_info
 
 - name: Provision created VM
-  ansible.builtin.include_tasks: 56_provision_new_vm.yml
+  ansible.builtin.include_tasks: 56_provision_new_vm.yaml
   when: proxmox_deploy_info.changed

roles/proxmox/tasks/56_provision_new_vm.yaml

@@ -25,7 +25,7 @@
   delegate_to: "{{ vm.node }}"
 
 - name: Start VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -35,14 +35,14 @@
     state: started
 
 - name: Retry stopping VM
-  ansible.builtin.include_tasks: ./57_stop_and_verify_vm.yml
+  ansible.builtin.include_tasks: ./57_stop_and_verify_vm.yaml
 
 - name: Pause for 5 seconds for api
   ansible.builtin.pause:
     seconds: 5
 
 - name: Start VM
-  community.general.proxmox_kvm:
+  community.proxmox.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
     api_token_id: "{{ proxmox_api_token_id }}"
     api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -99,7 +99,7 @@
 - name: Creates PATH-entry for crontab
   ansible.builtin.cron:
     name: PATH
-    env: yes
+    env: true
     job: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
   delegate_to: "{{ vm.node }}"
 

roles/proxmox/tasks/57_stop_and_verify_vm.yaml

@@ -5,7 +5,7 @@
         retry_count: "{{ 0 if retry_count is undefined else retry_count | int + 1 }}"
 
     - name: Stop VM
-      community.general.proxmox_kvm:
+      community.proxmox.proxmox_kvm:
         api_user: "{{ proxmox_api_user }}@pam"
         api_token_id: "{{ proxmox_api_token_id }}"
         api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -16,7 +16,7 @@
         force: true
 
     - name: Wait until VM is fully stopped
-      community.general.proxmox_vm_info:
+      community.proxmox.proxmox_vm_info:
         api_user: "{{ proxmox_api_user }}@pam"
         api_token_id: "{{ proxmox_api_token_id }}"
         api_token_secret: "{{ proxmox_api_token_secret }}"
@@ -36,4 +36,4 @@
         seconds: 5
 
     - name: "Failed to stop VM - Retrying..."
-      include_tasks: ./57_stop_and_verify_vm.yml
+      include_tasks: ./57_stop_and_verify_vm.yaml

roles/proxmox/tasks/60_create_containers.yaml

@@ -5,7 +5,7 @@
     name: vm_secrets
 
 - name: Create vms
-  ansible.builtin.include_tasks: 65_create_container.yml
+  ansible.builtin.include_tasks: 65_create_container.yaml
   loop: "{{ lxcs }}"
   loop_control:
     loop_var: "container"

roles/proxmox/tasks/main.yaml

@@ -0,0 +1,19 @@
+---
+- name: Prepare Machines
+  ansible.builtin.include_tasks: 00_setup_machines.yaml
+
+- name: Create VM vault
+  ansible.builtin.include_tasks: 10_create_secrets.yaml
+  when: is_localhost
+
+- name: Prime node for VM
+  ansible.builtin.include_tasks: 40_prepare_vm_creation.yaml
+  when: is_proxmox_node
+
+- name: Create VMs
+  ansible.builtin.include_tasks: 50_create_vms.yaml
+  when: is_localhost
+
+- name: Create LXC containers
+  ansible.builtin.include_tasks: 60_create_containers.yaml
+  when: is_localhost

roles/proxmox/tasks/main.yml

@@ -1,19 +0,0 @@
----
-- name: Prepare Machines
-  ansible.builtin.include_tasks: 00_setup_machines.yml
-
-- name: Create VM vault
-  ansible.builtin.include_tasks: 10_create_secrets.yml
-  when: is_localhost
-
-- name: Prime node for VM
-  ansible.builtin.include_tasks: 40_prepare_vm_creation.yml
-  when: is_proxmox_node
-
-- name: Create VMs
-  ansible.builtin.include_tasks: 50_create_vms.yml
-  when: is_localhost
-
-- name: Create LXC containers
-  ansible.builtin.include_tasks: 60_create_containers.yml
-  when: is_localhost

roles/proxmox/vars/main.yaml

@@ -3,7 +3,7 @@ proxmox_creator: ansible
 
 proxmox_storage: proxmox
 
-proxmox_vault_file: ../vars/group_vars/proxmox/secrets_vm.yml
+proxmox_vault_file: ../vars/group_vars/proxmox/secrets_vm.yaml
 proxmox_secrets_prefix: secrets_vm
 proxmox_cloud_init_images:
   debian:

roles/reverse_proxy/tasks/20_xcaddy_install.yaml

@@ -25,7 +25,7 @@
   become: true
 
 - name: Build Custom Caddy with netcup
-  ansible.builtin.command: xcaddy build --with github.com/caddy-dns/netcup
+  ansible.builtin.command: xcaddy build --with github.com/caddy-dns/cloudflare
   environment:
     PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin"
   register: xcaddy_build

roles/reverse_proxy/tasks/50_netcup_dns.yaml

@@ -0,0 +1,14 @@
+---
+# - name: Setup DNS on Netcup
+#   community.general.netcup_dns:
+#     api_key: "{{ netcup_api_key }}"
+#     api_password: "{{ netcup_api_password }}"
+#     customer_id: "{{ netcup_customer_id }}"
+#     domain: "{{ domain }}"
+#     name: "{{ service.name }}"
+#     type: "A"
+#     value: "{{ hostvars['docker-lb'].ansible_default_ipv4.address }}"
+#   loop: "{{ services }}"
+#   loop_control:
+#     loop_var: service
+#   delegate_to: localhost

roles/reverse_proxy/tasks/50_netcup_dns.yml

@@ -1,14 +0,0 @@
----
-- name: Setup DNS on Netcup
-  community.general.netcup_dns:
-    api_key: "{{ netcup_api_key }}"
-    api_password: "{{ netcup_api_password }}"
-    customer_id: "{{ netcup_customer_id }}"
-    domain: "{{ domain }}"
-    name: "{{ service.name }}"
-    type: "A"
-    value: "{{ hostvars['docker-lb'].ansible_default_ipv4.address }}"
-  loop: "{{ services }}"
-  loop_control:
-    loop_var: service
-  delegate_to: localhost