all: hosts: hb-wide-1: ansible_host: 192.168.56.101 is_nas: false hostname: hb-wide-1 wireguard_ip: 10.20.0.1 k3s_label: - type=worker - size=wide headscale: network: beta hb-wide-2: ansible_host: 192.168.56.102 is_nas: false hostname: hb-wide-2 wireguard_ip: 10.20.0.2 k3s_label: - type=worker - size=wide headscale: network: beta hb-slim-1: ansible_host: 192.168.56.11 is_nas: false hostname: hb-slim-1 wireguard_ip: 10.20.0.11 k3s_label: - type=worker - size=slim headscale: network: beta hb-slim-2: ansible_host: 192.168.56.12 is_nas: false hostname: hb-slim-2 wireguard_ip: 10.20.0.12 k3s_label: - type=worker - size=slim headscale: network: beta hb-slim-3: ansible_host: 192.168.56.13 is_nas: false hostname: hb-slim-3 wireguard_ip: 10.20.0.13 k3s_label: - type=worker - size=slim headscale: network: beta children: master: hosts: hb-wide-1: node: hosts: hb-wide-2: hb-slim-1: hb-slim-2: hb-slim-3: etcd_cluster: hosts: hb-wide-1: hb-wide-2: hb-slim-1: hb-slim-2: hb-slim-3: k3s_cluster: children: server: agent: headscale_client: hosts: hb-wide-1: hb-wide-2: hb-slim-1: hb-slim-2: hb-slim-3: vars: ansible_ssh_private_key_file: ~/.ssh/creator ansible_user: creator ansible_become_password: aberation ansible_ssh_port: 22 k3s_version: v1.28.5+k3s1 token: "aberation" # Use ansible vault if you want to keep it secret api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_tailscale0'].ipv4.address | default(groups['server'][0]) }}" extra_server_args: "--disable traefik --advertise-address {{hostvars[inventory_hostname]['ansible_tailscale0'].ipv4.address}} --flannel-iface tailscale0 --tls-san {{ ansible_host }} --disable servicelb {{ ['--node-label']|product(hostvars[inventory_hostname]['k3s_label'])|map('join', ' ')|join(' ') }}" extra_agent_args: "--flannel-iface tailscale0 --node-external-ip {{hostvars[inventory_hostname]['ansible_default_ipv4']['address']}} {{ ['--node-label']|product(hostvars[inventory_hostname]['k3s_label'])|map('join', ' ')|join(' ') }}"