v0.0.10

2024-07-25 21:37:01 -04:00 · 2024-07-25 21:37:01 -04:00 · 6bebad7881
commit 6bebad7881
parent 76f0489016
25 changed files with 81 additions and 654 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 vault
 *.tar.gz
 roles/
--- a/eom.dev.yml
+++ b/eom.dev.yml
@ -2,42 +2,9 @@
 - name: Deploy eom.dev one service at a time
  hosts: alpha-control-plane
  become: true
-  pre_tasks:
+  vars_files:
-    - name: Create issuer for letsencrypt staging
+    - vars/secrets.yaml
      k8s:
        state: present
        definition:
          apiVersion: cert-manager.io/v1
          kind: ClusterIssuer
          metadata:
            name: letsencrypt-staging
          spec:
            acme:
              email: eric@eom.dev
              server: https://acme-staging-v02.api.letsencrypt.org/directory
              privateKeySecretRef:
                name: letsencrypt-staging-issuer-account-key
              solvers:
              - http01:
                  ingress:
                    ingressClassName: nginx
    - name: Create issuer for letsencrypt production
      k8s:
        state: present
        definition:
          apiVersion: cert-manager.io/v1
          kind: ClusterIssuer
          metadata:
            name: letsencrypt-production
          spec:
            acme:
              email: eric@eom.dev
              server: https://acme-v02.api.letsencrypt.org/directory
              privateKeySecretRef:
                name: letsencrypt-production-issuer-account-key
              solvers:
              - http01:
                  ingress:
                    ingressClassName: nginx
  roles:
-    - role: ericomeehan.eom.dev
+    - role: ericomeehan.eom
      vars:
        target_namespace: prod
--- a/gondwanamc.com.yml
+++ b/gondwanamc.com.yml
@ -2,4 +2,6 @@
  hosts: alpha-control-plane
  become: true
  roles:
-    - role: ericomeehan.gondwanamc
+    - role: ericomeehan.gondwana
      vars:
        target_namespace: prod
--- a/host_vars/all.yaml
+++ b/host_vars/all.yaml
@ -0,0 +1 @@
 is_new_host: true
--- a/inventories/attlocal.yml
+++ b/inventories/attlocal.yml
@ -8,8 +8,8 @@ all:
            control_plane:
              hosts:
                alpha-control-plane:
-                  ansible-host: 192.168.1.132
+                  ansible-host: 192.168.1.137
            workers:
              hosts:
                alpha-worker-0:
-                  ansible-host: 192.168.1.130
+                  ansible-host: 192.168.1.138
--- a/roles/ericomeehan.eom.dev/tasks/deploy-grafana.yml
+++ b/roles/ericomeehan.eom.dev/tasks/deploy-grafana.yml
@ -64,8 +64,10 @@
          spec:
            securityContext:
              runAsUser: 472
              fsGroup: 472
              runAsGroup: 472
              fsGroup: 472
              supplementalGroups:
                - 0
            containers:
              - name: grafana
                image: grafana/grafana
--- a/roles/ericomeehan.eom.dev/tasks/deploy-influxdb.yml
+++ b/roles/ericomeehan.eom.dev/tasks/deploy-influxdb.yml
@ -16,7 +16,7 @@
        persistentVolumeReclaimPolicy: Retain
        storageClassName: standard
        hostPath:
-          path: "/data/vault-0/eom/influxdb"
+          path: "/data/store-0/eom/influxdb"
        nodeAffinity:
          required:
            nodeSelectorTerms:
--- a/roles/ericomeehan.eom.dev/tasks/main.yml
+++ b/roles/ericomeehan.eom.dev/tasks/main.yml
@ -24,6 +24,34 @@
 - name: Deploy grafana
  include_tasks: deploy-grafana.yml
 - name: Create network policy
  k8s:
    state: present
    definition:
      apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      metadata:
        name: eom-private-services
        namespace: eom
      spec:
        podSelector:
          matchExpressions:
            - key: app
              operator: In
              values:
                - gitea
                - grafana
                - influxdb
                - mediawiki
                - nextcloud
                - redmine
        policyTypes:
        - Ingress
        ingress:
        - from:
          - ipBlock:
              cidr: 192.168.1.0/24
 - name: Create ingress resource
  k8s:
    state: present
@ -94,5 +122,6 @@
          - grafana.eom.dev
          - influxdb.eom.dev
          - mediawiki.eom.dev
          - nextcloud.eom.dev
          - redmine.eom.dev
          secretName: eom-certs
--- a/roles/ericomeehan.ericomeehan/tasks/mobile-command.yml
+++ b/roles/ericomeehan.ericomeehan/tasks/mobile-command.yml
@ -3,13 +3,12 @@
 - name: Install additional user packages
  apt:
    name:
      - certbot
      - curl
      - davfs2
      - git
      - gimp
      - gpsd
      - mariadb-client
      - neovim
      - openscad
      - passwordsafe
      - tmux
      - w3m
@ -41,5 +40,3 @@
  copy:
    src: init.lua
    dest: /home/eric/.config/nvim/init.lua
 # TODO: ansible-galaxy collection install community.kubernetes
--- a/roles/ericomeehan.gondwanamc/README.md
+++ b/roles/ericomeehan.gondwanamc/README.md
@ -1,38 +0,0 @@
 Role Name
 =========
 A brief description of the role goes here.
 Requirements
 ------------
 Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
 Role Variables
 --------------
 A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
 Dependencies
 ------------
 A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
 Example Playbook
 ----------------
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
    - hosts: servers
      roles:
         - { role: username.rolename, x: 42 }
 License
 -------
 BSD
 Author Information
 ------------------
 An optional section for the role authors to include contact information, or a website (HTML is not allowed).
--- a/roles/ericomeehan.gondwanamc/defaults/main.yml
+++ b/roles/ericomeehan.gondwanamc/defaults/main.yml
@ -1,2 +0,0 @@
 ---
 # defaults file for ericomeehan.minecraft.eom.dev
--- a/roles/ericomeehan.gondwanamc/files/server.properties
+++ b/roles/ericomeehan.gondwanamc/files/server.properties
@ -1,59 +0,0 @@
 #Minecraft server properties
 #Mon May 27 13:39:37 UTC 2024
 allow-flight=false
 allow-nether=true
 broadcast-console-to-ops=true
 broadcast-rcon-to-ops=true
 difficulty=hard
 enable-command-block=true
 enable-jmx-monitoring=false
 enable-query=false
 enable-rcon=false
 enable-status=true
 enforce-secure-profile=true
 enforce-whitelist=true
 entity-broadcast-range-percentage=100
 force-gamemode=false
 function-permission-level=2
 gamemode=survival
 generate-structures=true
 generator-settings={}
 hardcore=false
 hide-online-players=false
 initial-disabled-packs=
 initial-enabled-packs=vanilla
 level-name=Gondwana
 level-seed=-5079912890610012924
 level-type=minecraft\:large_biomes
 log-ips=true
 max-chained-neighbor-updates=1000000
 max-players=20
 max-tick-time=60000
 max-world-size=29999984
 motd=A Minecraft server by eom.dev
 network-compression-threshold=256
 online-mode=true
 op-permission-level=4
 player-idle-timeout=0
 prevent-proxy-connections=false
 pvp=true
 query.port=25565
 rate-limit=0
 rcon.password=
 rcon.port=25575
 require-resource-pack=false
 resource-pack=
 resource-pack-prompt=
 resource-pack-sha1=
 server-ip=
 server-port=25565
 simulation-distance=10
 spawn-animals=true
 spawn-monsters=true
 spawn-npcs=true
 spawn-protection=16
 sync-chunk-writes=true
 text-filtering-config=
 use-native-transport=true
 view-distance=10
 white-list=true
--- a/roles/ericomeehan.gondwanamc/files/whitelist.json
+++ b/roles/ericomeehan.gondwanamc/files/whitelist.json
@ -1,27 +0,0 @@
 [
  {
    "uuid": "94e6d0fc-bd44-4f50-ae67-cb9a7b3a4050",
    "name": "TopHatRick"
  },
  {
    "uuid": "8f2a59e5-84ef-46a2-8eec-7988171e6e1f",
    "name": "PVitamin"
  },
  {
    "uuid": "a7b53bb0-ed66-4129-9c41-d8b51d383978",
    "name": "BloodRavenGhola"
  },
  {
    "uuid": "01188fed-cb2a-4fb7-b9a3-c43132bb8a30",
    "name": "ThisNurseKills"
  },
  {
    "uuid": "29ace271-a0b8-44be-aa73-61826da768aa",
    "name": "ActuallyItsLars"
  },
  {
    "uuid": "adac3ea5-bdd8-44d5-bc26-bf0e5f7790bf",
    "name": "thegreatyamwar"
  }
 ]
--- a/roles/ericomeehan.gondwanamc/handlers/main.yml
+++ b/roles/ericomeehan.gondwanamc/handlers/main.yml
@ -1,2 +0,0 @@
 ---
 # handlers file for ericomeehan.minecraft.eom.dev
--- a/roles/ericomeehan.gondwanamc/meta/main.yml
+++ b/roles/ericomeehan.gondwanamc/meta/main.yml
@ -1,52 +0,0 @@
 galaxy_info:
  author: your name
  description: your role description
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: license (GPL-2.0-or-later, MIT, etc)
  min_ansible_version: 2.1
  # If this a Container Enabled role, provide the minimum Ansible Container version.
  # min_ansible_container_version:
  #
  # Provide a list of supported platforms, and for each platform a list of versions.
  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
  # To view available platforms and versions (or releases), visit:
  # https://galaxy.ansible.com/api/v1/platforms/
  #
  # platforms:
  # - name: Fedora
  #   versions:
  #   - all
  #   - 25
  # - name: SomePlatform
  #   versions:
  #   - all
  #   - 1.0
  #   - 7
  #   - 99.99
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/roles/ericomeehan.gondwanamc/tasks/deploy-production.yml
+++ b/roles/ericomeehan.gondwanamc/tasks/deploy-production.yml
@ -1,122 +0,0 @@
 ---
 # tasks file for deploy-production.yml
 - name: Create persistent volume for gondwanamc production
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: PersistentVolume
      metadata:
        name: pv-gondwanamc-production
      spec:
        capacity:
          storage: 8Gi
        accessModes:
          - ReadWriteOnce
        persistentVolumeReclaimPolicy: Retain
        storageClassName: standard
        hostPath:
          path: /data/store-0/pv-gondwanamc-production
        nodeAffinity:
          required:
            nodeSelectorTerms:
              - matchExpressions:
                - key: kubernetes.io/hostname
                  operator: In
                  values:
                    - alpha-worker-0
 - name: Unpack gondwanamc world data to the production persistent volume
  unpack:
    src: Gondwana.tar.gz
    dest: /data/store-0/pv-gondwanamc-production
    copy: true
 - name: Copy server properties to production persistent volume
  copy:
    src: server.properties
    dest: /data/store-0/pv-gondwanamc-production
 - name: Copy whitelist to production persistent volume
  copy:
    src: whitelist.json
    dest: /data/store-0/pv-gondwanamc-production
 - name: Create persistent volume claim for gondwanamc production volume
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        name: pv-claim-gondwanamc-production
        namespace: production
      spec:
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 8Gi
        storageClassName: standard
        volumeName: pv-gondwanamc-production
 - name: Create a production Deployment
  k8s:
    definition:
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: minecraft-deployment
        namespace: production
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: gondwanamc.com
        template:
          metadata:
            labels:
              app: gondwanamc.com
          spec:
            containers:
              - name: openminecraft
                image: itzg/minecraft-server
                volumeMounts:
                  - name: pv-gondwanamc-production
                    mountPath: /data
                ports:
                  - containerPort: 25565
                  - containerPort: 24454
                env:
                  - name: EULA
                    value: "TRUE"
                  - name: TYPE
                    value: "FABRIC"
                  - name: MODS
                    value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://www.curseforge.com/api/v1/mods/306612/files/5510851/download,https://www.curseforge.com/api/v1/mods/416089/files/5500955/download"
            volumes:
              - name: pv-gondwanamc-production
                persistentVolumeClaim:
                  claimName: pv-claim-gondwanamc-production
 - name: Expose Deployment as a Service in production
  k8s:
    definition:
      apiVersion: v1
      kind: Service
      metadata:
        name: service-gondwanamc-com
        namespace: production
      spec:
        selector:
          app: gondwanamc.com
        ports:
          - port: 24454
            protocol: TCP
            name: minecraft-port-24454
            nodePort: "{{ nodePorts[gondwanamc-24454] }}"
          - port: 25565
            protocol: TCP
            name: minecraft-port-25565
            nodePort: "{{ nodePorts[gondwanamc-25565] }}"
        type: NodePort
--- a/roles/ericomeehan.gondwanamc/tasks/deploy-testing.yml
+++ b/roles/ericomeehan.gondwanamc/tasks/deploy-testing.yml
@ -1,104 +0,0 @@
 ---
 # tasks file for ericomeehan.minecraft.eom.dev
 - name: Create persistent volume for gondwanamc testing
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: PersistentVolume
      metadata:
        name: pv-gondwanamc-testing
      spec:
        capacity:
          storage: 1Gi
        accessModes:
          - ReadWriteOnce
        persistentVolumeReclaimPolicy: Retain
        storageClassName: standard
        hostPath:
          path: /data/store-0/pv-gondwanamc-testing
        nodeAffinity:
          required:
            nodeSelectorTerms:
              - matchExpressions:
                - key: kubernetes.io/hostname
                  operator: In
                  values:
                    - alpha-worker-0
 - name: Create persistent volume claim for gondwanamc testing volume
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        name: pv-claim-gondwanamc-testing
        namespace: testing
      spec:
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
        storageClassName: standard
        volumeName: pv-gondwanamc-testing
 - name: Create a testing Deployment
  k8s:
    definition:
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: minecraft-deployment
        namespace: testing
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: gondwanamc.com
        template:
          metadata:
            labels:
              app: gondwanamc.com
          spec:
            containers:
              - name: openminecraft
                image: itzg/minecraft-server
                volumeMounts:
                  - name: pv-gondwanamc-testing
                    mountPath: /data
                ports:
                  - containerPort: 25565
                  - containerPort: 24454
                env:
                  - name: EULA
                    value: "TRUE"
                  - name: TYPE
                    value: "FABRIC"
                  - name: MODS
                    value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://www.curseforge.com/api/v1/mods/306612/files/5510851/download,https://www.curseforge.com/api/v1/mods/416089/files/5500955/download"
            volumes:
              - name: pv-gondwanamc-testing
                persistentVolumeClaim:
                  claimName: pv-claim-gondwanamc-testing
 - name: Expose Deployment as a Service in testing
  k8s:
    definition:
      apiVersion: v1
      kind: Service
      metadata:
        name: service-gondwanamc-com
        namespace: testing
      spec:
        selector:
          app: gondwanamc.com
        ports:
          - port: 24454
            protocol: TCP
            name: minecraft-port-24454
          - port: 25565
            protocol: TCP
            name: minecraft-port-25565
        type: ClusterIP
--- a/roles/ericomeehan.gondwanamc/tasks/main.yml
+++ b/roles/ericomeehan.gondwanamc/tasks/main.yml
@ -1,109 +0,0 @@
 ---
 # tasks file for ericomeehan.gondwanamc
 # TODO: Create configmaps for configurations
 - name: Create gondwanamc namespace
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Namespace
      metadata:
        name: gondwanamc
 - name: Create persistent volume claim for gondwanamc volume
  k8s:
    state: present
    definition:
      apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        name: gondwanamc
        namespace: gondwanamc
      spec:
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 8Gi
        storageClassName: alpha-0-store-0
        volumeName: gondwanamc
 - name: Manually copy world data to pvc
  pause:
    prompt: Press enter once world data has been manually copied
 - name: Create config map for server.properties
  k8s:
    state: present
    api_version: v1
    kind: ConfigMap
    name: properties
    namespace: gondwanamc
    definition:
      data:
        server.properties: "{{ lookup('file', 'server.properties') }}"
        whitelist.json: "{{ lookup('file', 'whitelist.json') }}"
 - name: Create a Deployment
  k8s:
    definition:
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: gondwanamc
        namespace: gondwanamc
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: gondwanamc
        template:
          metadata:
            labels:
              app: gondwanamc
          spec:
            containers:
              - name: minecraft
                image: itzg/minecraft-server
                volumeMounts:
                  - name: properties
                    mountPath: /data
                  - name: gondwanamc
                    mountPath: /data/Gondwana
                ports:
                  - containerPort: 25565
                  - containerPort: 24454
                env:
                  - name: EULA
                    value: "TRUE"
                  - name: TYPE
                    value: "FABRIC"
                  - name: MODS
                    value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://www.curseforge.com/api/v1/mods/306612/files/5510851/download,https://www.curseforge.com/api/v1/mods/416089/files/5500955/download"
            volumes:
              - name: gondwanamc
                persistentVolumeClaim:
                  claimName: gondwanamc
              - name: properties
                configMap:
                  name: properties
 - name: Expose Deployment as a Service
  k8s:
    definition:
      apiVersion: v1
      kind: Service
      metadata:
        name: gondwanamc
        namespace: gondwanamc
      spec:
        selector:
          app: gondwanamc
        ports:
          - port: 24454
            protocol: TCP
            name: gondwanamc-port-24454
          - port: 25565
            protocol: TCP
            name: gondwanamc-port-25565
        type: NodePort
--- a/roles/ericomeehan.gondwanamc/tests/inventory
+++ b/roles/ericomeehan.gondwanamc/tests/inventory
@ -1,2 +0,0 @@
 localhost
--- a/roles/ericomeehan.gondwanamc/tests/test.yml
+++ b/roles/ericomeehan.gondwanamc/tests/test.yml
@ -1,5 +0,0 @@
 ---
 - hosts: localhost
  remote_user: root
  roles:
    - ericomeehan.minecraft.eom.dev
--- a/roles/ericomeehan.gondwanamc/vars/main.yml
+++ b/roles/ericomeehan.gondwanamc/vars/main.yml
@ -1,2 +0,0 @@
 ---
 # vars file for ericomeehan.minecraft.eom.dev
--- a/site.yml
+++ b/site.yml
@ -1,25 +1,45 @@
 ---
 # Master playbook for eom.dev
- name: Initialize systems 
+
 - name: Initialize new nodes
  hosts: all
  become: true
-  pre_tasks:
+  vars:
    is_new_host: false
  tasks:
    - name: Update apt
      when: is_new_host == true
      apt:
        update_cache: yes
    - name: Install debconf-utils
      when: is_new_host == true
      apt:
        name: debconf-utils
        state: present
    - name: Create preseed file
-      command: echo "#_preseed_V1" > /root/preseed.txt
+      when: is_new_host == true
      shell: echo "#_preseed_V1" > /root/preseed.txt
    - name: Append installer's debconf database to the preseed file
-      command: debconf-get-selections --installer >> /root/preseed.txt
+      when: is_new_host == true
      shell: debconf-get-selections --installer >> /root/preseed.txt
    - name: Append debconf database to the preseed file
-      command: debconf-get-selections >> /root/preseed.txt
+      when: is_new_host == true
      shell: debconf-get-selections >> /root/preseed.txt
    - name: Append text from files/motd to the beginning of remote motd file
      when: is_new_host == true
      blockinfile:
        path: /etc/motd
        marker: ""
        block: |
          {{ lookup('file', 'files/motd') }}
 - name: Initialize systems 
  hosts: all
  become: true
  pre_tasks:
    - name: Update apt
      apt:
        update_cache: yes
    - name: Copy nftables configuration template
      template:
        src: "nftables.conf.j2"
@ -75,79 +95,15 @@
    - role: ericomeehan.nvidia_driver_debian
      when: nvidia_driver_needed == true
 - name: Prepare cluster environment
  hosts: control_plane
  become: true
  tasks:
    - name: Apply deploy.yaml from ingress-nginx release
      k8s:
        src: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/baremetal/deploy.yaml
        apply: yes
    - name: Wait 10 seconds for ingress-nginx to initialize
      wait_for:
        timeout: 10
    - name: Get the ingress-nginx-controller service ports
      k8s_info:
        kind: Service
        name: ingress-nginx-controller
        namespace: ingress-nginx
      register: service_details
    - name: Print ingress-nginx ports
      debug:
        var: service_details.resources[0].spec.ports
    - name: Manually update port forwarding rules
      pause:
        prompt: Press enter once port forwarding rules are updated
    - name: Apply cert-manager.yaml from cert-manager release
      k8s:
        src: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
        apply: yes
    - name: Wait 10 seconds for cert-manager to initialize
      wait_for:
        timeout: 10
    - name: Create issuer for letsencrypt staging
      k8s:
        state: present
        definition:
          apiVersion: cert-manager.io/v1
          kind: ClusterIssuer
          metadata:
            name: letsencrypt-staging
          spec:
            acme:
              email: eric@eom.dev
              server: https://acme-staging-v02.api.letsencrypt.org/directory
              privateKeySecretRef:
                name: letsencrypt-staging
              solvers:
              - http01:
                  ingress:
                    ingressClassName: nginx
    - name: Create issuer for letsencrypt production
      k8s:
        state: present
        definition:
          apiVersion: cert-manager.io/v1
          kind: ClusterIssuer
          metadata:
            name: letsencrypt-production
          spec:
            acme:
              email: eric@eom.dev
              server: https://acme-v02.api.letsencrypt.org/directory
              privateKeySecretRef:
                name: letsencrypt-production
              solvers:
              - http01:
                  ingress:
                    ingressClassName: nginx
    - name: Wait 10 seconds for letsencrypt to initialize
      wait_for:
        timeout: 10
 - name: Deploy services
  hosts: alpha-control-plane
  vars_files:
    - vars/secrets.yaml
  become: true
  roles:
-    - role: ericomeehan.eom.dev
+    - role: ericomeehan.eom
-    - role: ericomeehan.gondwanamc
+      vars:
        target_namespace: prod
    - role: ericomeehan.gondwana
      vars:
        target_namespace: prod
--- a/vars/all.yml
+++ b/vars/all.yml
@ -1,3 +0,0 @@
 nodePorts:
  gondwanamc-24454: 30000
  gondwanamc-25565: 30000
--- a/vars/production.yml
+++ b/vars/production.yml
@ -1 +0,0 @@
 namespace: production
--- a/vars/testing.yml
+++ b/vars/testing.yml
@ -1 +0,0 @@
 target_namespace: testing
		`@ -1,2 +0,0 @@`
			`---`
			`# defaults file for ericomeehan.minecraft.eom.dev`
		`@ -1,2 +0,0 @@`
			`---`
			`# handlers file for ericomeehan.minecraft.eom.dev`
		`@ -1,2 +0,0 @@`
			`---`
			`# vars file for ericomeehan.minecraft.eom.dev`