ansible/roles/cloud/hcloud/node/main.tf

+terraform {
+  required_providers {
+    hcloud = {
+      source = "hetznercloud/hcloud"
+      version = "~> 1.45"
+    }
+  }
+}
+
+resource "hcloud_server" "instance" {
+  name = var.name
+  server_type = var.type
+  image = var.image
+  location = var.location
+  ssh_keys = [var.ssh]
+
+  public_net {
+    ipv4_enabled = false
+    ipv6_enabled = true
+  }
+}

ansible/roles/cloud/hcloud/node/outputs.tf

+output "ip" {
+  value = "${hcloud_server.instance.ipv6_address}/64" # Hcloud always allocates /64
+}
+
+output "gw" {
+  value = "fe80::1"
+}
+
+output "iface" {
+  value = "eth0"
+}

ansible/roles/cloud/hcloud/node/variables.tf

+variable "name" {
+  type = string
+}
+
+variable "location" {
+  type = string
+}
+
+variable "ssh" {
+  type = string
+}
+
+variable "type" {
+  type = string
+}
+
+variable "image" {
+  type = string
+}

ansible/roles/cloud/hcloud/outputs.tf

+output "nodes" {
+  value = module.node
+}

ansible/roles/cloud/hcloud/variables.tf

+variable "prefix" {
+  type = string  
+}
+
+variable "token" {
+  type = string
+}
+
+variable "zone" {
+  type = string
+}
+
+variable "ssh" {
+  type = string
+}
+
+variable "nodes" {
+  type = list(string)
+}
+
+variable "type" {
+  type = string
+}
+
+variable "image" {
+  type = string
+}

ansible/roles/cloud/scaleway/main.tf

+terraform {
+  required_providers {
+    scaleway = {
+      source = "scaleway/scaleway"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+provider "scaleway" {
+  zone   = var.zone
+  project_id = var.project
+  access_key = var.access_key
+  secret_key = var.secret_key
+}
+
+module "node" {
+  for_each = toset(var.nodes)
+  source = "./node"
+  name = "${var.prefix}-${each.value}"
+  type = var.type
+  image = var.image
+}

ansible/roles/cloud/scaleway/node/main.tf

+terraform {
+  required_providers {
+    scaleway = {
+      source = "scaleway/scaleway"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+resource "scaleway_instance_ip" "server_ip" {
+  type = "routed_ipv6"
+}
+
+resource "scaleway_instance_server" "instance" {
+  name = var.name
+  type = var.type
+  image = var.image
+  ip_id = scaleway_instance_ip.server_ip.id
+}

ansible/roles/cloud/scaleway/node/outputs.tf

+output "ip" {
+  value = "${scaleway_instance_server.instance.public_ips[0].address}/64" # Scaleway always allocates /64
+}
+
+output "iface" {
+  value = "ens2"
+}

ansible/roles/cloud/scaleway/node/variables.tf

+variable "name" {
+  type = string
+}
+
+variable "type" {
+  type = string
+}
+
+variable "image" {
+  type = string
+}

ansible/roles/cloud/scaleway/outputs.tf

+output "nodes" {
+  value = module.node
+}

ansible/roles/cloud/scaleway/variables.tf

+variable "prefix" {
+  type = string
+}
+
+variable "access_key" {
+  type = string
+}
+
+variable "secret_key" {
+  type = string
+}
+
+variable "project" {
+  type = string
+}
+
+variable "zone" {
+  type = string
+}
+
+variable "nodes" {
+  type = list(string)
+}
+
+variable "type" {
+  type = string
+}
+
+variable "image" {
+  type = string
+}

ansible/roles/cloud/tasks/cleanup.yaml

+- name: "Delete nodes"
+  community.general.terraform:
+    project_path: "{{ role_path }}/{{ cloud_provider }}"
+    variables: "{{ base[cloud_provider] | combine(vars[cloud_provider]) | combine({'nodes':nodes|list, 'image':images[cloud_provider][image]}) | to_json }}"
+    complex_vars: true
+    force_init: true
+    state: absent

ansible/roles/cloud/tasks/main.yaml

+- name: "Create nodes"
+  community.general.terraform:
+    project_path: "{{ role_path }}/{{ cloud_provider }}"
+    variables: "{{ base[cloud_provider] | combine(vars[cloud_provider]) | combine({'nodes':nodes|list, 'image':images[cloud_provider][image]}) | to_json }}"
+    complex_vars: true
+    force_init: true
+  register: servers
+
+- name: Wait for nodes to be ready
+  ansible.builtin.wait_for:
+    port: 22
+    host: "{{ item.value.ip | ansible.utils.ipaddr('address') }}"
+    delay: 2
+  with_dict: "{{ servers.outputs.nodes.value }}"
+
+- name: "Add nodes to inventory"
+  add_host:
+    name: "{{ item.key }}"
+    groups: "{{ ['nodes'] + (nodes[item.key]|d([])) }}"
+    ansible_host: "{{ item.value.ip | ansible.utils.ipaddr('address') }}"
+    ansible_user: root
+    node_gw: "{{ item.value.gw | default(None) }}"
+    # We use the next (usually ::2) available ip for hepto
+    node_ip: "{{ item.value.ip | ansible.utils.ipmath(1) }}/{{ item.value.ip | ansible.utils.ipaddr('prefix') }}"
+    # This is specific to scaleway
+    node_iface: "{{ item.value.iface }}"
+    ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
+  with_dict: "{{ servers.outputs.nodes.value }}"

ansible/roles/hepto/defaults/main.yaml

+# General config
+bin_dir: /usr/local/bin
+systemd_dir: /etc/systemd/system
+storage_dir: /var/lib
+
+hepto_bin: "{{ bin_dir }}/hepto.{{ hepto_version }}"
+config_file: "{{ storage_dir }}/{{ cluster_name }}/{{ node_name }}.conf"
+
+# Hepto deployment
+hepto_version: 79361
+hepto_url: "https://forge.tedomum.net/acides/hepto/-/jobs/{{ hepto_version }}/artifacts/raw/hepto"
+
+# Cluster and node settings
+cluster_name: hepto
+node_name: "{{ inventory_hostname }}"
+node_iface: eth0
+hepto_loopback_port: 6443
+kubeconfig: "{{ storage_dir }}/{{ cluster_name }}/{{ node_name }}/kubeconfig"
+
+# Dynamic variables based on groups
+node_role: "{{ 'master' if 'master' in group_names else 'node' }}"
+cluster_anchor: "{{ groups['anchor'] | map('extract', hostvars, 'node_ip') | list | ansible.utils.ipaddr('address') | first }}"
+external_ips: "{{ groups['public'] | map('extract', hostvars, 'node_ip') | list | ansible.utils.ipaddr('address') }}"

ansible/roles/hepto/tasks/main.yaml

+---
+- name: Create required directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ storage_dir }}/{{ cluster_name }}"
+    - "{{ bin_dir }}"
+    
+- name: Check for hepto binary
+  stat:
+    path: "{{ hepto_bin }}"
+  register: hepto_exists
+
+- name: Download hepto binary for amd64
+  get_url:
+    url: "{{ hepto_url }}"
+    dest: "{{ hepto_bin }}"
+    owner: root
+    group: root
+    mode: 755
+  when: not hepto_exists.stat.exists
+  
+- name: Symlink hepto to usual paths
+  ansible.builtin.file:
+    src: "{{ hepto_bin }}"
+    dest: "{{ bin_dir }}/{{ item }}"
+    state: link
+  with_items:
+  - hepto
+  - kubectl
+    
+- name: Install hepto service file
+  template:
+    src: service.j2
+    dest: "{{ systemd_dir }}/hepto-{{ node_name }}.service"
+    
+- name: Install hepto config file
+  template:
+    src: config.j2
+    dest: "{{ config_file }}"
+    
+- name: Start hepto service
+  systemd:
+    name: "hepto-{{ node_name }}"
+    daemon_reload: yes
+    state: restarted
+    enabled: no
+
+

ansible/roles/hepto/templates/config.j2

+HEPTO_CLUSTER={{ cluster_name }}
+HEPTO_DATA={{ storage_dir }}
+HEPTO_KEY={{ cluster_key }}
+HEPTO_IFACE={{ node_iface }}
+HEPTO_ROLE={{ node_role }}
+HEPTO_ANCHOR={{ cluster_anchor }}
+HEPTO_LOOPBACK={{ hepto_loopback_port }}
+{% if node_ip is defined %}
+HEPTO_IP={{ node_ip }}
+{% endif %}
+{% if node_gw is defined %}
+HEPTO_GW={{ node_gw }}
+{% endif %}
+{% if node_dns is defined %}
+HEPTO_DNS={{ node_dns }}
+{% endif %}
+{% if oidc is defined %}
+HEPTO_ISSUER={{ oidc.issuer }}
+HEPTO_CLIENTID={{ oidc.clientid }}
+{% endif %}

ansible/roles/hepto/templates/service.j2

+[Unit]
+Description=hepto node {{ node_name }}
+Documentation=https://acides.org
+Wants=network-online.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+EnvironmentFile={{ config_file }}
+Delegate=yes
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+Type=exec
+Restart=always
+ExecStart={{ hepto_bin }} -name {{ node_name }}

bootstrap/calico/cni-config.yaml

+- op: replace
+  path: /data/cni_network_config
+  value: |-
+    {
+      "name": "k8s-pod-network",
+      "cniVersion": "0.3.1",
+      "plugins": [
+        {
+          "type": "calico",
+          "log_level": "Warning",
+          "datastore_type": "kubernetes",
+          "nodename": "__KUBERNETES_NODE_NAME__",
+          "mtu": 0,
+          "ipam": {
+            "type": "calico-ipam",
+            "assign_ipv4": "false",
+            "assign_ipv6": "true"
+          },
+          "kubernetes": {
+            "kubeconfig": "__KUBECONFIG_FILEPATH__"
+          },
+          "policy": {
+            "type": "k8s"
+          }
+        },
+        {
+          "type": "bandwidth",
+          "capabilities": {
+            "bandwidth": true
+          }
+        },
+        {
+          "type": "portmap",
+          "capabilities": {
+            "portMappings": true
+          },
+          "snat": true
+        }
+      ]
+    }

bootstrap/calico/kustomization.yaml

+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: infra-cni
+resources:
+- ./namespace.yaml
+- https://raw.githubusercontent.com/projectcalico/calico/v3.27.2/manifests/calico.yaml
+patches:
+- target:
+    kind: DaemonSet
+    name: calico-node
+  path: node-config.yaml
+- target:
+    kind: ConfigMap
+    name: calico-config
+  path: cni-config.yaml

bootstrap/calico/namespace.yaml

+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: infra-cni