Improve fresh install playbook

.github/workflows/approve-owner-pr.yml

@@ -0,0 +1,23 @@
+name: Approve owner PRs
+
+on:
+  workflow_dispatch:
+  # pull_request:
+  #   types: [opened, ready_for_review]
+
+permissions:
+  pull-requests: write
+
+jobs:
+  approve:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'Olejekglejek'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Approve PR
+        run: gh pr review --approve ${{ github.event.pull_request.number }}
+        env:
+          GH_TOKEN: ${{ secrets.APPROVE_OWNER_PR }}

.github/workflows/greetings.yml

@@ -1,6 +1,6 @@
 name: Greetings
 
-on: [pull_request_target, issues]
+on: [workflow_dispatch] # [pull_request_target, issues]
 
 jobs:
   greeting:

Dockerfile

@@ -75,6 +75,10 @@ RUN curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep
     chmod +x ./bicep && \
     mv ./bicep /usr/local/bin/bicep
 
+# Install talosctl
+RUN wget -q https://github.com/siderolabs/talos/releases/latest/download/talosctl-linux-amd64 -O /usr/local/bin/talosctl && \
+    chmod +x /usr/local/bin/talosctl
+
 # Copy project files
 COPY . /workspace/
 

README.md

@@ -1,5 +1,7 @@
 # KompotLab
-Personal homelab
 
->KompotLab = Kubernetes + Compot + Homelab
-I started my homelab with a Raspberry Pi and I do like Compot very much. Hence the name **KompotLab** :)
+<img src="docs/images/logo.png" alt="Logo" width="100" />
+
+## Personal homelab
+>KompotLab = Kubernetes + Compot + Homelab <br>
+I started my homelab with a Raspberry Pi and I do like Compot very much, especially one with raspberries. Hence the name **KompotLab** :)

delete/helper.ps1

@@ -0,0 +1,27 @@
+$CONTROL_PLANE_IP = '192.168.1.200'
+
+talosctl gen config talos-proxmox-cluster https://$($CONTROL_PLANE_IP):6443 --output-dir /Users/Oleg.Negruta/Documents/Repos/Oleg/KompotLab/.env/talos-config/_out --install-image factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.10.3 --force
+
+talosctl apply-config --insecure --nodes $CONTROL_PLANE_IP --file /Users/Oleg.Negruta/Documents/Repos/Oleg/KompotLab/.env/talos-config/_out/controlplane.yaml
+
+$WORKER_IP = '192.168.1.201'
+talosctl apply-config --insecure --nodes $($WORKER_IP) --file /Users/Oleg.Negruta/Documents/Repos/Oleg/KompotLab/.env/talos-config/_out/worker.yaml
+
+$env:TALOSCONFIG="/Users/Oleg.Negruta/Documents/Repos/Oleg/KompotLab/.env/talos-config/_out/talosconfig"
+talosctl config endpoint $CONTROL_PLANE_IP
+talosctl config node $CONTROL_PLANE_IP
+
+talosctl containers
+talosctl containers -k
+talosctl logs <container> or talosctl logs -k <container>.
+
+talosctl bootstrap
+talosctl kubeconfig /Users/Oleg.Negruta/Documents/Repos/Oleg/KompotLab/.env/talos-config/_out/kubeconfig
+
+
+
+$CONTROL_PLANE_IP = "192.168.1.192"
+talosctl apply-config --insecure --nodes $CONTROL_PLANE_IP --file /Users/Oleg.Negruta/Documents/Repos/Oleg/KompotLab/.env/talos-config/controlplane.yaml
+
+$WORKER_IP = "192.168.1.122"
+talosctl apply-config --insecure --nodes $WORKER_IP --file /Users/Oleg.Negruta/Documents/Repos/Oleg/KompotLab/.env/talos-config/worker.yaml

docs/talos-persistent-storage-guide.md

@@ -0,0 +1,107 @@
+# Talos OS Persistent Storage with USB Devices
+
+This guide explains how to configure and manage persistent storage in Talos OS using USB devices mounted on your Proxmox server.
+
+## Overview
+
+In your setup, you have:
+- A USB stick mounted on your Proxmox server
+- Talos OS running in VMs on Proxmox
+- Need for persistent storage for Kubernetes applications
+
+## Architecture Options
+
+### Option 1: USB Passthrough to Talos VMs (Recommended)
+
+Pass the USB device directly to your Talos worker nodes and configure it as persistent storage.
+
+#### Step 1: Configure USB Passthrough in Proxmox
+
+1. **Identify your USB device on Proxmox:**
+   ```bash
+   lsusb
+   lsblk
+   ```
+
+2. **Add USB device to VM configuration:**
+   - Edit VM configuration: `/etc/pve/qemu-server/{VMID}.conf`
+   - Add USB device: `usb0: host=1234:5678` (replace with your USB vendor:product ID)
+
+3. **Hot-plug USB device:**
+   ```bash
+   qm monitor {VMID}
+   (qemu) info usbhost
+   (qemu) device_add usb-host,hostbus=1,hostaddr=2,id=usb0
+   ```
+
+#### Step 2: Configure Talos Machine Config
+
+Update your `worker.yaml` to include the USB device:
+
+```yaml
+machine:
+  disks:
+    - device: /dev/sdb  # Your USB device (adjust device name)
+      partitions:
+        - mountpoint: /var/mnt/usb-storage
+          size: 100%  # Use entire USB device
+```
+
+#### Step 3: Apply Configuration
+
+```bash
+# Apply the updated configuration
+talosctl apply-config --insecure --nodes $WORKER_IP --file worker.yaml
+```
+
+
+## Best Practices
+
+### 1. Backup Strategy
+- Regular backups of USB content to external storage
+- Kubernetes-native backup tools (Velero, etc.)
+
+### 2. Monitoring
+- Monitor USB device health and space usage
+- Set up alerts for storage capacity
+
+### 3. Security
+- Use proper filesystem permissions
+- Consider encryption for sensitive data
+
+### 4. High Availability
+- Consider RAID or replication if using multiple USB devices
+- Network storage provides better HA than local storage
+
+## Troubleshooting
+
+### Common Issues
+
+1. **USB device not detected in Talos:**
+   - Check Proxmox USB passthrough configuration
+   - Verify device is not mounted on Proxmox host
+
+2. **Permission issues:**
+   - Ensure proper filesystem permissions on mount points
+   - Check Kubernetes service account permissions
+
+3. **Storage not available:**
+   - Verify mount points exist and are accessible
+   - Check storage class configuration
+
+### Useful Commands
+
+```bash
+# Check disk status in Talos
+talosctl -n $WORKER_IP get disks
+
+# Check mount points
+talosctl -n $WORKER_IP get mounts
+
+# Check Kubernetes storage
+kubectl get pv,pvc,sc
+kubectl describe pv <pv-name>
+
+# Debug storage issues
+kubectl get events --field-selector reason=FailedMount
+```

proxmox/roles/talos-infra/defaults/main.yml

@@ -0,0 +1,2 @@
+template_output_dir: "{{ playbook_dir }}/../../.env/_output-templates"
+talos_out: "{{ playbook_dir }}/../../.env/talos-config"

proxmox/roles/talos-infra/tasks/clean-up.yml

@@ -1,3 +1,4 @@
+---
 - name: Delete Template VM
   community.general.proxmox_kvm:
     api_user: "{{ ansible_ssh_user }}@pam"
@@ -8,6 +9,16 @@
     state: absent
   delegate_to: localhost
 
+- name: Stop Control-Plane Node
+  community.general.proxmox_kvm:
+    api_user: "{{ ansible_ssh_user }}@pam"
+    api_password: "{{ ansible_ssh_pass }}"
+    api_host: "{{ ansible_host }}"
+    node: "{{ proxmox_node }}"
+    name: master
+    state: stopped
+  delegate_to: localhost
+
 - name: Delete Control-Plane Node
   community.general.proxmox_kvm:
     api_user: "{{ ansible_ssh_user }}@pam"
@@ -18,6 +29,16 @@
     state: absent
   delegate_to: localhost
 
+- name: Stop Worker Node
+  community.general.proxmox_kvm:
+    api_user: "{{ ansible_ssh_user }}@pam"
+    api_password: "{{ ansible_ssh_pass }}"
+    api_host: "{{ ansible_host }}"
+    node: "{{ proxmox_node }}"
+    name: worker
+    state: stopped
+  delegate_to: localhost
+
 - name: Delete Worker Node
   community.general.proxmox_kvm:
     api_user: "{{ ansible_ssh_user }}@pam"

proxmox/roles/talos-infra/tasks/create-nodes.yml

@@ -30,13 +30,14 @@
       ipconfig0: "ip=192.168.1.200/24,gw=192.168.1.1"
     scsihw: virtio-scsi-pci
     scsi:
-      scsi0: "local:34,format=qcow2"
+      scsi0: "local:100,format=qcow2"
     net:
       net0: virtio,bridge=vmbr0
     ide:
       ide0: "local:iso/talos.iso,media=cdrom"
       # ide2: "local:cloudinit"
     state: present
+    onboot: yes
     tags:
       - talos
       - control-plane
@@ -75,13 +76,14 @@
       ipconfig0: "ip=192.168.1.201/24,gw=192.168.1.1"
     scsihw: virtio-scsi-pci
     scsi:
-      scsi0: "local:28,format=qcow2"
+      scsi0: "local:400,format=qcow2"
     net:
       net0: virtio,bridge=vmbr0
     ide:
       ide0: "local:iso/talos.iso,media=cdrom"
       # ide2: "local:cloudinit"
     state: present
+    onboot: yes
     tags:
       - talos
       - data-plane-node

proxmox/roles/talos-infra/tasks/fresh-install.yml

@@ -0,0 +1,76 @@
+---
+- name: Check status of master VM (VMID 101)
+  community.general.proxmox_kvm:
+    api_user: "{{ ansible_ssh_user }}@pam"
+    api_password: "{{ ansible_ssh_pass }}"
+    api_host: "{{ ansible_host }}"
+    node: "{{ proxmox_node }}"
+    vmid: 101
+    state: current
+  delegate_to: localhost
+  register: master_status
+
+- name: Check status of worker VM (VMID 102)
+  community.general.proxmox_kvm:
+    api_user: "{{ ansible_ssh_user }}@pam"
+    api_password: "{{ ansible_ssh_pass }}"
+    api_host: "{{ ansible_host }}"
+    node: "{{ proxmox_node }}"
+    vmid: 102
+    state: current
+  delegate_to: localhost
+  register: worker_status
+
+- name: Start master VM if not running
+  community.general.proxmox_kvm:
+    api_user: "{{ ansible_ssh_user }}@pam"
+    api_password: "{{ ansible_ssh_pass }}"
+    api_host: "{{ ansible_host }}"
+    node: "{{ proxmox_node }}"
+    vmid: 101
+    state: started
+  delegate_to: localhost
+  when: master_status.status != 'running'
+
+- name: Start worker VM if not running
+  community.general.proxmox_kvm:
+    api_user: "{{ ansible_ssh_user }}@pam"
+    api_password: "{{ ansible_ssh_pass }}"
+    api_host: "{{ ansible_host }}"
+    node: "{{ proxmox_node }}"
+    vmid: 102
+    state: started
+  delegate_to: localhost
+  when: worker_status.status != 'running'
+
+- name: Get master VM IP via QEMU guest agent
+  command: "qm guest cmd 101 network-get-interfaces"
+  register: qm_network_output
+  changed_when: false
+
+- name: Get worker VM IP via QEMU guest agent
+  command: "qm guest cmd 102 network-get-interfaces"
+  register: qm_worker_network_output
+  changed_when: false
+
+- name: Parse JSON and extract control plane IP and worker IP
+  set_fact:
+    control_plane_ip: "{{ network_data | selectattr('name', 'equalto', 'eth0') | map(attribute='ip-addresses') | flatten | selectattr('ip-address-type', 'equalto', 'ipv4') | map(attribute='ip-address') | first }}"
+    data_plane_ip: "{{ worker_network_data | selectattr('name', 'equalto', 'eth0') | map(attribute='ip-addresses') | flatten | selectattr('ip-address-type', 'equalto', 'ipv4') | map(attribute='ip-address') | first }}"
+  vars:
+    network_data: "{{ qm_network_output.stdout | from_json }}"
+    worker_network_data: "{{ qm_worker_network_output.stdout | from_json }}"
+  when: qm_network_output.rc == 0 and qm_network_output.stdout != "" and qm_worker_network_output.rc == 0 and qm_worker_network_output.stdout != ""
+
+- name: Debug control plane IP
+  debug:
+    msg: "Control Plane IP: {{ control_plane_ip | default('Not found') }}"
+
+- name: Debug worker IP
+  debug:
+    msg: "Worker IP: {{ data_plane_ip | default('Not found') }}"
+
+- name: Generate Talos config
+  command: talosctl gen config talos-proxmox-cluster https://{{ control_plane_ip }}:6443 --output-dir {{ talos_out }} --install-image factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.10.6
+  delegate_to: localhost
+  when: control_plane_ip is defined

proxmox/roles/talos-infra/tasks/generate-templates.yml

@@ -0,0 +1,32 @@
+- name: Generate templates block
+  block:
+    - name: Ensure output directory exists
+      file:
+        path: "{{ template_output_dir }}"
+        state: directory
+        mode: '0755'
+
+    - name: Debug template output directory
+      debug:
+        msg: "Template output directory is set to {{ template_output_dir }}"
+
+    - name: Generate controlplane template
+      template:
+        src: "controlplane.yaml.j2"
+        dest: "{{ template_output_dir }}/controlplane.yaml"
+
+    - name: Generate worker template
+      template:
+        src: "worker.yaml.j2"
+        dest: "{{ template_output_dir }}/worker.yaml"
+
+    - name: Generate talosconfig template
+      template:
+        src: "talosconfig.j2"
+        dest: "{{ template_output_dir }}/talosconfig.yaml"
+
+    - name: Generate kubeconfig template
+      template:
+        src: "kubeconfig.j2"
+        dest: "{{ template_output_dir }}/kubeconfig.yaml"
+  delegate_to: localhost