--- - name: NHV LLC Infrastructure Setup hosts: all become: true vars: k8s_version: "1.27.0" vps_provider: "Your VPS Provider" storage_class: "standard" auth_users: ["admin", "devops", "security"] firewall_rules: - { port: 22, proto: tcp, desc: "SSH Access" } - { port: 80, proto: tcp, desc: "HTTP" } - { port: 443, proto: tcp, desc: "HTTPS" } - { port: 6443, proto: tcp, desc: "K8s API Server" } tasks: # 1️⃣ Update and Install Dependencies - name: Update package list and upgrade system apt: update_cache: yes upgrade: yes - name: Install required packages apt: name: - curl - vim - git - unzip - jq - docker.io - python3-pip - ufw - fail2ban - kubectl - kubeadm - kubelet - kubernetes-cni state: present # 2️⃣ Configure Firewall & Security - name: Set up UFW firewall rules ufw: rule: allow port: "{{ item.port }}" proto: "{{ item.proto }}" loop: "{{ firewall_rules }}" - name: Enable and start UFW command: ufw --force enable - name: Ensure Fail2Ban is running service: name: fail2ban state: started enabled: yes # 3️⃣ Initialize Kubernetes Cluster - name: Initialize Kubernetes master node command: kubeadm init --pod-network-cidr=10.244.0.0/16 args: creates: /etc/kubernetes/admin.conf - name: Set up kubeconfig for root user shell: | mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config - name: Install Flannel CNI for networking command: kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml # 4️⃣ Set Up AI Assistant API - name: Create directory for AI Assistant file: path: /opt/ai-assistant state: directory mode: '0755' - name: Download AI Assistant API get_url: url: "https://your-ai-endpoint.com/api/ai-assistant.tar.gz" dest: /opt/ai-assistant/ai-assistant.tar.gz - name: Extract AI Assistant unarchive: src: /opt/ai-assistant/ai-assistant.tar.gz dest: /opt/ai-assistant remote_src: yes - name: Start AI Assistant Service shell: nohup python3 /opt/ai-assistant/start.py & # 5️⃣ Set Up Monitoring & Backup - name: Install Prometheus Node Exporter shell: | wget https://github.com/prometheus/node_exporter/releases/latest/download/node_exporter-0.18.1.linux-amd64.tar.gz tar -xvf node_exporter-0.18.1.linux-amd64.tar.gz mv node_exporter-0.18.1.linux-amd64/node_exporter /usr/local/bin/ args: chdir: /tmp - name: Create Systemd service for Node Exporter copy: dest: /etc/systemd/system/node_exporter.service content: | [Unit] Description=Prometheus Node Exporter Wants=network-online.target After=network-online.target [Service] User=root ExecStart=/usr/local/bin/node_exporter Restart=always [Install] WantedBy=multi-user.target - name: Start and enable Node Exporter systemd: name: node_exporter state: started enabled: yes # 6️⃣ CI/CD Pipeline Deployment - name: Install GitHub Actions Runner shell: | mkdir -p /opt/actions-runner cd /opt/actions-runner curl -o actions-runner-linux-x64.tar.gz -L https://github.com/actions/runner/releases/latest/download/actions-runner-linux-x64.tar.gz tar xzf ./actions-runner-linux-x64.tar.gz ./config.sh --url https://github.com/YourRepo --token YourGitHubToken args: chdir: /opt/actions-runner - name: Start GitHub Actions Runner command: nohup /opt/actions-runner/run.sh & # 7️⃣ Final Cleanup - name: Remove temporary files file: path: /tmp/* state: absent - name: Reboot server for finalization reboot: