blumeops/ansible/roles/minikube/tasks/main.yml

---
# Minikube installation and cluster setup for indri
# Uses qemu2 driver for full VM with kernel mount capabilities (NFS, SMB, etc.)
# Requires socket_vmnet for proper networking (minikube service/tunnel commands)
#
# NOTE: minikube start may have issues when run via SSH.
# If cluster fails to start, manually run on indri:
#   minikube start --driver=qemu2 --network=socket_vmnet --container-runtime=containerd \
#     --cpus=6 --memory=12288 --disk-size=200g \
#     --apiserver-names=k8s.tail8d86e.ts.net --apiserver-names=indri \
#     --apiserver-port=6443 --listen-address=0.0.0.0

- name: Install qemu via homebrew (required for qemu2 driver)
  community.general.homebrew:
    name: qemu
    state: present

- name: Install socket_vmnet via homebrew (required for qemu2 networking)
  community.general.homebrew:
    name: socket_vmnet
    state: present

- name: Check if socket_vmnet process is running
  ansible.builtin.command:
    cmd: pgrep socket_vmnet
  register: minikube_socket_vmnet_status
  changed_when: false
  failed_when: false

- name: Start socket_vmnet service
  ansible.builtin.command:
    cmd: brew services start socket_vmnet
  become: true
  register: minikube_socket_vmnet_start
  changed_when: "'Successfully started' in minikube_socket_vmnet_start.stdout"
  failed_when: false
  when: minikube_socket_vmnet_status.rc != 0

- name: Install minikube via homebrew
  community.general.homebrew:
    name: minikube
    state: present

- name: Install kubectl via homebrew
  community.general.homebrew:
    name: kubectl
    state: present

- name: Check if minikube cluster exists
  ansible.builtin.command:
    cmd: minikube status --format={% raw %}'{{.Host}}'{% endraw %}
  register: minikube_status
  changed_when: false
  failed_when: false

- name: Start minikube cluster
  ansible.builtin.command:
    cmd: >
      minikube start
      --driver={{ minikube_driver }}
      --network={{ minikube_network }}
      --container-runtime={{ minikube_container_runtime }}
      --cpus={{ minikube_cpus }}
      --memory={{ minikube_memory }}
      --disk-size={{ minikube_disk_size }}
      {% for name in minikube_apiserver_names %}
      --apiserver-names={{ name }}
      {% endfor %}
      --apiserver-port={{ minikube_apiserver_port }}
      --listen-address={{ minikube_listen_address }}
  register: minikube_start
  changed_when: minikube_start.rc == 0
  failed_when: false  # Don't fail - may need manual intervention like podman
  when: minikube_status.rc != 0 or 'Running' not in minikube_status.stdout

- name: Check minikube status after start attempt
  ansible.builtin.command:
    cmd: minikube status --format={% raw %}'{{.Host}}'{% endraw %}
  register: minikube_final_status
  changed_when: false
  failed_when: false

- name: Warn if minikube failed to start
  ansible.builtin.debug:
    msg: "WARNING: minikube may not have started properly. Run 'minikube start' manually on indri if needed. Status: {{ minikube_final_status.stdout | default('unknown') }}"
  when: minikube_final_status.rc != 0 or 'Running' not in minikube_final_status.stdout

# Configure VM to access zot registry on host
# The VM can't resolve Tailscale hostnames, so we add a hosts entry
# and configure containerd to use the local zot instance
- name: Add registry hostname to VM hosts file
  ansible.builtin.command:
    cmd: minikube ssh --native-ssh=false "grep -q 'registry.tail8d86e.ts.net' /etc/hosts || echo '192.168.105.1 registry.tail8d86e.ts.net' | sudo tee -a /etc/hosts"
  register: minikube_hosts_entry
  changed_when: "'registry.tail8d86e.ts.net' in minikube_hosts_entry.stdout"
  when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout

- name: Create containerd registry mirror directory
  ansible.builtin.command:
    cmd: minikube ssh --native-ssh=false "sudo mkdir -p /etc/containerd/certs.d/registry.tail8d86e.ts.net"
  register: minikube_registry_dir
  changed_when: false
  when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout

- name: Check containerd registry mirror config
  ansible.builtin.command:
    cmd: minikube ssh --native-ssh=false "cat /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml 2>/dev/null || echo ''"
  register: minikube_registry_config_current
  changed_when: false
  when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout

- name: Configure containerd registry mirror for zot
  ansible.builtin.command:
    cmd: |
      minikube ssh --native-ssh=false 'echo "server = \"http://host.minikube.internal:5050\"

      [host.\"http://host.minikube.internal:5050\"]
        capabilities = [\"pull\", \"resolve\"]
        skip_verify = true" | sudo tee /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml'
  register: minikube_registry_config
  changed_when: true
  when:
    - minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout
    - "'host.minikube.internal:5050' not in minikube_registry_config_current.stdout"
  notify: Restart containerd in minikube

# Set up persistent NFS mount from sifaka and minikube mount passthrough
# NFS mount uses LaunchDaemon (runs as root at boot)
# Minikube mount uses LaunchAgent (runs in user GUI session at login)
#
# NOTE: Tasks with become:true require passwordless sudo on indri
# (configured via /etc/sudoers.d/erichblume)

- name: Check if NFS mount point exists
  ansible.builtin.stat:
    path: /Volumes/torrents-nfs
  register: minikube_nfs_mount_point

- name: Create NFS mount point
  ansible.builtin.file:
    path: /Volumes/torrents-nfs
    state: directory
    mode: "0755"
  become: true
  when: not minikube_nfs_mount_point.stat.exists

- name: Check if NFS LaunchDaemon is installed
  ansible.builtin.stat:
    path: /Library/LaunchDaemons/com.blumeops.nfs-torrents.plist
  register: minikube_nfs_launchdaemon

- name: Install NFS mount LaunchDaemon
  ansible.builtin.copy:
    src: com.blumeops.nfs-torrents.plist
    dest: /Library/LaunchDaemons/com.blumeops.nfs-torrents.plist
    owner: root
    group: wheel
    mode: "0644"
  become: true
  notify: Load NFS mount LaunchDaemon
  when: not minikube_nfs_launchdaemon.stat.exists

- name: Install minikube mount LaunchAgent
  ansible.builtin.copy:
    src: com.blumeops.minikube-mount.plist
    dest: "{{ ansible_facts['env']['HOME'] }}/Library/LaunchAgents/com.blumeops.minikube-mount.plist"
    mode: "0644"
  notify: Load minikube mount LaunchAgent