---

- name: Additional config files
  ansible.builtin.copy:
    content: |
      {{  item.content }}
    dest: "{{  item.path }}/{{  item.name }}"
    mode: '740'
    owner: root
    group: root
  loop: "{{ k3s.files }}"
  when: item.when | default(false) | bool


- name: Copy Templates
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    mode: '700'
    force: true
  notify: "{{ item.notify | default(omit) }}"
  loop: "{{ templates_to_apply }}"
  when: >
    item.when | default(true) | bool
  vars:
    templates_to_apply:

      - src: kubernetes-manifest-rbac.yaml.j2
        dest: /var/lib/rancher/k3s/server/manifests/rbac-authorization-common.yaml
        when: "{{ kubernetes_config.cluster.prime.name == inventory_hostname }}"

      - src: iptables-kubernetes.rules.j2
        dest: "/etc/iptables.rules.d/iptables-kubernetes.rules"
        notify: firewall_reloader


- name: Add Kubernetes Node Labels
  ansible.builtin.copy:
    content: |-
      apiVersion: v1
      kind: Node
      metadata:
        name: "{{ inventory_hostname }}"
        labels:
          {{ item | to_nice_yaml | indent(4) }}
    dest: /var/lib/rancher/k3s/server/manifests/node-manifest-{{ inventory_hostname }}.yaml
    owner: root
    group: root
    mode: '700'
  delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
  with_items:
    - "{{ kubernetes_config.hosts[inventory_hostname].labels }}"
  when:
    - ( kubernetes_config.hosts[inventory_hostname].labels is defined and
      kubernetes_config.hosts[inventory_hostname].labels|default('')|length > 0 )