---

- name: Firewall Rules
  ansible.builtin.include_role:
    name: nfc_firewall
  vars:
    nfc_firewall_enabled_kubernetes: "{{ nfc_kubernetes.enable_firewall | default(false) | bool }}"
  tags:
    - never
    - install


# fix, reload firewall `iptables-reloader`
- name: Reload iptables
  ansible.builtin.command:
    cmd: bash -c /usr/bin/iptables-reloader
  changed_when: false
  tags:
    - never
    - install


# kubernetes_installed

- name: K3s Install
  ansible.builtin.include_tasks:
    file: k3s/install.yaml
    apply:
      tags:
        - always
  when: >
    install_kubernetes | default(true) | bool
      and
    not kubernetes_installed | default(false) | bool
  tags:
    - always


- name: K3s Configure
  ansible.builtin.include_tasks:
    file: k3s/configure.yaml
    apply:
      tags:
        - always
  when: >
    install_kubernetes | default(true) | bool
      and
    kubernetes_installed | default(false) | bool
  tags:
    - always