Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add notes at some point on how to configure opnsense but it's not something that can be done sensibly with ansible.
What you'll also need:
Clone the git repo
Create a vault_password file (chmod 600) under the ansible directory. .gitignore should ensure this doesn't get commited to source control.
Create an ansible vault in your inventory directory tree to hold sensitive variables such as 'ansible_become_pass'. Again .gitignore should ensure this vault file remains only on your workstation.
Check the defaults files for roles carefully. Variables are a scattered mess right now and need to be properly amalgamated.
Ansible roles were written to work on an Arch linux workstation, some tasks are intended to install packages to localhost (such as kubectl) and use pacman modules to do so.
If you encounter problems with these change those tasks to use your relvant package manager module, eg apt or yum.