---
version: "3"

includes:
  cluster:
    aliases: [c]
    taskfile: .taskfiles/cluster/Taskfile.dist.yaml
  flux:
    aliases: [f]
    taskfile: .taskfiles/flux/Taskfile.dist.yaml
  k8s:
    aliases: [k]
    taskfile: .taskfiles/k8s/Taskfile.dist.yaml
  pulumi:
    aliases: [pl]
    taskfile: .taskfiles/pulumi/Taskfile.dist.yaml
  talos:
    aliases: [t]
    taskfile: .taskfiles/talos/Taskfile.dist.yaml
  volsync:
    aliases: [vs]
    taskfile: .taskfiles/volsync/Taskfile.dist.yaml
  # cnpg:
  #   aliases: [pg]
  #   taskfile: .taskfiles/cnpg/Taskfile.dist.yaml
  pg:
    taskfile: .taskfiles/pg/Taskfile.dist.yaml
  rook:
    aliases: [r]
    taskfile: .taskfiles/rook
  truenas:
    aliases: [nas]
    taskfile: .taskfiles/truenas/Taskfile.dist.yaml


tasks:
  default:
    silent: true
    cmds: ["task -l"]

  gitconfig:
    desc: Configure Git.
    dir: '{{.USER_WORKING_DIR}}'
    cmds:
      - git config commit.gpgSign true
      - git config pull.rebase true
      - git config rebase.autostash true
      - git config push.autoSetupRemote true
      - git config remote.origin.pushurl git@github.com:JJGadgets/Biohazard.git
      - test -d $HOME/../usr/etc/termux/ && git config gpg.program $HOME/../usr/bin/okc-gpg || true

  n:
    desc: Create new folder and file within new folder at the same time.
    vars:
      d: '{{ or .d (fail "Dirname is required!") }}'
      f: '{{ or .f (fail "Filename is required!") }}'
    cmds:
      - mkdir -p {{.d}}
      - touch {{.d}}/{{.f}}

  ne:
    desc: Same as `n` task, but edits file as well.
    vars:
      d: '{{ or .d (fail "Dirname is required!") }}'
      f: '{{ or .f (fail "Filename is required!") }}'
    cmds:
      - task: new
      - $EDITOR {{.d}}/{{.f}}

  pwgen:
    vars:
      B: '{{ .B | default "128" }}'
      BCRYPT: '{{ .BCRYPT | default "n" }}'
      SHA256: '{{ .SHA256 | default "n" }}'
    cmds:
      # - USERPW=$(head -c {{.B}} /dev/urandom | base64 -w 0) [[ $BCRYPT == "y" ]] && (echo $USERPW && task pw-bcrypt) || [[ $SHA256 == "y" ]] && (echo $USERPW && echo $USERPW | pw-sha256sum) || (echo $USERPW)
      - |
        export USERPW=$(head -c {{.B}} /dev/urandom | base64 -w 0)
        echo "Your password is:"
        echo "${USERPW}"
        if [[ {{.BCRYPT}} == "y" ]]; then
          echo "Your BCrypt hash is:"
          echo "${USERPW}" | htpasswd -niBC 10 REMOVEME
        fi
        if [[ {{.SHA256}} == "y" ]]; then
          echo "Your SHA256 hash is:"
          echo "${USERPW}" | sha256sum
        fi
        unset USERPW

  pw-bcrypt:
    vars:
      USERPW: '{{ or .USERPW (fail "Missing `USERPW` variable, this Task should be run from the `pwgen` Task!") }}'
    cmds:
      - htpasswd -bnBC 10 REMOVEME {{.USERPW}}

  kubectl-sops:
    silent: true
    desc: Run kubectl commands with a SOPS encrypted $KUBECONFIG file
    preconditions:
      - sh: command -v sops
    vars: &vars
      KUBECONFIGSOPS: '{{ .KUBECONFIG | default "~/.kube/config.sops.yaml" }}'
      KCMD:
        sh: |-
          [[ -n "{{.KCMD}}" ]] && echo "{{.KCMD}}" || [[ -n $(command -v kubecolor) ]] && command -v kubecolor && exit || [[ -n $(command -v kubectl) ]] && command -v kubectl && exit || exit 1
      KUBETMPDIR:
        sh: "mktemp -d"
      KUBECONFIG: "{{.KUBETMPDIR}}/decrypted.yaml"
    cmds:
      # - echo "{{.KUBECTL_CMD}}"
      - defer: "rm {{.KUBECONFIG}} && rmdir {{.KUBETMPDIR}}"
      - |
        mkfifo {{.KUBECONFIG}}
        KUBECONFIG={{.KUBECONFIG}} {{.KCMD}} {{.CLI_ARGS}} &
        KUBECTL_PID=$!
        sops --decrypt --output {{.KUBECONFIG}} {{.KUBECONFIGSOPS}} >/dev/null 2>/dev/null
        wait $KUBECTL_PID