github-personal/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-01-27 18:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
77ffc93a7cdad116fda4446356c06f41bcbc8b92
Biohazard/Taskfile.dist.yaml
JJGadgets 5ba9c8ae7b feat!: Flux localhost bootstrap from 1P, add Sinon cluster 
- installs Flux in hostNetwork mode binded to localhost to new clusters

- rework Taskfiles for new bootstrap flow, including loading secrets direct from 1Password with no SOPS for secret zero

- use 1Password for both talsecret and talenv for talhelper genconfig

- remove SOPS secrets

- add Sinon cluster, used as NAS

- cleanup ExternalSecret and 1P Connect's Flux ks for smoother bootstrap

- try out 1Password Connect as extraContainer in external-secrets deployment to avoid secrets going over network

- general cleanup
2024-05-21 13:49:50 +08:00

122 lines
3.6 KiB
YAML
Raw Blame History

---
version: "3"
includes:
bootstrap:
aliases: [bs]
taskfile: .taskfiles/bootstrap/Taskfile.dist.yaml
# cluster:
# aliases: [c]
# taskfile: .taskfiles/cluster/Taskfile.dist.yaml
flux:
aliases: [f]
taskfile: .taskfiles/flux/Taskfile.dist.yaml
k8s:
aliases: [k]
taskfile: .taskfiles/k8s/Taskfile.dist.yaml
pulumi:
aliases: [pl]
taskfile: .taskfiles/pulumi/Taskfile.dist.yaml
talos:
aliases: [t]
taskfile: .taskfiles/talos/Taskfile.dist.yaml
volsync:
aliases: [vs]
taskfile: .taskfiles/volsync/Taskfile.dist.yaml
# cnpg:
# aliases: [pg]
# taskfile: .taskfiles/cnpg/Taskfile.dist.yaml
pg:
taskfile: .taskfiles/pg/Taskfile.dist.yaml
rook:
aliases: [r]
taskfile: .taskfiles/rook
truenas:
aliases: [nas]
taskfile: .taskfiles/truenas/Taskfile.dist.yaml
tasks:
default:
silent: true
cmds: ["task -l"]
gitconfig:
desc: Configure Git.
dir: '{{.USER_WORKING_DIR}}'
cmds:
- git config commit.gpgSign true
- git config pull.rebase true
- git config rebase.autostash true
- git config push.autoSetupRemote true
- git config remote.origin.pushurl git@github.com:JJGadgets/Biohazard.git
- test -d $HOME/../usr/etc/termux/ && git config gpg.program $HOME/../usr/bin/okc-gpg || true
n:
desc: Create new folder and file within new folder at the same time.
vars:
d: '{{ or .d (fail "Dirname is required!") }}'
f: '{{ or .f (fail "Filename is required!") }}'
cmds:
- mkdir -p {{.d}}
- touch {{.d}}/{{.f}}
ne:
desc: Same as `n` task, but edits file as well.
vars:
d: '{{ or .d (fail "Dirname is required!") }}'
f: '{{ or .f (fail "Filename is required!") }}'
cmds:
- task: new
- $EDITOR {{.d}}/{{.f}}
pwgen:
vars:
B: '{{ .B | default "128" }}'
BCRYPT: '{{ .BCRYPT | default "n" }}'
SHA256: '{{ .SHA256 | default "n" }}'
cmds:
# - USERPW=$(head -c {{.B}} /dev/urandom | base64 -w 0) [[ $BCRYPT == "y" ]] && (echo $USERPW && task pw-bcrypt) || [[ $SHA256 == "y" ]] && (echo $USERPW && echo $USERPW | pw-sha256sum) || (echo $USERPW)
- |
export USERPW=$(head -c {{.B}} /dev/urandom | base64 -w 0)
echo "Your password is:"
echo "${USERPW}"
if [[ {{.BCRYPT}} == "y" ]]; then
echo "Your BCrypt hash is:"
echo "${USERPW}" | htpasswd -niBC 10 REMOVEME
fi
if [[ {{.SHA256}} == "y" ]]; then
echo "Your SHA256 hash is:"
echo "${USERPW}" | sha256sum
fi
unset USERPW
pw-bcrypt:
vars:
USERPW: '{{ or .USERPW (fail "Missing `USERPW` variable, this Task should be run from the `pwgen` Task!") }}'
cmds:
- htpasswd -bnBC 10 REMOVEME {{.USERPW}}
kubectl-sops:
silent: true
desc: Run kubectl commands with a SOPS encrypted $KUBECONFIG file
preconditions:
- sh: command -v sops
vars: &vars
KUBECONFIGSOPS: '{{ .KUBECONFIG | default "~/.kube/config.sops.yaml" }}'
KCMD:
sh: |-
[[ -n "{{.KCMD}}" ]] && echo "{{.KCMD}}" || [[ -n $(command -v kubecolor) ]] && command -v kubecolor && exit || [[ -n $(command -v kubectl) ]] && command -v kubectl && exit || exit 1
KUBETMPDIR:
sh: "mktemp -d"
KUBECONFIG: "{{.KUBETMPDIR}}/decrypted.yaml"
cmds:
# - echo "{{.KUBECTL_CMD}}"
- defer: "rm {{.KUBECONFIG}} && rmdir {{.KUBETMPDIR}}"
- |
mkfifo {{.KUBECONFIG}}
KUBECONFIG={{.KUBECONFIG}} {{.KCMD}} {{.CLI_ARGS}} &
KUBECTL_PID=$!
sops --decrypt --output {{.KUBECONFIG}} {{.KUBECONFIGSOPS}} >/dev/null 2>/dev/null
wait $KUBECTL_PID
Reference in New Issue View Git Blame Copy Permalink