171 lines
5.9 KiB
YAML
171 lines
5.9 KiB
YAML
---
|
|
version: '3'
|
|
|
|
vars:
|
|
MAKEJINJA_CONFIG_FILE: '{{.ROOT_DIR}}/makejinja.toml'
|
|
TEMPLATE_DIR: '{{.ROOT_DIR}}/templates'
|
|
TEMPLATE_RESOURCES_DIR: '{{.ROOT_DIR}}/.taskfiles/template/resources'
|
|
TEMPLATE_CONFIG_FILE: '{{.ROOT_DIR}}/cluster.yaml'
|
|
TEMPLATE_NODE_CONFIG_FILE: '{{.ROOT_DIR}}/nodes.yaml'
|
|
|
|
tasks:
|
|
|
|
:init:
|
|
desc: Initialize configuration files
|
|
cmds:
|
|
- task: generate-template-config
|
|
- task: generate-age-key
|
|
- task: generate-deploy-key
|
|
- task: generate-push-token
|
|
|
|
generate-template-config:
|
|
internal: true
|
|
cmds:
|
|
- mv {{.TEMPLATE_CONFIG_FILE | replace ".yaml" ".sample.yaml"}} {{.TEMPLATE_CONFIG_FILE}}
|
|
- mv {{.TEMPLATE_NODE_CONFIG_FILE | replace ".yaml" ".sample.yaml"}} {{.TEMPLATE_NODE_CONFIG_FILE}}
|
|
status:
|
|
- test -f {{.TEMPLATE_CONFIG_FILE}}
|
|
- test -f {{.TEMPLATE_NODE_CONFIG_FILE}}
|
|
|
|
generate-age-key:
|
|
internal: true
|
|
cmd: age-keygen --output {{.SOPS_AGE_KEY_FILE}}
|
|
status:
|
|
- test -f {{.SOPS_AGE_KEY_FILE}}
|
|
preconditions:
|
|
- which age-keygen
|
|
|
|
generate-deploy-key:
|
|
internal: true
|
|
cmd: ssh-keygen -t ed25519 -C "deploy-key" -f {{.ROOT_DIR}}/github-deploy.key -q -P ""
|
|
status:
|
|
- test -f {{.ROOT_DIR}}/github-deploy.key
|
|
preconditions:
|
|
- which ssh-keygen
|
|
|
|
generate-push-token:
|
|
internal: true
|
|
cmd: python -c "import secrets; print(secrets.token_hex(16))" > {{.ROOT_DIR}}/github-push-token.txt
|
|
status:
|
|
- test -f {{.ROOT_DIR}}/github-push-token.txt
|
|
|
|
:configure:
|
|
desc: Render and validate configuration files
|
|
prompt: Any conflicting files in the kubernetes directory will be overwritten... continue?
|
|
cmds:
|
|
- task: validate-schemas
|
|
- task: render-configs
|
|
- task: encrypt-secrets
|
|
- task: validate-kubernetes-config
|
|
- task: validate-talos-config
|
|
preconditions:
|
|
- msg: An existing Age key interferes with the age key in this repository, rename or delete ~/.config/sops/age/keys.txt
|
|
sh: '! test -f ~/.config/sops/age/keys.txt'
|
|
- msg: File cluster.yaml not found, did you run `task init`?
|
|
sh: test -f {{.TEMPLATE_CONFIG_FILE}}
|
|
- msg: File nodes.yaml not found, did you run `task init`?
|
|
sh: test -f {{.TEMPLATE_NODE_CONFIG_FILE}}
|
|
- msg: File cloudflare-tunnel.json not found, see the README for information on creating it.
|
|
sh: test -f {{.ROOT_DIR}}/cloudflare-tunnel.json
|
|
|
|
validate-schemas:
|
|
internal: true
|
|
cmds:
|
|
- cue vet {{.TEMPLATE_CONFIG_FILE}} {{.TEMPLATE_RESOURCES_DIR}}/cluster.schema.cue
|
|
- cue vet {{.TEMPLATE_NODE_CONFIG_FILE}} {{.TEMPLATE_RESOURCES_DIR}}/nodes.schema.cue
|
|
preconditions:
|
|
- test -f {{.TEMPLATE_RESOURCES_DIR}}/cluster.schema.cue
|
|
- test -f {{.TEMPLATE_RESOURCES_DIR}}/nodes.schema.cue
|
|
- which cue
|
|
|
|
render-configs:
|
|
internal: true
|
|
cmd: makejinja
|
|
env:
|
|
PYTHONDONTWRITEBYTECODE: '1'
|
|
preconditions:
|
|
- test -f {{.TEMPLATE_DIR}}/scripts/plugin.py
|
|
- test -f {{.MAKEJINJA_CONFIG_FILE}}
|
|
- which makejinja
|
|
|
|
encrypt-secrets:
|
|
internal: true
|
|
cmds:
|
|
- for: { var: SECRET_FILES }
|
|
cmd: |
|
|
if [ $(sops filestatus "{{.ITEM}}" | jq ".encrypted") == "false" ]; then
|
|
sops --encrypt --in-place "{{.ITEM}}"
|
|
fi
|
|
vars:
|
|
SECRET_FILES:
|
|
sh: find "{{.BOOTSTRAP_DIR}}" "{{.KUBERNETES_DIR}}" "{{.TALOS_DIR}}" -type f -name "*.sops.*" -print
|
|
preconditions:
|
|
- test -f {{.SOPS_AGE_KEY_FILE}}
|
|
- test -f {{.ROOT_DIR}}/.sops.yaml
|
|
- which jq sops
|
|
|
|
validate-kubernetes-config:
|
|
internal: true
|
|
cmd: bash {{.TEMPLATE_RESOURCES_DIR}}/kubeconform.sh {{.KUBERNETES_DIR}}
|
|
preconditions:
|
|
- test -f {{.TEMPLATE_RESOURCES_DIR}}/kubeconform.sh
|
|
- which kubeconform
|
|
|
|
validate-talos-config:
|
|
internal: true
|
|
dir: '{{.TALOS_DIR}}'
|
|
cmd: talhelper validate talconfig {{.TALOS_DIR}}/talconfig.yaml
|
|
preconditions:
|
|
- test -f {{.TALOS_DIR}}/talconfig.yaml
|
|
- which talhelper
|
|
|
|
debug:
|
|
desc: Gather common resources in your cluster
|
|
cmds:
|
|
- for:
|
|
matrix:
|
|
RESOURCE: [certificates, certificaterequests, gitrepositories, helmrepositories, helmreleases, httproutes, kustomizations, nodes, pods]
|
|
cmd: kubectl get --all-namespaces {{.ITEM.RESOURCE}}
|
|
preconditions:
|
|
- test -f {{.KUBECONFIG}}
|
|
- which kubectl
|
|
|
|
tidy:
|
|
desc: Archive template related files and directories
|
|
prompt: All files and directories related to the templating process will be archived... continue?
|
|
cmds:
|
|
- mkdir -p {{.TIDY_FOLDER}}
|
|
- rm -rf {{.ROOT_DIR}}/.github/tests
|
|
- rm -rf {{.ROOT_DIR}}/.github/workflows/e2e.yaml
|
|
- rm -rf {{.ROOT_DIR}}/.github/workflows/mise.yaml
|
|
- rm -rf {{.ROOT_DIR}}/.github/workflows/release.yaml
|
|
- |
|
|
{{.SED}} -i 's/(..\.j2)\?//g' {{.ROOT_DIR}}/.renovaterc.json5
|
|
- mv {{.TEMPLATE_DIR}} {{.TIDY_FOLDER}}/templates
|
|
- mv {{.MAKEJINJA_CONFIG_FILE}} {{.TIDY_FOLDER}}/makejinja.toml
|
|
- mv {{.TEMPLATE_CONFIG_FILE}} {{.TIDY_FOLDER}}/cluster.yaml
|
|
- mv {{.TEMPLATE_NODE_CONFIG_FILE}} {{.TIDY_FOLDER}}/nodes.yaml
|
|
- |
|
|
{{.SED}} -i '/template:/d' {{.ROOT_DIR}}/Taskfile.yaml
|
|
- mv {{.ROOT_DIR}}/.taskfiles/template {{.TIDY_FOLDER}}/.taskfiles/
|
|
vars:
|
|
TIDY_FOLDER: '{{.PRIVATE_DIR}}/{{now | unixEpoch}}'
|
|
SED:
|
|
sh: which gsed || which sed
|
|
preconditions:
|
|
- msg: Unsupported sed version, run `brew install gsed` to upgrade
|
|
sh: '{{if eq OS "darwin"}}test -f /opt/homebrew/bin/gsed || test -f /usr/local/bin/gsed{{end}}'
|
|
- test -d {{.ROOT_DIR}}/.taskfiles/template
|
|
- test -d {{.TEMPLATE_DIR}}
|
|
- test -f {{.MAKEJINJA_CONFIG_FILE}}
|
|
- test -f {{.ROOT_DIR}}/.renovaterc.json5
|
|
|
|
reset:
|
|
desc: Remove templated files and directories
|
|
prompt: Remove all templated files and directories... continue?
|
|
cmds:
|
|
- rm -rf {{.BOOTSTRAP_DIR}}
|
|
- rm -rf {{.KUBERNETES_DIR}}
|
|
- rm -rf {{.TALOS_DIR}}
|
|
- rm -rf {{.ROOT_DIR}}/.sops.yaml
|