-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathTaskfile.dist.yaml
128 lines (118 loc) · 3.91 KB
/
Taskfile.dist.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
---
version: "3"
includes:
bootstrap:
aliases: [bs]
taskfile: .taskfiles/bootstrap/Taskfile.dist.yaml
# cluster:
# aliases: [c]
# taskfile: .taskfiles/cluster/Taskfile.dist.yaml
flux:
aliases: [f]
taskfile: .taskfiles/flux/Taskfile.dist.yaml
k8s:
aliases: [k]
taskfile: .taskfiles/k8s/Taskfile.dist.yaml
pulumi:
aliases: [pl]
taskfile: .taskfiles/pulumi/Taskfile.dist.yaml
talos:
aliases: [t]
taskfile: .taskfiles/talos/Taskfile.dist.yaml
volsync:
aliases: [vs]
taskfile: .taskfiles/volsync/Taskfile.dist.yaml
# cnpg:
# aliases: [pg]
# taskfile: .taskfiles/cnpg/Taskfile.dist.yaml
pg:
taskfile: .taskfiles/pg/Taskfile.dist.yaml
rook:
aliases: [r]
taskfile: .taskfiles/rook
truenas:
aliases: [nas]
taskfile: .taskfiles/truenas/Taskfile.dist.yaml
tasks:
default:
silent: true
cmds: ["task -l"]
gitconfig:
desc: Configure Git.
dir: '{{.USER_WORKING_DIR}}'
cmds:
- git config commit.gpgSign true
- git config pull.rebase true
- git config rebase.autostash true
- git config push.autoSetupRemote true
- git config remote.origin.pushurl [email protected]:JJGadgets/Biohazard.git
- test -d $HOME/../usr/etc/termux/ && git config gpg.program $HOME/../usr/bin/okc-gpg || true
mise:
desc: Use this repo's Mise config for the whole Linux user, via symlink.
dir: '{{.USER_WORKING_DIR}}'
cmds:
- mv ~/.config/mise/config.toml ~/.config/mise/config.toml.old$(date +%Y-%m-%d) || true
- ln -s $(pwd)/.mise.toml ~/.config/mise/config.toml
n:
desc: Create new folder and file within new folder at the same time.
vars:
d: '{{ or .d (fail "Dirname is required!") }}'
f: '{{ or .f (fail "Filename is required!") }}'
cmds:
- mkdir -p {{.d}}
- touch {{.d}}/{{.f}}
ne:
desc: Same as `n` task, but edits file as well.
vars:
d: '{{ or .d (fail "Dirname is required!") }}'
f: '{{ or .f (fail "Filename is required!") }}'
cmds:
- task: new
- $EDITOR {{.d}}/{{.f}}
pwgen:
vars:
B: '{{ .B | default "128" }}'
BCRYPT: '{{ .BCRYPT | default "n" }}'
SHA256: '{{ .SHA256 | default "n" }}'
cmds:
# - USERPW=$(head -c {{.B}} /dev/urandom | base64 -w 0) [[ $BCRYPT == "y" ]] && (echo $USERPW && task pw-bcrypt) || [[ $SHA256 == "y" ]] && (echo $USERPW && echo $USERPW | pw-sha256sum) || (echo $USERPW)
- |
export USERPW=$(head -c {{.B}} /dev/urandom | base64 -w 0)
echo "Your password is:"
echo "${USERPW}"
if [[ {{.BCRYPT}} == "y" ]]; then
echo "Your BCrypt hash is:"
echo "${USERPW}" | htpasswd -niBC 10 REMOVEME
fi
if [[ {{.SHA256}} == "y" ]]; then
echo "Your SHA256 hash is:"
echo "${USERPW}" | sha256sum
fi
unset USERPW
pw-bcrypt:
vars:
USERPW: '{{ or .USERPW (fail "Missing `USERPW` variable, this Task should be run from the `pwgen` Task!") }}'
cmds:
- htpasswd -bnBC 10 REMOVEME {{.USERPW}}
kubectl-sops:
silent: true
desc: Run kubectl commands with a SOPS encrypted $KUBECONFIG file
preconditions:
- sh: command -v sops
vars: &vars
KUBECONFIGSOPS: '{{ .KUBECONFIG | default "~/.kube/config.sops.yaml" }}'
KCMD:
sh: |-
[[ -n "{{.KCMD}}" ]] && echo "{{.KCMD}}" || [[ -n $(command -v kubecolor) ]] && command -v kubecolor && exit || [[ -n $(command -v kubectl) ]] && command -v kubectl && exit || exit 1
KUBETMPDIR:
sh: "mktemp -d"
KUBECONFIG: "{{.KUBETMPDIR}}/decrypted.yaml"
cmds:
# - echo "{{.KUBECTL_CMD}}"
- defer: "rm {{.KUBECONFIG}} && rmdir {{.KUBETMPDIR}}"
- |
mkfifo {{.KUBECONFIG}}
KUBECONFIG={{.KUBECONFIG}} {{.KCMD}} {{.CLI_ARGS}} &
KUBECTL_PID=$!
sops --decrypt --output {{.KUBECONFIG}} {{.KUBECONFIGSOPS}} >/dev/null 2>/dev/null
wait $KUBECTL_PID