Justfile! + encryption/decryption of Talos configs

.gitattributes

@@ -0,0 +1 @@
+*.age binary

.gitignore

@@ -46,3 +46,7 @@ plan.out
 config.tf.json
 
 **/charts
+result.yaml
+
+talos/*.yaml
+!talos/*.age

gmem.ca/_headers

@@ -0,0 +1,5 @@
+https://arch.dog/ssh
+  Content-Type: text/plain
+
+https://arch.dog/age
+  Content-Type: text/plain

gmem.ca/age

@@ -0,0 +1,5 @@
+# My age recipient key. Use this to encrypt files sent to me!
+# https://github.com/FiloSottile/age
+# curl https://arch.dog/age | age -R - example.jpg > example.jpg.age
+#
+age1yubikey1qv89lazzjxeaed4jt3r9nv233as0gz8la60ghpk2dg0s9x0luz7r7w4s9ge

justfile

@@ -0,0 +1,35 @@
+alias ap := apply
+alias bh := build-helm
+alias ah := apply-helm
+
+alias ds := deploy-site
+
+build app="":
+	kustomize build kubernetes/{{app}} --enable-helm > result.yaml
+
+apply app="": (build app)
+	kubectl apply -f result.yaml
+
+build-helm name chart values:
+	helm template {{name}} {{chart}} -f {{values}} --namespace {{name}} --dry-run=server --kube-version=1.30 > result.yaml
+
+apply-helm name chart values: (build-helm name chart values)
+	kubectl apply -f result.yaml -n {{name}}
+
+deploy-site branch="main":
+	npx wrangler pages deploy gmem.ca/ --branch {{branch}}
+
+age-identity:
+	age-plugin-yubikey --identity > /tmp/age-identity
+
+encrypt-talos:
+	for file in `ls talos/*.yaml`; do \
+	  echo "encrypting ${file}"; \
+	  age -e -R gmem.ca/age -o "${file}.age" "${file}"; \
+	done
+
+decrypt-talos: age-identity
+	for file in `ls talos/*.age`; do \
+	  echo "decrypting ${file}"; \
+	  age -d -i /tmp/age-identity -o "${file/.age/}" "${file}"; \
+	done