Justfile! + encryption/decryption of Talos configs
All checks were successful
Lint / lint (push) Successful in 38s
All checks were successful
Lint / lint (push) Successful in 38s
This commit is contained in:
parent
d71fd9ef25
commit
6bd440d79a
1
.gitattributes
vendored
Normal file
1
.gitattributes
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*.age binary
|
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -46,3 +46,7 @@ plan.out
|
||||||
config.tf.json
|
config.tf.json
|
||||||
|
|
||||||
**/charts
|
**/charts
|
||||||
|
result.yaml
|
||||||
|
|
||||||
|
talos/*.yaml
|
||||||
|
!talos/*.age
|
5
gmem.ca/_headers
Normal file
5
gmem.ca/_headers
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
https://arch.dog/ssh
|
||||||
|
Content-Type: text/plain
|
||||||
|
|
||||||
|
https://arch.dog/age
|
||||||
|
Content-Type: text/plain
|
5
gmem.ca/age
Normal file
5
gmem.ca/age
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# My age recipient key. Use this to encrypt files sent to me!
|
||||||
|
# https://github.com/FiloSottile/age
|
||||||
|
# curl https://arch.dog/age | age -R - example.jpg > example.jpg.age
|
||||||
|
#
|
||||||
|
age1yubikey1qv89lazzjxeaed4jt3r9nv233as0gz8la60ghpk2dg0s9x0luz7r7w4s9ge
|
35
justfile
Normal file
35
justfile
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
alias ap := apply
|
||||||
|
alias bh := build-helm
|
||||||
|
alias ah := apply-helm
|
||||||
|
|
||||||
|
alias ds := deploy-site
|
||||||
|
|
||||||
|
build app="":
|
||||||
|
kustomize build kubernetes/{{app}} --enable-helm > result.yaml
|
||||||
|
|
||||||
|
apply app="": (build app)
|
||||||
|
kubectl apply -f result.yaml
|
||||||
|
|
||||||
|
build-helm name chart values:
|
||||||
|
helm template {{name}} {{chart}} -f {{values}} --namespace {{name}} --dry-run=server --kube-version=1.30 > result.yaml
|
||||||
|
|
||||||
|
apply-helm name chart values: (build-helm name chart values)
|
||||||
|
kubectl apply -f result.yaml -n {{name}}
|
||||||
|
|
||||||
|
deploy-site branch="main":
|
||||||
|
npx wrangler pages deploy gmem.ca/ --branch {{branch}}
|
||||||
|
|
||||||
|
age-identity:
|
||||||
|
age-plugin-yubikey --identity > /tmp/age-identity
|
||||||
|
|
||||||
|
encrypt-talos:
|
||||||
|
for file in `ls talos/*.yaml`; do \
|
||||||
|
echo "encrypting ${file}"; \
|
||||||
|
age -e -R gmem.ca/age -o "${file}.age" "${file}"; \
|
||||||
|
done
|
||||||
|
|
||||||
|
decrypt-talos: age-identity
|
||||||
|
for file in `ls talos/*.age`; do \
|
||||||
|
echo "decrypting ${file}"; \
|
||||||
|
age -d -i /tmp/age-identity -o "${file/.age/}" "${file}"; \
|
||||||
|
done
|
BIN
talos/controlplane.yaml.age
Normal file
BIN
talos/controlplane.yaml.age
Normal file
Binary file not shown.
BIN
talos/worker-144.yaml.age
Normal file
BIN
talos/worker-144.yaml.age
Normal file
Binary file not shown.
BIN
talos/worker-146.yaml.age
Normal file
BIN
talos/worker-146.yaml.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue