Justfile! + encryption/decryption of Talos configs
This commit is contained in:
parent
d71fd9ef25
commit
ccc6e4d0ac
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -46,3 +46,7 @@ plan.out
|
|||
config.tf.json
|
||||
|
||||
**/charts
|
||||
result.yaml
|
||||
|
||||
talos/*.yaml
|
||||
!talos/*.age
|
5
gmem.ca/_headers
Normal file
5
gmem.ca/_headers
Normal file
|
@ -0,0 +1,5 @@
|
|||
https://arch.dog/ssh
|
||||
Content-Type: text/plain
|
||||
|
||||
https://arch.dog/age
|
||||
Content-Type: text/plain
|
5
gmem.ca/age
Normal file
5
gmem.ca/age
Normal file
|
@ -0,0 +1,5 @@
|
|||
# My age recipient key. Use this to encrypt files sent to me!
|
||||
# https://github.com/FiloSottile/age
|
||||
# curl https://arch.dog/age | age -R - example.jpg > example.jpg.age
|
||||
#
|
||||
age1yubikey1qv89lazzjxeaed4jt3r9nv233as0gz8la60ghpk2dg0s9x0luz7r7w4s9ge
|
35
justfile
Normal file
35
justfile
Normal file
|
@ -0,0 +1,35 @@
|
|||
alias ap := apply
|
||||
alias bh := build-helm
|
||||
alias ah := apply-helm
|
||||
|
||||
alias ds := deploy-site
|
||||
|
||||
build app="":
|
||||
kustomize build kubernetes/{{app}} --enable-helm > result.yaml
|
||||
|
||||
apply app="": (build app)
|
||||
kubectl apply -f result.yaml
|
||||
|
||||
build-helm name chart values:
|
||||
helm template {{name}} {{chart}} -f {{values}} --namespace {{name}} --dry-run=server --kube-version=1.30 > result.yaml
|
||||
|
||||
apply-helm name chart values: (build-helm name chart values)
|
||||
kubectl apply -f result.yaml -n {{name}}
|
||||
|
||||
deploy-site branch="main":
|
||||
npx wrangler pages deploy gmem.ca/ --branch {{branch}}
|
||||
|
||||
age-identity:
|
||||
age-plugin-yubikey --identity > /tmp/age-identity
|
||||
|
||||
encrypt-talos:
|
||||
for file in `ls talos/*.yaml`; do \
|
||||
echo "encrypting ${file}"; \
|
||||
age -e -R gmem.ca/age -o "${file}.age" "${file}"; \
|
||||
done
|
||||
|
||||
decrypt-talos: age-identity
|
||||
for file in `ls talos/*.age`; do \
|
||||
echo "decrypting ${file}"; \
|
||||
age -d -i /tmp/age-identity -o "${file/.age/}" "${file}"; \
|
||||
done
|
BIN
talos/controlplane.yaml.age
Normal file
BIN
talos/controlplane.yaml.age
Normal file
Binary file not shown.
BIN
talos/worker-144.yaml.age
Normal file
BIN
talos/worker-144.yaml.age
Normal file
Binary file not shown.
BIN
talos/worker-146.yaml.age
Normal file
BIN
talos/worker-146.yaml.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue