Taskfile.yaml

---
version: "3"

dotenv: [".envrc"]

vars:
  REPO_ROOT:
    sh: "git rev-parse --show-toplevel"

tasks:
  config:
    desc: Edit master secrets config file
    interactive: true
    silent: true
    cmds:
      - sops config.sops.yaml
      - task: config-update

  config-update:
    desc: Update secrets configuration files
    dir: ansible
    cmds:
      - ansible-playbook config.yaml

  config-push:
    desc: Push updated secrets configuration files
    interactive: true
    deps: [config-update]
    cmds:
      - git add config.sops.yaml
      - git add cluster/manifests/config/cluster-secrets.sops.yaml
      - git add cluster/manifests/apps/infra-system/cloudflared/secrets.sops.yaml
      - git commit -m 'Update secrets configuration files' || true
      - git push

  apply:
    desc: Apply configuration across all tools
    deps: [config-push]
    cmds:
      - task: apply-ansible
      - task: apply-terraform
      - task: apply-flux

  apply-ansible:
    desc: Run Ansible site playbook
    dir: ansible
    cmds:
      - ansible-playbook site.yaml

  apply-terraform:
    desc: Apply terraform plan
    dir: terraform
    interactive: true
    cmds:
      - terraform apply

  apply-flux:
    desc: Start flux repository reconciliation
    cmds:
      - flux reconcile source git flux-system

  install-k3s:
    desc: Install K3s
    cmds:
      - k3sup install --ip $KUB_SERVER_IP --user $KUB_SERVER_USER --local-path ~/.kube/config --k3s-channel stable --k3s-extra-args '--write-kubeconfig-mode 0644 --disable-helm-controller --disable traefik'

  install-keys:
    desc: Install SOPS keys
    cmds:
      - kubectl create namespace flux-system --dry-run=client -o yaml | kubectl apply -f -
      - cat "{{ .REPO_ROOT }}/.sops.agekey" | kubectl create secret generic sops-age --namespace=flux-system --from-file=sops.agekey=/dev/stdin

  install-flux:
    desc: Install Flux CD
    cmds:
      - kubectl create namespace flux-system --dry-run=client -o yaml | kubectl apply -f -
      - flux bootstrap github --components-extra=image-reflector-controller,image-automation-controller --owner="$GITHUB_USER" --repository="$GITHUB_REPO" --path=cluster/bootstrap --branch=master --read-write-key --personal
    preconditions:
      - flux check --pre

  system-upgrade:
    desc: Upgrade all servers
    dir: ansible
    cmds:
      - ansible-playbook upgrade.yaml

  k8s-delete-failed-pods:
    desc: Deletes failed pods
    cmds:
      - kubectl delete pods --field-selector status.phase=Failed -A --ignore-not-found=true

  k8s-delete-jobs:
    desc: Delete all jobs
    cmds:
      - kubectl delete job -A --all

  k8s-debug-volume:
    desc: Create a container for debugging a PVC (ex. task PVC=plex-config-v1 k8s-debug-volume)
    interactive: true
    cmds:
      - |
        kubectl run -n $(kubectl get pvc -A | grep {{.PVC}} | awk '{print $1}') debug-{{.PVC}} -i --tty --rm --image=null --privileged --overrides='
          {
            "apiVersion": "v1",
            "spec": {
              "containers": [
                {
                  "name": "debug",
                  "image": "ghcr.io/onedr0p/alpine:rolling",
                  "command": [
                    "/bin/bash"
                  ],
                  "stdin": true,
                  "stdinOnce": true,
                  "tty": true,
                  "volumeMounts": [
                    {
                      "name": "config",
                      "mountPath": "/data/config"
                    }
                  ]
                }
              ],
              "volumes": [
                {
                  "name": "config",
                  "persistentVolumeClaim": {
                    "claimName": "{{.PVC}}"
                  }
                }
              ],
              "restartPolicy": "Never"
            }
          }'