Initial commit

.config.sample.env

@@ -0,0 +1,101 @@
+#
+# Cluster related variables
+#
+
+# The repo you created from this template
+# e.g. https://github.com/onedr0p/home-cluster
+export BOOTSTRAP_GIT_REPOSITORY=""
+
+# To enable Flux to update your cluster on `git push` set the following to one of:
+# `generated` - this will generate a token and print it in the logs
+# Set this to any other string and it will be used for the secret
+export BOOTSTRAP_FLUX_GITHUB_WEBHOOK_SECRET="generated" # NOTE: Must only contain alphanumeric characters and dashes
+
+# The Weave GitOps dashboard admin password
+# `generated` - this will generate a token and print it in the logs
+# Set this to any other string and it will be used for the secret
+export BOOTSTRAP_WEAVE_GITOPS_ADMIN_PASSWORD="generated" # NOTE: Must only contain alphanumeric characters and dashes
+
+# Choose one of your cloudflare domains
+# e.g. onedr0p.com
+export BOOTSTRAP_CLOUDFLARE_DOMAIN=""
+# The email you use to sign into Cloudflare with
+export BOOTSTRAP_CLOUDFLARE_EMAIL=""
+# Your global Cloudflare API Key (not API token)
+export BOOTSTRAP_CLOUDFLARE_APIKEY=""
+
+# Create a cloudflare tunnel to automatically ingress into your cluster
+# https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/
+# cloudflared tunnel create <NAME or UUID>
+export BOOTSTRAP_CLOUDFLARE_ACCOUNT_TAG=""
+export BOOTSTRAP_CLOUDFLARE_TUNNEL_SECRET=""
+export BOOTSTRAP_CLOUDFLARE_TUNNEL_ID=""
+
+# Pick a range of unused IPs that are on the same network as your nodes
+# You don't need many IPs, just choose 10 IPs to start with
+# e.g. 192.168.1.220-192.168.1.230
+export BOOTSTRAP_METALLB_LB_RANGE=""
+# The load balancer IP for k8s_gateway, choose from one of the available IPs above
+# e.g. 192.168.1.220
+export BOOTSTRAP_METALLB_K8S_GATEWAY_ADDR=""
+# The load balancer IP for the ingress controller, choose from one of the available IPs above
+# that doesn't conflict with any other IP addresses here
+# e.g. 192.168.1.221
+export BOOTSTRAP_METALLB_INGRESS_ADDR=""
+
+# Age Public Key - string should start with age
+# e.g. age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta
+export BOOTSTRAP_AGE_PUBLIC_KEY=""
+
+# The IP Address to use with kube-vip
+# Pick a unused IP that is on the same network as your nodes
+# and outside the ${BOOTSTRAP_METALLB_LB_RANGE} range
+# and doesn't conflict with any other IP addresses here
+# e.g. 192.168.1.254
+export BOOTSTRAP_KUBE_VIP_ADDR=""
+
+# Choose your timezone
+# e.g. America/New_York
+export BOOTSTRAP_TIMEZONE="Etc/UTC"
+
+#
+# Ansible related variables
+#
+
+#
+# Default prefixes for hostnames assigned by Ansible
+# These are unused on nodes where BOOTSTRAP_ANSIBLE_HOSTNAME_ is provided
+#
+
+export BOOTSTRAP_ANSIBLE_DEFAULT_CONTROL_NODE_HOSTNAME_PREFIX="k8s-" # NOTE: Must only contain alphanumeric characters and dashes
+export BOOTSTRAP_ANSIBLE_DEFAULT_NODE_HOSTNAME_PREFIX="k8s-" # NOTE: Must only contain alphanumeric characters and dashes
+
+#
+# Ansible hosts - repeat this block as many times as you need,
+# incrementing the last digit on the variable name for each node
+#
+
+# Host IP Address to the control plane node
+# That doesn't conflict with any other IP addresses here
+# e.g. 192.168.1.200
+export BOOTSTRAP_ANSIBLE_HOST_ADDR_0=""
+# User Ansible will log into the nodes
+export BOOTSTRAP_ANSIBLE_SSH_USERNAME_0="" # NOTE: Must only contain alphanumeric characters and dashes
+# Password Ansible will use to escalate to sudo
+export BOOTSTRAP_ANSIBLE_SUDO_PASSWORD_0="" # NOTE: Must only contain alphanumeric characters and dashes
+# Set this node as a control node (true/false)
+export BOOTSTRAP_ANSIBLE_CONTROL_NODE_0=""
+# Optional: Set the hostname of the node, if set this will override the *_HOSTNAME_PREFIX vars above
+export BOOTSTRAP_ANSIBLE_HOSTNAME_0=""
+
+# export BOOTSTRAP_ANSIBLE_HOST_ADDR_1=""
+# export BOOTSTRAP_ANSIBLE_SSH_USERNAME_1="" # NOTE: Must only contain alphanumeric characters and dashes
+# export BOOTSTRAP_ANSIBLE_SUDO_PASSWORD_1="" # NOTE: Must only contain alphanumeric characters and dashes
+# export BOOTSTRAP_ANSIBLE_CONTROL_NODE_1=""
+# export BOOTSTRAP_ANSIBLE_HOSTNAME_1=""
+
+# export BOOTSTRAP_ANSIBLE_HOST_ADDR_2=""
+# export BOOTSTRAP_ANSIBLE_SSH_USERNAME_2="" # NOTE: Must only contain alphanumeric characters and dashes
+# export BOOTSTRAP_ANSIBLE_SUDO_PASSWORD_2="" # NOTE: Must only contain alphanumeric characters and dashes
+# export BOOTSTRAP_ANSIBLE_CONTROL_NODE_2=""
+# export BOOTSTRAP_ANSIBLE_HOSTNAME_2=""

.editorconfig

@@ -0,0 +1,18 @@
+# editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[Makefile]
+indent_style = space
+indent_size = 4
+
+[*.{bash,sh}]
+indent_style = space
+indent_size = 4

.envrc

@@ -0,0 +1,6 @@
+#shellcheck disable=SC2148,SC2155
+export KUBECONFIG=$(expand_path ./kubeconfig)
+export ANSIBLE_CONFIG=$(expand_path ./ansible.cfg)
+export ANSIBLE_HOST_KEY_CHECKING="False"
+export K8S_AUTH_KUBECONFIG=$(expand_path ./kubeconfig)
+export SOPS_AGE_KEY_FILE=$(expand_path ~/.config/sops/age/keys.txt)

.gitattributes

@@ -0,0 +1,3 @@
+* text=auto eol=lf
+*.sops.* diff=sopsdiffer
+*.sops.toml linguist-language=JSON

.github/labeler.yaml

@@ -0,0 +1,9 @@
+---
+area/ansible:
+  - "ansible/**/*"
+area/github:
+  - ".github/**/*"
+area/kubernetes:
+  - "kubernetes/**/*"
+area/templates:
+  - "tmpl/**/*"

.github/labels.yaml

@@ -0,0 +1,53 @@
+---
+# Area
+- name: area/ansible
+  color: "72ccf3"
+  description: >-
+    Changes made in the ansible directory
+- name: area/github
+  color: "72ccf3"
+  description: >-
+    Changes made in the github directory
+- name: area/kubernetes
+  color: "72ccf3"
+  description: >-
+    Changes made in the kubernetes directory
+- name: area/template
+  color: "72ccf3"
+  description: >-
+    Changes made in the tmpl directory
+# Renovate
+- name: renovate/ansible
+  color: "ffc300"
+- name: renovate/container
+  color: "ffc300"
+- name: renovate/github-action
+  color: "ffc300"
+- name: renovate/github-release
+  color: "ffc300"
+- name: renovate/helm
+  color: "ffc300"
+# Semantic Type
+- name: type/patch
+  color: "FFEC19"
+- name: type/minor
+  color: "FF9800"
+- name: type/major
+  color: "F6412D"
+- name: type/break
+  color: "F6412D"
+# Uncategorized
+- name: bug
+  color: "ee0701"
+- name: do-not-merge
+  color: "ee0701"
+- name: docs
+  color: "F4D1B7"
+- name: enhancement
+  color: "84b6eb"
+- name: broken-links
+  color: "7B55D7"
+- name: question
+  color: "cc317c"
+- name: community
+  color: "0e8a16"

.github/release-drafter.yaml

@@ -0,0 +1,30 @@
+---
+name-template: "Release v$RESOLVED_VERSION"
+tag-template: "v$RESOLVED_VERSION"
+change-template: "- $TITLE @$AUTHOR (#$NUMBER)"
+change-title-escapes: '\<*_&'
+categories:
+  - title: "Community Contributions"
+    labels: ["community"]
+  - title: "Kubernetes"
+    labels: ["area/kubernetes"]
+  - title: "Github"
+    labels: ["area/github"]
+  - title: "Ansible"
+    labels: ["area/ansible"]
+  - title: "Maintenance"
+    labels: ["docs"]
+version-resolver:
+  major:
+    labels: ["type/break"]
+  minor:
+    labels: ["type/major", "type/minor"]
+  patch:
+    labels: ["type/patch"]
+  default: patch
+template: |
+  ## What's Changed
+
+  $CHANGES
+
+  **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION

.github/renovate.json5

@@ -0,0 +1,53 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base",
+    "docker:enableMajor",
+    ":disableRateLimiting",
+    ":dependencyDashboard",
+    ":semanticCommits",
+    ":enablePreCommit",
+    ":automergeDigest",
+    ":automergeBranch",
+    "github>onedr0p/flux-cluster-template//.github/renovate/autoMerge.json5",
+    "github>onedr0p/flux-cluster-template//.github/renovate/commitMessage.json5",
+    "github>onedr0p/flux-cluster-template//.github/renovate/groups.json5",
+    "github>onedr0p/flux-cluster-template//.github/renovate/labels.json5",
+    "github>onedr0p/flux-cluster-template//.github/renovate/semanticCommits.json5",
+    "helpers:pinGitHubActionDigests"
+  ],
+  "dependencyDashboard": true,
+  "dependencyDashboardTitle": "Renovate Dashboard 🤖",
+  "suppressNotifications": ["prIgnoreNotification"],
+  "rebaseWhen": "conflicted",
+  "schedule": ["every saturday"],
+  "pre-commit": {
+    "enabled": true
+  },
+  "flux": {
+    "fileMatch": ["kubernetes/.+\\.ya?ml$"]
+  },
+  "helm-values": {
+    "fileMatch": ["kubernetes/.+\\.ya?ml$"]
+  },
+  "kubernetes": {
+    "fileMatch": [
+      "ansible/.+\\.ya?ml.j2$",
+      "kubernetes/.+\\.ya?ml$"
+    ]
+  },
+  "regexManagers": [
+    {
+      "description": "Process various other dependencies",
+      "fileMatch": [
+        "ansible/.+\\.ya?ml$",
+        "kubernetes/.+\\.ya?ml$"
+      ],
+      "matchStrings": [
+        "datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)( versioning=(?<versioning>\\S+))?\n.*?\"(?<currentValue>.*)\"\n"
+      ],
+      "datasourceTemplate": "{{#if datasource}}{{{datasource}}}{{else}}github-releases{{/if}}",
+      "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
+    }
+  ]
+}

.github/renovate/autoMerge.json5

@@ -0,0 +1,21 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "description": "Auto merge GitHub Actions",
+      "matchManagers": ["github-actions"],
+      "automerge": true,
+      "automergeType": "branch",
+      "ignoreTests": true,
+      "matchUpdateTypes": ["minor", "patch", "digest"]
+    },
+    {
+      "description": "Auto merge container digests",
+      "matchDatasources": ["docker"],
+      "automerge": true,
+      "automergeType": "branch",
+      "ignoreTests": true,
+      "matchUpdateTypes": ["digest"]
+    }
+  ]
+}

.github/renovate/commitMessage.json5

@@ -0,0 +1,16 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "commitMessageTopic": "{{depName}}",
+  "commitMessageExtra": "to {{newVersion}}",
+  "commitMessageSuffix": "",
+  "packageRules": [
+    {
+      "matchDatasources": ["helm"],
+      "commitMessageTopic": "chart {{depName}}"
+    },
+    {
+      "matchDatasources": ["docker"],
+      "commitMessageTopic": "image {{depName}}"
+    }
+  ]
+}

.github/renovate/groups.json5

@@ -0,0 +1,15 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "description": "Flux images and tags",
+      "groupName": "Flux",
+      "matchPackagePatterns": ["flux"],
+      "matchDatasources": ["docker", "github-tags"],
+      "group": {
+        "commitMessageTopic": "{{{groupName}}} group"
+      },
+      "separateMinorPatch": true
+    }
+  ]
+}

.github/renovate/labels.json5

@@ -0,0 +1,37 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "matchUpdateTypes": ["major"],
+      "labels": ["type/major"]
+    },
+    {
+      "matchUpdateTypes": ["minor"],
+      "labels": ["type/minor"]
+    },
+    {
+      "matchUpdateTypes": ["patch"],
+      "labels": ["type/patch"]
+    },
+    {
+      "matchDatasources": ["docker"],
+      "addLabels": ["renovate/container"]
+    },
+    {
+      "matchDatasources": ["helm"],
+      "addLabels": ["renovate/helm"]
+    },
+    {
+      "matchDatasources": ["galaxy", "galaxy-collection"],
+      "addLabels": ["renovate/ansible"]
+    },
+    {
+      "matchDatasources": ["github-releases", "github-tags"],
+      "addLabels": ["renovate/github-release"]
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "addLabels": ["renovate/github-action"]
+    }
+  ]
+}