-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTaskfile.yaml
107 lines (92 loc) · 2.7 KB
/
Taskfile.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# yaml-language-server: $schema=https://taskfile.dev/schema.json
version: "3"
tasks:
default:
silent: true
desc: "List all tasks"
cmds:
- "{{.TASK_EXE}} --list-all"
check:
desc: "Check the code"
cmds:
- nix flake check
fmt:
desc: "Format the code"
cmds:
- nix fmt -- --no-cache
deploy-local:
desc: "Deploy to the current node (identified by hostname)"
cmds:
- nixos-rebuild switch --flake ".#$(hostname)" --use-remote-sudo
deploy:
desc: "Deploy to the a node (identified by `NODE` variable)"
cmds:
- deploy --skip-checks --auto-rollback false --fast-connection true ".#{{.NODE}}" -- --print-build-logs
requires:
vars: [NODE]
diff:
cmds:
- deploy --skip-checks --fast-connection true ".#{{.NODE}}" --dry-activate -- --print-build-logs
- >-
uv run scripts/ssh.py --node={{.NODE}}
nix run --extra-experimental-features '"nix-command flakes"'
nixpkgs#nvd -- --color always diff /run/current-system
"$(nix build .#nixosConfigurations.{{.NODE}}.config.system.build.toplevel --print-out-paths)"
requires:
vars: [NODE]
infect:
desc: "Infect the node with nixos-anywhere"
cmds:
- uv run scripts/infect.py --node={{.NODE}} {{.CLI_ARGS}}
requires:
vars: [NODE]
keyscan:
desc: "Scan the SSH keys of the node"
cmds:
- uv run scripts/keyscan.py --node={{.NODE}} {{.CLI_ARGS}} --output=lib/data/keyscan.{{.NODE}}.json
- yq -P -o yaml lib/data/keyscan.{{.NODE}}.json
requires:
vars: [NODE]
ssh:
desc: "SSH into the node"
cmds:
- uv run scripts/ssh.py --node={{.NODE}} {{.CLI_ARGS}}
requires:
vars: [NODE]
docs:serve:
desc: "Serve the documentation locally"
cmds:
- >-
nix shell --impure --expr
'with import (builtins.getFlake "nixpkgs") {};
pkgs.python3.withPackages (ps: with ps; [ mkdocs mkdocs-material ])'
-c mkdocs serve
tf:apply:
desc: "Apply the Terraform configuration"
dir: "terraform/{{.MODULE}}"
cmds:
- terragrunt apply
requires:
vars: [MODULE]
secrets:edit:
desc: "Edit the secrets in the sources"
cmds:
- sops edit secrets/sources/{{.SOURCE}}.yaml
requires:
vars: [SOURCE]
secrets:encrypt:
desc: "Encrypt the secrets in the sources"
cmds:
- sops encrypt --in-place secrets/sources/{{.SOURCE}}.yaml
requires:
vars: [SOURCE]
secrets:sync:
desc: "Sync the secrets from sources to nodes"
cmds:
- uv run ../scripts/secrets.py sync --node={{.NODE}} {{.CLI_ARGS}}
requires:
vars: [NODE]
aws:login:
desc: "Login to the AWS account"
cmds:
- aws sso login