homelab/Justfile at main · nihalxkumar/homelab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
set shell := ["bash", "-c"]

# --- Helpers ---
default:
    @just --list

# --- Infrastructure (Ansible) ---

ping:
    cd ansible && ansible -i inventory/hosts.ini all -m ping

provision:
    cd ansible && ansible-playbook -i inventory/hosts.ini k3s.yml -K

# Run a specific playbook (usage: just run-playbook security.yml)
run-playbook playbook:
    cd ansible && ansible-playbook -i inventory/hosts.ini {{playbook}}

# Configure DNS and Cloudflare Tunnel for hybrid setup
setup-dns:
    cd ansible && ansible-playbook -i inventory/hosts.ini dns-tunnel.yml -K

# --- Kubernetes (K8s) ---

sync-kubeconfig:
    scp arjun@192.3.1.204:~/.kube/config ~/.kube/config-vps
    @echo "Config saved to ~/.kube/config-vps. Exporting KUBECONFIG..."
    @echo "Run: export KUBECONFIG=~/.kube/config-vps"

status:
    watch kubectl get nodes,pods -A

verify-cert:
    export KUBECONFIG=~/.kube/config-vps && kubectl get certificate -A && echo "" && kubectl get clusterissuer -o wide

logs-cert:
    export KUBECONFIG=~/.kube/config-vps && kubectl logs -n cert-manager -l app=cert-manager -f

tunnel-status:
    ssh arjun@100.84.231.21 "systemctl status cloudflared && echo '---' && cloudflared tunnel list"

tunnel-logs:
    ssh arjun@100.84.231.21 "journalctl -u cloudflared -n 100 -f"

# --- Security (SOPS) ---

encrypt file:
    sops --encrypt --in-place {{file}}

decrypt file:
    sops --decrypt --in-place {{file}}

# --- Validation & Linting ---

lint:
    @echo "Linting Ansible playbooks..."
    ansible-lint ansible/ -p || true
    @echo ""
    @echo "Checking for unencrypted secrets..."
    @find kubernetes -path "*/secrets/*" -name "*.yaml" ! -name "*.sops.yaml" -type f | grep . && echo "WARNING: Unencrypted secrets found!" || echo "✓ All secrets use .sops.yaml extension"

validate:
    @echo "Validating Kubernetes manifests..."
    @find kubernetes -name "kustomization.yaml" -type f | while read kust_file; do \
        dir=$(dirname "$kust_file"); \
        echo "Building $dir..."; \
        kustomize build "$dir" > /dev/null || exit 1; \
        echo "  ✓ $dir"; \
    done
    @echo ""
    @echo "✓ All Kustomize builds passed"

kustomize-build path="kubernetes":
    @echo "Building Kustomize overlay: {{path}}"
    kustomize build {{path}}