Added initial version

.copier-answers.yaml

@@ -0,0 +1,11 @@
+# Changes here will be overwritten by Copier; NEVER EDIT MANUALLY
+_commit: 0.4.0
+_src_path: gh:quickplates/generic
+accountname: spietras
+description: Flux manifests for my k8s clusters ☸️
+docs: true
+docsurl: https://spietras.github.io/clusters
+projectname: clusters
+releases: false
+reponame: clusters
+repourl: https://github.com/spietras/clusters

.devcontainer/devcontainer.json

@@ -0,0 +1,101 @@
+{
+  // Build the base image
+  "build": {
+    // Docker context to use, relative to this file
+    "context": "image/",
+    // Dockerfile to use, relative to this file
+    "dockerfile": "image/Dockerfile"
+  },
+  // Tool-specific settings
+  "customizations": {
+    // VS Code settings
+    "vscode": {
+      // Extensions to install
+      "extensions": [
+        // Nix
+        "jnoortheen.nix-ide",
+        // Direnv
+        "mkhl.direnv",
+        // Task
+        "task.vscode-task",
+        // Trunk
+        "Trunk.io"
+      ],
+      // Settings to override
+      "settings": {
+        // Set Trunk as the default formatter
+        "editor.defaultFormatter": "trunk.io",
+        // Use LSP for Nix
+        "nix.enableLanguageServer": true,
+        // Use nil as the language server
+        "nix.serverPath": "nil",
+        "nix.serverSettings": {
+          "nil": {
+            "formatting": {
+              // Use 'nix fmt' for formatting
+              "command": ["nix", "fmt", "--", "-"]
+            }
+          }
+        },
+        // Don't forward ports automatically
+        "remote.autoForwardPorts": false,
+        // Use Nix IDE instead of Trunk for Nix files
+        "[nix]": {
+          "editor.defaultFormatter": "jnoortheen.nix-ide"
+        }
+      }
+    }
+  },
+  // Extra features to install to the container
+  "features": {
+    // Install Nix
+    "ghcr.io/devcontainers/features/nix:1.2.0": {
+      // Enable experimental features
+      "extraNixConfig": "experimental-features = nix-command flakes",
+      "version": "2.19.3"
+    },
+    // Install Direnv
+    "ghcr.io/devcontainers-contrib/features/direnv:1.0.2": {
+      "version": "2.33.0"
+    },
+    // Install Starship
+    "ghcr.io/devcontainers-contrib/features/starship:1.0.9": {
+      "version": "1.17.1"
+    }
+  },
+  // Volumes
+  "mounts": [
+    // Mount secrets (shared)
+    "source=devcontainer-shared-secrets,target=/secrets/,type=volume",
+    // Mount nix store (not shared)
+    "source=devcontainer-${devcontainerId}-nix,target=/nix/,type=volume",
+    // Mount shell history (not shared)
+    "source=devcontainer-${devcontainerId}-shellhistory-persist,target=/persist/shellhistory/,type=volume",
+    // Mount trunk cache (shared)
+    "source=devcontainer-shared-trunk-cache,target=/cache/trunk/,type=volume",
+    // Mount npm cache (shared)
+    "source=devcontainer-shared-npm-cache,target=/cache/npm/,type=volume"
+  ],
+  // Run a command when the container is created
+  "onCreateCommand": "/hooks/create.sh",
+  // Environment variables
+  "remoteEnv": {
+    // Set workspace path
+    "WORKSPACE": "${containerWorkspaceFolder}"
+  },
+  // Run arguments
+  "runArgs": [
+    // Use host UTS namespace
+    "--uts=host",
+    // Use host IPC
+    "--ipc=host",
+    // Use host network
+    "--network=host",
+    // Use host user namespace
+    "--userns=host",
+    // Use host cgroup namespace
+    "--cgroupns=host",
+    // Run with elevated privileges
+    "--privileged"
+  ]
+}

.devcontainer/image/Dockerfile

@@ -0,0 +1,17 @@
+# Using one of the offical dev container images as base
+# Going with Ubuntu, because it has glibc, which some tools might need
+# It also has git, zsh and a bunch of other stuff preinstalled
+# Also, it includes a non-root 'vscode' user with sudo access
+# The version is pinned to ensure reproducibility
+FROM mcr.microsoft.com/devcontainers/base:1.0.20-ubuntu-22.04
+
+ENV REMOTE_USER=vscode
+
+# Setup script
+COPY setup.sh /tmp/setup.sh
+
+RUN /tmp/setup.sh && \
+    rm /tmp/setup.sh
+
+# Lifecycle hooks
+COPY hooks/ /hooks/

.devcontainer/image/hooks/create.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+# Create shell history cache files if they don't exist for some reason
+touch /persist/shellhistory/.bash_history
+touch /persist/shellhistory/.zsh_history
+
+# Use GitHub token secret if it exists
+if [[ -s /secrets/.ghtoken && -r /secrets/.ghtoken ]]; then
+	token="$(cat /secrets/.ghtoken)"
+	confighome="${XDG_CONFIG_HOME:-${HOME}/.config/}"
+
+	# Add GitHub token to Nix config
+	configfile="${confighome}/nix/nix.conf"
+	tmpfile="$(mktemp)"
+
+	mkdir -p "$(dirname "${configfile}")"
+	touch "${configfile}"
+
+	if grep -q extra-access-tokens "${configfile}"; then
+		sed "s|extra-access-tokens.*|extra-access-tokens = github.com=${token}|" "${configfile}" >"${tmpfile}"
+		cat "${tmpfile}" >"${configfile}"
+		rm "${tmpfile}"
+	else
+		echo "extra-access-tokens = github.com=${token}" >>"${configfile}"
+	fi
+fi

.devcontainer/image/setup.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+
+REMOTE_USER="${REMOTE_USER:?}"
+REMOTE_USER_PASSWD="$(getent passwd "${REMOTE_USER}")"
+REMOTE_USER_HOME="$(echo "${REMOTE_USER_PASSWD}" | cut -d: -f6)"
+
+# Setup default shell
+chsh -s /usr/bin/zsh "${REMOTE_USER}"
+
+# Setup direnv
+cat <<EOF >>"${REMOTE_USER_HOME}/.bashrc"
+eval "\$(direnv hook bash)"
+EOF
+
+cat <<EOF >>"${REMOTE_USER_HOME}/.zshrc"
+eval "\$(direnv hook zsh)"
+EOF
+
+# Setup starship
+cat <<EOF >>"${REMOTE_USER_HOME}/.bashrc"
+eval "\$(starship init bash)"
+EOF
+
+cat <<EOF >>"${REMOTE_USER_HOME}/.zshrc"
+eval "\$(starship init zsh)"
+EOF
+
+# Setup secrets directory
+mkdir -p /secrets/
+
+chown -R "${REMOTE_USER}:" /secrets/
+
+# Setup shell history cache
+mkdir -p /persist/shellhistory/
+
+touch /persist/shellhistory/.bash_history
+touch /persist/shellhistory/.zsh_history
+
+chown -R "${REMOTE_USER}:" /persist/shellhistory/
+
+cat <<EOF >>"${REMOTE_USER_HOME}/.bashrc"
+export HISTFILE=/persist/shellhistory/.bash_history
+EOF
+
+cat <<EOF >>"${REMOTE_USER_HOME}/.zshrc"
+export HISTFILE=/persist/shellhistory/.zsh_history
+EOF
+
+# Setup trunk cache
+mkdir -p /cache/trunk/
+
+chown -R "${REMOTE_USER}:" /cache/trunk/
+
+cat <<EOF >>"${REMOTE_USER_HOME}/.bashrc"
+export TRUNK_CACHE=/cache/trunk/
+EOF
+
+cat <<EOF >>"${REMOTE_USER_HOME}/.zshrc"
+export TRUNK_CACHE=/cache/trunk/
+EOF
+
+# Setup npm cache
+mkdir -p /cache/npm/
+
+chown -R "${REMOTE_USER}:" /cache/npm/
+
+cat <<EOF >>"${REMOTE_USER_HOME}/.bashrc"
+export NPM_CONFIG_CACHE=/cache/npm/
+EOF
+
+cat <<EOF >>"${REMOTE_USER_HOME}/.zshrc"
+export NPM_CONFIG_CACHE=/cache/npm/
+EOF

.envrc

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+# reload when these files change
+watch_file flake.lock ./*.nix
+
+# activate the default development shell in the current shell
+# --accept-flake-config will accept the nix configuration from the flake without prompting
+eval "$(nix print-dev-env path:./ --accept-flake-config)" || true

.gitattributes

@@ -0,0 +1,6 @@
+# Mark everything as vendored
+* linguist-vendored
+# Treat docs as documentation
+/docs/** -linguist-vendored linguist-documentation
+# Unmark files in src, so that they are included in language stats
+/src/** -linguist-vendored

.github/workflows/docs.yaml

@@ -0,0 +1,115 @@
+name: Docs
+
+# Only one workflow can run at a time
+# If there is newer workflow in progress, cancel older ones
+concurrency:
+  group: docs
+  cancel-in-progress: true
+
+# Put 'on' in quotes to avoid YAML parsing error
+"on":
+  # Enable manual triggering
+  workflow_dispatch: {}
+  # Run on commits to main branch
+  push:
+    branches:
+      - main
+    # Run only on changes to relevant files
+    paths:
+      - .github/workflows/docs.yaml
+      - docs/**
+      - flake.lock
+      - "*.nix"
+      - Taskfile.dist.yaml
+
+jobs:
+  build:
+    name: Build docs
+    # Pin version of Ubuntu to avoid breaking changes
+    runs-on: ubuntu-22.04
+    # Use reasonable timeout to avoid stuck workflows
+    timeout-minutes: 10
+    env:
+      NIX_CACHE_DIR: /home/runner/.nixcache/
+    permissions:
+      # Needed to checkout code
+      contents: read
+      # Needed to upload page artifact
+      pages: write
+    steps:
+      - name: Checkout code
+        uses: actions/[email protected]
+      - name: Setup Nix cache
+        uses: actions/[email protected]
+        id: cache-nix
+        with:
+          path: ${{ env.NIX_CACHE_DIR }}
+          key: docs-nix
+      - name: Setup docs modules cache
+        uses: actions/[email protected]
+        with:
+          path: docs/node_modules/
+          key: docs-modules
+      - name: Install Nix
+        uses: cachix/install-nix-action@v25
+        with:
+          github_access_token: ${{ github.token }}
+          install_url: https://releases.nixos.org/nix/nix-2.19.3/install
+      # See: https://github.com/cachix/install-nix-action/issues/56
+      - name: Import Nix store cache
+        if: steps.cache-nix.outputs.cache-hit == 'true'
+        run: >
+          nix-store
+          --import
+          < ${{ env.NIX_CACHE_DIR }}/archive.nar
+      - name: Build docs
+        run: >
+          nix
+          develop
+          ./#docs
+          --command
+          --
+          task
+          docs
+          --
+          build
+          --out-dir
+          build/
+      - name: Setup Pages
+        uses: actions/[email protected]
+      - name: Upload artifact
+        uses: actions/[email protected]
+        with:
+          path: docs/build/
+      # See: https://github.com/cachix/install-nix-action/issues/56
+      - name: Export Nix store cache
+        if: "!cancelled()"
+        run: >
+          mkdir
+          -p
+          ${{ env.NIX_CACHE_DIR }}
+          &&
+          nix-store
+          --export $(find /nix/store/ -maxdepth 1 -name '*-*')
+          > ${{ env.NIX_CACHE_DIR }}/archive.nar
+  deploy:
+    name: Deploy docs
+    # Run only if build job succeeded
+    needs: build
+    # Pin version of Ubuntu to avoid breaking changes
+    runs-on: ubuntu-22.04
+    # Use reasonable timeout to avoid stuck workflows
+    timeout-minutes: 10
+    # Use Pages environment
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    permissions:
+      # Needed to to deploy to Pages
+      pages: write
+      # Also needed to deploy to Pages
+      id-token: write
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/[email protected]