move from private repository

.devcontainer/Dockerfile

@@ -0,0 +1,10 @@
+# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/ubuntu/.devcontainer/base.Dockerfile
+
+# [Choice] Ubuntu version (use ubuntu-22.04 or ubuntu-18.04 on local arm64/Apple Silicon): ubuntu-22.04, ubuntu-20.04, ubuntu-18.04
+ARG VARIANT="jammy"
+FROM mcr.microsoft.com/devcontainers/base:0-${VARIANT}
+
+# [Optional] Uncomment this section to install additional OS packages.
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install gnupg2 gcc --no-install-recommends && ln -s /bin/gcc /bin/gcc-5 \
+    && apt-get clean -y && rm -rf /var/lib/apt/lists/*

.devcontainer/devcontainer.json

@@ -0,0 +1,53 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/ubuntu
+{
+    "name": "Ubuntu",
+    "build": {
+        "dockerfile": "Dockerfile",
+        // Update 'VARIANT' to pick an Ubuntu version: jammy / ubuntu-22.04, focal / ubuntu-20.04, bionic /ubuntu-18.04
+        // Use ubuntu-22.04 or ubuntu-18.04 on local arm64/Apple Silicon.
+        "args": { "VARIANT": "ubuntu-22.04" }
+    },
+    "runArgs": ["--init"],
+    "remoteEnv": {
+        "SYNC_LOCALHOST_CONFIG": "true"
+    },
+    "mounts": [
+        "source=${localEnv:USERPROFILE}/.kube,target=/usr/local/share/kube-localhost,type=bind",
+        "source=${localEnv:USERPROFILE}/.config/sops,target=/usr/local/share/sops-localhost,type=bind"
+    ],
+
+    // Use 'forwardPorts' to make a list of ports inside the container available locally.
+    // "forwardPorts": [],
+
+    // Use 'postCreateCommand' to run commands after the container is created.
+    "postCreateCommand": "bash .devcontainer/scripts/postCreateCommand.sh",
+
+    //Install task and required dependencies via homebrew. Install precommit tasks.
+    "onCreateCommand": "bash .devcontainer/scripts/onCreateCommand.sh ${containerWorkspaceFolder}",
+
+    // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+    "remoteUser": "vscode",
+    "features": {
+        "homebrew": "latest",
+        "ghcr.io/devcontainers/features/go:1": "latest"
+    },
+    "customizations": {
+        "vscode": {
+            // Set *default* container specific settings.json values on container create.
+            "settings": {},
+            "extensions": [
+                "HashiCorp.terraform",
+                "britesnow.vscode-toggle-quotes",
+                "mitchdenny.ecdc",
+                "ms-kubernetes-tools.vscode-kubernetes-tools",
+                "oderwat.indent-rainbow",
+                "redhat.ansible",
+                "signageos.signageos-vscode-sops",
+                "usernamehw.errorlens",
+                "fcrespo82.markdown-table-formatter",
+                "redhat.ansible"
+            ]
+    }
+}
+}

.devcontainer/scripts/onCreateCommand.sh

@@ -0,0 +1,15 @@
+#!/bin/bash -i
+sudo git config --system --add safe.directory "${1}"
+
+brew install go-task/tap/go-task
+
+task init
+task precommit:init
+
+# shellcheck disable=SC2016
+echo 'eval "$(direnv hook zsh)"' >> ~/.zshrc
+# shellcheck disable=SC2016
+echo 'eval "$(direnv hook bash)"' >> ~/.bashrc
+direnv allow
+
+echo "Done!"

.devcontainer/scripts/postCreateCommand.sh

@@ -0,0 +1,11 @@
+#!/bin/bash -i
+# Copies localhost's ~/.kube/config file into the container
+if [ "$SYNC_LOCALHOST_CONFIG" = "true" ] && [ -d "/usr/local/share/kube-localhost" ]; then
+    mkdir -p "$HOME"/.kube
+    sudo cp -r /usr/local/share/kube-localhost/* "$HOME"/.kube
+    sudo chown -R "$(id -u)" "$HOME"/.kube
+
+    mkdir -p "$HOME"/.config/sops
+    sudo cp -r /usr/local/share/sops-localhost/* "$HOME"/.config/sops
+    sudo chown -R "$(id -u)" "$HOME"/.config/sops
+fi

.envrc

@@ -0,0 +1,12 @@
+#shellcheck disable=SC2148,SC2155
+export KUBECONFIG=$(expand_path ~/.kube/config)
+export ANSIBLE_CONFIG=$(expand_path ./ansible.cfg)
+export ANSIBLE_HOST_KEY_CHECKING="False"
+export XDG_CONFIG_HOME=$(expand_path ~/.config)
+export SOPS_AGE_KEY_FILE=$(expand_path ~/.config/sops/age/keys.txt)
+use_sops() {
+    local path=${1}
+    eval "$(sops -d --output-type dotenv "$path" | direnv dotenv bash /dev/stdin)"
+}
+use_sops ./provision/terraform/secret.sops.yaml
+use_sops ./secret.sops.yaml

.gitattributes

@@ -0,0 +1,4 @@
+*.sops.* diff=sopsdiffer
+* text=auto eol=lf
+*.{cmd,[cC][mM][dD]} text eol=crlf
+*.{bat,[bB][aA][tT]} text eol=crlf

.github/linters/.ansible-lint

@@ -0,0 +1,3 @@
+# .ansible-lint
+warn_list:
+  - unnamed-task

.github/linters/.hadolint.yaml

@@ -0,0 +1,6 @@
+---
+##########################
+## Hadolint config file ##
+##########################
+ignored:
+  - DL3008 # not needed to pin version

.github/linters/.markdownlint.yaml

@@ -0,0 +1,23 @@
+---
+default: true
+
+# MD013/line-length - Line length
+MD013:
+  # Number of characters
+  line_length: 240
+  # Number of characters for headings
+  heading_line_length: 80
+  # Number of characters for code blocks
+  code_block_line_length: 80
+  # Include code blocks
+  code_blocks: true
+  # Include tables
+  tables: true
+  # Include headings
+  headings: true
+  # Include headings
+  headers: true
+  # Strict length checking
+  strict: false
+  # Stern length checking
+  stern: false

.github/linters/.prettierignore

@@ -0,0 +1,2 @@
+*.sops.*
+gotk-components.yaml

.github/linters/.prettierrc.yaml

@@ -0,0 +1,5 @@
+---
+trailingComma: "es5"
+tabWidth: 2
+semi: false
+singleQuote: false

.github/linters/.tflint.hcl

@@ -0,0 +1,97 @@
+config {
+  #Enables module inspection
+  module = true
+  force  = false
+}
+
+# Disallow deprecated (0.11-style) interpolation
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+# Disallow legacy dot index syntax.
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+# Disallow variables, data sources, and locals that are declared but never used.
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+# Disallow // comments in favor of #.
+rule "terraform_comment_syntax" {
+  enabled = false
+}
+
+# Disallow output declarations without description.
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+# Disallow variable declarations without description.
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+# Disallow variable declarations without type.
+rule "terraform_typed_variables" {
+  enabled = true
+}
+
+# Disallow specifying a git or mercurial repository as a module source without pinning to a version.
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+# Enforces naming conventions
+rule "terraform_naming_convention" {
+  enabled = true
+
+  #Require specific naming structure
+  variable {
+    format = "snake_case"
+  }
+
+  locals {
+    format = "snake_case"
+  }
+
+  output {
+    format = "snake_case"
+  }
+
+  #Allow any format
+  resource {
+    format = "none"
+  }
+
+  module {
+    format = "none"
+  }
+
+  data {
+    format = "none"
+  }
+
+}
+
+# Disallow terraform declarations without require_version.
+rule "terraform_required_version" {
+  enabled = true
+}
+
+# Require that all providers have version constraints through required_providers.
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+# Ensure that a module complies with the Terraform Standard Module Structure
+rule "terraform_standard_module_structure" {
+  enabled = true
+}
+
+# terraform.workspace should not be used with a "remote" backend with remote execution.
+rule "terraform_workspace_remote" {
+  enabled = true
+}

.github/linters/.yamllint.yaml

@@ -0,0 +1,25 @@
+---
+ignore: |
+  *.sops.*
+  gotk-components.yaml
+  **/templates/*.yaml
+  **/templates/*.yml
+  cluster/system/postgres-operator/
+extends: default
+rules:
+  truthy:
+    allowed-values: ["true", "false", "on"]
+  comments:
+    min-spaces-from-content: 1
+  line-length: disable
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+  indentation: enable
+  new-lines:
+    type: unix
+  document-end: disable
+  document-start: disable