parsec
diff --git a/‎.editorconfig
+22 b/‎.editorconfig
+22
diff --git a/‎.gitattributes
+10 b/‎.gitattributes
+10
diff --git a/‎.github/labeler.yaml
+33 b/‎.github/labeler.yaml
+33
diff --git a/‎.github/labels.yaml
+45 b/‎.github/labels.yaml
+45
diff --git a/‎.github/release.yaml
+4 b/‎.github/release.yaml
+4
diff --git a/‎.github/tests/nodes.yaml
+16 b/‎.github/tests/nodes.yaml
+16
diff --git a/‎.github/tests/private.yaml
+23 b/‎.github/tests/private.yaml
+23
diff --git a/‎.github/tests/public.yaml
+23 b/‎.github/tests/public.yaml
+23
diff --git a/‎.github/workflows/e2e.yaml
+73 b/‎.github/workflows/e2e.yaml
+73
diff --git a/‎.github/workflows/flux-local.yaml
+121 b/‎.github/workflows/flux-local.yaml
+121
@@ -0,0 +1,22 @@
+; https://editorconfig.org/
+
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.cue]
+indent_style = tab
+indent_size = 4
+
+[*.md]
+indent_size = 4
+trim_trailing_whitespace = false
+
+[*.sh]
+indent_size = 4
@@ -0,0 +1,10 @@
+* text=auto eol=lf
+*.env linguist-detectable linguist-language=SHELL
+*.json linguist-detectable linguist-language=JSON
+*.json5 linguist-detectable linguist-language=JSON5
+*.md linguist-detectable linguist-language=MARKDOWN
+*.sh linguist-detectable linguist-language=SHELL
+*.toml linguist-detectable linguist-language=TOML
+*.yml linguist-detectable linguist-language=YAML
+*.yaml linguist-detectable linguist-language=YAML
+*.yaml.j2 linguist-detectable linguist-language=YAML
@@ -0,0 +1,33 @@
+---
+area/bootstrap:
+  - changed-files:
+      - any-glob-to-any-file: bootstrap/**/*
+area/docs:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "README.md"
+area/github:
+  - changed-files:
+      - any-glob-to-any-file: .github/**/*
+area/kubernetes:
+  - changed-files:
+      - any-glob-to-any-file: kubernetes/**/*
+area/renovate:
+  - changed-files:
+      - any-glob-to-any-file:
+          - ".renovate/**/*"
+          - ".renovaterc.json5"
+area/scripts:
+  - changed-files:
+      - any-glob-to-any-file: scripts/**/*
+area/talos:
+  - changed-files:
+      - any-glob-to-any-file: talos/**/*
+area/taskfile:
+  - changed-files:
+      - any-glob-to-any-file:
+          - ".taskfiles/**/*"
+          - "Taskfile.yaml"
+area/templates:
+  - changed-files:
+      - any-glob-to-any-file: templates/**/*
@@ -0,0 +1,45 @@
+---
+# Areas
+- name: area/bootstrap
+  color: "0e8a16"
+- name: area/docs
+  color: "0e8a16"
+- name: area/github
+  color: "0e8a16"
+- name: area/kubernetes
+  color: "0e8a16"
+- name: area/renovate
+  color: "0e8a16"
+- name: area/scripts
+  color: "0e8a16"
+- name: area/talos
+  color: "0e8a16"
+- name: area/templates
+  color: "0e8a16"
+- name: area/taskfile
+  color: "0e8a16"
+# Renovate Types
+- name: renovate/container
+  color: "027fa0"
+- name: renovate/github-action
+  color: "027fa0"
+- name: renovate/grafana-dashboard
+  color: "027fa0"
+- name: renovate/github-release
+  color: "027fa0"
+- name: renovate/helm
+  color: "027fa0"
+# Semantic Types
+- name: type/digest
+  color: "ffeC19"
+- name: type/patch
+  color: "ffeC19"
+- name: type/minor
+  color: "ff9800"
+- name: type/major
+  color: "f6412d"
+# Uncategorized
+- name: community
+  color: "370fb2"
+- name: hold
+  color: "ee0701"
@@ -0,0 +1,4 @@
+changelog:
+  exclude:
+    authors:
+      - renovate
@@ -0,0 +1,16 @@
+nodes:
+  - name: k8s-0
+    address: 10.10.10.100
+    controller: true
+    disk: /dev/sdfake
+    mac_addr: 00:00:00:00:00:00
+    schematic_id: "376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba"
+  - name: k8s-1
+    address: 10.10.10.101
+    controller: false
+    disk: /dev/sdfake
+    mac_addr: 00:00:00:00:00:01
+    schematic_id: "376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba"
+    mtu: 1500
+    secureboot: true
+    encrypt_disk: true
@@ -0,0 +1,23 @@
+---
+node_cidr: "10.10.10.0/24"
+# node_default_gateway: ""
+# node_vlan_tag:
+# cluster_pod_cidr: ""
+# cluster_svc_cidr: ""
+# node_dns_servers: []
+# node_ntp_servers: []
+cluster_api_addr: "10.10.10.254"
+# cluster_api_tls_sans: []
+cluster_ingress_addr: "10.10.10.252"
+cluster_dns_gateway_addr: "10.10.10.253"
+repository_name: "onedr0p/cluster-template"
+# repository_branch: ""
+repository_visibility: "private"
+cloudflare_domain: "example.com"
+cloudflare_token: "fake"
+# cloudflare_cluster_issuer: ""
+cloudflare_ingress_addr: "10.10.10.251"
+# cilium_bgp_router_addr: ""
+# cilium_bgp_router_asn: ""
+# cilium_bgp_node_asn: ""
+# cilium_loadbalancer_mode: ""
@@ -0,0 +1,23 @@
+---
+node_cidr: "10.10.10.0/24"
+node_default_gateway: "10.10.10.1"
+node_vlan_tag: "100"
+cluster_pod_cidr: "10.42.0.0/16"
+cluster_svc_cidr: "10.43.0.0/16"
+node_dns_servers: ["1.1.1.1"]
+node_ntp_servers: ["162.159.200.123"]
+cluster_api_addr: "10.10.10.254"
+cluster_api_tls_sans: ["example.com"]
+cluster_ingress_addr: "10.10.10.252"
+cluster_dns_gateway_addr: "10.10.10.253"
+repository_name: "onedr0p/cluster-template"
+repository_branch: "main"
+repository_visibility: "public"
+cloudflare_domain: "example.com"
+cloudflare_token: "fake"
+cloudflare_cluster_issuer: "staging"
+cloudflare_ingress_addr: "10.10.10.251"
+cilium_loadbalancer_mode: "dsr"
+cilium_bgp_router_addr: "10.10.1.1"
+cilium_bgp_router_asn: "64513"
+cilium_bgp_node_asn: "64514"
@@ -0,0 +1,73 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "e2e"
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: ["main"]
+    paths-ignore:
+      - kubernetes/**
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  configure:
+    if: ${{ github.repository == 'onedr0p/cluster-template' }}
+    name: configure
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        config-files:
+          - public
+          - private
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup mise
+        uses: jdx/mise-action@v2
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Install dependencies
+        run: mise run deps
+
+      - name: Run init task
+        run: task init
+
+      - name: Prepare files
+        run: |
+          cp ./.github/tests/${{ matrix.config-files }}.yaml cluster.yaml
+          cp ./.github/tests/nodes.yaml nodes.yaml
+          echo '{"AccountTag":"fake","TunnelSecret":"fake","TunnelID":"fake"}' > cloudflare-tunnel.json
+          touch kubeconfig
+
+      - name: Run configure task
+        run: task configure --yes
+
+      - name: Run generate talconfig task
+        run: |
+          FILENAME=talos/talsecret.sops.yaml
+          talhelper gensecret | sops --filename-override $FILENAME --encrypt /dev/stdin > $FILENAME
+          task talos:generate-config
+
+      - name: Run flux-local test
+        uses: docker://ghcr.io/allenporter/flux-local:v7.2.1@sha256:2c8d7f87f6d98e189378b7fc1af3974c0d701ebbd1fabb6bd883e781170f3057
+        with:
+          args: test --enable-helm --all-namespaces --path /github/workspace/kubernetes/flux/cluster -v
+
+      - name: Dry run bootstrap talos task
+        run: task bootstrap:talos --dry
+
+      - name: Dry run bootstrap apps task
+        run: task bootstrap:apps --dry
+
+      - name: Run reset task
+        run: task template:reset --yes
+
+      - name: Run cleanup task
+        run: task template:tidy --yes
@@ -0,0 +1,121 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "Flux Local"
+
+on:
+  pull_request:
+    branches: ["main"]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  pre-job:
+    name: Flux Local Pre-Job
+    runs-on: ubuntu-latest
+    outputs:
+      any_changed: ${{ steps.changed-files.outputs.any_changed }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get Changed Files
+        id: changed-files
+        uses: tj-actions/changed-files@v45
+        with:
+          files: kubernetes/**
+
+  test:
+    name: Flux Local Test
+    needs: pre-job
+    runs-on: ubuntu-latest
+    if: ${{ needs.pre-job.outputs.any_changed == 'true' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run flux-local test
+        uses: docker://ghcr.io/allenporter/flux-local:v7.2.1
+        with:
+          args: test --enable-helm --all-namespaces --path /github/workspace/kubernetes/flux/cluster -v
+
+  diff:
+    name: Flux Local Diff
+    needs: pre-job
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    strategy:
+      matrix:
+        resources: ["helmrelease", "kustomization"]
+      max-parallel: 4
+      fail-fast: false
+    if: ${{ needs.pre-job.outputs.any_changed == 'true' }}
+    steps:
+      - name: Checkout Pull Request Branch
+        uses: actions/checkout@v4
+        with:
+          path: pull
+
+      - name: Checkout Default Branch
+        uses: actions/checkout@v4
+        with:
+          ref: "${{ github.event.repository.default_branch }}"
+          path: default
+
+      - name: Run flux-local diff
+        uses: docker://ghcr.io/allenporter/flux-local:v7.2.1
+        with:
+          args: >-
+            diff ${{ matrix.resources }}
+            --unified 6
+            --path /github/workspace/pull/kubernetes/flux/cluster
+            --path-orig /github/workspace/default/kubernetes/flux/cluster
+            --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart"
+            --limit-bytes 10000
+            --all-namespaces
+            --sources "flux-system"
+            --output-file diff.patch
+
+      - name: Generate Diff
+        id: diff
+        run: |
+          cat diff.patch;
+          {
+              echo 'diff<<EOF'
+              cat diff.patch
+              echo EOF
+          } >> "$GITHUB_OUTPUT";
+          {
+              echo "### Diff"
+              echo '```diff'
+              cat diff.patch
+              echo '```'
+          } >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Add Comment
+        if: ${{ steps.diff.outputs.diff != '' }}
+        continue-on-error: true
+        uses: mshick/add-pr-comment@v2
+        with:
+          message-id: "${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resources }}"
+          message-failure: Diff was not successful
+          message: |
+            ```diff
+            ${{ steps.diff.outputs.diff }}
+            ```
+
+  flux-local-status:
+    name: Flux Local Success
+    needs: ["test", "diff"]
+    runs-on: ubuntu-latest
+    if: ${{ always() }}
+    steps:
+      - name: Any jobs failed?
+        if: ${{ contains(needs.*.result, 'failure') }}
+        run: exit 1
+
+      - name: All jobs passed or skipped?
+        if: ${{ !(contains(needs.*.result, 'failure')) }}
+        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"