Initial monorepo scaffold

Turborepo + pnpm monorepo for k3s homelab cluster on Intel NUCs. - Apps: Next.js web frontend, Express API (TypeScript, Dockerfiles, k8s manifests) - Packages: shared UI, ESLint config, TypeScript config, Drizzle DB schemas - Infra/Ansible: bare-metal provisioning with roles for common, k3s-server, k3s-agent, hardening - Infra/Kubernetes: ArgoCD GitOps (app-of-apps + ApplicationSets), platform components (cert-manager, Traefik, CloudNativePG, Valkey, Longhorn, Sealed Secrets), namespaces - Observability: kube-prometheus-stack, Loki, Promtail as ArgoCD Applications - CI/CD: GitHub Actions for PR builds, preview deploys, production deploys - DX: Taskfile, utility scripts, copier templates, Ubiquiti network docs
2026-03-19 22:24:56 +00:00
commit 96e3f32f28
118 changed files with 2681 additions and 0 deletions
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -0,0 +1,111 @@
+version: "3"
+
+vars:
+  ANSIBLE_DIR: infra/ansible
+  K8S_DIR: infra/kubernetes
+
+tasks:
+  # Development
+  dev:
+    desc: Start all apps in dev mode
+    cmds:
+      - pnpm turbo dev
+
+  build:
+    desc: Build all apps
+    cmds:
+      - pnpm turbo build
+
+  lint:
+    desc: Lint everything
+    cmds:
+      - pnpm turbo lint
+      - task: lint:ansible
+      - task: lint:k8s
+
+  test:
+    desc: Run all tests
+    cmds:
+      - pnpm turbo test
+
+  # Cluster operations
+  cluster:bootstrap:
+    desc: Provision all nodes and install k3s
+    dir: "{{.ANSIBLE_DIR}}"
+    cmds:
+      - ansible-playbook playbooks/site.yaml
+
+  cluster:bootstrap-check:
+    desc: Dry-run cluster bootstrap
+    dir: "{{.ANSIBLE_DIR}}"
+    cmds:
+      - ansible-playbook playbooks/site.yaml --check --diff
+
+  cluster:kubeconfig:
+    desc: Fetch kubeconfig from server node
+    cmds:
+      - ./scripts/kubeconfig-fetch.sh
+
+  cluster:upgrade:
+    desc: Rolling upgrade of k3s
+    dir: "{{.ANSIBLE_DIR}}"
+    cmds:
+      - ansible-playbook playbooks/k3s-upgrade.yaml
+
+  cluster:reset:
+    desc: DESTRUCTIVE - Reset k3s cluster
+    dir: "{{.ANSIBLE_DIR}}"
+    cmds:
+      - ansible-playbook playbooks/reset.yaml
+
+  # Platform
+  platform:install:
+    desc: Bootstrap ArgoCD and platform components
+    cmds:
+      - kubectl apply -k {{.K8S_DIR}}/argocd/
+      - echo "ArgoCD installed. It will sync remaining platform components."
+
+  platform:status:
+    desc: Check ArgoCD app sync status
+    cmds:
+      - kubectl get applications -n argocd
+
+  # Secrets
+  secrets:seal:
+    desc: Seal a Kubernetes secret
+    cmds:
+      - ./scripts/seal-secret.sh {{.CLI_ARGS}}
+
+  # Utilities
+  port-forward:grafana:
+    desc: Port-forward Grafana
+    cmds:
+      - kubectl port-forward -n observability svc/kube-prometheus-stack-grafana 3001:80
+
+  port-forward:argocd:
+    desc: Port-forward ArgoCD UI
+    cmds:
+      - kubectl port-forward -n argocd svc/argocd-server 8080:443
+
+  port-forward:pg:
+    desc: Port-forward PostgreSQL
+    cmds:
+      - kubectl port-forward -n platform svc/homelab-pg-rw 5432:5432
+
+  # Linting
+  lint:ansible:
+    desc: Lint Ansible playbooks
+    dir: "{{.ANSIBLE_DIR}}"
+    cmds:
+      - ansible-lint playbooks/ roles/
+    ignore_error: true
+
+  lint:k8s:
+    desc: Validate K8s manifests
+    cmds:
+      - |
+        find {{.K8S_DIR}} -name 'kustomization.yaml' -exec dirname {} \; | while read dir; do
+          echo "Validating $dir..."
+          kustomize build "$dir" | kubectl apply --dry-run=client -f - 2>/dev/null || true
+        done
+    ignore_error: true