forked from ColinCee/homelab
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmise.toml
More file actions
134 lines (113 loc) · 4.4 KB
/
mise.toml
File metadata and controls
134 lines (113 loc) · 4.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
[tools]
python = "3.12"
uv = "latest"
shellcheck = "latest"
actionlint = "latest"
trivy = "latest"
[env]
COMPOSE_PROJECT_DIR = "{{config_root}}/stacks"
# ── Dev ────────────────────────────────────────────
[tasks.lint]
description = "Lint Python, bash, YAML, and GitHub Actions"
run = [
"cd stacks/agents/app && uv run ruff check .",
"if ls scripts/*.sh &>/dev/null; then shellcheck scripts/*.sh; else echo 'No scripts to lint'; fi",
"if ls .githooks/* &>/dev/null; then shellcheck .githooks/*; else echo 'No githooks to lint'; fi",
"uv run yamllint -c .yamllint.yaml stacks/",
"if [ -d .github/workflows ]; then find .github/workflows -name '*.yaml' -o -name '*.yml' | grep -v '.lock.yml' | xargs actionlint; else echo 'No workflows to lint'; fi",
]
[tasks.format]
description = "Format Python code"
run = "uv run ruff format stacks/agents/app/ tests/"
[tasks.typecheck]
description = "Type-check Python code"
run = "cd stacks/agents/app && uv run ty check ."
[tasks.test]
description = "Run Python tests"
run = "cd stacks/agents/app && uv run pytest tests/ -v"
[tasks.ci]
description = "Full CI check (lint + typecheck + test + validate)"
depends = ["lint", "typecheck", "test", "validate:compose"]
# ── Deploy ─────────────────────────────────────────
[tasks."deploy:all"]
description = "Deploy all stacks"
depends = ["deploy:ha", "deploy:mqtt", "deploy:observability", "deploy:crowdsec", "deploy:agents"]
[tasks."deploy:ha"]
description = "Deploy Home Assistant"
run = "docker compose -f stacks/home-assistant/compose.yaml up -d"
[tasks."deploy:mqtt"]
description = "Deploy MQTT broker"
run = "docker compose -f stacks/mqtt/compose.yaml up -d"
[tasks."deploy:observability"]
description = "Deploy observability stack (Grafana, Prometheus, Loki, Alloy)"
run = "docker compose -f stacks/observability/compose.yaml up -d"
[tasks."deploy:crowdsec"]
description = "Deploy CrowdSec IDS"
run = "docker compose -f stacks/crowdsec/compose.yaml up -d"
[tasks."deploy:agents"]
description = "Deploy AI agent service"
run = "docker compose -f stacks/agents/compose.yaml up -d --build"
# ── Check ──────────────────────────────────────────
[tasks."check:health"]
description = "Run health checks against all services"
run = "curl -sf http://100.100.146.119:8585/health && echo ' Agent OK ✅'"
[tasks."check:security"]
description = "Run security posture audit"
run = "echo 'Security audit not yet implemented'"
[tasks."check:vulnerabilities"]
description = "Scan Docker images for CVEs"
run = """
for f in stacks/*/compose.yaml; do
images=$(docker compose -f "$f" config --images 2>/dev/null)
for img in $images; do
echo "Scanning $img..."
trivy image --severity HIGH,CRITICAL "$img"
done
done
"""
# ── Validate ───────────────────────────────────────
[tasks."validate:compose"]
description = "Validate all compose files"
run = """
export TAILSCALE_IP="${TAILSCALE_IP:-127.0.0.1}"
for f in stacks/*/compose.yaml; do
echo "Validating $f..."
docker compose -f "$f" config --quiet || exit 1
done
echo "All compose files valid ✅"
"""
# ── Setup (bootstrap) ─────────────────────────────
[tasks.setup]
description = "Full server bootstrap"
depends = ["setup:docker", "setup:ufw", "setup:fail2ban", "setup:dokploy"]
[tasks."setup:docker"]
description = "Install Docker if not present"
run = """
if command -v docker &>/dev/null; then
echo "Docker already installed ✅"
else
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker "$USER"
echo "Docker installed ✅ — log out and back in for group changes"
fi
"""
[tasks."setup:ufw"]
description = "Configure UFW firewall"
run = """
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow in on tailscale0
sudo ufw allow in on lo
sudo ufw --force enable
echo "UFW configured ✅"
"""
[tasks."setup:fail2ban"]
description = "Install and enable fail2ban"
run = """
sudo apt-get install -y fail2ban
sudo systemctl enable --now fail2ban
echo "fail2ban active ✅"
"""
[tasks."setup:dokploy"]
description = "Install Dokploy"
run = "curl -sSL https://dokploy.com/install.sh | sh"