{"id":49770877,"url":"https://github.com/idvoretskyi/rpictl","last_synced_at":"2026-05-11T12:51:58.210Z","repository":{"id":354754445,"uuid":"1224973462","full_name":"idvoretskyi/rpictl","owner":"idvoretskyi","description":"Provisioning CLI for Raspberry Pi single-node k3s clusters","archived":false,"fork":false,"pushed_at":"2026-04-29T22:56:49.000Z","size":95,"stargazers_count":0,"open_issues_count":8,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-29T23:35:39.672Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/idvoretskyi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-29T20:21:46.000Z","updated_at":"2026-04-29T21:27:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/idvoretskyi/rpictl","commit_stats":null,"previous_names":["idvoretskyi/rpictl"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/idvoretskyi/rpictl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idvoretskyi%2Frpictl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idvoretskyi%2Frpictl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idvoretskyi%2Frpictl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idvoretskyi%2Frpictl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/idvoretskyi","download_url":"https://codeload.github.com/idvoretskyi/rpictl/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/idvoretskyi%2Frpictl/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32895971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-10T13:40:02.631Z","status":"online","status_checked_at":"2026-05-11T02:00:05.975Z","response_time":120,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-11T12:51:57.362Z","updated_at":"2026-05-11T12:51:58.204Z","avatar_url":"https://github.com/idvoretskyi.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# rpictl\n\n[![CI](https://github.com/idvoretskyi/rpictl/actions/workflows/ci.yml/badge.svg)](https://github.com/idvoretskyi/rpictl/actions/workflows/ci.yml)\n[![Release](https://img.shields.io/github/v/release/idvoretskyi/rpictl?sort=semver)](https://github.com/idvoretskyi/rpictl/releases)\n[![License: Apache 2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)\n[![Go Reference](https://pkg.go.dev/badge/github.com/idvoretskyi/rpictl.svg)](https://pkg.go.dev/github.com/idvoretskyi/rpictl)\n[![Go Report Card](https://goreportcard.com/badge/github.com/idvoretskyi/rpictl)](https://goreportcard.com/report/github.com/idvoretskyi/rpictl)\n\nProvisioning CLI for Raspberry Pi single-node k3s clusters.\n\n`rpictl provision rpi3` — that's all it takes to go from a fresh RPi OS Lite image to a working k3s cluster with kubeconfig on your laptop.\n\n## Status\n\n**v0.1.0-alpha.1 — pre-hardware-test alpha.** Core provisioning flow is complete and CI-green. Not yet validated on physical hardware. Configuration schema and CLI flags may change until v1.0.0.\n\nTested on: Raspberry Pi 3B, 3B+ (aarch64, RPi OS Lite Trixie).\nBest-effort defaults for RPi 4 and 5 — contributions and test reports welcome.\n\n## Why rpictl?\n\nMost Pi k3s guides are long bash scripts, Ansible playbooks, or manual steps. Tools like `k3sup` get you k3s installed but leave system hardening, memory tuning, and kubeconfig wiring as manual follow-up work.\n\nrpictl is a single compiled binary that:\n- runs a complete, ordered provisioning flow (preflight → system → hardening → memory → prereqs → k3s → kubeconfig)\n- is **idempotent** — safe to re-run after reboots or partial failures\n- requires **no agent pre-installed** on the Pi — uploads its own agent binary via SCP\n- outputs a ready-to-use kubeconfig on your laptop\n\nIt stops at \"kubeconfig in your hand.\" GitOps, secrets, ingress, and multi-node topologies are intentional non-goals — layer your own tooling on top.\n\n## Supported devices\n\n| Device | Profile | Tested in v0.1.0-alpha.1 |\n|---|---|---|\n| Raspberry Pi 3B | `rpi3` | Yes |\n| Raspberry Pi 3B+ | `rpi3b-plus` | Yes |\n| Raspberry Pi 4 | `rpi4` | No (best-effort defaults) |\n| Raspberry Pi 5 | `rpi5` | No (best-effort defaults) |\n\nOS requirement: **Raspberry Pi OS Lite, Debian 13 Trixie**, aarch64.\n\n## Install\n\n```bash\nbrew install idvoretskyi/tap/rpictl\n```\n\nOr build from source:\n\n```bash\ngo install github.com/idvoretskyi/rpictl/cmd/rpictl@latest\n```\n\n## Quickstart\n\n1. Flash RPi OS Lite (Trixie) to SD card, enable SSH, boot the Pi.\n\n2. Create `rpictl.yaml` in your working directory:\n\n```yaml\nhosts:\n  rpi3:\n    address: raspberrypi.local\n    user: pi\n    device_profile: rpi3b-plus\n    kubeconfig:\n      output: ~/.kube/rpi3.yaml\n      context: rpi3\n```\n\n3. Provision:\n\n```bash\nrpictl provision rpi3\n```\n\n4. Use your cluster:\n\n```bash\nexport KUBECONFIG=~/.kube/rpi3.yaml\nkubectl get nodes\n```\n\n## What it does\n\n`rpictl provision` uploads a small agent binary (`rpictl-agent`) to the Pi via SCP, then runs these steps over SSH:\n\n| Step | What happens |\n|---|---|\n| `preflight` | Verify aarch64 + Trixie + RAM ≥ 900MB; detect device model |\n| `system` | `apt upgrade` + timezone + hostname |\n| `hardening` | sshd config + UFW + unattended-upgrades |\n| `memory` | zram + swappiness + `gpu_mem` in `/boot/firmware/config.txt` |\n| `prereqs` | Install curl, ca-certificates, gnupg, jq, git |\n| `k3s` | Install k3s via `get.k3s.io` |\n| `kubeconfig` | Fetch `/etc/rancher/k3s/k3s.yaml`, rewrite server address, write to laptop |\n\nEach step is **idempotent** — re-running `rpictl provision` is safe.\n\n## Commands\n\n```\nrpictl provision \u003chost\u003e     Run full provisioning flow\nrpictl kubeconfig \u003chost\u003e    Fetch kubeconfig from already-provisioned host\nrpictl version              Print version\n```\n\nGlobal flag: `--config / -c` — path to `rpictl.yaml` (default: `./rpictl.yaml`).\n\n## Configuration reference\n\nSee [`docs/CONFIGURATION.md`](docs/CONFIGURATION.md) and [`examples/rpictl.yaml`](examples/rpictl.yaml).\n\n## Architecture\n\nSee [`docs/ARCHITECTURE.md`](docs/ARCHITECTURE.md) for the orchestrator ↔ agent JSON protocol.\n\n## Development\n\nSee [`docs/DEVELOPMENT.md`](docs/DEVELOPMENT.md) for build, test, and release workflow.\n\n## What rpictl does NOT do\n\n- Cloudflare Tunnel / ingress setup\n- Flux GitOps bootstrap\n- SOPS / age secret management\n- Multi-node clusters\n- Any non-Raspberry-Pi hardware\n\nThese are intentional non-goals. rpictl stops at \"kubeconfig in your hand.\" Layer your own GitOps, IaC, and secrets tooling on top.\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md). All commits must be signed-off (`git commit -s`) per the [Developer Certificate of Origin](https://developercertificate.org/).\n\n## Security\n\nTo report a vulnerability, please use [GitHub private security advisories](https://github.com/idvoretskyi/rpictl/security/advisories/new) rather than opening a public issue. See [SECURITY.md](SECURITY.md) for details.\n\n## License\n\nApache License 2.0 — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidvoretskyi%2Frpictl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fidvoretskyi%2Frpictl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidvoretskyi%2Frpictl/lists"}