Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tao3k/tenzir-devops


https://github.com/tao3k/tenzir-devops

automation ci devops devsecops gitops nix tenzir

Last synced: about 2 months ago
JSON representation

Awesome Lists containing this project

README

        

#+TITLE: README
#+AUTHOR: GuangTao Zhang
#+EMAIL: [email protected]
#+DATE: 2023-07-21 Fri 06:43

* Branches status

- main: used to test the full features
- template: init the template with minimal env

* Configuration languages or files

By simply placing the supported configuration formats or files in the corresponding folders, the auto-importing mechanism will be triggered.
#+begin_quote
We have a global command-line tool called ~std~ that allows users to query and execute various tasks.
#+end_quote

+ units (dirs)
1) cells(std&nix) A DevOps framework for the SDLC with the power of Nix and Flakes. Good for keeping deadlines!
- [X] ~devshell~ -> path -> ./cells/devshell
- nix,yaml
- [X] ~tasks~ -> path -> ./cells/tasks/tasks
- nix,json,yaml
- [X] ~schemas~ -> path -> ./tenzir/schemas/
- nix,yaml,json
- [ ] ~terraform~ -> path -> ./deploy/tf
- nix(validator::terranix),hcl(validator::internal),json(overrideValues),nickel(validator::tf-ncl)
- [ ] ~kubernets~ -> path -> ./deploy/k8s
- ts(validator::architect-k8s-template),yaml,nickel,nix,json(overrideValues)
- [] ~secrets~ -> path -> ./secrets
- envs(yaml/json), sops(GPG,ssh),age(ssh),vault(cloud),git-crypt

2) nickel: Introducing the experimental incorporation of Nickel into security dataflow.

Moreover, users have the flexibility to modify the structure of the related cells' paths by using the ~cellsFrom~ field in the ~./devshell.toml~.

* Getting started

- with docker/podman
#+begin_src bash
docker pull ghcr.io/gtrunsec/tenzir-devshell-users:latest
git clone https://github.com/GTrunSec/tenzir-users-devops-template
cd tenzir-users-devops-template
docker run --platform linux/amd64 -it -v "$(pwd):/work" --entrypoint bash ghcr.io/gtrunsec/tenzir-devshell-users:latest
podman run --platform linux/amd64 -it -v "$(pwd):/work" --userns=keep-id --entrypoint bash ghcr.io/gtrunsec/tenzir-devshell-users:latest
#+end_src

- with nix-direnv

#+begin_src bash
direnv allow
#+end_src

* Concepts
** auto-importing/merging

- user dir: ~./tenzir/schemas/sysmon.yaml~
- source: https://github.com/tenzir/tenzir/blob/main/schema/concepts/sysmon.yaml
- output -> dir -> RP_ROOT + "~/data/tenzir~

The final output files are automatically generated and stored in the that folder.

If the ~sysmon.yaml~ file exists within the user directory, then automatic merging the data with source and generating the final file into the ~generated-sysmon.yaml~.

make sure, you have set the ~source~, ~data~ and ~output~ fields correctly.

#+begin_src yaml
# upstream's schema data
source: "/schema/concepts/sysmon.yaml"
# your own data
data:
- concept:
...
#+end_src