Added UTM

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

.gitignore

@@ -28,3 +28,7 @@
 /home/.kube/*
 !/home/.kube/clusters/.gitkeep
 !/home/.kube/switch-config.yaml
+
+/home/.k9s/benchmarks
+/home/.k9s/clusters
+/home/.k9s/screen-dumps

home/.bin/.utils

@@ -20,6 +20,10 @@ if [ $? -eq 0 ]; then
     blue() {
       printf "\e[38;5;75m$@${END_CHARS}"
     }
+
+    green() {
+      printf "\e[32;5;75m$@${END_CHARS}"
+    }
 else
     bold() {
       echo $@
@@ -40,6 +44,10 @@ else
     blue() {
       echo $@
     }
+
+    green() {
+      echo $@
+    }
 fi
 
 _fzf() {

home/.bin/flux-pause

@@ -5,6 +5,7 @@ source .utils
 set -e
 
 VERBOSE=""
+ALL=""
 TARGET_RESOURCE="kustomization"
 NAMESPACES="-n flux-system"
 
@@ -15,6 +16,7 @@ print_usage() {
   echo "flux-pause [options] RESOURCE_NAME..."
   echo " "
   underline "Options:"
+  echo "    --all             pause all Kustomizations"
   echo "-n, --namespace       the namespace resources belong in. Default: flux-system"
   echo "-v  --verbose         show full verbose output"
   echo "-h, --help            show this help text"
@@ -37,6 +39,10 @@ while test $# -gt 0; do
       VERBOSE="true"
       shift
       ;;
+    --all)
+      ALL="true"
+      shift
+      ;;
     *)
       RESOURCES+=(${1})
       shift
@@ -44,6 +50,9 @@ while test $# -gt 0; do
   esac
 done
 
+if [[ "${ALL}" == "true" ]]; then
+  RESOURCES=$(kubectl get kustomization ${NAMESPACES} -o json | jq -r '.items[] | "\( .metadata.name)"')
+fi
 
 for RESOURCE in ${RESOURCES[@]}
 do

home/.bin/gs-aws

@@ -1,103 +0,0 @@
-#!/usr/bin/env bash
-
-source .utils
-
-ACCOUNT_ID=${AWS_ACCOUNTID}
-ROLE=GiantSwarmAdmin
-MFA=
-MFA_ARN=arn:aws:iam::${AWS_ACCOUNTID}:mfa/marcus@giantswarm.io
-
-print_usage() {
-  orange "gs-aws - set up AWS credentials"
-  echo " "
-  underline "Usage:"
-  echo "gs-aws"
-  echo " "
-  echo " "
-  underline "Options:"
-  echo "-h, --help            show this help text"
-  echo "-a, --account         the AWS account number (default: \$AWS_ACCOUNTID)"
-  echo "-r, --role            the role to assume (default: GiantSwarmAdmin)"
-  echo "-t, --mfa-token       the MFA token to use when generating a session [Required]"
-  echo "-m, --mfa-arn         the ARN of the MFA device (Default ${MFA_ARN})"
-}
-
-while test $# -gt 0; do
-  case "$1" in
-    -a|--account)
-      shift
-      ACCOUNT_ID=$1
-      shift
-      ;;
-    -r|--role)
-      shift
-      ROLE=$1
-      shift
-      ;;
-    -t|--mfa-token)
-      shift
-      MFA=$1
-      shift
-      ;;
-    -m|--mfa-arn)
-      shift
-      MFA_ARN=$1
-      shift
-      ;;
-    -h|--help)
-      print_usage
-      exit 0
-      ;;
-    *)
-      break
-      ;;
-  esac
-done
-
-if [ -z $AWS_ACCESS_KEY_ID ] || [ -z $AWS_SECRET_ACCESS_KEY ] || [ -z $ACCOUNT_ID ]; then
-  echo "Initial AWS credentials required"
-  exit 1
-fi
-
-if [ -z $MFA ] || [ -z $MFA_ARN ]; then
-  echo "MFA token and ARN required"
-  exit 1
-fi
-
-unset AWS_PROFILE
-
-printf "✨  Getting session credentials..."
-SESSION_JSON=$(aws sts get-session-token --serial-number ${MFA_ARN} --token-code ${MFA})
-printf "\n\e[1A\e[K✅  Got session credentials\n"
-
-export AWS_SECRET_ACCESS_KEY=$(echo $SESSION_JSON | jq -r '.Credentials.SecretAccessKey')
-export AWS_ACCESS_KEY_ID=$(echo $SESSION_JSON | jq -r '.Credentials.AccessKeyId')
-export AWS_SESSION_TOKEN=$(echo $SESSION_JSON | jq -r '.Credentials.SessionToken')
-export EXPIRATION=$(echo $SESSION_JSON | jq -r '.Credentials.Expiration')
-
-if [ "${ACCOUNT_ID}" != "${AWS_ACCOUNTID}" ]; then
-  printf "✨  Assuming cross-account role..."
-  ASSUME_SESSION=$(aws sts assume-role --role-session-name $(whoami)-aws --role-arn arn:aws:iam::${ACCOUNT_ID}:role/${ROLE})
-  export AWS_SECRET_ACCESS_KEY=$(echo $ASSUME_SESSION | jq -r '.Credentials.SecretAccessKey')
-  export AWS_ACCESS_KEY_ID=$(echo $ASSUME_SESSION | jq -r '.Credentials.AccessKeyId')
-  export AWS_SESSION_TOKEN=$(echo $ASSUME_SESSION | jq -r '.Credentials.SessionToken')
-  export EXPIRATION=$(echo $ASSUME_SESSION | jq -r '.Credentials.Expiration')
-  printf "\n\e[1A\e[K✅  Assumed role\n"
-fi
-
-mkdir -p ~/.aws
-cat > ~/.aws/credentials << EOF
-[giantswarm]
-aws_access_key_id=${AWS_ACCESS_KEY_ID}
-aws_secret_access_key=${AWS_SECRET_ACCESS_KEY}
-aws_session_token=${AWS_SESSION_TOKEN}
-expiration=${EXPIRATION}
-EOF
-
-echo "⚡️ AWS credentials setup"
-echo ""
-echo "ℹ️  You'll need to switch to the 'giantswarm' profile:"
-echo ""
-echo "unset AWS_ACCESS_KEY_ID"
-echo "unset AWS_SECRET_ACCESS_KEY"
-echo "export AWS_PROFILE=giantswarm"

home/.bin/gs-create-cluster

@@ -1,108 +0,0 @@
-#!/usr/bin/env bash
-
-source .utils
-
-DRY_RUN=0
-NAMESPACE="org-giantswarm"
-RELEASE="20.0.0-alpha1"
-PROVIDER="aws"
-AZS="eu-west-1a"
-DESCRIPTION="$(whoami)'s test cluster"
-
-print_usage() {
-  orange "gs-create-cluster - create a Giant Swarm managed CAPI workload cluster"
-  echo " "
-  underline "Usage:"
-  echo "gs-create-cluster [cluster-name]"
-  echo " "
-  echo " "
-  underline "Options:"
-  echo "-h, --help            show this help text"
-  echo "-n, --namespace       the namespace the cluster is in (default: org-giantswarm)"
-  echo "-r, --release         the namespace the cluster is in (default: 20.0.0-alpha1)"
-  echo "-p, --provider        the cloud provider to use (default: aws)"
-}
-
-while test $# -gt 0; do
-  case "$1" in
-    -n|--namespace)
-      shift
-      NAMESPACE=$1
-      shift
-      ;;
-    -r|--release)
-      shift
-      RELEASE=$1
-      shift
-      ;;
-    -p|--provider)
-      shift
-      PROVIDER=$1
-      shift
-      ;;
-    --dry-run)
-      DRY_RUN=1
-      shift
-      ;;
-    -h|--help)
-      print_usage
-      exit 0
-      ;;
-    *)
-      break
-      ;;
-  esac
-done
-
-# Positional args
-NAME=${1:-wc001}
-
-PREFIXED_NAMESPACE="org-$NAMESPACE"
-case $NAMESPACE in org-*)
-  PREFIXED_NAMESPACE="$NAMESPACE"
-  NAMESPACE=${NAMESPACE#"org-"}
-esac
-
-CAPA_CLUSTER="--provider capa"
-CAPZ_CLUSTER="--provider azure --release ${RELEASE}"
-CAPG_CLUSTER="--provider gcp --gcp-project giantswarm-352614 --region europe-west3 --gcp-failure-domains europe-west3-a --gcp-machine-deployment-failure-domain europe-west3-a"
-TEMPLATE_ARGS="--name ${NAME:0:5} --organization ${NAMESPACE}"
-case "${PROVIDER}" in
-  aws)
-    TEMPLATE_ARGS="${TEMPLATE_ARGS} ${CAPA_CLUSTER}"
-    ;;
-  gcp)
-    TEMPLATE_ARGS="${TEMPLATE_ARGS} ${CAPG_CLUSTER}"
-    ;;
-  azure)
-    TEMPLATE_ARGS="${TEMPLATE_ARGS} ${CAPZ_CLUSTER}"
-    ;;
-  *)
-    echo "Unsupported provider type"
-    exit 1
-    ;;
-esac
-
-echo "✨  Pre-flight checks"
-gs-get-cluster --namespace ${PREFIXED_NAMESPACE} ${NAME} &>/dev/null
-if [ $? -eq 0 ]; then
-  echo "Cluster named '${NAME}' already exists"
-  exit 1
-elif [[ "${PROVIDER}" = "aws" ]]; then
-  echo "Cleaning up any old awsclusterroleidentities..."
-  kubectl delete --namespace ${PREFIXED_NAMESPACE} awsclusterroleidentities ${NAME} 2>/dev/null
-fi
-
-echo "✨  Creating a new ${PROVIDER} cluster called '${NAMESPACE}/${NAME}' with release '${RELEASE}'"
-if [[ $DRY_RUN = 1 ]]; then
-  echo kubectl-gs template cluster ${TEMPLATE_ARGS} --description "${DESCRIPTION}"
-  kubectl-gs template cluster ${TEMPLATE_ARGS} --description "${DESCRIPTION}"
-else
-  kubectl-gs template cluster ${TEMPLATE_ARGS} --description "${DESCRIPTION}" | kubectl apply -f -
-fi
-
-if [[ $DRY_RUN = 0 ]]; then
-  sleep 10
-  echo "✨  Checking status..."
-  gs-get-cluster --namespace ${PREFIXED_NAMESPACE} ${NAME}
-fi

home/.bin/gs-create-repo

@@ -1,188 +0,0 @@
-#!/usr/bin/env bash
-
-source .utils
-
-TEMPLATE="giantswarm/template-app"
-VISIBILITY="public"
-CODEOWNER_TEAM="team-hydra"
-
-print_usage() {
-  orange "gs-create-repo - a new Giant Swarm repo"
-  echo " "
-  underline "Usage:"
-  echo "gs-create-repo (flags) [repo-name]"
-  echo " "
-  echo " "
-  underline "Options:"
-  echo "-h, --help            show this help text"
-  echo "-t, --template        the template repo to base the new repo on (default: ${TEMPLATE})"
-  echo "    --team            the team to be set as codeowner of the repo (default: ${CODEOWNER_TEAM})"
-  echo "    --visibility      the visibility of the repo (default: ${VISIBILITY}"
-}
-
-
-POS_ARGS=()
-while test $# -gt 0; do
-  case "$1" in
-    -t|--template)
-      shift
-      TEMPLATE=$1
-      shift
-      ;;
-    -p|--private)
-      shift
-      PRIVATE="--private"
-      ;;
-    -h|--help)
-      print_usage
-      exit 0
-      ;;
-    *)
-      POS_ARGS+=${1}
-      shift
-      ;;
-  esac
-done
-
-case $TEMPLATE in
-  */*)
-    shift
-    ;;
-  *)
-    TEMPLATE="giantswarm/${TEMPLATE}"
-    ;;
-esac
-
-REPOSITORY_NAME=${POS_ARGS[0]}
-
-#############################################
-
-echo "✨ Creating new repo $(italic ${VISIBILITY}) $(orange ${REPOSITORY_NAME}) using base template $(blue ${TEMPLATE})"
-
-gh repo create  --${VISIBILITY} --template ${TEMPLATE} giantswarm/${REPOSITORY_NAME}
-
-git take git@github.com:giantswarm/${REPOSITORY_NAME}.git
-
-if [ -d helm/APP-NAME ]; then
-  mv 'helm/{APP-NAME}' helm/${REPOSITORY_NAME}
-fi
-
-devctl replace -i '{APP-NAME}' ${REPOSITORY_NAME} --ignore .git ./.** ./**
-
-# Clean up some stuff
-sed -i 's|\[Read me after cloning this template (GS staff only)\](https://intranet.giantswarm.io/docs/dev-and-releng/app-developer-processes/adding_app_to_appcatalog/)||g' README.md
-sed -i 's|- {APP HELM REPOSITORY}||g' README.md
-sed -i '$!N; /^\(.*\)\n\1$/!P; D' README.md
-sed -i 's/- .*//' CHANGELOG.md
-sed -i '$!N; /^\(.*\)\n\1$/!P; D' CHANGELOG.md
-
-
-printf "Run Kubebuilder init? (y/n): "
-read CONFIRM
-if [ "${CONFIRM}" = "y" ]; then
-  mv helm .helm
-  kubebuilder init --domain giantswarm.io --repo github.com/giantswarm/${REPOSITORY_NAME} --plugins=go/v4-alpha
-  mv .helm helm
-  mv Makefile Makefile.kubebuilder.mk
-  go mod tidy
-fi
-
-devctl gen workflows --flavour app --flavour generic --check-secrets
-devctl gen makefile --flavour app --flavour generic --language go
-touch Makefile.custom.mk
-
-printf "Update Circle-CI job? (y/n): "
-read CONFIRM
-if [ "${CONFIRM}" = "y" ]; then
-
-  cat << EOF > .circleci/config.yml
-version: 2.1
-orbs:
-  architect: giantswarm/architect@4.24.0
-
-workflows:
-  test-and-push:
-    jobs:
-      - architect/go-build:
-          context: architect
-          name: go-build
-          binary: ${REPOSITORY_NAME}
-          resource_class: xlarge
-          filters:
-            tags:
-              only: /^v.*/
-      - architect/push-to-docker:
-          context: architect
-          name: push-${REPOSITORY_NAME}-to-quay
-          image: "quay.io/giantswarm/${REPOSITORY_NAME}"
-          username_envar: "QUAY_USERNAME"
-          password_envar: "QUAY_PASSWORD"
-          requires:
-          - go-build
-          filters:
-            # Trigger the job also on git tag.
-            tags:
-              only: /^v.*/
-      - architect/push-to-docker:
-          context: "architect"
-          name: push-${REPOSITORY_NAME}-to-docker
-          image: "docker.io/giantswarm/${REPOSITORY_NAME}"
-          username_envar: "DOCKER_USERNAME"
-          password_envar: "DOCKER_PASSWORD"
-          requires:
-            - go-build
-          # Needed to trigger job also on git tag.
-          filters:
-            tags:
-              only: /^v.*/
-    # Ensure that for every commit
-    # there is an app version in the test catalog.
-      - architect/push-to-app-catalog:
-          context: architect
-          name: push-to-app-catalog
-          app_catalog: "control-plane-catalog"
-          app_catalog_test: "control-plane-test-catalog"
-          chart: "${REPOSITORY_NAME}"
-          requires:
-          - push-${REPOSITORY_NAME}-to-quay
-          - push-${REPOSITORY_NAME}-to-docker
-          filters:
-            # Trigger the job also on git tag.
-            tags:
-              only: /^v.*/
-      - architect/push-to-app-collection:
-          context: architect
-          name: push-to-gcp-app-collection
-          app_name: "${REPOSITORY_NAME}"
-          app_collection_repo: "gcp-app-collection"
-          requires:
-          - push-to-app-catalog
-          filters:
-            branches:
-              ignore: /.*/
-            tags:
-              only: /^v.*/
-EOF
-
-fi
-
-git add -A
-git commit -m "Initial repo scaffold and setup"
-git push
-
-devctl repo setup giantswarm/${REPOSITORY_NAME} \
-  --allow-automerge=true --allow-mergecommit=false --allow-rebasemerge=false \
-  --allow-squashmerge=true --allow-updatebranch=true --delete-branch-on-merge=true \
-  --enable-issues=true --enable-projects=false --enable-wiki=false
-
-echo "🎉 New repo $(orange ${REPOSITORY_NAME}) created! - https://github.com/giantswarm/${REPOSITORY_NAME}"
-
-echo "⚡️ Adding reference to $(orange ${REPOSITORY_NAME}) in giantswarm/github"
-git take git@github.com:giantswarm/github.git
-git main
-yq -i '. += {"name": "'${REPOSITORY_NAME}'", "gen": {"flavour": "app,generic", "language": "go"}, "replace": {"architect-orb": true, "renovate": true}} | sort_by(.name)' repositories/${CODEOWNER_TEAM}.yaml
-git add repositories/${CODEOWNER_TEAM}.yaml
-git commit -m "Added ${REPOSITORY_NAME} to ${CODEOWNER_TEAM} repos"
-git push
-
-cd -

home/.bin/gs-get-cluster

@@ -1,38 +0,0 @@
-#!/usr/bin/env bash
-
-source .utils
-
-set -e
-
-NAMESPACE="org-giantswarm"
-
-print_usage() {
-  orange "gs-get-cluster - get a Giant Swarm managed workload cluster"
-  echo " "
-  underline "Usage:"
-  echo "gs-get-cluster [cluster-name]"
-  echo " "
-  echo " "
-  underline "Options:"
-  echo "-h, --help            show this help text"
-  echo "-n, --namespace       the namespace the cluster is in (default: org-giantswarm)"
-}
-
-while test $# -gt 0; do
-  case "$1" in
-    -n|--namespace)
-      shift
-      NAMESPACE=$1
-      shift
-      ;;
-    -h|--help)
-      print_usage
-      exit 0
-      ;;
-    *)
-      break
-      ;;
-  esac
-done
-
-kubectl-gs get cluster --namespace $NAMESPACE $@ 2>/dev/null || kubectl get cl --namespace $NAMESPACE $@

home/.bin/gs-login

@@ -1,67 +0,0 @@
-#!/usr/bin/env bash
-
-source .utils
-
-DEBUG=""
-
-print_usage() {
-  orange "gs-login - login to Giant Swarm managed clusters"
-  echo " "
-  underline "Usage:"
-  echo "gs-login [INSTALLATION] [WORKLOAD CLUSTER] [ORGANISATION]"
-  echo " "
-  underline "Examples:"
-  echo "> gs-login gauss"
-  echo "> gs-login gauss mywc1"
-  echo " "
-  underline "Options:"
-  echo "-h, --help                show this help text"
-}
-
-POS_ARGS=()
-
-while test $# -gt 0; do
-  case "$1" in
-    -t|--ttl)
-      shift
-      echo "-t / --ttl no longer handled"
-      shift
-      ;;
-    -g|--certificate-group)
-      shift
-      echo "-g / --certificate-group no longer handled"
-      shift
-      ;;
-    -h|--help)
-      print_usage
-      exit 0
-      ;;
-    --debug)
-      DEBUG="--level=debug"
-      shift
-      ;;
-    /)
-      # We want to ignore slash seperators between MC and WC
-      shift
-      ;;
-    *)
-      POS_ARGS+=(`echo $1 | tr '/' ' '`)
-      shift
-      ;;
-  esac
-done
-
-if [ ${#POS_ARGS[@]} -eq 0 ]; then
-  POS_ARGS+=(`opsctl list installations --short | tr ' ' '\n' | fzf`)
-fi
-
-case ${#POS_ARGS[@]} in
-  0)
-    print_usage
-    exit 1
-    ;;
-  *)
-    kubectl config delete-context gs-${POS_ARGS[0]} &>/dev/null
-    opsctl login ${DEBUG} ${POS_ARGS[@]}
-    ;;
-esac

home/.bin/gs-open

@@ -1,78 +0,0 @@
-#!/usr/bin/env bash
-
-source .utils
-
-DEBUG=""
-
-SUPPORTED_APPS="alertmanager cloudprovider grafana happa kibana kyverno prometheus"
-
-print_usage() {
-  orange "gs-open - open apps on Giant Swarm clusters"
-  echo " "
-  underline "Usage:"
-  echo "gs-open [APP] [INSTALLATION] [WORKLOAD CLUSTER] "
-  echo " "
-  underline "Supported apps:"
-  italic "${SUPPORTED_APPS}"
-  echo " "
-  underline "Examples:"
-  echo "> gs-open prometheus gauss"
-  echo "> gs-open alertmanager gauss mywc1"
-  echo " "
-  underline "Options:"
-  echo "-h, --help                show this help text"
-  echo "    --debug               show debug log output"
-}
-
-POS_ARGS=()
-
-while test $# -gt 0; do
-  case "$1" in
-    -h|--help)
-      print_usage
-      exit 0
-      ;;
-    --debug)
-      DEBUG="--level=debug"
-      shift
-      ;;
-    /)
-      # We want to ignore slash seperators between MC and WC
-      shift
-      ;;
-    *)
-      POS_ARGS+=(`echo $1 | tr '/' ' '`)
-      shift
-      ;;
-  esac
-done
-
-if [ ${#POS_ARGS[@]} -eq 0 ]; then
-  POS_ARGS+=(`echo ${SUPPORTED_APPS} | tr ' ' '\n' | fzf`)
-fi
-if [ ${#POS_ARGS[@]} -eq 1 ]; then
-  POS_ARGS+=(`opsctl list installations --short | tr ' ' '\n' | fzf`)
-fi
-
-APP=${POS_ARGS[0]}
-if [[ "${APP}" == "cloud" ]]; then
-  APP=cloudprovider
-fi
-if [[ "${APP}" == "prom" ]]; then
-  APP=prometheus
-fi
-
-case ${#POS_ARGS[@]} in
-  0)
-    print_usage
-    exit 1
-    ;;
-  2)
-    echo "✨  Opening ${APP} on ${POS_ARGS[1]}"
-    opsctl open ${DEBUG} --app ${APP} --installation ${POS_ARGS[1]}
-    ;;
-  3)
-    echo "✨  Opening ${APP} on ${POS_ARGS[1]} / ${POS_ARGS[2]}"
-    opsctl open ${DEBUG} --app ${APP} --installation ${POS_ARGS[1]} --workload-cluster ${POS_ARGS[2]}
-    ;;
-esac

home/.bin/gs-release

@@ -1,118 +0,0 @@
-#!/usr/bin/env bash
-
-source .utils
-
-set -e
-
-print_usage() {
-  orange "gs-release - create a new release of a Giant Swarm repo"
-  echo " "
-  underline "Usage:"
-  echo "gs-release [SEMVER LEVEL]"
-  echo " "
-  echo " "
-  underline "Options:"
-  echo "-h, --help      show this help text"
-}
-
-while test $# -gt 0; do
-  case "$1" in
-    -h|--help)
-      print_usage
-      exit 0
-      ;;
-    *)
-      break
-      ;;
-  esac
-done
-
-SEMVER=$1
-
-CURRENT_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
-MAIN_BRANCH=$(git remote show origin 2>/dev/null|grep HEAD|sed 's/.* //')
-CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
-
-if [ "$MAIN_BRANCH" != "$CURRENT_BRANCH" ]; then
-  echo "Not currently on main branch, please switch to ${MAIN_BRANCH} to perform a release"
-  exit 1
-fi
-
-VERSION_PARTS=($(echo $CURRENT_TAG | tr "." "\n"))
-VERSION_MAJOR=${VERSION_PARTS[0]}
-VERSION_MINOR=${VERSION_PARTS[1]}
-VERSION_PATCH=${VERSION_PARTS[2]}
-
-echo "The latest released version is ${CURRENT_TAG}"
-echo ""
-
-echo "The release will include:"
-sed -n "/^## \[Unreleased\]$/,/^## /p" CHANGELOG.md | tail -n +3 | tail -r | tail -n +2 | tail -r | sed "s/^/    /g"
-echo ""
-
-if [[ "$SEMVER" == "" ]]; then
-  printf "What semver release level? (patch, minor or major): "
-  read SEMVER
-fi
-
-case ${SEMVER} in
-  patch)
-    VERSION_PATCH=$((VERSION_PATCH+1))
-    ;;
-
-  minor)
-    VERSION_MINOR=$((VERSION_MINOR+1))
-    VERSION_PATCH=0
-    ;;
-
-  major)
-    if [[ ${VERSION_MAJOR:0:1} == "v" ]]; then
-      VERSION_MAJOR="v$((VERSION_MAJOR+1))"
-    else
-      VERSION_MAJOR=$((VERSION_MAJOR+1))
-    fi
-    VERSION_MINOR=0
-    VERSION_PATCH=0
-    ;;
-
-  *)
-    echo "Unknown Semver level provided"
-    exit 1
-    ;;
-esac
-
-NEW_VERSION="${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}"
-NEW_BRANCH="${MAIN_BRANCH}#release#${NEW_VERSION}"
-
-echo ""
-echo "✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ "
-echo "Current version  ${CURRENT_TAG}"
-echo "    New version  ${NEW_VERSION}"
-echo " Release branch  ${NEW_BRANCH}"
-echo "✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ "
-echo ""
-
-printf "Confirm? (y/n): "
-read CONFIRM
-
-if [ "${CONFIRM}" = "y" ]; then
-  echo ""
-  echo "Publishing new release branch..."
-  echo ""
-  git checkout -b "${NEW_BRANCH}"
-  git push -u origin "${NEW_BRANCH}"
-
-  ORG_NAME=$(git remote get-url origin | sed 's/.*github.com[:|\/]//' | sed 's/\.git$//' | tr '/' ' ' | awk '{print $1}')
-  REPO_NAME=$(git remote get-url origin | sed 's/.*github.com[:|\/]//' | sed 's/\.git$//' | tr '/' ' ' | awk '{print $2}')
-
-  echo ""
-  echo "🚀  Keep an eye on $(underline "https://github.com/${ORG_NAME}/${REPO_NAME}/pulls") for the new release PR"
-  echo ""
-
-  echo "Switching back to the main git branch"
-  git checkout $(git remote show origin 2>/dev/null|grep HEAD|sed 's/.* //') &> /dev/null
-  git pull &> /dev/null
-else
-  echo "Aborting..."
-  exit 1
-fi

home/.bin/gs-update-tools

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-echo "⬆️  Updating tools ⬆️"
-echo
-
-if which opsctl &>/dev/null ; then
-  printf "⏳ opsctl..."
-  opsctl version update --no-cache 1>/dev/null
-  printf "\n\e[1A\e[K✅ opsctl - %s\n" $(opsctl version | grep "^Version:" | awk -F' ' '{print $NF}')
-fi
-
-if which devctl &>/dev/null ; then
-  printf "⏳ devctl... "
-  devctl version update --no-cache 1>/dev/null
-  printf "\n\e[1A\e[K✅ devctl - %s\n" $(devctl version | grep "^Version:" | awk -F' ' '{print $NF}')
-fi
-
-if which kubectl-gs &>/dev/null ; then
-  printf "⏳ kubectl-gs... "
-  kubectl-gs selfupdate 1>/dev/null
-  printf "\n\e[1A\e[K✅ kubectl-gs - %s\n" $(kubectl-gs --version | awk -F' ' '{print $NF}')
-fi

home/.bin/kind-create-cluster

@@ -2,20 +2,12 @@
 
 source .utils
 
-# Force using the `go install` version as we need to pin to 0.19 for now
-alias kind=$GOPATH/bin/kind
-
-kind --version | grep "0.19." > /dev/null
-if [[ "$?" != "0" ]]; then
-  echo "Kind v0.19.0 is required"
-  exit 1
-fi
-
 NAME=""
-VERSION="1.28.0@sha256:dad5a6238c5e41d7cac405fae3b5eda2ad1de6f1190fa8bfc64ff5bb86173213"
+VERSION="1.34.0@sha256:7416a61b42b1662ca6ca89f02028ac133a309a2a30ba309614e8ec94d976dc5a"
 NODES="2"
-FEATURE_GATES="ValidatingAdmissionPolicy"
+FEATURE_GATES="MutatingAdmissionPolicy"
-RUNTIME_CONFIG="admissionregistration.k8s.io/v1beta1"
+RUNTIME_CONFIG="admissionregistration.k8s.io/v1alpha1"
+AUDIT_POLICY=""
 
 print_usage() {
   orange "kind-create-cluster - create a Kind cluster"
@@ -30,6 +22,7 @@ print_usage() {
   echo "-n, --nodes           the number of worker nodes (default: ${NODES})"
   echo "-f, --feature-gates   a comma seperated list of feature-gates to enable (default: ${FEATURE_GATES})"
   echo "-r, --runtime-config  a comma seperated list of API versions to enable (default: ${RUNTIME_CONFIG})"
+  echo "    --audit-policy    a file containing the audit policy config"
 }
 
 while test $# -gt 0; do
@@ -54,6 +47,11 @@ while test $# -gt 0; do
       RUNTIME_CONFIG=$1
       shift
       ;;
+    --audit-policy)
+      shift
+      AUDIT_POLICY=$1
+      shift
+      ;;
     -h|--help)
       print_usage
       exit 0
@@ -73,9 +71,32 @@ function node() {
   for ((i = 1 ; i <= $COUNT ; i++)); do
     echo "- role: ${TYPE}"
     echo "  image: kindest/node:${VERSION}"
-    # echo "  labels:"
+    if [[ "${AUDIT_POLICY}" != "" ]]; then
-    # echo "    node-role.kubernetes.io/${TYPE}: ${TYPE}"
+      if [[ "${TYPE}" == "control-plane" ]]; then
-    # echo "    kubernetes.io/role: ${TYPE}"
+        echo "  kubeadmConfigPatches:"
+        echo "  - |"
+        echo "    kind: ClusterConfiguration"
+        echo "    apiServer:"
+        echo "        extraArgs:"
+        echo "          audit-log-path: /var/log/kubernetes/kube-apiserver-audit.log"
+        echo "          audit-policy-file: /etc/kubernetes/policies/audit-policy.yaml"
+        echo "        extraVolumes:"
+        echo "          - name: audit-policies"
+        echo "            hostPath: /etc/kubernetes/policies"
+        echo "            mountPath: /etc/kubernetes/policies"
+        echo "            readOnly: true"
+        echo "            pathType: "DirectoryOrCreate""
+        echo "          - name: "audit-logs""
+        echo "            hostPath: "/var/log/kubernetes""
+        echo "            mountPath: "/var/log/kubernetes""
+        echo "            readOnly: false"
+        echo "            pathType: DirectoryOrCreate"
+        echo "  extraMounts:"
+        echo "  - hostPath: ${AUDIT_POLICY}"
+        echo "    containerPath: /etc/kubernetes/policies/audit-policy.yaml"
+        echo "    readOnly: true"
+      fi
+    fi
   done
 }
 

home/.bin/kind-delete-cluster

@@ -2,17 +2,8 @@
 
 source .utils
 
-# Force using the `go install` version as we need to pin to 0.19 for now
-alias kind=$GOPATH/bin/kind
-
 CONTEXT_NAME=$(kubectl config current-context | sed -e "s/kind-//")
 
-kind --version | grep "0.19." > /dev/null
-if [[ "$?" != "0" ]]; then
-  echo "Kind v0.19.0 is required"
-  exit 1
-fi
-
 print_usage() {
   orange "kind-delete-cluster - delete a Kind cluster"
   echo " "

home/.bin/kind-list-images

@@ -0,0 +1,53 @@
+#!/usr/bin/env zsh
+
+source .utils
+
+TAG_COUNT=5
+MINOR_VERSION="v1."
+
+print_usage() {
+  orange "kind-list-images - List latest images for use with Kind nodes"
+  echo " "
+  underline "Usage:"
+  echo "kind-list-images [minor-version]"
+  echo " "
+  echo " "
+  underline "Options:"
+  echo "-h, --help            show this help text"
+  echo "-n, --last-n-minors   return the last n minor versions (default: ${TAG_COUNT})"
+}
+
+
+while test $# -gt 0; do
+  case "$1" in
+    -n|--last-n-minors)
+      shift
+      TAG_COUNT=$1
+      shift
+      ;;
+    -h|--help)
+      print_usage
+      exit 0
+      ;;
+    *)
+      MINOR_VERSION=$1
+      shift
+      ;;
+  esac
+done
+
+
+TAGS=( $(crane ls kindest/node | sort | grep 'v1.' | grep -vE 'alpha|beta' | grep ${MINOR_VERSION}) )
+
+declare -A latestMinor
+
+for TAG in "${TAGS[@]}"; do
+  MINOR="${TAG%.*}"
+  latestMinor[$MINOR]=$TAG
+done
+
+RETURN_TAGS=( $(echo $latestMinor | tr ' ' '\n' | sort -r | head -n ${TAG_COUNT}) )
+
+for TAG in "${RETURN_TAGS[@]}"; do
+  echo " - kindest/node:$(blue $TAG)@$(crane digest kindest/node:$TAG)"
+done

home/.bin/kube-all

@@ -47,11 +47,14 @@ while test $# -gt 0; do
   esac
 done
 
+NAMESPACED="--namespaced"
+
 if [[ "${LABEL}" != "" ]]; then
   LABEL="-l ${LABEL}"
+  NAMESPACED=""
 fi
 
-NAMES="$(kubectl api-resources --namespaced --verbs list -o name | tr '\n' ,)"
+NAMES="$(kubectl api-resources ${NAMESPACED} --verbs list -o name | tr '\n' ,)"
 
 if [[ "$ALL_NAMESPACES" == "true" ]]; then
   kubectl get "${NAMES::${#NAMES}-1}" --show-kind --ignore-not-found ${LABEL} -A 2>/dev/null

home/.bin/kube-empty-namespace

@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+
+source .utils
+
+set -e
+NAMESPACE=""
+CONTEXT="$(kubectl config current-context)"
+
+print_usage() {
+  blue "kube-empty-namespace - Force delete all resources in the provided namespace"
+  echo " "
+  underline "Usage:"
+  echo "kube-empty-namespace"
+  echo " "
+  underline "Options:"
+  echo "-h, --help            show this help text"
+  echo "    --context         sets the context from the kubeconfig to use"
+  echo "-n, --namespace       the namespace the resources are in (required)"
+}
+
+YOLO="0"
+POS_ARGS=()
+
+while test $# -gt 0; do
+  case "$1" in
+    -n|--namespace)
+      shift
+      NAMESPACE=$1
+      shift
+      ;;
+    -h|--help)
+      print_usage
+      exit 0
+      ;;
+    --context)
+      shift
+      CONTEXT="$1"
+      shift
+      ;;
+    --yolo)
+      YOLO="1"
+      shift
+      ;;
+    *)
+      POS_ARGS+=(`echo $1 | tr '/' ' '`)
+      shift
+      ;;
+  esac
+done
+
+if [[ "${NAMESPACE}" == "" ]]; then
+  echo "Please provide the namespace to empty"
+  exit 1
+fi
+
+function deleteResource() {
+  RES="${1//.v1/}"
+  kubectl --context "${CONTEXT}" patch -p '{"metadata":{"finalizers":null}}' --type=merge -n ${NAMESPACE} ${RES} 1>/dev/null || printf ""
+  kubectl --context "${CONTEXT}" delete -n ${NAMESPACE} ${RES} 2>/dev/null || printf ""
+}
+
+printf "⚠️  This could leave cloud resources undeleted if finalizers aren't honoured ⚠️\n\n"
+
+RESOURCES=()
+
+if [[ "${YOLO}" == 0 ]]; then
+  printf "Are you sure you want to force delete all resources in '${NAMESPACE}'? (y/n): "
+  read CONFIRM
+else
+  echo ""
+  echo ""
+  orange "YOLO MODE!!! (What could go wrong?!)"
+  CONFIRM="y"
+fi
+
+if [ "${CONFIRM}" = "y" ]; then
+  echo ""
+  echo "💣  OK, I hope you know what you're doing..."
+  echo "Deleting all resources in namespace '${NAMESPACE}'"
+  echo ""
+
+  NAMES="$(kubectl --context "${CONTEXT}" api-resources --namespaced --verbs list -o name 2>/dev/null | tr '\n' ,)"
+  RESOURCES=$(kubectl --context "${CONTEXT}" get "${NAMES::${#NAMES}-1}" --ignore-not-found -n ${NAMESPACE} -o go-template='{{range.items}}{{.kind}}.{{.apiVersion}}/{{.metadata.name}}{{"\n"}}{{end}}' 2>/dev/null | tr '[:upper:]' '[:lower:]' | sed -r "s|/(v.+)/|/|g")
+
+  IFS='
+'
+  for RESOURCE in ${RESOURCES}
+  do
+    deleteResource ${RESOURCE}
+  done
+else
+  echo "Aborting..."
+  exit 1
+fi

home/.bin/kube-force-delete

@@ -6,6 +6,7 @@ NAMESPACE="$(kubectl config view --minify --output 'jsonpath={..namespace}' &>/d
 set -e
 NAMESPACE=${NAMESPACE:-default}
 SELECTOR=""
+CONTEXT="$(kubectl config current-context)"
 
 print_usage() {
   blue "kube-force-delete - Force delete resources, even those with finalizers"
@@ -15,9 +16,11 @@ print_usage() {
   echo " "
   underline "Options:"
   echo "-h, --help            show this help text"
+  echo "    --context         sets the context from the kubeconfig to use"
   echo "-n, --namespace       the namespace the resource is in (default: current namespace)"
 }
 
+YOLO="0"
 POS_ARGS=()
 
 while test $# -gt 0; do
@@ -36,6 +39,15 @@ while test $# -gt 0; do
       print_usage
       exit 0
       ;;
+    --context)
+      shift
+      CONTEXT="$1"
+      shift
+      ;;
+    --yolo)
+      YOLO="1"
+      shift
+      ;;
     /)
       # We want to ignore slash seperators between resource types and names
       shift
@@ -55,8 +67,8 @@ fi
 function deleteResource() {
   RES="${1//.v1/}"
   echo "Deleting ${RES}"
-  kubectl patch -p '{"metadata":{"finalizers":null}}' --type=merge -n ${NAMESPACE} ${RES} 1>/dev/null|| printf ""
+  kubectl --context "${CONTEXT}" patch -p '{"metadata":{"finalizers":null}}' --type=merge -n ${NAMESPACE} ${RES} 1>/dev/null|| printf ""
-  kubectl delete -n ${NAMESPACE} ${RES} 2>/dev/null || printf ""
+  kubectl --context "${CONTEXT}" delete -n ${NAMESPACE} ${RES} 2>/dev/null || printf ""
 }
 
 printf "⚠️  This could leave cloud resources undeleted if finalizers aren't honoured ⚠️\n\n"
@@ -68,15 +80,27 @@ if [[ "${SELECTOR}" == "" ]]; then
   RESOURCES=("${POS_ARGS[0]}/${POS_ARGS[1]}")
 else
   printf "Are you sure you want to delete all matching '${SELECTOR}'? (y/n): "
-  SELECTOR="-l ${SELECTOR}"
-  NAMES="$(kubectl api-resources --namespaced --verbs list -o name 2>/dev/null | tr '\n' ,)"
-  RESOURCES=$(kubectl get "${NAMES::${#NAMES}-1}" --ignore-not-found ${SELECTOR} -n ${NAMESPACE} -o go-template='{{range.items}}{{.kind}}.{{.apiVersion}}/{{.metadata.name}}{{"\n"}}{{end}}' 2>/dev/null | tr '[:upper:]' '[:lower:]' | sed -r "s|/(v.+)/|/|g")
 fi
-read CONFIRM
+
+if [[ "${YOLO}" == 0 ]]; then
+  read CONFIRM
+else
+  echo ""
+  echo ""
+  orange "YOLO MODE!!! (What could go wrong?!)"
+  CONFIRM="y"
+fi
 
 if [ "${CONFIRM}" = "y" ]; then
   echo ""
   echo "💣  OK, I hope you know what you're doing..."
+
+  if [[ "${SELECTOR}" != "" ]]; then
+    SELECTOR="-l ${SELECTOR}"
+    NAMES="$(kubectl --context "${CONTEXT}" api-resources --verbs list -o name 2>/dev/null | tr '\n' ,)"
+    RESOURCES=$(kubectl --context "${CONTEXT}" get "${NAMES::${#NAMES}-1}" --ignore-not-found ${SELECTOR} -n ${NAMESPACE} -o go-template='{{range.items}}{{.kind}}.{{.apiVersion}}/{{.metadata.name}}{{"\n"}}{{end}}' 2>/dev/null | tr '[:upper:]' '[:lower:]' | sed -r "s|/(v.+)/|/|g")
+  fi
+
   IFS='
 '
   for RESOURCE in ${RESOURCES}

home/.bin/kube-shell

@@ -6,8 +6,8 @@ NAMESPACE="$(kubectl config view --minify --output 'jsonpath={..namespace}' &>/d
 set -e
 NAMESPACE=${NAMESPACE:-default}
 POD="shell"
-IMAGE="bash"
+IMAGE="digitalocean/doks-debug"
-CMD="sh"
+CMD="bash"
 
 print_usage() {
   blue "kube-shell - create a new pod and exec into it's shell"
@@ -19,7 +19,7 @@ print_usage() {
   echo "-h, --help            show this help text"
   echo "-n, --namespace       the namespace the pod should launch in"
   echo "-p, --pod             the name of the pod to get logs for (default: shell)"
-  echo "-i, --image           the image to use for the shell container (default: bash)"
+  echo "-i, --image           the image to use for the shell container (default: digitalocean/doks-debug)"
   echo "-c, --command         the initial command to execute in the container (default: sh)"
 }
 
@@ -57,5 +57,16 @@ done
 
 NAMESPACE=${NAMESPACE:-default}
 
-echo kubectl run -it --namespace $NAMESPACE $POD --image $IMAGE --restart Never --rm -- $CMD
+OVERRIDES='{
-kubectl run -it --namespace $NAMESPACE $POD --image $IMAGE --restart Never --rm -- $CMD
+  "spec": {
+    "securityContext": {"runAsGroup": 1000,"runAsNonRoot": true,"runAsUser": 1000,"seccompProfile": {"type": "RuntimeDefault"}},
+    "containers": [
+      {
+        "name":"'$POD'","image":"'$IMAGE'", "command": ["'$CMD'"],
+        "stdin": true,"stdinOnce": true,"tty": true,
+        "securityContext": {"allowPrivilegeEscalation": false,"capabilities": {"drop": ["ALL"]},"privileged": false,"runAsGroup": 1000,"runAsNonRoot": true,"runAsUser": 1000,"seccompProfile": {"type": "RuntimeDefault"}}
+      }
+    ]
+  }
+}'
+kubectl run -it --namespace $NAMESPACE $POD --image $IMAGE --restart Never --overrides "${OVERRIDES}" --rm -- $CMD

home/.bin/kube-template

@@ -36,33 +36,27 @@ done
 
 NAME=${2}
 
-addLabelsAndAnnotations() {
-  yq e '.metadata.labels."app.kubernetes.io/name" = "'${NAME}'" |
-            .metadata.labels."giantswarm.io/user" = "'$(whoami)'" |
-            .metadata.annotations."giantswarm.io/description" = ""' -
-}
-
 case "$1" in
   deployment|dp)
-    kubectl create ${NAMESPACE} deployment ${NAME} --image=nginx:1.21 --dry-run=client -o yaml ${@:3} | addLabelsAndAnnotations
+    kubectl create ${NAMESPACE} deployment ${NAME} --image=nginx:1.21 --dry-run=client -o yaml ${@:3}
     ;;
   ingress|in)
-    kubectl create ${NAMESPACE} ingress ${NAME} --dry-run=client -o yaml --rule=example.com/=my-service:web ${@:3} | addLabelsAndAnnotations
+    kubectl create ${NAMESPACE} ingress ${NAME} --dry-run=client -o yaml --rule=example.com/=my-service:web ${@:3}
     ;;
   service|svc)
-    kubectl create ${NAMESPACE} service clusterip ${NAME} --dry-run=client -o yaml ${@:3} | addLabelsAndAnnotations
+    kubectl create ${NAMESPACE} service clusterip ${NAME} --dry-run=client -o yaml ${@:3}
     ;;
   configmap|cm)
-    kubectl create ${NAMESPACE} configmap ${NAME} --dry-run=client -o yaml ${@:3} | addLabelsAndAnnotations
+    kubectl create ${NAMESPACE} configmap ${NAME} --dry-run=client -o yaml ${@:3}
     ;;
   secret|sec)
-    kubectl create ${NAMESPACE} secret generic ${NAME} --dry-run=client -o yaml ${@:3} | addLabelsAndAnnotations
+    kubectl create ${NAMESPACE} secret generic ${NAME} --dry-run=client -o yaml ${@:3}
     ;;
   cronjob|cj)
-    kubectl create ${NAMESPACE} cronjob ${NAME} --image=alpine:latest --schedule="1 * * * *" --dry-run=client -o yaml ${@:3} | addLabelsAndAnnotations
+    kubectl create ${NAMESPACE} cronjob ${NAME} --image=alpine:latest --schedule="1 * * * *" --dry-run=client -o yaml ${@:3}
     ;;
   job|jo)
-    kubectl create ${NAMESPACE} job ${NAME} --image=alpine:latest --dry-run=client -o yaml ${@:3} | addLabelsAndAnnotations
+    kubectl create ${NAMESPACE} job ${NAME} --image=alpine:latest --dry-run=client -o yaml ${@:3}
     ;;
 esac
 

home/.bin/renovate-prs

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+
+source .utils
+
+set -e
+RENOVATE_USER="29139614"
+MERGE=false
+
+print_usage() {
+  blue "renovate-prs - List all Renovate PRs and batch approve"
+  echo " "
+  underline "Usage:"
+  echo "renovate-prs [options]"
+  echo " "
+  underline "Options:"
+  echo "-h, --help            show this help text"
+  echo "-m, --merge           merge PRs after approving"
+}
+
+while test $# -gt 0; do
+  case "$1" in
+    -m|--merge)
+      shift
+      MERGE=true
+      shift
+      ;;
+    -h|--help)
+      print_usage
+      exit 0
+      ;;
+    *)
+      break
+      ;;
+  esac
+done
+
+PULLS=$(curl --silent -L -H "Accept: application/vnd.github+json" \
+  -H "Authorization: Bearer ${GITHUB_TOKEN}" -H "X-GitHub-Api-Version: 2022-11-28" \
+  "https://api.github.com/search/issues?q=is%3Apr%20is%3Aopen%20archived%3Afalse%20sort%3Aupdated-desc%20review-requested%3AAverageMarcus%20renovate" \
+  | jq -r -c ".items[] | select(.user.id == ${RENOVATE_USER} and .draft == false) | @base64")
+
+if [[ "${PULLS}" == "" ]]; then
+  blue "No Renovate PRs pending"
+else
+
+  for PR in ${PULLS}; do
+    PR=$(echo ${PR} | base64 -d)
+    NUMBER=$(echo ${PR} | jq -r '.number')
+    TITLE=$(echo ${PR} | jq -r '.title')
+    URL=$(echo ${PR} | jq -r '.pull_request.html_url')
+    BODY=$(echo ${PR} | jq -r '.body')
+
+    PACKAGES=""
+    HEADER_FOUND=false
+    DIVIDER_FOUND=false
+    while IFS= read -r line; do
+      if [[ "${line}" == "" ]] && [[ "${HEADER_FOUND}" == "true" ]] && [[ "${DIVIDER_FOUND}" == "true" ]]; then
+        break
+      fi
+
+      if [[ "${HEADER_FOUND}" == "true" ]] && [[ "${DIVIDER_FOUND}" == "true" ]]; then
+        line=$(echo ${line} | sed -r 's/\((.+)\)//g' | sed -r 's/(\[|\]|`)//g')
+        parts=(${line//|/ })
+
+        PACKAGES+=" - ${parts[0]} - ${parts[${#parts[@]}-3]]} ➡ ${parts[${#parts[@]}-1]]}\n"
+      fi
+
+      if [[ "${line}" == "| Package | Type | Update | Change |" ]] || [[ "${line}" == "| Package | Update | Change |" ]]; then
+        HEADER_FOUND=true
+      fi
+      if [[ "${line}" == "|---|---|---|---|" ]] || [[ "${line}" == "|---|---|---|" ]]; then
+        DIVIDER_FOUND=true
+      fi
+    done <<< "$BODY"
+
+    bold "#${NUMBER} ${STATE} $(blue "${TITLE}")"
+    printf "🌐 $(underline ${URL})\n"
+    printf "${PACKAGES}"
+    echo ""
+  done
+
+fi

home/.bin/talos-upgrade

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+
+source .utils
+
+set -e
+
+if [[ "${TALOSCONFIG}" == "" ]]; then
+  echo "You need to set TALOSCONFIG before running this"
+  exit 1
+fi
+
+LATEST_RELEASE=$(curl --silent https://api.github.com/repos/siderolabs/talos/releases | jq -r '[.[] | select(.prerelease == false)] | .[0]')
+TALOS_VERSION="$(jq --argjson LATEST_RELEASE "$LATEST_RELEASE" -c -n -r '$LATEST_RELEASE.tag_name')"
+KUBERNETES_VERSION="$(jq --argjson LATEST_RELEASE "$LATEST_RELEASE" -c -n -r '$LATEST_RELEASE.body | match("registry.k8s.io/kube-apiserver:v([0-9\\.]+)") | .captures[0].string')"
+
+blue "TALOS_VERSION      = ${TALOS_VERSION}"
+blue "KUBERNETES_VERSION = ${KUBERNETES_VERSION}"
+echo ""
+blue "ISO URL: https://github.com/siderolabs/talos/releases/download/${TALOS_VERSION}/metal-amd64.iso"
+echo ""
+
+kubectl cluster-info
+
+echo ""
+printf "Continue? (y/n): "
+read CONFIRM
+if [[ "${CONFIRM}" != "y" ]]; then
+  exit 1
+fi
+
+echo ""
+blue "Ensuring talosctl is up-to-date..."
+brew upgrade siderolabs/tap/talosctl
+
+CONTROL_PLANE="$(talosctl get nodetaintspec -o json | jq -r '.node')"
+WORKERS=( $(talosctl get nodeips -o json | jq -r '.node | select(. != "'${CONTROL_PLANE}'")'))
+
+echo ""
+kubectl get no -o wide
+
+echo ""
+blue "Upgrading the control plane first..."
+talosctl upgrade --image ghcr.io/siderolabs/installer:${TALOS_VERSION} --preserve=true --nodes ${CONTROL_PLANE}
+
+echo ""
+blue "Upgrading the worker nodes..."
+SLEEP="10"
+for NODE in "${WORKERS[@]}"
+do
+  talosctl upgrade --image ghcr.io/siderolabs/installer:${TALOS_VERSION} --preserve=true --nodes ${NODE}
+
+  italic "Waiting for ${SLEEP} seconds to let pods settle..."
+  sleep ${SLEEP}
+done
+
+echo ""
+kubectl get no -o wide
+
+# Only the control plane requires the k8s version upgrading, the workers are done as part of the OS upgrade
+echo ""
+blue "Upgrading Kubernetes..."
+talosctl upgrade-k8s --nodes ${CONTROL_PLANE} --to ${KUBERNETES_VERSION}
+
+echo ""
+kubectl get no -o wide
+
+echo ""
+orange "🎉 Upgrade Complete! 🎉"
+
+echo ""
+blue "ISO URL: https://github.com/siderolabs/talos/releases/download/${TALOS_VERSION}/metal-amd64.iso"

home/.dotfiles/1-zsh

@@ -15,7 +15,6 @@ zstyle ':omz:update' mode reminder
 
 source `brew --prefix switch`/switch.sh
 
-
 # History
 HISTFILE="$HOME/.zsh_history"
 HISTIGNORE="&:exit:reset:clear:zh"
@@ -30,7 +29,6 @@ setopt HIST_REDUCE_BLANKS
 setopt autocd
 autoload -U add-zsh-hook
 
-
 DISABLE_AUTO_TITLE="true"
 
 # Override auto-title when static titles are desired ($ title My new title)
@@ -54,4 +52,6 @@ preexec() {
   printf "\033]0;%s\a" "${1%% *} | $cwd" # Omit construct from $1 to show args
 }
 
-eval "$(ssh-agent -s)" > /dev/null
+if [ $(/bin/ps -ef | /usr/bin/grep "ssh-agent" | /usr/bin/grep -v "grep" | wc -l) -eq 0 ]; then
+  eval "$(ssh-agent -s)" > /dev/null
+fi

home/.dotfiles/aliases

@@ -2,7 +2,7 @@
 alias _cat=`which cat`
 alias _curl=`which curl`
 alias _ls="/bin/ls"
-alias _grep="/bin/grep"
+alias _grep="/usr/bin/grep"
 alias _diff="/usr/bin/diff"
 alias _du=`which du`
 alias _df=`which df`
@@ -22,7 +22,7 @@ fi
 # Aliases
 alias cat='bat '
 alias curl='curlie'
-alias ls='exa --group-directories-first --icons --header --git --ignore-glob=.git'
+alias ls='eza --group-directories-first --icons --header --git --ignore-glob=.git'
 alias grep='rg'
 alias diff='delta'
 alias du='dust'
@@ -73,10 +73,10 @@ git() {
   elif [ "$1" = "commit" ]; then # Sign all commits
     shift
     _git commit -s $@
-  elif [ "$1" = "co" ]; then # Sign all commits
+  elif [ "$1" = "co" ]; then # Create a new branch
     shift
     _git checkout -b $@
-  elif [ "$1" = "push" ]; then # Sign all commits
+  elif [ "$1" = "push" ]; then # Guard against pushing to certain orgs
     shift
     if [ $# -eq 0 ]; then
       remote_url=$(_git remote get-url $(git current-remote))
@@ -86,6 +86,60 @@ git() {
       fi
     fi
     _git push $@
+  elif [ "$1" = "release" ]; then # Create a new tag
+    shift
+    SEMVER=$1
+
+    CURRENT_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
+    VERSION_PARTS=($(echo $CURRENT_TAG | tr "." "\n"))
+    VERSION_MAJOR=${VERSION_PARTS[1]}
+    VERSION_MINOR=${VERSION_PARTS[2]}
+    VERSION_PATCH=${VERSION_PARTS[3]}
+
+    case ${SEMVER} in
+      patch)
+        VERSION_PATCH=$((VERSION_PATCH+1))
+        ;;
+
+      minor)
+        VERSION_MINOR=$((VERSION_MINOR+1))
+        VERSION_PATCH=0
+        ;;
+
+      major)
+        if [[ ${VERSION_MAJOR:0:1} == "v" ]]; then
+          VERSION_MAJOR="v$((VERSION_MAJOR+1))"
+        else
+          VERSION_MAJOR=$((VERSION_MAJOR+1))
+        fi
+        VERSION_MINOR=0
+        VERSION_PATCH=0
+        ;;
+
+      *)
+        echo "Unknown Semver level provided"
+        exit 1
+        ;;
+    esac
+
+    NEW_VERSION="${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}"
+    echo ""
+    echo "✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ "
+    echo "Current version  ${CURRENT_TAG}"
+    echo "    New version  ${NEW_VERSION}"
+    echo "✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ ✨ "
+    echo ""
+
+    printf "Confirm? (y/n): "
+    read CONFIRM
+
+    if [ "${CONFIRM}" = "y" ]; then
+      git tag -a -m "${NEW_VERSION}" ${NEW_VERSION}
+      echo "New tag created, don't forget to push to remote"
+    else
+      echo "Aborting..."
+      exit 1
+    fi
   else
     _git $@
   fi

home/.dotfiles/environment

@@ -31,3 +31,9 @@ export TZ_LIST="Europe/Berlin;Europe/Sofia;UTC"
 
 # Docker
 export DOCKER_HOST=$(docker context inspect --format='{{.Endpoints.docker.Host}}')
+
+# Brew - Prevent updating all packages when installing a new one
+export HOMEBREW_NO_AUTO_UPDATE=1
+
+# k9s
+export K9S_CONFIG_DIR="$HOME/.k9s"

home/.gitconfig

@@ -22,6 +22,7 @@
 
 [push]
 	default = simple
+	followTags = true
 
 [init]
 	defaultBranch = main
@@ -37,13 +38,15 @@
 
 [alias]
 	basename = "!git remote -v | head -n1 | awk '{print $2}' | sed 's/.*\\///' | sed 's/\\.git//'"
+	remote-base-url = "!git remote get-url $(git fork-or-origin) | tr ':' '/' | sed 's|ssh///git@|https://|' | sed 's|git@|https://|' | sed 's|\\.git|/|'"
 	org-name = "!git remote -v | grep -m 1 -o ':.*/' | sed 's:^.\\(.*\\).$:\\1:'"
 	branch-name = "!git rev-parse --abbrev-ref HEAD"
 	changelog-changed = "!test $(git diff --name-only HEAD origin/$(git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@') | grep CHANGELOG.md | wc -l | xargs) = 1"
-	main-branch = "!git remote show origin|grep HEAD|sed 's/.* //'"
+	main-branch = "!git remote show origin 2>/dev/null | grep HEAD | sed 's/.* //'"
 	fork-or-origin = "!func(){ $(git remote show fork &>/dev/null); if [[ $? == 0 ]]; then echo \"fork\" ; else echo \"origin\"; fi; }; func"
 	main = "!git remote set-head origin --auto && git checkout $(git main-branch) && git pull"
-	publish = "!func(){ if [[ $(git branch-name) != \"$(git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@')\" ]]; then git push -u $(git fork-or-origin) $(git branch-name) && (git changelog-changed || echo '\n\n⚠️  Dont forget to update changelog ⚠️ ') ; else echo "Wat?!"; fi; }; func"
+	pr-link = "!echo \"$(git remote-base-url)compare/$(git main-branch)...$(git branch-name)?expand=1\""
+	publish = "!func(){ if [[ $(git branch-name) != \"$(git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@')\" ]]; then git push -u $(git fork-or-origin) $(git branch-name) && (git changelog-changed || echo '\n\n⚠️  Dont forget to update changelog ⚠️ ') && (echo '\n\n'; git pr-link) ; else echo "Wat?!"; fi; }; func"
 	cleanup = "!git fetch -p && for branch in `git branch -vv | grep ': gone]' | awk '{print $1}'`; do git branch -D $branch; done"
 	dont-change-file = "!git update-index --assume-unchanged"
 	ignore-file = "!git update-index --skip-worktree"
@@ -63,4 +66,4 @@
 [pull]
 	rebase = false
 [gpg]
-	program = /opt/homebrew/bin//gpg
+	program = /opt/homebrew/bin/gpg

home/.hyper.js

@@ -1,156 +0,0 @@
-// Future versions of Hyper may add additional config options,
-// which will not automatically be merged into this file.
-// See https://hyper.is#cfg for all currently supported options.
-
-module.exports = {
-  config: {
-    // choose either `'stable'` for receiving highly polished,
-    // or `'canary'` for less polished but more frequent updates
-    updateChannel: 'stable',
-
-    scrollback: 10000000,
-
-    // default font size in pixels for all tabs
-    fontSize: 13,
-
-    // font family with optional fallbacks
-    fontFamily: '"OpenDyslexicMono Nerd Font", "Fira Code", Menlo, "DejaVu Sans Mono", Consolas, "Lucida Console", monospace',
-
-    // default font weight: 'normal' or 'bold'
-    fontWeight: 'normal',
-
-    // font weight for bold characters: 'normal' or 'bold'
-    fontWeightBold: 'bold',
-
-    // line height as a relative unit
-    lineHeight: 1,
-
-    // letter spacing as a relative unit
-    letterSpacing: 0,
-
-    // terminal cursor background color and opacity (hex, rgb, hsl, hsv, hwb or cmyk)
-    cursorColor: 'rgba(248,28,229,0.8)',
-
-    // terminal text color under BLOCK cursor
-    cursorAccentColor: '#000',
-
-    // `'BEAM'` for |, `'UNDERLINE'` for _, `'BLOCK'` for █
-    cursorShape: 'BEAM',
-
-    // set to `true` (without backticks and without quotes) for blinking cursor
-    cursorBlink: true,
-
-    // color of the text
-    foregroundColor: '#fff',
-
-    // terminal background color
-    // opacity is only supported on macOS
-    backgroundColor: '#000',
-
-    // terminal selection color
-    selectionColor: 'rgba(248,28,229,0.3)',
-
-    // border color (window, tabs)
-    borderColor: '#333',
-
-    // custom CSS to embed in the main window
-    css: `.line {
-      color: #999;
-      stroke: #999;
-    }`,
-
-    // custom CSS to embed in the terminal window
-    termCSS: '',
-
-    // if you're using a Linux setup which show native menus, set to false
-    // default: `true` on Linux, `true` on Windows, ignored on macOS
-    showHamburgerMenu: '',
-
-    // set to `false` (without backticks and without quotes) if you want to hide the minimize, maximize and close buttons
-    // additionally, set to `'left'` if you want them on the left, like in Ubuntu
-    // default: `true` (without backticks and without quotes) on Windows and Linux, ignored on macOS
-    showWindowControls: '',
-
-    // custom padding (CSS format, i.e.: `top right bottom left`)
-    padding: '12px 14px',
-
-    // the full list. if you're going to provide the full color palette,
-    // including the 6 x 6 color cubes and the grayscale map, just provide
-    // an array here instead of a color map object
-    colors: {
-      black: '#000000',
-      red: '#C51E14',
-      green: '#1DC121',
-      yellow: '#C7C329',
-      blue: '#0A2FC4',
-      magenta: '#C839C5',
-      cyan: '#20C5C6',
-      white: '#C7C7C7',
-      lightBlack: '#686868',
-      lightRed: '#FD6F6B',
-      lightGreen: '#67F86F',
-      lightYellow: '#FFFA72',
-      lightBlue: '#6A76FB',
-      lightMagenta: '#FD7CFC',
-      lightCyan: '#68FDFE',
-      lightWhite: '#FFFFFF',
-    },
-
-    // the shell to run when spawning a new session (i.e. /usr/local/bin/fish)
-    // if left empty, your system's login shell will be used by default
-    //
-    // Windows
-    // - Make sure to use a full path if the binary name doesn't work
-    // - Remove `--login` in shellArgs
-    //
-    // Bash on Windows
-    // - Example: `C:\\Windows\\System32\\bash.exe`
-    //
-    // PowerShell on Windows
-    // - Example: `C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\powershell.exe`
-    shell: '',
-
-    // for setting shell arguments (i.e. for using interactive shellArgs: `['-i']`)
-    // by default `['--login']` will be used
-    shellArgs: ['--login'],
-
-    // for environment variables
-    env: {},
-
-    // set to `false` for no bell
-    bell: `false`,
-
-    // if `true` (without backticks and without quotes), selected text will automatically be copied to the clipboard
-    copyOnSelect: false,
-
-    // if `true` (without backticks and without quotes), hyper will be set as the default protocol client for SSH
-    defaultSSHApp: true,
-
-    // if `true` (without backticks and without quotes), on right click selected text will be copied or pasted if no
-    // selection is present (`true` by default on Windows and disables the context menu feature)
-    // quickEdit: true,
-
-    // URL to custom bell
-    // bellSoundURL: 'http://example.com/bell.mp3',
-
-    // for advanced config flags please refer to https://hyper.is/#cfg
-  },
-
-  // a list of plugins to fetch and install from npm
-  // format: [@org/]project[#version]
-  // examples:
-  //   `hyperpower`
-  //   `@company/project`
-  //   `project#1.0.1`
-  plugins: ["hyper-search", "hyperterm-paste", "hyper-tabs-enhanced", "hyper-chesterish", "hyper-quit"],
-
-  // in development, you can create a directory under
-  // `~/.hyper_plugins/local/` and include it here
-  // to load it and avoid it being `npm install`ed
-  localPlugins: [],
-
-  keymaps: {
-    // Example
-    // 'window:devtools': 'cmd+alt+o',
-  },
-};

home/.k9s/aliases.yaml

@@ -0,0 +1,9 @@
+aliases:
+  dp: deployments
+  sec: v1/secrets
+  jo: jobs
+  cr: clusterroles
+  crb: clusterrolebindings
+  ro: roles
+  rb: rolebindings
+  np: networkpolicies

home/.k9s/config.yaml

@@ -0,0 +1,42 @@
+k9s:
+  liveViewAutoRefresh: false
+  refreshRate: 2
+  maxConnRetry: 5
+  readOnly: false
+  noExitOnCtrlC: false
+  ui:
+    enableMouse: false
+    headless: false
+    logoless: true
+    crumbsless: false
+    reactive: true
+    noIcons: false
+    skin: default
+  skipLatestRevCheck: false
+  disablePodCounting: false
+  shellPod:
+    image: busybox:1.35.0
+    namespace: default
+    limits:
+      cpu: 100m
+      memory: 100Mi
+    tty: true
+  imageScans:
+    enable: false
+    exclusions:
+      namespaces: []
+      labels: {}
+  logger:
+    tail: 5000
+    buffer: 50000
+    sinceSeconds: 0
+    fullScreen: false
+    textWrap: false
+    showTime: false
+  thresholds:
+    cpu:
+      critical: 90
+      warn: 80
+    memory:
+      critical: 90
+      warn: 80

home/.k9s/config.yml

@@ -1,26 +0,0 @@
-k9s:
-  refreshRate: 2
-  maxConnRetry: 5
-  enableMouse: false
-  headless: false
-  logoless: true
-  crumbsless: false
-  readOnly: false
-  noIcons: false
-  logger:
-    tail: 5000
-    buffer: 50000
-    sinceSeconds: 0
-    fullScreenLogs: false
-    textWrap: false
-    showTime: false
-  currentContext:
-  currentCluster:
-  clusters: []
-  thresholds:
-    cpu:
-      critical: 90
-      warn: 80
-    memory:
-      critical: 90
-      warn: 80

home/.k9s/plugins.yaml

@@ -0,0 +1,154 @@
+plugins:
+  # kubectl-blame by knight42
+  # Annotate each line in the given resource's YAML with information from the managedFields to show who last modified the field.
+  # Source: https://github.com/knight42/kubectl-blame
+  # Install via:
+  #   krew: `kubectl krew install blame`
+  #   go: `go install github.com/knight42/kubectl-blame@latest`
+  blame:
+    shortCut: b
+    confirm: false
+    description: "Blame"
+    scopes:
+      - all
+    command: sh
+    background: false
+    args:
+      - -c
+      - "kubectl-blame $RESOURCE_NAME $NAME -n $NAMESPACE --context $CONTEXT | less"
+
+  # Suspends/Resumes a cronjob
+  toggleCronjob:
+    shortCut: Shift-S
+    confirm: true
+    scopes:
+      - cj
+    description: Toggle to suspend or resume a running cronjob
+    command: kubectl
+    background: true
+    args:
+      - patch
+      - cronjobs
+      - $NAME
+      - -n
+      - $NAMESPACE
+      - --context
+      - $CONTEXT
+      - -p
+      - '{"spec" : {"suspend" : $!COL-SUSPEND }}'
+
+  # Flux
+  reconcile-git:
+    shortCut: Shift-R
+    confirm: false
+    description: Flux reconcile
+    scopes:
+      - gitrepositories
+    command: bash
+    background: false
+    args:
+      - -c
+      - >-
+        flux
+        reconcile source git
+        --context $CONTEXT
+        -n $NAMESPACE $NAME
+        | less -K
+  reconcile-hr:
+    shortCut: Shift-R
+    confirm: false
+    description: Flux reconcile
+    scopes:
+      - helmreleases
+    command: bash
+    background: false
+    args:
+      - -c
+      - >-
+        flux
+        reconcile helmrelease
+        --context $CONTEXT
+        -n $NAMESPACE $NAME
+        | less -K
+  reconcile-helm-repo:
+    shortCut: Shift-R
+    description: Flux reconcile
+    scopes:
+      - helmrepositories
+    command: bash
+    background: false
+    confirm: false
+    args:
+      - -c
+      - >-
+        flux
+        reconcile source helm
+        --context $CONTEXT
+        -n $NAMESPACE $NAME
+        | less -K
+  reconcile-oci-repo:
+    shortCut: Shift-R
+    description: Flux reconcile
+    scopes:
+      - ocirepositories
+    command: bash
+    background: false
+    confirm: false
+    args:
+      - -c
+      - >-
+        flux
+        reconcile source oci
+        --context $CONTEXT
+        -n $NAMESPACE $NAME
+        | less -K
+  reconcile-ks:
+    shortCut: Shift-R
+    confirm: false
+    description: Flux reconcile
+    scopes:
+      - kustomizations
+    command: bash
+    background: false
+    args:
+      - -c
+      - >-
+        flux
+        reconcile kustomization
+        --context $CONTEXT
+        -n $NAMESPACE $NAME
+        | less -K
+
+  remove_finalizers:
+    shortCut: Ctrl-F
+    confirm: true
+    scopes:
+      - all
+    description: |
+      Removes all finalizers
+    command: kubectl
+    background: true
+    args:
+      - patch
+      - --context
+      - $CONTEXT
+      - --namespace
+      - $NAMESPACE
+      - $RESOURCE_NAME.$RESOURCE_GROUP
+      - $NAME
+      - -p
+      - '{"metadata":{"finalizers":null}}'
+      - --type
+      - merge
+
+  watch-events:
+    shortCut: Shift-E
+    confirm: false
+    description: Watch Events
+    scopes:
+    - all
+    command: sh
+    background: false
+    args:
+    - -c
+    - "kubectl events --context $CONTEXT --namespace $NAMESPACE --for $RESOURCE_NAME.$RESOURCE_GROUP/$NAME --watch"

home/.vimrc

@@ -3,3 +3,4 @@ set paste
 set number
 set linespace=3
 set cursorline
+syntax on

home/.zshrc

@@ -7,6 +7,7 @@ PATH_DIRS=(
   "${HOME}/.cargo/bin"
   "/home/linuxbrew/.linuxbrew/bin"
   "/opt/homebrew/bin/"
+  "${HOME}/Library/Python/3.11/bin"
   "/usr/local/bin"
   "/usr/bin"
   "/bin"
@@ -15,6 +16,7 @@ PATH_DIRS=(
   "${PATH}"
 )
 export PATH=${"${PATH_DIRS[*]}"// /:}
+export FPATH="$FPATH:/opt/homebrew/share/zsh/site-functions"
 
 if [ ! -z ~/.additional_dotfiles/credentials ]; then
   source ~/.additional_dotfiles/credentials

install.sh

@@ -2,22 +2,21 @@
 
 export PATH="/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin/:$PATH"
 
-GITEMAIL=$(git config --get user.email)
-
 [ -d ~/.additional_dotfiles ] || (mkdir -p ~/.additional_dotfiles && touch ~/.additional_dotfiles/credentials)
 [ -d /usr/local/share/zsh/site-functions ] || (sudo mkdir -p /usr/local/share/zsh/site-functions && sudo chmod 777 /usr/local/share/zsh/site-functions)
 
 # Install homebrew
+echo ""
+echo "🔵  Installing homebrew"
 which brew >/dev/null || /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
-brew tap homebrew/core
+echo "✅"
-
-echo "🔵  Setting up zsh"
 
 # Install oh-my-zsh
+echo ""
+echo "🔵  Setting up zsh"
 printf "Cloning oh-my-zsh..."
 [ -d ${HOME}/.oh-my-zsh ] || sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
 printf " ✅\n"
-
 # Install ZSH plugins
 printf "Cloning zsh plugins..."
 [ -d ${ZSH_CUSTOM:-${HOME}/.oh-my-zsh/custom}/plugins/zsh-autosuggestions ] || git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-${HOME}/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
@@ -30,24 +29,41 @@ sudo chmod -R 755 /usr/local/share/zsh/site-functions
 # Install tools
 BREW_TOOLS=(
   git argocd bandwhich bat danielfoehrkn/switch/switch derailed/k9s/k9s
-  dive doggo duf dust exa fd fzf git-delta go helm htop jq kind krew
+  dive doggo duf dust eza fd fzf git-delta go helm htop jq kind krew curl
-  kubectl kubectx kustomize node procs progress ripgrep rs/tap/curlie rust starship
+  kubectl kustomize node procs progress ripgrep rs/tap/curlie rust starship
-  tektoncd/tools/tektoncd-cli tldr tailscale yq hashicorp/tap/vault
+  tektoncd/tools/tektoncd-cli tldr tailscale yq tabby vale jless macchina tz viddy
-  tabby vale lastpass-cli jless macchina tz vmware-tanzu/carvel/kapp viddy
+  homeassistant-cli act dnsmasq gh kubebuilder golangci-lint gnu-sed s3cmd
-  homeassistant-cli act dnsmasq gh kubebuilder golangci-lint gnu-sed
+  pulumi/tap/pulumi kubeseal fluxcd/tap/flux ical-buddy baobab
-  pulumi/tap/pulumi kubeseal podman podman-desktop fluxcd/tap/flux
+  watch crane openssh siderolabs/talos/talosctl civo/tools/civo raspberry-pi-imager
-  watch crane openssh
+  gron ssup2/tap/kpexec opentofu visual-studio-code 1password-cli scw smartmontools
+  firefox signal slack ffmpeg openscad tsh colima docker docker-buildx nordvpn
+  1password tailscale-app
   )
 # Brew tools only available / needed on Mac
 MAC_BREW_TOOLS=(
-  pinentry-mac gpg gawk coreutils wget stats homebrew/cask-fonts/font-open-dyslexic-nerd-font
+  pinentry-mac gpg gawk coreutils wget stats font-open-dyslexic-nerd-font
-  hiddenbar
+  dimentium/autoraise/autoraiseapp the-unarchiver rar mas capcut
+  mqtt-explorer raycast bettertouchtool calibre kdenlive royal-tsx tableplus
+  homebrew/cask/todoist ultimaker-cura webtorrent pika pearcleaner spotmenu
+  jordanbaird-ice utm
   )
 CARGO_TOOLS=( bottom )
 NODE_TOOLS=( git-split-diffs )
-KREW_TOOLS=( gs outdated tree stern )
+KREW_TOOLS=( outdated tree stern explore blame access-matrix cert-manager rbac-tool resource-capacity view-secret )
 APT_TOOLS=( zsh gcc )
+MAS_TOOLS=(
+  1263070803 # Lungo
+  1470584107 # Dato
+  1351639930 # Gifski
+)
 
+# Tools removed to be cleaned up
+REMOVED_BREW_TOOLS=(
+  exa karabiner-elements kubectx hiddenbar
+)
+REMOVED_KREW_TOOLS=( gs )
+
+echo ""
 echo "🔵  Installing / updating tools"
 
 # Install Debian/Ubuntu specific packages if apt exists
@@ -57,6 +73,8 @@ if command -v apt &>/dev/null; then
 fi
 
 # Homebrew
+echo ""
+echo "🔵  Homebrew tools"
 export HOMEBREW_NO_INSTALL_CLEANUP=true
 for tool in "${BREW_TOOLS[@]}"
 do
@@ -70,6 +88,8 @@ do
 done
 
 # Cargo
+echo ""
+echo "🔵  Cargo tools"
 for tool in "${CARGO_TOOLS[@]}"
 do
   printf "${tool}..."
@@ -82,6 +102,8 @@ do
 done
 
 # Krew
+echo ""
+echo "🔵  Krew tools"
 kubectl-krew update &>/dev/null
 for tool in "${KREW_TOOLS[@]}"
 do
@@ -103,6 +125,7 @@ fulllink() {
   fi
 }
 
+echo ""
 echo "🔵  OS Specific setup"
 echo "Detected OS type: ${OSTYPE}"
 
@@ -112,6 +135,8 @@ case "${OSTYPE}" in
     ;;
   *darwin*)
     # Mac specific setup
+    echo ""
+    echo "Instaling Mac-specific Brew tools..."
     for tool in "${MAC_BREW_TOOLS[@]}"
     do
       printf "${tool}..."
@@ -123,7 +148,22 @@ case "${OSTYPE}" in
       fi
     done
 
+    # Mac App Store
+    echo ""
+    echo "Instaling Mac-specific App Store tools..."
+    for tool in "${MAS_TOOLS[@]}"
+    do
+      printf "MAS ID: ${tool}..."
+      mas install ${tool} &>/dev/null
+      if [ $? -eq 0 ]; then
+        printf " ✅\n"
+      else
+        printf " ❌\n"
+      fi
+    done
 
+    echo ""
+    echo "Setting up config files"
     FILES=$(/usr/bin/find ./os-specific/darwin/home -maxdepth 1 -mindepth 1 | tr '\n' ' ')
     for file in $FILES
     do
@@ -145,12 +185,14 @@ case "${OSTYPE}" in
 
 
     # Handle other files outside of the user's home directory
-    echo "Handiling non-standard files:"
+    echo ""
+    echo "🔵  Handiling non-standard files:"
     # 1. Tabby config
+    mkdir -p "/Users/${USER}/Library/Application Support/tabby"
     f=$(fulllink "./other-files/tabby/config.yaml")
     dst="/Users/${USER}/Library/Application Support/tabby/config.yaml"
     printf "Linking ${f}=>${dst}"
-    ln -sfn ${f} ${dst}
+    ln -sfn "${f}" "${dst}"
     printf " ✅\n"
 
     # 2. dnsmasq
@@ -166,6 +208,7 @@ case "${OSTYPE}" in
     ;;
 esac
 
+echo ""
 echo "🔵  Adding configuration"
 FILES=$(/usr/bin/find ./home -maxdepth 1 -mindepth 1 | tr '\n' ' ')
 for file in $FILES
@@ -176,3 +219,36 @@ do
   ln -sfn ${f} ${dst}
   printf " ✅\n"
 done
+
+
+echo ""
+echo "🔵  Updating installed tools..."
+brew upgrade
+mas upgrade
+
+echo ""
+echo "🔵  Removing old Homebrew tools"
+export HOMEBREW_NO_INSTALL_CLEANUP=true
+for tool in "${REMOVED_BREW_TOOLS[@]}"
+do
+  printf "${tool}..."
+  brew uninstall ${tool} &>/dev/null
+  if [ $? -eq 0 ]; then
+    printf " ✅\n"
+  else
+    printf " ❌\n"
+  fi
+done
+
+echo ""
+echo "🔵  Removing old Krew tools"
+for tool in "${REMOVED_KREW_TOOLS[@]}"
+do
+  printf "${tool}..."
+  kubectl-krew uninstall ${tool} &>/dev/null
+  if [ $? -eq 0 ]; then
+    printf " ✅\n"
+  else
+    printf " ❌\n"
+  fi
+done

os-specific/darwin/home/.gnupg/gpg-agent.conf

@@ -1 +1,5 @@
 pinentry-program /opt/homebrew/bin//pinentry-mac
+default-cache-ttl 0
+max-cache-ttl 600
+default-cache-ttl-ssh 0
+max-cache-ttl-ssh 0

os-specific/darwin/home/.gnupg/gpg.conf

@@ -0,0 +1 @@
+pinentry-mode loopback 

os-specific/darwin/home/RaycastScripts/brand.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Required parameters:
+# @raycast.schemaVersion 1
+# @raycast.title Brand
+# @raycast.mode silent
+
+# Optional parameters:
+# @raycast.icon 🤖
+
+open 'smb://nas._smb._tcp.local/Nextcloud/Pictures/Brand'
+

os-specific/darwin/home/RaycastScripts/litra-glow-off.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Required parameters:
+# @raycast.schemaVersion 1
+# @raycast.title Litra Glow Off
+# @raycast.mode silent
+
+# Optional parameters:
+# @raycast.icon ⚫️
+
+# Documentation:
+# @raycast.description Turn off Litra Glow light
+
+cd ~/.bin/
+./litractl off
+

os-specific/darwin/home/RaycastScripts/litra-glow-on.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Required parameters:
+# @raycast.schemaVersion 1
+# @raycast.title Litra Glow On
+# @raycast.mode silent
+
+# Optional parameters:
+# @raycast.icon 💡
+
+# Documentation:
+# @raycast.description Turn on Litra Glow light
+
+cd ~/.bin/
+./litractl on

os-specific/darwin/home/RaycastScripts/nextcloud.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Required parameters:
+# @raycast.schemaVersion 1
+# @raycast.title Nextcloud
+# @raycast.mode silent
+
+# Optional parameters:
+# @raycast.icon 🤖
+
+open 'smb://nas._smb._tcp.local/Nextcloud'
+

os-specific/darwin/home/RaycastScripts/reaction-gifs.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Required parameters:
+# @raycast.schemaVersion 1
+# @raycast.title Reaction Gifs
+# @raycast.mode silent
+
+# Optional parameters:
+# @raycast.icon 🤖
+
+open 'smb://nas._smb._tcp.local/Nextcloud/Pictures/ReactionGifs'

os-specific/darwin/home/RaycastScripts/restart-busycal.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Required parameters:
+# @raycast.schemaVersion 1
+# @raycast.title Restart BusyCal Menu
+# @raycast.mode silent
+
+# Optional parameters:
+# @raycast.icon 🤖
+
+# Documentation:
+# @raycast.description Kills the BusyCal process
+
+pkill busycal-setapp.alarm
+open /Applications/Setapp/BusyCal.app

os-specific/darwin/home/RaycastScripts/restart-logi-daemon.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Required parameters:
+# @raycast.schemaVersion 1
+# @raycast.title Restart Logi daemon
+# @raycast.mode silent
+
+# Optional parameters:
+# @raycast.icon 🤖
+
+# Documentation:
+# @raycast.description Kills the LogiMgr process to allow a new one to spawn
+
+pkill LogiMgr

os-specific/darwin/home/RaycastScripts/things.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Required parameters:
+# @raycast.schemaVersion 1
+# @raycast.title Things
+# @raycast.mode silent
+
+# Optional parameters:
+# @raycast.icon 🤖
+
+open 'smb://nas._smb._tcp.local/Things'
+

os-specific/darwin/home/RaycastScripts/toggle-mic.applescript

@@ -0,0 +1,34 @@
+#!/usr/bin/osascript
+
+# Required parameters:
+# @raycast.schemaVersion 1
+# @raycast.title Toggle Microphone
+# @raycast.mode silent
+# @raycast.packageName System
+
+# Optional parameters:
+# @raycast.icon 🎙
+
+# Documentation:
+# @raycast.author Matthew Morek
+# @raycast.authorURL https://github.com/matthewmorek
+# @raycast.description Toggles microphone.
+
+
+on getMicrophoneVolume()
+	input volume of (get volume settings)
+end getMicrophoneVolume
+on disableMicrophone()
+	set volume input volume 0
+	log "Microphone turned off 🔴"
+end disableMicrophone
+on enableMicrophone()
+	set volume input volume 100
+	log "Microphone turned on 🟢"
+end enableMicrophone
+
+if getMicrophoneVolume() is greater than 0 then
+	disableMicrophone()
+else
+	enableMicrophone()
+end if

other-files/dnsmasq/dnsmasq.conf

@@ -1,3 +1,4 @@
+server=/cluster.local/192.168.1.3
 server=192.168.1.3
 server=192.168.1.4
 server=192.168.1.5
@@ -7,3 +8,4 @@ listen-address=127.0.0.1
 bogus-priv
 no-resolv
 bind-interfaces
+auth-ttl=0

other-files/tabby/config.yaml

@@ -1,4 +1,4 @@
-version: 3
+version: 7
 profiles: []
 hotkeys:
   copy-current-path: []
@@ -129,37 +129,71 @@ hotkeys:
   switch-profile:
     - ⌘-Shift-E
   toggle-window: []
+  scroll-to-bottom: []
+  delete-line:
+    - ⌘-Backspace
+  settings-tab: {}
+  explode-tab:
+    - ⌘-Shift-.
+  combine-tabs:
+    - ⌘-Shift-,
+  pane-nav-1: []
+  pane-nav-2: []
+  pane-nav-3: []
+  pane-nav-4: []
+  pane-nav-5: []
+  pane-nav-6: []
+  pane-nav-7: []
+  pane-nav-8: []
+  pane-nav-9: []
+  pane-increase-vertical: []
+  pane-decrease-vertical: []
+  pane-increase-horizontal: []
+  pane-decrease-horizontal: []
+  focus-all-tabs:
+    - ⌘-⌥-Shift-I
+  scroll-to-top:
+    - Shift-PageUp
+  scroll-up:
+    - ⌥-PageUp
+  scroll-down:
+    - ⌥-PageDown
+  restart-tab: []
+  reconnect-tab: []
+  disconnect-tab: []
+  command-selector:
+    - ⌘-Shift-P
 terminal:
   searchOptions: {}
   colorScheme:
-    name: Desert
+    name: hyper-chesterish
-    foreground: '#ffffff'
+    foreground: '#CDD2E9'
-    background: '#333333'
+    background: '#293340'
-    cursor: '#00ff00'
+    cursor: '#2C85F7'
     colors:
-      - '#4d4d4d'
+      - '#293340'
-      - '#ff2b2b'
+      - '#E17E85'
-      - '#98fb98'
+      - '#61BA86'
-      - '#f0e68c'
+      - '#FFEC8E'
-      - '#cd853f'
+      - '#4CB2FF'
-      - '#ffdead'
+      - '#BE86E3'
-      - '#ffa0a0'
+      - '#2DCED0'
-      - '#f5deb3'
+      - '#CDD2E9'
-      - '#555555'
+      - '#546386'
-      - '#ff5555'
+      - '#E17E85'
-      - '#55ff55'
+      - '#61BA86'
-      - '#ffff55'
+      - '#FFB68E'
-      - '#87ceff'
+      - '#4CB2FF'
-      - '#ff55ff'
+      - '#BE86E3'
-      - '#ffd700'
+      - '#2DCED0'
-      - '#ffffff'
+      - '#CDD2E9'
   font: OpenDyslexicMono Nerd Font
   ligatures: true
   cursor: beam
   pasteOnMiddleClick: false
-  autoOpen: true
   customColorSchemes: []
   background: colorScheme
+  autoOpen: true
 ssh: {}
 configSync:
   parts: {}
@@ -176,3 +210,9 @@ recoverTabs: false
 electronFlags:
   - - force_discrete_gpu
     - '0'
+accessibility: {}
+hacks: {}
+groups: []
+providerBlacklist: []
+commandBlacklist: []
+profileBlacklist: []