DevOps CLI — workspace sync (GDrive, git, GPG, systemd timers) + GitLab/Bitwarden tooling
Project description
lnp-devopscli
Bootstrap declarativo de máquinas Linux + sync bidirecional (GDrive + git + GPG + systemd timers) + restore de secrets (Bitwarden Secrets Manager).
pipx install lnp-devopscli
devopscli profile init # gera ~/.config/devopscli/profile.yaml
devopscli setup # pipeline de 11 stages
Comandos por grupo
| Grupo | Comandos | Propósito |
|---|---|---|
profile |
init / show / validate / path / detect |
Schema Pydantic do estado declarativo da máquina |
install |
list / run / run-profile |
Instala 25 ferramentas via .sh embedded |
setup |
--dry-run --skip --only --list-phases |
Orchestrator de 11 stages |
ws |
push / pull / sync / doctor / install-timers / gpg-backup / gpg-restore / verify |
Workspace sync (GDrive + git + GPG + systemd) |
bw |
install-cli / token-persist / migrate-secrets / sync-secrets / list-secrets / env-push / env-pull / env-list |
Bitwarden Secrets Manager |
gl |
tokens / projects |
GitLab tokens e bw-projects |
ui |
demo |
Dashboard Rich demo |
report |
list / show / last / html |
Logs de execução |
test vm |
create / reset / shell / exec / mount / bootstrap / rclone-setup / set-bw-token / verify-bw-restore |
Multipass pra teste isolado |
devopscli --help ou devopscli <grupo> --help pra detalhes.
Use cases
A) Bootstrap PC novo (Ubuntu/Debian)
# 1. Snippet bootstrap (3 linhas no PC novo)
bash <(curl -fsSL https://gitlab.com/-/snippets/6003334/raw/main/bootstrap.sh)
# 2. Exporta BWS_ACCESS_TOKEN (obtido de https://vault.bitwarden.com)
export BWS_ACCESS_TOKEN='0.abc...'
# 3. Configura rclone (uma vez, OAuth Google)
rclone config
# 4. Orchestrator zero-touch (~25 min)
devopscli setup
Dado que BWS_ACCESS_TOKEN, rclone gdrive, e GPG_PASSPHRASE no BWS
estão configurados, o setup roda zero-touch:
apt-deps → rclone-config → bw-token → bw-install-cli → bw-sync →
install-tools → ws-pull → gpg-restore → workspaces-clone → git-crypt →
timers
B) Sync diário (workspaces + dotfiles)
Já automatizado via systemd user timers (instalados por ws install-timers):
| Timer | Frequência | Função |
|---|---|---|
ws-push.timer |
30 min | ws push (snapshot GDrive) |
ws-sync.timer |
1 h | ws ai-sync + repos-sync (git pull/commit/push) |
bw-sync.timer |
diário | bw sync-secrets + env-pull |
Inspecionar status:
devopscli ws timers-doctor
journalctl --user -u ws-sync.service -f
C) Trocar de máquina
A máquina origem mantém o estado autoritativo no GDrive + BWS. A máquina destino só precisa do bootstrap acima — todo o resto vem dos remotes.
# máquina origem (uma vez antes do switch)
devopscli ws push # estado fresh no GDrive
devopscli bw sync-secrets --direction push # secrets up-to-date no BWS
# máquina destino
bash <(curl -fsSL https://gitlab.com/-/snippets/6003334/raw/main/bootstrap.sh)
devopscli setup
Profile.yaml
~/.config/devopscli/profile.yaml — gerado por devopscli profile init,
versionado no BWS pelo bw-sync. Schema:
version: 1
name: lnpires-desktop-default
hostname_match: [lnpires-desktop]
platform: linux
installers: # acionável por `install run-profile`
- name: docker
version: latest
- name: kubectl
version: latest
repos: # acionável por `setup workspaces-clone`
- name: workspace-personal
url: git@gitlab.com:...
path: ~/workspace-personal
auto_commit: true # auto-snapshot via ws-sync.timer
env_secrets: # quais ENV vars do BWS exportar
- RNN_TOKEN
- GITLAB_PERSONAL_TOKEN
- GPG_PASSPHRASE
file_secrets: # quais file secrets do BWS restaurar
- ssh_id_ed25519
- rclone_conf
rclone:
remote_name: gdrive
timers:
- name: ws-push
enabled: true
- name: bw-sync
enabled: true
Segurança
| O quê | Quem guarda |
|---|---|
| OAuth Google → rclone | Tokens em ~/.config/rclone/rclone.conf, sincronizado pelo BWS |
| SSH keys | BWS (categoria ssh), restauradas com chmod 600 |
| GPG private key | GDrive (encrypted com passphrase), passphrase no BWS |
.env de repos |
git-crypt no próprio repo, key derivada da GPG |
| Shell tokens (GitLab, Anthropic, …) | BWS (categoria env), sourceado via env-secrets.sh |
BWS_ACCESS_TOKEN |
~/.config/devopscli/secrets.env (gerado por bw token-persist) — chicken-and-egg, único secret manual |
O código é open source — qualquer um pode pipx install. Sem suas
credenciais, ninguém acessa seus dados.
Diagnóstico
devopscli ws doctor
Cobre 12 categorias: deps obrigatórias/opcionais, Python modules, schedule (systemd + cron), última sync, GDrive accessibility, GPG keyring, git-crypt, repos sincronizados, configs locais críticos, profile.yaml, BWS conectividade, installers do registry, último setup run.
Exit code: 0 = saudável, 1 = ≥1 fail crítico.
Teste em VM (Multipass)
Para desenvolvimento — VM Ubuntu 24.04 isolada com snapshots:
devopscli test vm create # uma vez (deixa snapshot 'fresh')
devopscli test vm reset # antes de cada teste
devopscli test vm mount ~/bin/devops-cli # editável
devopscli test vm rclone-setup # OAuth via host
devopscli test vm set-bw-token # injeta BWS_ACCESS_TOKEN
Release
CI auto-publica no PyPI em push de tag v*.*.*. Veja
CONTRIBUTING.md.
Roadmap
- ✅ Fases 0 (UI), 1 (BWS), 2 (profile), 3 (installers), 4 (setup), 5 (polish)
- ⬜ Fase 6:
machine reinstallremoto (cloud-init autoinstall + grub-imageboot)
Detalhes em ROADMAP-V2.md.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file lnp_devopscli-2.1.0.tar.gz.
File metadata
- Download URL: lnp_devopscli-2.1.0.tar.gz
- Upload date:
- Size: 93.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
967b114150cf5d94e34374d7bef747581efd4e659d929182896d562da1caed72
|
|
| MD5 |
ed00a053053e81b9a4027d6a76789a85
|
|
| BLAKE2b-256 |
2c081708d66f70157bd1365304751df9a88302676724658d881c9fc357d5f990
|
File details
Details for the file lnp_devopscli-2.1.0-py3-none-any.whl.
File metadata
- Download URL: lnp_devopscli-2.1.0-py3-none-any.whl
- Upload date:
- Size: 116.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
db3f58b76cad912166416de4b5beb6e0f2a244115ddb94e9b6896e24dbccd960
|
|
| MD5 |
36aaef157f47c43b28bdeda044a54fd0
|
|
| BLAKE2b-256 |
3cae2c7ef41d8d9a16d9f73daef00f420726f10a4ec2c401a5490506bab606b3
|
