style: run pre-commit on all files

.github/workflows/kubernetes-ci.yaml

@@ -34,7 +34,7 @@ jobs:
         with:
           go-version: '1.22'
 
-      - name: Install `kubectl-validate`
+      - name: Install kubectl-validate
         run: go install -ldflags='-s -w' -race -trimpath sigs.k8s.io/kubectl-validate@latest
 
       - name: Lint manifests

.pre-commit-config.yaml

@@ -12,7 +12,7 @@ repos:
       - id: check-useless-excludes
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: 2c9f875913ee60ca25ce70243dc24d5b6415598c  # frozen: v4.6.0
+    rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b  # frozen: v5.0.0
     hooks:
       - id: check-added-large-files
       - id: check-merge-conflict
@@ -24,12 +24,12 @@ repos:
         exclude: \.gitignore
 
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: e2dde74d0702d15f4f43e4f4fb93e301b4bc1e30  # frozen: 0.29.1
+    rev: 37cd56d9d154dfb0648eaee8efc1040512700c47  # frozen: 0.29.4
     hooks:
       - id: check-github-workflows
 
   - repo: https://github.com/lyz-code/yamlfix
-    rev: 47039c9bf8039e81f092c9777a1bc8be32fb7870  # frozen: 1.16.0
+    rev: 8072181c0f2eab9f2dd8db2eb3b9556d7cd0bd74  # frozen: 1.17.0
     hooks:
       - id: yamlfix
         args:
@@ -44,21 +44,22 @@ repos:
           - --strict
 
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: f295829140d25717bc79368d3f966fc1f67a824f  # frozen: v0.41.0
+    rev: 0d9fcb51a54f3b750b911c054b4bd1a590f1b592  # frozen: v0.43.0
     hooks:
       - id: markdownlint-fix
 
-  - repo: https://github.com/ComPWA/mirrors-taplo
-    rev: 4ef242b660e0f7c7c953b9d8289e302c3f49bfbc  # frozen: v0.8.1
+  - repo: https://github.com/ComPWA/taplo-pre-commit
+    rev: 23eab0f0eedcbedebff420f5fdfb284744adc7b3  # frozen: v0.9.3
     hooks:
-      - id: taplo
+      - id: taplo-format
+      - id: taplo-lint
 
   - repo: https://github.com/sirwart/ripsecrets
     rev: 033ec5192b738b6712701be920cba545c2775050  # frozen: v0.1.8
     hooks:
       - id: ripsecrets
 
   - repo: https://github.com/crate-ci/typos
-    rev: cc99b94246254c1b3dfa6ea6111aa212b814a486  # frozen: v1.23.6
+    rev: b74202f74b4346efdbce7801d187ec57b266bac8  # frozen: v1.27.3
     hooks:
       - id: typos

docs/bootstrap.md

@@ -7,10 +7,10 @@ You will need:
 - [`doctl`](https://docs.digitalocean.com/reference/doctl/how-to/install/) configured with a...
 - [Digital Ocean Personal Access Token](https://docs.digitalocean.com/reference/api/create-personal-access-token/) with
   at least the following scopes:
-  - kubernetes: create, delete
+  - `kubernetes`: `create`, `delete`
   - If replacing an existing cluster:
-    - load_balancer: read, delete
-    - database: read, update
+    - `load_balancer`: `read`, `delete`
+    - `database`: `read`, `update`
 - `PWD` set to the root of this repo
 - [`kubectl`](https://kubernetes.io/docs/tasks/tools/#kubectl)
 - [`helm`](https://helm.sh/docs/intro/install/)
@@ -49,11 +49,15 @@ I recommend using the DO Control Panel, but it is possible via the CLI as well.
 ### With CLI
 
 ```bash
-databasename=<database-name>
-clustername=<cluster-name>
-
-doctl databases firewalls append $(doctl databases list -o json | jq ".[] | select(.name == \"$databasename\") | .id" -r) \
-  --rule k8s:$(doctl k8s cluster get $clustername --format ID --no-header)
+database_name=<database-name>
+cluster_name=<cluster-name>
+
+doctl databases firewalls append \
+  "$(
+    doctl databases list -o json \
+|     jq -r ".[] | select(.name == \"$database_name\") | .id"
+  )" \
+  --rule "k8s:$(doctl k8s cluster get $cluster_name --format ID --no-header)"
 ```
 
 ## Apply `cert-manager` CRDs
@@ -82,6 +86,6 @@ kubectl apply -f ./kubernetes/manifests -R
 ## If replacing an existing cluster, destroy old resources
 
 ```bash
-doctl k8s cluster delete <name>
-doctl compute load-balancer delete <id>
+doctl k8s cluster delete <cluster-name>
+doctl compute load-balancer delete <load-balancer-id>
 ```

kubernetes/manifests/monitoring/grafana/configmap.yaml

@@ -1,26 +1,29 @@
+---
 apiVersion: v1
 kind: ConfigMap
+
 metadata:
   name: grafana-default
-  namespace: grafana 
+  namespace: grafana
+
 data:
   # Root settings
-  GF_INSTANCE_NAME: "vipyrsec"
-  GF_SERVER_DOMAIN: "grafana.vipyrsec.com"
-  GF_SERVER_ROOT_URL: "https://grafana.vipyrsec.com"
-  GF_SECURITY_COOKIE_SECURE: "true"
+  GF_INSTANCE_NAME: vipyrsec
+  GF_SERVER_DOMAIN: grafana.vipyrsec.com
+  GF_SERVER_ROOT_URL: https://grafana.vipyrsec.com
+  GF_SECURITY_COOKIE_SECURE: 'true'
 
   # GitHub Auth
-  GF_AUTH_GITHUB_ENABLED: "true"
-  GF_AUTH_GITHUB_SCOPES: "user:email,read:org"
+  GF_AUTH_GITHUB_ENABLED: 'true'
+  GF_AUTH_GITHUB_SCOPES: user:email,read:org
   # IDs can be retrieved via `gh api orgs/python-discord/teams`.
-  GF_AUTH_GITHUB_TEAM_IDS: "7718058,8310922"
+  GF_AUTH_GITHUB_TEAM_IDS: 7718058,8310922
   GF_AUTH_GITHUB_ROLE_ATTRIBUTE_PATH: "'Admin'"
-  GF_AUTH_GITHUB_AUTH_URL: "https://github.com/login/oauth/authorize"
-  GF_AUTH_GITHUB_TOKEN_URL: "https://github.com/login/oauth/access_token"
-  GF_AUTH_GITHUB_API_URL: "https://api.github.com/user"
-  GF_AUTH_ALLOW_SIGN_UP: "true"
+  GF_AUTH_GITHUB_AUTH_URL: https://github.com/login/oauth/authorize
+  GF_AUTH_GITHUB_TOKEN_URL: https://github.com/login/oauth/access_token
+  GF_AUTH_GITHUB_API_URL: https://api.github.com/user
+  GF_AUTH_ALLOW_SIGN_UP: 'true'
 
   # User sign up
-  GF_USERS_AUTO_ASSIGN_ORG: "true"
-  GF_USERS_AUTO_ASSIGN_ORG_ID: "1"
+  GF_USERS_AUTO_ASSIGN_ORG: 'true'
+  GF_USERS_AUTO_ASSIGN_ORG_ID: '1'

kubernetes/manifests/monitoring/grafana/deployment.yaml

@@ -1,10 +1,13 @@
+---
 apiVersion: apps/v1
 kind: Deployment
+
 metadata:
   labels:
     app: grafana
   name: grafana
-  namespace: grafana 
+  namespace: grafana
+
 spec:
   selector:
     matchLabels:

kubernetes/manifests/monitoring/grafana/ingress.yaml

@@ -1,24 +1,27 @@
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
+
 metadata:
   annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt"
+    cert-manager.io/cluster-issuer: letsencrypt
   name: grafana-ingress
   namespace: grafana
+
 spec:
   ingressClassName: nginx
   tls:
-  - hosts:
-      - "grafana.vipyrsec.com"
-    secretName: grafana-tls
+    - hosts:
+        - grafana.vipyrsec.com
+      secretName: grafana-tls
   rules:
-  - host: grafana.vipyrsec.com
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: grafana
-            port:
-              number: 3000
+    - host: grafana.vipyrsec.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: grafana
+                port:
+                  number: 3000

kubernetes/manifests/monitoring/grafana/namespace.yaml

@@ -1,4 +1,6 @@
+---
 apiVersion: v1
 kind: Namespace
+
 metadata:
   name: grafana

kubernetes/manifests/monitoring/grafana/service.yaml

@@ -1,8 +1,11 @@
+---
 apiVersion: v1
 kind: Service
+
 metadata:
   name: grafana
   namespace: grafana
+
 spec:
   ports:
     - protocol: TCP

kubernetes/manifests/monitoring/grafana/volume.yaml

@@ -1,13 +1,16 @@
+---
 kind: PersistentVolumeClaim
 apiVersion: v1
+
 metadata:
   name: grafana-storage
   namespace: grafana
   labels:
     app: grafana
+
 spec:
   storageClassName: do-block-storage
-  accessModes: 
+  accessModes:
     - ReadWriteOnce
   resources:
     requests:

kubernetes/manifests/monitoring/prometheus/service-account.yaml

@@ -1,31 +1,44 @@
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
+
 metadata:
   name: prometheus
+
 rules:
-- apiGroups: ["*"]
-  resources: ["*"]
-  verbs: ["get", "list", "watch"]
-- nonResourceURLs:
-    - "/metrics"
-  verbs:
-    - get
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - get
+      - list
+      - watch
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get
+
 ---
 apiVersion: v1
 kind: ServiceAccount
+
 metadata:
   name: prometheus
   namespace: prometheus
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
+
 metadata:
   name: prometheus
+
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: prometheus
+
 subjects:
   - kind: ServiceAccount
     name: prometheus

kubernetes/manifests/monitoring/prometheus/service.yaml

@@ -1,11 +1,14 @@
+---
 apiVersion: v1
 kind: Service
+
 metadata:
   name: prometheus
   namespace: prometheus
+
 spec:
   selector:
     app: prometheus
   ports:
-  - port: 9090
-    targetPort: 9090
+    - port: 9090
+      targetPort: 9090

kubernetes/manifests/monitoring/prometheus/volume.yaml

@@ -1,10 +1,13 @@
+---
 kind: PersistentVolumeClaim
 apiVersion: v1
+
 metadata:
   name: prometheus-storage
   namespace: prometheus
   labels:
     app: prometheus
+
 spec:
   storageClassName: do-block-storage
   accessModes: