# DevOps Skill Template

Use this template when generating skills for DevOps and Infrastructure technologies.

## Template Structure

```yaml
---
name: {{SKILL_NAME}}
description: {{DESCRIPTION_MAX_200_CHARS}}
argument-hint: {{OPTIONAL_ARGS}}
allowed-tools: Read, Write, Edit, Glob, Grep, Bash
disable-model-invocation: true  # Recommended for infra skills with side effects
---

# {{SKILL_TITLE}}

{{BRIEF_OVERVIEW}}

## When to Use

- {{USE_CASE_1}}
- {{USE_CASE_2}}
- {{USE_CASE_3}}

## Prerequisites

- {{PREREQUISITE_1}}
- {{PREREQUISITE_2}}

## Configuration

### Required Environment Variables
- `{{ENV_VAR}}`: {{DESCRIPTION}}

### Required Files
- `{{FILE_PATH}}`: {{DESCRIPTION}}

## Instructions

### Step 1: {{STEP_TITLE}}
{{DETAILED_INSTRUCTIONS}}

### Step 2: {{STEP_TITLE}}
{{DETAILED_INSTRUCTIONS}}

## Configuration Patterns

### {{PATTERN_NAME}}
{{PATTERN_DESCRIPTION}}

\`\`\`yaml
{{CONFIG_EXAMPLE}}
\`\`\`

## Examples

### Example 1: {{EXAMPLE_TITLE}}
{{EXAMPLE_DESCRIPTION}}

\`\`\`yaml
{{EXAMPLE_CONFIG}}
\`\`\`

## Validation

\`\`\`bash
{{VALIDATION_COMMAND}}
\`\`\`

## Common Pitfalls

- **{{PITFALL_1}}**: {{EXPLANATION}}
- **{{PITFALL_2}}**: {{EXPLANATION}}

## Rollback Procedure

{{HOW_TO_ROLLBACK}}
```

---

## Technology-Specific Sections

### GitLab CI/CD Skills

Include these sections:
- Pipeline structure (stages, jobs)
- Variable handling (protected, masked)
- Artifact management
- Environment deployments
- Runner configuration

```yaml
# GitLab CI example
stages:
  - test
  - build
  - deploy

variables:
  DOCKER_TLS_CERTDIR: "/certs"

test:
  stage: test
  script:
    - pytest --cov
  coverage: '/TOTAL.*\s+(\d+%)$/'
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage.xml
```

### Docker Compose Skills

Include these sections:
- Service definitions
- Network configuration
- Volume management
- Healthchecks
- Environment handling

```yaml
# Docker Compose example
services:
  app:
    build:
      context: .
      target: production
    depends_on:
      db:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/health/"]
      interval: 30s
      timeout: 10s
      retries: 3
    deploy:
      resources:
        limits:
          memory: 512M
```

### K3s/Kubernetes Skills

Include these sections:
- Deployment strategies
- Service types and selectors
- ConfigMaps and Secrets
- Resource limits
- HPA configuration
- Ingress setup

```yaml
# Kubernetes Deployment example
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
  labels:
    app: app
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: app
  template:
    spec:
      containers:
        - name: app
          image: app:latest
          resources:
            requests:
              memory: "128Mi"
              cpu: "100m"
            limits:
              memory: "256Mi"
              cpu: "500m"
          livenessProbe:
            httpGet:
              path: /health/
              port: 8000
            initialDelaySeconds: 30
            periodSeconds: 10
```

### Hetzner Cloud Skills

Include these sections:
- Server provisioning
- Network setup
- Firewall rules
- Load balancer configuration
- Cloud-init scripts

```yaml
# Hetzner Cloud cloud-init example
#cloud-config
packages:
  - docker.io
  - docker-compose

runcmd:
  - systemctl enable docker
  - systemctl start docker
  - usermod -aG docker ubuntu
```

```bash
# hcloud CLI examples
hcloud server create --name web-1 --type cx21 --image ubuntu-22.04 --ssh-key my-key
hcloud firewall create --name web-firewall
hcloud firewall add-rule web-firewall --direction in --protocol tcp --port 80 --source-ips 0.0.0.0/0
```

### Prometheus Skills

Include these sections:
- Metric types (counter, gauge, histogram)
- PromQL queries
- Alerting rules
- Recording rules
- ServiceMonitor CRDs

```yaml
# PrometheusRule example
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: app-alerts
  labels:
    app: kube-prometheus-stack
    release: prometheus
spec:
  groups:
    - name: app.rules
      rules:
        - alert: HighErrorRate
          expr: |
            sum(rate(http_requests_total{status=~"5.."}[5m]))
            / sum(rate(http_requests_total[5m])) > 0.05
          for: 5m
          labels:
            severity: critical
          annotations:
            summary: "High error rate detected"
```

### Grafana Skills

Include these sections:
- Dashboard JSON structure
- Panel types
- Variable definitions
- Provisioning
- Alert configuration

```yaml
# Grafana Dashboard ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-dashboard
  labels:
    grafana_dashboard: "1"
data:
  app-dashboard.json: |
    {
      "title": "Application Dashboard",
      "panels": [...]
    }
```

### Nginx Skills

Include these sections:
- Server block structure
- Location directives
- Upstream configuration
- SSL/TLS setup
- Caching configuration
- Rate limiting

```nginx
# Nginx configuration example
upstream backend {
    least_conn;
    server backend1:8000 weight=3;
    server backend2:8000;
    keepalive 32;
}

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/cert.pem;
    ssl_certificate_key /etc/ssl/private/key.pem;

    location /api/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location /static/ {
        alias /var/www/static/;
        expires 30d;
        add_header Cache-Control "public, immutable";
    }
}
```

### Traefik Skills

Include these sections:
- IngressRoute definitions
- Middleware configuration
- TLS options
- Provider setup
- Dynamic configuration

```yaml
# Traefik IngressRoute example
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: app-ingress
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`app.example.com`)
      kind: Rule
      services:
        - name: app
          port: 8000
      middlewares:
        - name: rate-limit
  tls:
    certResolver: letsencrypt

---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: rate-limit
spec:
  rateLimit:
    average: 100
    burst: 50
```

---

## Description Examples by Technology

| Technology | Good Description |
|------------|------------------|
| GitLab CI/CD | `Generates GitLab CI pipelines with test, build, deploy stages and proper caching. Use for CI/CD setup.` |
| Docker Compose | `Creates Docker Compose configs with healthchecks, networks, and resource limits. Use for local dev setup.` |
| K3s/Kubernetes | `Generates K8s manifests with proper resource limits, probes, and HPA. Use for cluster deployments.` |
| Hetzner Cloud | `Creates Hetzner Cloud infrastructure with servers, networks, and firewalls. Use for cloud provisioning.` |
| Prometheus | `Defines Prometheus alerting rules and ServiceMonitors with proper labels. Use for monitoring setup.` |
| Grafana | `Generates Grafana dashboards with PromQL queries and proper provisioning. Use for visualization setup.` |
| Nginx | `Creates Nginx configs with SSL, caching, and upstream load balancing. Use for reverse proxy setup.` |
| Traefik | `Generates Traefik IngressRoutes with middlewares and TLS. Use for K8s ingress configuration.` |

---

## Safety Considerations

For DevOps skills, always include:

1. **Validation commands** before applying changes
2. **Dry-run options** where available
3. **Rollback procedures** for destructive operations
4. **Backup reminders** for stateful resources
5. **Warning annotations** for production-affecting actions

```yaml
# Always include validation
---
# WARNING: This will affect production. Verify before applying.
# Dry run: kubectl apply --dry-run=client -f manifest.yaml
# Diff: kubectl diff -f manifest.yaml
```