quicue.ca

Infrastructure as typed, queryable graphs

29Providers
358Action Templates
654Bound Commands
30Resources

Categories

Compute: 4 Container & Orchestration: 5 CI/CD: 2 Networking: 3 DNS & CDN: 2 Identity & Secrets: 2 Database: 1 DCIM & IPAM: 1 Provisioning: 1 Automation: 2 Monitoring: 1 Infrastructure as Code: 2 Backup: 2

Providers

ansible

Ansible provider for quicue. Generates inventory, Prometheus targets, AlertManager routes, and Grafana dashboards from resource graphs.

10 templates 7 bound Automation

argocd

GitOps continuous delivery via ArgoCD CLI.

14 templates 16 bound Container & Orchestration

awx

Ansible automation controller via AWX REST API.

10 templates 15 bound Automation

caddy

Caddy provider for quicue. Reverse proxy management via Caddy admin API.

9 templates 9 bound Networking

cloudflare

DNS, tunnels, and WAF management via Cloudflare API.

9 templates 6 bound DNS & CDN

dagger

CI/CD pipeline orchestration via Dagger CLI.

9 templates 6 bound CI/CD

docker

Docker provider for quicue. Implements action patterns for containers, Compose stacks, networks, volumes, and images.

20 templates 30 bound Container & Orchestration

foreman

Bare metal provisioning and lifecycle via Foreman API.

10 templates 96 bound Provisioning

gitlab

GitLab project and CI/CD management via API.

14 templates 11 bound CI/CD

govc

govc provider for quicue. vSphere VM management via Go vSphere CLI.

17 templates 14 bound Compute

incus

Incus provider for quicue. Implements action patterns for containers, VMs, profiles, networks, storage, and clusters.

18 templates 30 bound Container & Orchestration

k3d

CUE patterns for k3d (Kubernetes in Docker) - local Kubernetes development clusters.

9 templates 17 bound Container & Orchestration

keycloak

Identity and access management via Keycloak admin CLI.

11 templates 7 bound Identity & Secrets

kubectl

Kubernetes cluster management via kubectl CLI.

19 templates 40 bound Container & Orchestration

kubevirt

Virtual machine management on Kubernetes via virtctl.

13 templates 9 bound Compute

netbox

IPAM and DCIM via NetBox REST API.

11 templates 10 bound DCIM & IPAM

nginx

Web server and reverse proxy management.

9 templates 16 bound Networking

opentofu

Infrastructure as code via OpenTofu CLI.

10 templates 18 bound Infrastructure as Code

pbs

Backup management via proxmox-backup-client CLI.

8 templates 8 bound Backup

postgresql

Database administration via psql and pg_* utilities.

10 templates 7 bound Database

powercli

PowerCLI provider for quicue. vSphere VM management via VMware PowerShell cmdlets.

16 templates 13 bound Compute

powerdns

Authoritative DNS management via REST API.

9 templates 5 bound DNS & CDN

proxmox

Proxmox VE provider for quicue. Implements action interfaces with qm, pct, and pvecm commands.

28 templates 208 bound Compute

restic

Deduplicating backup via restic CLI.

9 templates 10 bound Backup

technitium

technitium provider

11 templates 0 bound Other

terraform

Terraform provider for quicue. Generates Terraform JSON for Proxmox VMs and KubeVirt manifests from resource graphs.

12 templates 20 bound Infrastructure as Code

vault

Secrets management and PKI via Vault CLI.

13 templates 9 bound Identity & Secrets

vyos

VyOS provider for quicue. Router configuration and operational commands via SSH.

13 templates 13 bound Networking

zabbix

Enterprise monitoring via Zabbix API.

7 templates 4 bound Monitoring

Quick Start

1. Import a provider

import "quicue.ca/template/govc/patterns"

actions: patterns.#GovcRegistry

2. Define resources

import "quicue.ca/vocab"

resources: {[string]: vocab.#Resource}
resources: web01: {
  type: "vm"
  host: "esxi-01"
}

3. Query the graph

cue export . -e actions --out json
cue export . -e jsonld --out json

Architecture

    Definition          Template              Value
  ┌──────────────┐   ┌──────────────────┐   ┌──────────────┐
  │ vocab/       │   │ template/*/      │   │ examples/    │
  │  #Resource   │──▶│  meta/meta.cue   │──▶│  resources   │
  │  #ActionDef  │   │  patterns/*.cue  │   │  actions     │
  │  #TypeReg    │   │  examples/demo   │   │  graphs      │
  └──────────────┘   └──────────────────┘   └──────────────┘
         │                    │
         ▼                    ▼
  ┌──────────────┐   ┌──────────────────┐   ┌──────────────────┐
  │ patterns/    │   │ cat.quicue.ca    │   │ imp.quicue.ca    │
  │  graph.cue   │   │  providers       │   │  execution plans │
  │  bind.cue    │   │  patterns ref    │   │  Jupyter .ipynb  │
  │  deploy.cue  │   │  OpenAPI/SPARQL  │   │  Rundeck YAML    │
  └──────────────┘   └──────────────────┘   │  auto-docs       │
                                            │  bootstrap POC   │
                                            └──────────────────┘

Patterns Reference

The patterns/ layer provides graph algorithms, binding, deployment planning, and operational analysis. All patterns are CUE definitions — no runtime, no side effects.

#InfraGraph

Converts resources into a dependency graph with computed depth, ancestors, topology layers, roots, and leaves.

infra: patterns.#InfraGraph & {
  Input: _resources
}
// infra.resources.dns._depth
// infra.topology, infra.roots

#ExecutionPlan

Unifies binding + ordering. Single input produces resolved commands, graph topology, and deployment layers.

exec: patterns.#ExecutionPlan & {
  resources: _resources
  providers: _providers
}
// exec.plan.layers
// exec.cluster.bound

#DeploymentPlan

Layer-by-layer deployment sequence with gate checkpoints between layers.

deploy: patterns.#DeploymentPlan & {
  Graph: infra
}
// deploy.layers
// deploy.startup_sequence

#ImpactQuery

What breaks if X fails? Finds all resources that transitively depend on a target.

impact: patterns.#ImpactQuery & {
  Graph: infra
  Target: "dns-primary"
}
// impact.affected, impact.affected_count

#BlastRadius

Full impact analysis: affected resources, rollback order, startup order, safe peers at the same layer.

blast: patterns.#BlastRadius & {
  Graph: infra
  Target: "dns"
}
// blast.rollback_order
// blast.safe_peers

#HealthStatus

Propagate health through the graph. If a resource is down, all dependents become degraded.

health: patterns.#HealthStatus & {
  Graph: infra
  Status: {"vault": "down"}
}
// health.propagated.web == "degraded"

#SinglePointsOfFailure

Find resources with dependents but no peer of the same type at the same layer.

spof: patterns.#SinglePointsOfFailure & {
  Graph: infra
}
// spof.risks

#TOONExport

Token-Oriented Object Notation — reduces LLM token cost ~55% by grouping resources into compact tables.

toon: patterns.#TOONExport & {
  resources: _resources
}
// toon.output (compact tables)

#OpenAPISpec

Generate OpenAPI 3.0.3 from bound commands. Every resource/provider/action becomes a POST endpoint.

api: patterns.#OpenAPISpec & {
  Cluster: cluster
  Info: {title: "Ops API"}
}
// api.spec (valid OpenAPI JSON)

Imperator

imp.quicue.ca — the execution surface. Generates runbooks and deployment plans from the same CUE definitions.

Jupyter Notebooks

Executable .ipynb runbooks. Each deployment layer becomes a section with gate checks and executable command cells.

cue export ./examples/datacenter/   -e notebook --out json   > deploy.ipynb

Rundeck Jobs

YAML job definitions grouped by layer and provider. Import into Rundeck for scheduled, self-service execution with RBAC.

cue export ./examples/datacenter/   -e rundeck --out yaml   > jobs.yaml

Auto-Docs

MkDocs wiki generated from infrastructure graphs. Per-resource, per-type, per-host pages with Mermaid dependency graphs.

Integrations

CAB Reports

Change Advisory Board reports generated from CUE. Impact analysis, blast radius, deployment runbooks, rollback plans.

7 report types

GitLab CI

Reusable CI templates for CUE validation, export, topology analysis, impact assessment, and Pages deployment.

7 templates

SPARQL

Load catalogue.jsonld into Oxigraph. Query providers, actions, and categories as linked data.

SELECT ?p ?cat WHERE {
  ?p a quicue:Provider ;
     quicue:category ?cat .
}

Command Binding

The #BindCluster pattern matches providers to resources by @type overlap, then resolves all action templates into executable commands at CUE compile time. Zero runtime placeholders.

OpenAPI 3.0.3

654 paths — every bound command exposed as a POST endpoint. Organized by resource, provider, and action.

openapi.json Swagger UI

How binding works

// 1. Resource declares @type
"router-core": {"@type": {Router: true}}

// 2. Provider matches by type overlap
vyos: {types: {Router: true}, registry: ...}

// 3. #BindCluster resolves ALL templates
// Output: concrete commands, zero placeholders

Export commands

cue export ./examples/datacenter/ \
  -e output.commands --out json

cue export ./examples/datacenter/ \
  -e openapi_spec --out json

Data Formats

JSON-LD

Full provider graph as linked data. Load into Oxigraph for SPARQL queries.

catalogue.jsonld

JSON

Structured catalogue data for tooling and automation.

catalogue.json

CUE Source

Every provider is a CUE package. Import and unify.

import "quicue.ca/template/<name>/patterns"