diff --git a/.sops.yaml b/.sops.yaml index 66a29f8da..58a71ebdd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,10 +4,6 @@ creation_rules: key_groups: - age: - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - - path_regex: kubernetes/.*\.sops\.toml - key_groups: - - age: - - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - path_regex: ansible/.*\.sops\.ya?ml unencrypted_regex: ^(kind)$ key_groups: diff --git a/kubernetes/apps/default/authelia/app/helmrelease.yaml b/kubernetes/apps/default/authelia/app/helmrelease.yaml index cc2c00491..83cb28681 100644 --- a/kubernetes/apps/default/authelia/app/helmrelease.yaml +++ b/kubernetes/apps/default/authelia/app/helmrelease.yaml @@ -29,6 +29,7 @@ spec: dependsOn: - name: lldap - name: redis + - name: smtp-relay values: initContainers: 01-init-db: diff --git a/kubernetes/apps/default/authelia/ks.yaml b/kubernetes/apps/default/authelia/ks.yaml index 2b74aeee7..68caef525 100644 --- a/kubernetes/apps/default/authelia/ks.yaml +++ b/kubernetes/apps/default/authelia/ks.yaml @@ -10,9 +10,6 @@ metadata: spec: dependsOn: - name: cluster-apps-cloudnative-pg-app - - name: cluster-apps-glauth - - name: cluster-apps-redis - - name: cluster-apps-smtp-relay path: ./kubernetes/apps/default/authelia/app prune: true sourceRef: diff --git a/kubernetes/apps/default/glauth/app/config/groups.sops.toml b/kubernetes/apps/default/glauth/app/config/groups.sops.toml deleted file mode 100644 index 028320eda..000000000 --- a/kubernetes/apps/default/glauth/app/config/groups.sops.toml +++ /dev/null @@ -1,20 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:s910tBBBfRjMxw3/W+Y8Wpm9ODOtWGb8MLQUgRbLLBIczBnZvuDUE6NrQnJAyK7H8sY0SqF2iYGbCKhbp/kFMe1zkB7Txi0EC81+vNCWMEzsKBWeB5HN7R/4LgwT19Ge0vXWYwfP4++Twiin/C5n8/KiPCqQDvcO92o96c5+zkWmvnayGYovmAuTkguSUDaPNJRffHZob7HOc9T9Tw==,iv:YoK+RSBsONPNzzyC6hJDTboz+MpoSv+nmjuypUyYVhk=,tag:UdUlrEe9yoOnFKBP1eSCXg==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvZFcremxrOFJCbU12ektL\na0kwajkzRDVkQlQ3ODN2R01LNDhONVRMcDFFCnI1Mk1EWGszSm4rU0Nra0J2VUFq\nTVc3UGU1NHpQZCtTdEI5OFpIVnNKRG8KLS0tIFg4WHNUVS9pTXQxb1k3V0xsd0lL\nV09lKy9nTzBBZ3QyRDByOUhYOUd5bUkK4IEvbv8gyFv3v40Iz6Gso7M1rTWBNKBW\nGJM4LaUoAM5gCSSjPeSB1ZLn7j226Qr2M65GxQiA/4xPpBaOgzguow==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-09-18T16:37:58Z", - "mac": "ENC[AES256_GCM,data:T0DB0qKA9BLT6pSud+WLeCTaYltvA19Uf2Klm/vsqCOXvtAVJVTWRMvE3OzcwTieJgBn4UOEaoUUEkpOo6T9ZKyqVzJ+Ir+RmYBkZZs08g86wPsUoMzEwmxQwz7rhaR/dqiNiWp7L0wE1ZbBg5gFpSj5WE8Hs0YJI4VZLFwVwfw=,iv:vSE1TboA1VknRr057d7ESWV8SvGGuNTbQnapieZvy7o=,tag:f2DSJqiBsjzBmexNo9U+ZA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} diff --git a/kubernetes/apps/default/glauth/app/config/server.sops.toml b/kubernetes/apps/default/glauth/app/config/server.sops.toml deleted file mode 100644 index 82dafb1fa..000000000 --- a/kubernetes/apps/default/glauth/app/config/server.sops.toml +++ /dev/null @@ -1,20 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:sD10DQPlSAMLFCyAUDpn/fDyZbDNenO9s0O+vqZ98JNJjfaP60vn6xHo0IbokHrqylq18L5TE1nJpNbqbmC0ZDNDtBeUaQ3rqxOB4vPCNHg/KVGQHR9MUhe+Eb0m6UuA8XGmv5Fuu0MZijrEL3UHPpB/FJWfLfu4TFzNQa/11FFC3g/wrFZhREH5M1a+LbG/bnCtIQg2PoOiUExyHOff6N9vncGIYX/KfV/HMY5Vg2LnMCdmaGM0Z4WShna2tUNBqD0s0ae0B0ag/qzAWYNgwudHwtHFzI1SZ6kqJgND1LkgfdasDJg=,iv:OJXBftveCPwQ376LaSvKyn9OY5YQYa1DZmSv8jmwQTo=,tag:OvtUyIFaPIz/kEOB3z7XoQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cy9WRWtkWGd0MjM4Mkpr\naFJTV1I3aDlqL201NU1TaXlTSldkT1ZVcUFvCnNWWi9JL0c0ZUpoTHhHaUNoVzNu\ndmhGK2lkTkNyc3NOb0M0ek5yKytYV00KLS0tIEcycXRqT2c0UUZaQUdraWJaS2Ey\nOG1HR1l0dUpuMXFvdVpocDJIOTV2N2MKZQckWtH/fmuoJMX7pcDqo3DAhm4JK5gG\n51+E61yqa285DwXlvDQoWyvyBewsgWjgcaA6dP9iIfkvY0eieICdIg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-12-19T21:22:57Z", - "mac": "ENC[AES256_GCM,data:7GtQ6VvSqoy14uhsvlEW13+75N02w09E7DktEkqlHpYv0NF7f9VyMZoNdsbk6h0BaUExNqycFRqv2Z+IjpVsBWSfVh3H5vOabhh/32U/NsxrXxU7L8IUi+U5a0MeelxeisNMc3PrWaHf+4nuRb7DfE4AsTcgi3AQB5URcr4sTYk=,iv:nxnGvnQCSvVMygJ4eWV33FscIptorIR24CXBP1FPPlU=,tag:zYf9Y494p2tjpfAZg4vXVQ==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} diff --git a/kubernetes/apps/default/glauth/app/config/users.sops.toml b/kubernetes/apps/default/glauth/app/config/users.sops.toml deleted file mode 100644 index ea500fc6f..000000000 --- a/kubernetes/apps/default/glauth/app/config/users.sops.toml +++ /dev/null @@ -1,20 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:q7pZXn6YGFKwKlEX+Iax8ZWoRkuK3a0HZlbKn/aDHpf9DCOpaJuxXpFL6hlkoKb3eoFBdjLHV2Yh+y6u+v/aPnLA9yaMuhZ9MDC0I6KF+5onRermWvtadiW/pmLLBd9fFBTxvKPni3sgHpZoZ7VZMRe6YZ88StsGJBX/cXjEZkOIO9S3GC28f3iNDKH5HGsYHUWyTn2osmOfrLahG5We3P9GeVTKgbnB6/OWC0lSRR+mmPc0yAjAXklTrGuk4zRV54qDoS8HdCO0FTq3Z83f6Qa3eoFDiOrm8yLCmXRqNGSoHoFrp7dnPzCna2SMAX7RBRCrOBRw+mijaxBrbMSp/2/5MqnJyJDz53ozUZog88Ywu595vfo3lEyJ7Qu/O1DX5aJTXKCPAvOIvAwSSFXfdKGmUAQrQvEP3VgpYnzGbuhnfPTJivXKpgc4vutvOH98itTquOq9KJdCOKcsd8gmBtOpPcMrUwA7jP1TV7eJIKhSN9YFt6jflTtqxfa9a4hB6FKXkXqJOrs9b4sT1iGi1bk9uVBF+3Ccc5X/JNRZ6Q6DSLYE5SkOZGOylsS4cjzjUcFSsnyNSfTwjca8SKLlc8bnPU0qFCOIVARIjKw8vMwedYKk0aiNTEa6vqShsGTUHVV/Lx7KqaVgayX+OjhUTzK4Wtrml2dvfoO4TePRmlg0AyeeqvJiIA+Fq9kaxsDkx63HSeK+0wjFH5HWThElycxVWozN6BAQ6EK4sPqrCdjfOpIAnv2YAazY647N8gcKd/OjvYM9lo0d3X0j/EiiFo3nq7ldggMJJRt9MmXVK3Ep31jjkqaeX9nljvMWsnFWwzXq/itPheEaKT3ch44PLPSFZu8NTMn0Xe4SoDaItbCAlXWjfGaLqBSGhVXCgXlzwx9ks75HntQ1zZMR151lU1RpnrZxB0g96uRAdkNBxYtxGkfqr/L4FjbDZSbLSm6JzV6hFgZZmfK4wsDJVG8dzT5/+1XNDfu9Ih2HCbh+upoNSQVzQhcHgtawpESP1v8OQr+t8KMmtVQGKLkCJAufabTI7Q==,iv:Y5jO9xDZwhvBfMUImMz6d9IksMpPCLKhzzrecbahp2Y=,tag:Bha5EyxQ3a7l+x/i0DsiaQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeDRMTnBlWXhEbXIrR0Fh\naFJXTEdWS0V3TCtmNFN1UFhGSXFLSExwNFRrCngzdVRhTG5LK2FWV2d3WTNvTTY5\nV0JrNWh0bGFaK0wvanZmL2dBSENkQkEKLS0tIHlVY2daMlVwNW8wMDRNNHN1RzdP\nRmsyY2NublJsWTRsRUJqYVlZTlRJS28Ky5QoK04bIpqAiHepeIS0FBVU+Kqn9IvY\nQ3yJxfye9EO1XJ60goxur9yzq3TNyGFykhvqVsizVBVuir1Ow3sLoQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-09-18T16:27:14Z", - "mac": "ENC[AES256_GCM,data:W77zbh5xtZPJC7nAuJ3LyZUlfQM9cmNJo6rBGnp34vxfA/H7m0OExHTaJkW+o0Zajk/3/zC9jwhmNRJdiQzd/k1M+a3q+DGOU2vt+On7Mo8mDfyuPOA6DvQnXf9ouwBPPkFjtn8t2Hb1cKvCLVdeMqRgz+x3MwJRbB2rB5YEY4o=,iv:+figksDMN3AP5+dD/gn9cE18HlgU8BOHtMtvaDEQUzs=,tag:9eo27jDtrFrqXWef5/T2nQ==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} diff --git a/kubernetes/apps/default/glauth/app/helmrelease.yaml b/kubernetes/apps/default/glauth/app/helmrelease.yaml deleted file mode 100644 index c51e83645..000000000 --- a/kubernetes/apps/default/glauth/app/helmrelease.yaml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app glauth - namespace: default -spec: - interval: 15m - chart: - spec: - chart: app-template - version: 1.5.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - maxHistory: 3 - install: - createNamespace: true - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - controller: - replicas: 1 - strategy: RollingUpdate - annotations: - reloader.stakater.com/auto: "true" - image: - repository: docker.io/glauth/glauth - tag: v2.2.0 - command: ["/app/glauth", "-c", "/config"] - service: - main: - ports: - http: - port: 5555 - ldap: - enabled: true - port: 8389 - podSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - fsGroupChangePolicy: "OnRootMismatch" - persistence: - config: - enabled: true - type: secret - name: glauth-secret - items: - - key: server.toml - path: server.toml - - key: groups.toml - path: groups.toml - - key: users.toml - path: users.toml - resources: - requests: - cpu: 15m - memory: 105Mi - limits: - memory: 105Mi diff --git a/kubernetes/apps/default/glauth/app/kustomization.yaml b/kubernetes/apps/default/glauth/app/kustomization.yaml deleted file mode 100644 index a354f8d2a..000000000 --- a/kubernetes/apps/default/glauth/app/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -resources: - - ./helmrelease.yaml -secretGenerator: - - name: glauth-secret - files: - - server.toml=./config/server.sops.toml - - groups.toml=./config/groups.sops.toml - - users.toml=./config/users.sops.toml -generatorOptions: - disableNameSuffixHash: true diff --git a/kubernetes/apps/default/glauth/ks.yaml b/kubernetes/apps/default/glauth/ks.yaml deleted file mode 100644 index 2c94fd9ae..000000000 --- a/kubernetes/apps/default/glauth/ks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cluster-apps-glauth - namespace: flux-system - labels: - substitution.flux.home.arpa/enabled: "true" -spec: - path: ./kubernetes/apps/default/glauth/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: glauth - namespace: default - interval: 30m - retryInterval: 1m - timeout: 3m diff --git a/kubernetes/apps/default/glauth/readme.md b/kubernetes/apps/default/glauth/readme.md deleted file mode 100644 index 1f45b6cb2..000000000 --- a/kubernetes/apps/default/glauth/readme.md +++ /dev/null @@ -1,88 +0,0 @@ -# glAuth - -## Repo configuration - -1. Add/Update `.vscode/extensions.json` - - ```json - { - "files.associations": { - "**/cluster/**/*.sops.toml": "plaintext" - } - } - ``` - -2. Add/Update `.gitattributes` - - ```text - *.sops.toml linguist-language=JSON - ``` - -3. Add/Update `.sops.yaml` - - ```yaml - - path_regex: cluster/.*\.sops\.toml - key_groups: - - age: - - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - ``` - -## App Configuration - -Below are the decrypted versions of the sops encrypted toml files. - -> `passbcrypt` can be generated [on CyberChef](https://gchq.github.io/CyberChef/#recipe=Bcrypt(12)To_Hex(%27None%27,0)) - -1. `server.sops.toml` - - ```toml - debug = true - [ldap] - enabled = true - listen = "0.0.0.0:389" - [ldaps] - enabled = false - [api] - enabled = true - tls = false - listen = "0.0.0.0:5555" - [backend] - datastore = "config" - baseDN = "dc=home,dc=arpa" - ``` - -2. `groups.sops.toml` - - ```toml - [[groups]] - name = "svcaccts" - gidnumber = 6500 - [[groups]] - name = "admins" - gidnumber = 6501 - [[groups]] - name = "people" - gidnumber = 6502 - ``` - -3. `users.sops.toml` - - ```toml - [[users]] - name = "search" - uidnumber = 5000 - primarygroup = 6500 - passbcrypt = "" - [[users.capabilities]] - action = "search" - object = "*" - [[users]] - name = "" - mail = "" - givenname = "" - sn = "" - uidnumber = - primarygroup = - othergroups = [ ] - passbcrypt = "" - ``` diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index a0fb247e5..025d38192 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -19,7 +19,6 @@ resources: - ./freshrss/ks.yaml - ./ghostfolio/ks.yaml - ./gitea/ks.yaml - - ./glauth/ks.yaml - ./hajimari/ks.yaml - ./home-assistant/ks.yaml - ./immich/ks.yaml