diff --git a/ansible/roles/truenas/templates/postgres/pg_hba.conf b/ansible/roles/truenas/templates/postgres/pg_hba.conf index cbd56690f..f60bd976a 100644 --- a/ansible/roles/truenas/templates/postgres/pg_hba.conf +++ b/ansible/roles/truenas/templates/postgres/pg_hba.conf @@ -89,6 +89,7 @@ local all all trust # IPv4 local connections: hostssl all all 0.0.0.0/0 scram-sha-256 +hostnossl joplin joplin 0.0.0.0/0 trust # IPv6 local connections: # Allow replication connections from localhost, by a user with the # replication privilege. diff --git a/cluster/apps/data/pgbackups/deployment.yaml b/cluster/apps/data/pgbackups/deployment.yaml index 697cae5ef..75cd77c4a 100644 --- a/cluster/apps/data/pgbackups/deployment.yaml +++ b/cluster/apps/data/pgbackups/deployment.yaml @@ -26,9 +26,9 @@ spec: image: ghcr.io/auricom/postgres-backup-local:v14.4@sha256:b70f8ca203b38240c87c86c2d95f86d1e8e1e62602ebe1e8fd5830c2376b889e env: - name: POSTGRES_HOST - value: postgresql-kube.data.svc.cluster.local. + value: postgres.${SECRET_DOMAIN} - name: POSTGRES_DB - value: authelia,drone,freshrss,gitea,hass,healthchecks,joplin,lychee,postgres,recipes,sharry,vaultwarden,vikunja,wallabag + value: authelia,freshrss,gitea,hass,healthchecks,joplin,lychee,recipes,sharry,vaultwarden,vikunja,wallabag - name: POSTGRES_USER value: postgres - name: POSTGRES_PASSWORD diff --git a/cluster/apps/data/vikunja/helm-release.yaml b/cluster/apps/data/vikunja/helm-release.yaml index 4dbe8e7ad..7701d4081 100644 --- a/cluster/apps/data/vikunja/helm-release.yaml +++ b/cluster/apps/data/vikunja/helm-release.yaml @@ -71,6 +71,8 @@ spec: value: vikunja - name: VIKUNJA_DATABASE_PASSWORD value: ${SECRET_VIKUNJA_PASSWORD} + - name: VIKUNJA_DATABASE_SSLMODE + value: verify-full volumeMounts: - name: files mountPath: /app/vikunja/files diff --git a/cluster/apps/development/gitea/helm-release.yaml b/cluster/apps/development/gitea/helm-release.yaml index bd7ec331d..f9acab5cc 100644 --- a/cluster/apps/development/gitea/helm-release.yaml +++ b/cluster/apps/development/gitea/helm-release.yaml @@ -43,6 +43,7 @@ spec: USER: gitea PASSWD: ${SECRET_GITEA_DB_PASSWORD} SCHEMA: public + SSL_MODE: verify-full server: SSH_PORT: 22 SSH_LISTEN_PORT: 30322 diff --git a/cluster/apps/networking/authelia/helm-release.yaml b/cluster/apps/networking/authelia/helm-release.yaml index dd0f21f4e..49de04cfe 100644 --- a/cluster/apps/networking/authelia/helm-release.yaml +++ b/cluster/apps/networking/authelia/helm-release.yaml @@ -130,6 +130,8 @@ spec: postgres: enabled: true host: postgres.${SECRET_DOMAIN} + ssl: + mode: verify-full notifier: smtp: diff --git a/cluster/configuration/secrets/cluster-secrets.sops.yaml b/cluster/configuration/secrets/cluster-secrets.sops.yaml index 93a2286ef..b424bb115 100644 --- a/cluster/configuration/secrets/cluster-secrets.sops.yaml +++ b/cluster/configuration/secrets/cluster-secrets.sops.yaml @@ -33,7 +33,7 @@ stringData: SECRET_GITEA_ADMIN_PASSWORD: ENC[AES256_GCM,data:w1BcZzMeLqEMVFdX94c=,iv:bc4IaH9YXvRQTW38Rb1tySKx9/1npWtqI2DtS0y/p3w=,tag:X3hyHEhbGNJcYaH2yWMQNQ==,type:str] SECRET_GITEA_API_TOKEN: ENC[AES256_GCM,data:Xsk9tJLyy6LaoGdIhIQ0rrbu4qREg5fKWJ0KDp7f4qPme7Q1Iha7YA==,iv:uHcaLAaQ/l737UMTzjX3okEAba7gxrowMDu/GO98FnM=,tag:4rKcU+z1sqnDcZoZ+9Zqxg==,type:str] SECRET_GITEA_DB_PASSWORD: ENC[AES256_GCM,data:1Nol+xY5U6bwK5OpCII=,iv:309gSLUAMPpou+D1+MqjaPXxz7fWPnJVV0y3irmQe68=,tag:NIAbD7cLSFJ3Na64H9PV7A==,type:str] - SECRET_HASS_DB_URL: ENC[AES256_GCM,data:wUWfq0pREQNNYVeHBpYRID/G9iwqgDOyVKixaB5s4Syl7S+SLg2j2sELh0egOuBk7MLwjfry+5v5G+E8fz/6aVhpckQ/cqypIdgE4aHZOA==,iv:PjMiM8MX/jXIS48K7s51ikcPmUdG3C9Pg5Cy5HPdRnE=,tag:UA2QbdBsE7MP+NnH+U3Dcw==,type:str] + SECRET_HASS_DB_URL: ENC[AES256_GCM,data:Rrq3O82kQksrHzBlH/+iVFoyOGUNkvwO0PQa6wKWCjR9u4niYEFgy0q7pkU8VhF250GASrM2B+pGfio0+IfgAS1OHJdWIeqwA9N1Lw==,iv:YvdgnaSVhwFqB80wgbk5dhbri6BWV23wOFw7A7yvr+w=,tag:3+8heFgAELFJy/6HKWOFyA==,type:str] SECRET_HASS_LATITUDE: ENC[AES256_GCM,data:t3MRZlv84+0w0oNAYPl9XsQ=,iv:4Res2auWXUXGNBgbg6nhv347oFOKD5v2c4901u6Cxis=,tag:DrYJmj14uL902BGqSuyGtA==,type:str] SECRET_HASS_LONGITUDE: ENC[AES256_GCM,data:4oVXOt3rIcGoG4hw2rmdlFg=,iv:o9xgLwOqmFf6lKmemdnsHoII3IkJ5/8kTVqYEyz9cTI=,tag:cWgo7COp7macBiQJm/Me9A==,type:str] SECRET_HASS_ELEVATION: ENC[AES256_GCM,data:hzc=,iv:xoLUrHGxKl8io37Xus6aLPdS8F0E820v2Syj9SRKME4=,tag:KDJl+51oIuk+uamy+WkX9g==,type:str] @@ -90,8 +90,8 @@ sops: WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-08-12T19:11:54Z" - mac: ENC[AES256_GCM,data:uWLn8NZsHqchz2FRAZWG/yPu66kjdsjwe00yawFTRhxOA0z9yDDF/qlP6k5Z4iSKCtkAQnSAvJ+gC4vNhntPRmKs9cxRGYTV8F2QYkcNYEhljQU7PlFSh3aAmEnDAalfP5mBOt8KuoM882ODR/SViIlAzFz7SVAbJ6iUFCDcB9Y=,iv:pKAuC793buRG+FdlR5MF4MdrenNyfu+NWJMYN0ljNz0=,tag:WawTEjwbvmq1/9NA/TGZmg==,type:str] + lastmodified: "2022-08-13T21:28:30Z" + mac: ENC[AES256_GCM,data:hXrnsxv4jADgRxfma/oFv1EfxKtslCLWzJdAWiTcqtLu6J6q37xkTDEPdA47PNamMY9hd3H2H6wKClF4XXYpCs4EHYpdGlu/F5UFT5IKp4kLNead/Symo+I/9KrJXS+npgIwxM7lb2hNJAYKuY4kAH/Xs1nYjzSj+cbs1mfUh7s=,iv:dpyz4bdjeiOdsEptWInvDXNYf4Oew9vSnm2jZ464cfA=,tag:RDA7+duS0PFrjWbvk1OEBA==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3