From dfae7dc573fb4d3a106612bcc1f7a5e392b6c23d Mon Sep 17 00:00:00 2001
From: auricom <27022259+auricom@users.noreply.github.com>
Date: Mon, 13 May 2024 21:31:18 +0200
Subject: [PATCH] chore: vars

---
 .../apps/database/cloudnative-pg/cluster/cluster16.yaml     | 4 ++--
 kubernetes/apps/default/hajimari/app/helmrelease.yaml       | 2 +-
 kubernetes/apps/default/homelab/minio/backup/rclone.conf    | 2 +-
 .../apps/default/homelab/opnsense/backup/helmrelease.yaml   | 4 ++--
 .../apps/default/homelab/truenas/backup/truenas-backup.sh   | 2 +-
 kubernetes/apps/default/outline/app/helmrelease.yaml        | 2 +-
 kubernetes/apps/default/sharry/app/config/sharry.conf       | 2 +-
 kubernetes/apps/monitoring/thanos/app/helmrelease.yaml      | 2 +-
 kubernetes/flux/vars/cluster-secrets.sops.yaml              | 6 ++++--
 kubernetes/templates/volsync/minio.yaml                     | 2 +-
 10 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml b/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml
index 0a5a3b814..93804e27a 100644
--- a/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml
+++ b/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml
@@ -38,7 +38,7 @@ spec:
         compression: bzip2
         maxParallel: 8
       destinationPath: s3://postgresql/
-      endpointURL: https://s3.feisar.ovh
+      endpointURL: https://s3.${SECRET_INTERNAL_DOMAIN}
       # Note: serverName version needs to be inclemented
       # when recovering from an existing cnpg cluster
       serverName: postgres16-v3
@@ -58,7 +58,7 @@ spec:
   #   - name: postgres16-v2
   #     barmanObjectStore:
   #       destinationPath: s3://postgresql/
-  #       endpointURL: https://s3.feisar.ovh
+  #       endpointURL: https://s3.${SECRET_INTERNAL_DOMAIN}
   #       s3Credentials:
   #         accessKeyId:
   #           name: cloudnative-pg-secret
diff --git a/kubernetes/apps/default/hajimari/app/helmrelease.yaml b/kubernetes/apps/default/hajimari/app/helmrelease.yaml
index e07b92c6f..e5c12f2b5 100644
--- a/kubernetes/apps/default/hajimari/app/helmrelease.yaml
+++ b/kubernetes/apps/default/hajimari/app/helmrelease.yaml
@@ -67,7 +67,7 @@ spec:
               url: "https://truenas-remote.${SECRET_DOMAIN}"
             - name: minio
               icon: mdi:aws
-              url: "https://s3.feisar.ovh"
+              url: "https://s3.${SECRET_INTERNAL_DOMAIN}"
             - name: pikvm
               icon: mdi:ip-network
               url: "https://pikvm.${SECRET_DOMAIN}"
diff --git a/kubernetes/apps/default/homelab/minio/backup/rclone.conf b/kubernetes/apps/default/homelab/minio/backup/rclone.conf
index 5f32e7904..201dca5e2 100644
--- a/kubernetes/apps/default/homelab/minio/backup/rclone.conf
+++ b/kubernetes/apps/default/homelab/minio/backup/rclone.conf
@@ -3,7 +3,7 @@ type = s3
 provider = Minio
 access_key_id = __RCLONE_ACCESS_ID__
 secret_access_key = __RCLONE_SECRET_KEY__
-endpoint = https://s3.feisar.ovh
+endpoint = https://s3.${SECRET_INTERNAL_DOMAIN}
 acl = private
 
 [gdrive-homelab-backups]
diff --git a/kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml b/kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml
index 70ce19550..a32a2e922 100644
--- a/kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml
+++ b/kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml
@@ -41,8 +41,8 @@ spec:
               tag: 1.29.2@sha256:693ced2697bb7c7349419d4035a62bd474fc41710675b344f71773d8a687dfc3
             command: [/bin/bash, /app/opnsense-backup.sh]
             env:
-              OPNSENSE_URL: "https://opnsense.feisar.ovh"
-              S3_URL: "https://s3.feisar.ovh"
+              OPNSENSE_URL: "https://opnsense.${SECRET_INTERNAL_DOMAIN}"
+              S3_URL: "https://s3.${SECRET_INTERNAL_DOMAIN}"
             envFrom:
               - secretRef:
                   name: homelab-opnsense-secret
diff --git a/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh b/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh
index a35e74b1d..afa4db841 100755
--- a/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh
+++ b/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh
@@ -44,7 +44,7 @@ curl -fsSL \
     -H "Date: ${http_request_date}" \
     -H "Content-Type: ${http_content_type}" \
     -H "Authorization: AWS ${AWS_ACCESS_KEY_ID}:${http_signature}" \
-    "https://s3.feisar.ovh/${http_filepath}"
+    "https://s3.${SECRET_INTERNAL_DOMAIN}/${http_filepath}"
 
 rm /tmp/backup-*.tar
 
diff --git a/kubernetes/apps/default/outline/app/helmrelease.yaml b/kubernetes/apps/default/outline/app/helmrelease.yaml
index 969893281..69af47924 100644
--- a/kubernetes/apps/default/outline/app/helmrelease.yaml
+++ b/kubernetes/apps/default/outline/app/helmrelease.yaml
@@ -53,7 +53,7 @@ spec:
               AWS_S3_ACL: private
               AWS_S3_FORCE_PATH_STYLE: "true"
               AWS_S3_UPLOAD_BUCKET_NAME: outline
-              AWS_S3_UPLOAD_BUCKET_URL: "https://s3.feisar.ovh"
+              AWS_S3_UPLOAD_BUCKET_URL: "https://s3.${SECRET_INTERNAL_DOMAIN}"
               ENABLE_UPDATES: "false"
               FILE_STORAGE_UPLOAD_MAX_SIZE: "26214400"
               OIDC_AUTH_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization"
diff --git a/kubernetes/apps/default/sharry/app/config/sharry.conf b/kubernetes/apps/default/sharry/app/config/sharry.conf
index 62b71f994..189a3db17 100644
--- a/kubernetes/apps/default/sharry/app/config/sharry.conf
+++ b/kubernetes/apps/default/sharry/app/config/sharry.conf
@@ -33,7 +33,7 @@ sharry.restserver {
         minio =
           { enabled = true
             type = "s3"
-            endpoint = "https://s3.feisar.ovh"
+            endpoint = "https://s3.${SECRET_INTERNAL_DOMAIN}"
             access-key = "${SECRET_SHARRY_MINIO_S3_ACCESS_KEY}"
             secret-key = "${SECRET_SHARRY_MINIO_S3_SECRET_KEY}"
             bucket = "sharry"
diff --git a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
index 4c7ffc843..b2b49bde0 100644
--- a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
@@ -35,7 +35,7 @@ spec:
       type: s3
       config:
         bucket: thanos
-        endpoint: "s3.feisar.ovh"
+        endpoint: "s3.${SECRET_INTERNAL_DOMAIN}"
         region: ""
         # insecure: true
     query:
diff --git a/kubernetes/flux/vars/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml
index 46ae05417..9e7e68e9c 100644
--- a/kubernetes/flux/vars/cluster-secrets.sops.yaml
+++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml
@@ -8,6 +8,8 @@ stringData:
     SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:hWobTs6NA15tpKWe5gOijZQ/g04=,iv:+AHLg4o03aoZYQtamlfKnZXVlwy36+8NrwLhnL1ayHo=,tag:0vGWliDmkhsevARDdJzZ+g==,type:str]
     SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str]
     SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str]
+    SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:Brd9H7gizPxew+4=,iv:YaIxv9TFF0mAks9gJXwXA1N7b8k5mcSJ6hs9lpaUV/M=,tag:8xdRoWun3IUVywagpsrsBw==,type:str]
+    SECRET_INTERNAL_DOMAIN: ENC[AES256_GCM,data:WLuQAi9JsUsD5Q==,iv:Zc+5/rQONxepZFVC/ia01aBdlVyG99thOeIipeAVS3E=,tag:FwwjDKoUMfZ/taFPRRThOQ==,type:str]
     SECRET_CLUSTER_DOMAIN: ENC[AES256_GCM,data:Go+HZnPQCW5GKPqRB0MnmQ==,iv:bUGmzu42TVxhF94pGZuEi++A5a72wgGmWbOjmgau6Cg=,tag:eUIyZ/wcsOXYamTgiQYMjA==,type:str]
     SECRET_CROWDSEC_NGINX_BOUNCER_API_KEY: ENC[AES256_GCM,data:ecukkFOK40WWIxJ48sXrxJUBaHx2BnzqxkIT+cXYZg4=,iv:y6AfslVPufBfrIL3GQqTw0cDAan64mB9J7RY9OzKQqw=,tag:+V4Rgz26wey2UtA32S0PJQ==,type:str]
     SECRET_KOMF_MAL_CLIENT_ID: ENC[AES256_GCM,data:HuKHFrICgCj6nbcbix8u7qGeggFmmKht7Elk9dINZtE=,iv:c3mqFdFkIO9dctZ3ooPh4ajOZaY0ZudEeNWbG+lryPI=,tag:jWG2+pgkAf/XUgJyUvdrNg==,type:str]
@@ -34,8 +36,8 @@ sops:
             WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
             pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-25T12:43:03Z"
-    mac: ENC[AES256_GCM,data:FzVjgPUIKsx1EQzfUGtCdCohAqnjgPrF+N8hfTIBBaqktFGBBuQNFRwp6d8UaTPXluX+RJ6JUh9jU6nvd/DEe7rWitWsQco8LNtVAmCW9QMwX59UCPlfZPg3MCNMjUBy9C/kyJjkkxSRo4szO+JivCx1cLHVEhDZZ+7sIWZAjdI=,iv:ZWyVJUGwmQ8inCLqFNyftQaxjq/uTzu52Q22dNHUEJ4=,tag:TWF+iWww/Mnxr+jA48v5jA==,type:str]
+    lastmodified: "2024-05-13T19:25:25Z"
+    mac: ENC[AES256_GCM,data:II+IEFKhi740xrv8uA8Gu0F39X+KGRlT+0egVrnNkvfLNeSV85YAB+F/PXo4MmfdeK9b/EN0C6z2Wms6NOpUQ76g8E/xJ7GG6OqIhQM5Q+jqahD2PZMYgo62Efwq17zzUz2WqUbt6eM5H03dhRv/Da+WUtdijv2d7cMnTxEpqh8=,iv:kRY9Fhh+upvyexhxJjmy2PJvvwEtAO58JQHblXF/4Jw=,tag:boWsM6Ii4rPo+i0sXabWdA==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.8.1
diff --git a/kubernetes/templates/volsync/minio.yaml b/kubernetes/templates/volsync/minio.yaml
index 9132104c6..c9b4d7d96 100644
--- a/kubernetes/templates/volsync/minio.yaml
+++ b/kubernetes/templates/volsync/minio.yaml
@@ -13,7 +13,7 @@ spec:
     template:
       engineVersion: v2
       data:
-        RESTIC_REPOSITORY: s3:https://s3.feisar.ovh/volsync
+        RESTIC_REPOSITORY: s3:https://s3.${SECRET_INTERNAL_DOMAIN}/volsync
         RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
         AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
         AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"