chore: vars

2025-09-17 18:24:14 +02:00 · 2024-05-13 21:31:18 +02:00
parent d3d6cb4b24
commit dfae7dc573
10 changed files with 15 additions and 13 deletions
--- a/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml
+++ b/kubernetes/apps/database/cloudnative-pg/cluster/cluster16.yaml
@@ -38,7 +38,7 @@ spec:
        compression: bzip2
        maxParallel: 8
      destinationPath: s3://postgresql/
-      endpointURL: https://s3.feisar.ovh
+      endpointURL: https://s3.${SECRET_INTERNAL_DOMAIN}
      # Note: serverName version needs to be inclemented
      # when recovering from an existing cnpg cluster
      serverName: postgres16-v3
@@ -58,7 +58,7 @@ spec:
  #   - name: postgres16-v2
  #     barmanObjectStore:
  #       destinationPath: s3://postgresql/
-  #       endpointURL: https://s3.feisar.ovh
+  #       endpointURL: https://s3.${SECRET_INTERNAL_DOMAIN}
  #       s3Credentials:
  #         accessKeyId:
  #           name: cloudnative-pg-secret
--- a/kubernetes/apps/default/hajimari/app/helmrelease.yaml
+++ b/kubernetes/apps/default/hajimari/app/helmrelease.yaml
@@ -67,7 +67,7 @@ spec:
              url: "https://truenas-remote.${SECRET_DOMAIN}"
            - name: minio
              icon: mdi:aws
-              url: "https://s3.feisar.ovh"
+              url: "https://s3.${SECRET_INTERNAL_DOMAIN}"
            - name: pikvm
              icon: mdi:ip-network
              url: "https://pikvm.${SECRET_DOMAIN}"
--- a/kubernetes/apps/default/homelab/minio/backup/rclone.conf
+++ b/kubernetes/apps/default/homelab/minio/backup/rclone.conf
@@ -3,7 +3,7 @@ type = s3
 provider = Minio
 access_key_id = __RCLONE_ACCESS_ID__
 secret_access_key = __RCLONE_SECRET_KEY__
-endpoint = https://s3.feisar.ovh
+endpoint = https://s3.${SECRET_INTERNAL_DOMAIN}
 acl = private

 [gdrive-homelab-backups]
--- a/kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml
+++ b/kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml
@@ -41,8 +41,8 @@ spec:
              tag: 1.29.2@sha256:693ced2697bb7c7349419d4035a62bd474fc41710675b344f71773d8a687dfc3
            command: [/bin/bash, /app/opnsense-backup.sh]
            env:
-              OPNSENSE_URL: "https://opnsense.feisar.ovh"
-              S3_URL: "https://s3.feisar.ovh"
+              OPNSENSE_URL: "https://opnsense.${SECRET_INTERNAL_DOMAIN}"
+              S3_URL: "https://s3.${SECRET_INTERNAL_DOMAIN}"
            envFrom:
              - secretRef:
                  name: homelab-opnsense-secret
--- a/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh
+++ b/kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh
@@ -44,7 +44,7 @@ curl -fsSL \
    -H "Date: ${http_request_date}" \
    -H "Content-Type: ${http_content_type}" \
    -H "Authorization: AWS ${AWS_ACCESS_KEY_ID}:${http_signature}" \
-    "https://s3.feisar.ovh/${http_filepath}"
+    "https://s3.${SECRET_INTERNAL_DOMAIN}/${http_filepath}"

 rm /tmp/backup-*.tar

--- a/kubernetes/apps/default/outline/app/helmrelease.yaml
+++ b/kubernetes/apps/default/outline/app/helmrelease.yaml
@@ -53,7 +53,7 @@ spec:
              AWS_S3_ACL: private
              AWS_S3_FORCE_PATH_STYLE: "true"
              AWS_S3_UPLOAD_BUCKET_NAME: outline
-              AWS_S3_UPLOAD_BUCKET_URL: "https://s3.feisar.ovh"
+              AWS_S3_UPLOAD_BUCKET_URL: "https://s3.${SECRET_INTERNAL_DOMAIN}"
              ENABLE_UPDATES: "false"
              FILE_STORAGE_UPLOAD_MAX_SIZE: "26214400"
              OIDC_AUTH_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization"
--- a/kubernetes/apps/default/sharry/app/config/sharry.conf
+++ b/kubernetes/apps/default/sharry/app/config/sharry.conf
@@ -33,7 +33,7 @@ sharry.restserver {
        minio =
          { enabled = true
            type = "s3"
-            endpoint = "https://s3.feisar.ovh"
+            endpoint = "https://s3.${SECRET_INTERNAL_DOMAIN}"
            access-key = "${SECRET_SHARRY_MINIO_S3_ACCESS_KEY}"
            secret-key = "${SECRET_SHARRY_MINIO_S3_SECRET_KEY}"
            bucket = "sharry"
--- a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
@@ -35,7 +35,7 @@ spec:
      type: s3
      config:
        bucket: thanos
-        endpoint: "s3.feisar.ovh"
+        endpoint: "s3.${SECRET_INTERNAL_DOMAIN}"
        region: ""
        # insecure: true
    query:
--- a/kubernetes/flux/vars/cluster-secrets.sops.yaml
+++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml
@@ -8,6 +8,8 @@ stringData:
    SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:hWobTs6NA15tpKWe5gOijZQ/g04=,iv:+AHLg4o03aoZYQtamlfKnZXVlwy36+8NrwLhnL1ayHo=,tag:0vGWliDmkhsevARDdJzZ+g==,type:str]
    SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str]
    SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str]
+    SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:Brd9H7gizPxew+4=,iv:YaIxv9TFF0mAks9gJXwXA1N7b8k5mcSJ6hs9lpaUV/M=,tag:8xdRoWun3IUVywagpsrsBw==,type:str]
+    SECRET_INTERNAL_DOMAIN: ENC[AES256_GCM,data:WLuQAi9JsUsD5Q==,iv:Zc+5/rQONxepZFVC/ia01aBdlVyG99thOeIipeAVS3E=,tag:FwwjDKoUMfZ/taFPRRThOQ==,type:str]
    SECRET_CLUSTER_DOMAIN: ENC[AES256_GCM,data:Go+HZnPQCW5GKPqRB0MnmQ==,iv:bUGmzu42TVxhF94pGZuEi++A5a72wgGmWbOjmgau6Cg=,tag:eUIyZ/wcsOXYamTgiQYMjA==,type:str]
    SECRET_CROWDSEC_NGINX_BOUNCER_API_KEY: ENC[AES256_GCM,data:ecukkFOK40WWIxJ48sXrxJUBaHx2BnzqxkIT+cXYZg4=,iv:y6AfslVPufBfrIL3GQqTw0cDAan64mB9J7RY9OzKQqw=,tag:+V4Rgz26wey2UtA32S0PJQ==,type:str]
    SECRET_KOMF_MAL_CLIENT_ID: ENC[AES256_GCM,data:HuKHFrICgCj6nbcbix8u7qGeggFmmKht7Elk9dINZtE=,iv:c3mqFdFkIO9dctZ3ooPh4ajOZaY0ZudEeNWbG+lryPI=,tag:jWG2+pgkAf/XUgJyUvdrNg==,type:str]
@@ -34,8 +36,8 @@ sops:
            WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
            pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-25T12:43:03Z"
-    mac: ENC[AES256_GCM,data:FzVjgPUIKsx1EQzfUGtCdCohAqnjgPrF+N8hfTIBBaqktFGBBuQNFRwp6d8UaTPXluX+RJ6JUh9jU6nvd/DEe7rWitWsQco8LNtVAmCW9QMwX59UCPlfZPg3MCNMjUBy9C/kyJjkkxSRo4szO+JivCx1cLHVEhDZZ+7sIWZAjdI=,iv:ZWyVJUGwmQ8inCLqFNyftQaxjq/uTzu52Q22dNHUEJ4=,tag:TWF+iWww/Mnxr+jA48v5jA==,type:str]
+    lastmodified: "2024-05-13T19:25:25Z"
+    mac: ENC[AES256_GCM,data:II+IEFKhi740xrv8uA8Gu0F39X+KGRlT+0egVrnNkvfLNeSV85YAB+F/PXo4MmfdeK9b/EN0C6z2Wms6NOpUQ76g8E/xJ7GG6OqIhQM5Q+jqahD2PZMYgo62Efwq17zzUz2WqUbt6eM5H03dhRv/Da+WUtdijv2d7cMnTxEpqh8=,iv:kRY9Fhh+upvyexhxJjmy2PJvvwEtAO58JQHblXF/4Jw=,tag:boWsM6Ii4rPo+i0sXabWdA==,type:str]
    pgp: []
    encrypted_regex: ^(data|stringData)$
    version: 3.8.1
--- a/kubernetes/templates/volsync/minio.yaml
+++ b/kubernetes/templates/volsync/minio.yaml
@@ -13,7 +13,7 @@ spec:
    template:
      engineVersion: v2
      data:
-        RESTIC_REPOSITORY: s3:https://s3.feisar.ovh/volsync
+        RESTIC_REPOSITORY: s3:https://s3.${SECRET_INTERNAL_DOMAIN}/volsync
        RESTIC_PASSWORD: "{{ .RESTIC_PASSWORD }}"
        AWS_ACCESS_KEY_ID: "{{ .AWS_ACCESS_KEY_ID }}"
        AWS_SECRET_ACCESS_KEY: "{{ .AWS_SECRET_ACCESS_KEY }}"