diff --git a/cluster/apps/development/gitea/backup-job.yaml b/cluster/apps/development/gitea/backup-job.yaml index a79d12661..3cc088bce 100644 --- a/cluster/apps/development/gitea/backup-job.yaml +++ b/cluster/apps/development/gitea/backup-job.yaml @@ -16,6 +16,12 @@ spec: - name: gitea-repositories-backup image: ghcr.io/auricom/kubectl:v1.25.0@sha256:ee2a4883c68adf439fe76a8102261a29cdff34c427822a08bafe264d8dbd09be imagePullPolicy: IfNotPresent + env: + - name: ENV_GITEA_API_TOKEN + valueFrom: + secretKeyRef: + name: gitea-config + key: apiToken command: - "bin/sh" - "-ec" @@ -33,7 +39,7 @@ spec: WORK_DIR="/mnt/storage/backups/apps/gitea" - ORGANISATIONS=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/orgs" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].username) + ORGANISATIONS=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/orgs" --header "Authorization: Bearer ${ENV_GITEA_API_TOKEN}" | jq --raw-output .[].username) ORGANISATIONS+=" auricom" for org in $ORGANISATIONS @@ -44,7 +50,7 @@ spec: else keyword="orgs" fi - REPOSITORIES=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/$keyword/$org/repos?limit=1000" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].name) + REPOSITORIES=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/$keyword/$org/repos?limit=1000" --header "Authorization: Bearer ${ENV_GITEA_API_TOKEN}" | jq --raw-output .[].name) for repo in $REPOSITORIES do if [ -d "$WORK_DIR/$org/$repo" ]; then diff --git a/cluster/apps/development/gitea/helm-release.yaml b/cluster/apps/development/gitea/helm-release.yaml index 3f5893bc4..dd78416dd 100644 --- a/cluster/apps/development/gitea/helm-release.yaml +++ b/cluster/apps/development/gitea/helm-release.yaml @@ -42,7 +42,6 @@ spec: HOST: postgres.${SECRET_DOMAIN}:5432 NAME: gitea USER: gitea - PASSWD: ${SECRET_GITEA_DB_PASSWORD} SCHEMA: public SSL_MODE: verify-full server: @@ -143,6 +142,10 @@ spec: kind: Secret name: gitea-config valuesKey: minioSecretAccessKey + - targetPath: gitea.config.database.PASSWD + kind: Secret + name: gitea-config + valuesKey: dbPassword - targetPath: gitea.config.storage.MINIO_ACCESS_KEY_ID kind: Secret name: gitea-config diff --git a/cluster/apps/development/gitea/secret.sops.yaml b/cluster/apps/development/gitea/secret.sops.yaml index 155820f9c..c757012ec 100644 --- a/cluster/apps/development/gitea/secret.sops.yaml +++ b/cluster/apps/development/gitea/secret.sops.yaml @@ -7,6 +7,8 @@ metadata: stringData: adminEmail: ENC[AES256_GCM,data:KUhhtTXAU/lcKVsuy3tF+QjgRk8m,iv:goqGhOEkpbnYa6uELXYfdQjCdKPOW2KGAjb4cfdHrn0=,tag:SFENNvmSkEfcAgat/BHksg==,type:str] adminPassword: ENC[AES256_GCM,data:SMR6vlFSysGv7iG+zjk=,iv:PtceAzAWR1nc8nACAYSOe+19evR9+orQa9DRzbcXU4U=,tag:Rq+3Ua0XhOzsnFw6/OdY4A==,type:str] + apiToken: ENC[AES256_GCM,data:k8bgQ2Rkj2rzTIk79lh3QSeJF79kQ/10K8qmdSkLedA9+0TrWe4fDA==,iv:1kl+kcBqreGZ8op35Tg9wQZOLNDSb2Gtd3OFEBYqdTk=,tag:sHX/QSr2FZBngXaPLfhhAw==,type:str] + dbPassword: ENC[AES256_GCM,data:h/qQ43+3E9DfSlY6eww=,iv:ppvnc3A4binyLwnNuEPzmQCyc11RUSZ9cSw0cRYjLdI=,tag:iBXRYFPBCn4AdkdoRZK4eg==,type:str] minioAccessKeyId: ENC[AES256_GCM,data:Gh41eINrkyjgEpTO5O+5lPWNPd8=,iv:XFH3RvyJwUEtszqtKVjLtMxTamPHPx4Aqi0PqsUmDCQ=,tag:abNj9gjgSlPJFsS9DBs+gw==,type:str] minioSecretAccessKey: ENC[AES256_GCM,data:ZiCMwvRnVavI62F7+OIDoYEOSvM9Jfh1eqJGbJjOR+GiC2YXw7T4+A==,iv:bbCaIOXhwrCFqiu8AQ1qyWzE+yuTotCjJgaK14qC1Qs=,tag:ZESnmDhsgqffe1rdKoVStQ==,type:str] deployment_rsa_priv_key: ENC[AES256_GCM,data:3Olhz6VZ6oI18hwCUDIHNLUEMM7PnGIcDDTCtX7sb6+yOmmW8cyKfZo2Ks6c4pEXJjWQ0JpvIYd/JMP53Noyb62H2+JAlcnIYgivJYpKmZ2fFD5i9Nyg+a91w6xkwwfBHEO6BBGAM4j3wARfFqLo4xqQFgf0/2DEUMVwHgXP6JGuqik+fOTHFRP66fQ16m+p+3iig1cvMvkjN7y/KmuBgT8w3VBJ6xukb/rC3mx+h5KIhoMfi+aBXi/SI7hUvnDPmaJs2Q/QlpcudQQHEYC51df0uGEeJaM/136+BON6B8fi2xUw1y/zYPJFabZg3b5Y7KRxKrDUJyOclaXEi8ZI+1Wz64KJ3Zhb7bITNLX7iIMuE2bQZq574xJre5HH/aI6/VAwLIKOFAV/l+WadfEh+1mbmoGRhjC3Ylin01mC9/z+8dxnG5sX+DvGzG7EiwoApIHpEZ4n7DZThi9xR1RSfYCqG5K9D3q+RpsnVoi6busJbevJ9U7fb0Yq7iiZfv+iiZc8HmEWyAy6r967oUGNss8VF/ahucP4uAE6nzTVadOSLc/UyS/jeil593SSn62h2hDYPuDxP/M3odiI40m0kCMuLNdIxFDl8xXNtSNy5nUmdlP/Ez9ach5Zigw+gJaeK/CVhr2e6TFkzfcYri7ryOVVNmoFw6hr66TXGjiwHATj6Ucpm0OLS1C2GP/G5FGqpdbYMTxe6JCOQggnBXLe3v5Dtr2Qrp49yA8UxLG5Ksxxd19Q1uaudWbc4S/Lg6gfey7IkuaMQ6zGIAE8vMNnKHdx0XBqKwBpwajCsFXDCrTnAs6YyST1KXHm/YmRep5KcMMuUk3UhE6TwAYTNK9SHSwXHOxaRETrVnf1XEzg7GATomW7U3Gp4v4OAnZy2T/7NJ1EfhQiMjw4J3RKN7bswITmfhLamXwDk6tiVGv9pQdsAEtr0+A5kKXV2kNXGfZ5U1Uv0wdcAhXxYnc0TaFmQ2J95Kljl/O+SYFxv3UyvQs4O1JQdeXVIrqpRzGtMRQHaPpaT0FMlk5ntShRQhGYZEoHknKw0cniajNpfCC6pqNEGbcL6PhROx9X2AK59YveX4g2z2jEhfrzb/eRow2Ha5gubmMGnwiV07wwzEe5VQCwDQgdcAc8l2bbkpgcws8RCg342towNRwjq81fqWX+hWsufXxIip9PX+AQsAcBpbdfcAEbcxLQLhkxCqA23+k+Ih8Yt/4qqKCT7QMyiJgRmigaXW5J61lVSuRjU2gQfGOqjtqQc23K6bUzrzgGiymWJEMMwKOJuxJiKk7uTs2xowmiSgFsfFdsiD+3UzOX5Fh6Y0OV858oXpzx/vD8J9RwrLnsV36xfeXPX1yh8UoCc0ZeVyvvWvXIa942RSDXtvgt86Y4kT/uTIEKrikReCD1K+1BdE8bwaMHakrKYrRwbauQM3S2SV17/XC6t8A1f4vu8/vV5Ir1oge2tFI/pJU6AqF/k7Lit1JTWXf1qiXxAxFEJJDzuwABWLQKvw1QUBHQiR/Kq5myDN589qSU5/C2zh1zq8k7BE54NR1ZyCAnIkmbZNMEMBNMArr44DbTgm5tiGhCh+OgJD/5DUGi1+E6a4IqoMzgvh3ToHAKveSz3mRQwhXx7RJH4WFkcGBVUaQohg2YlqIQilb1NFHwG5UFnoXlVPY0VpIhyoFCfvg2X/L1UmfpU7V9OpKHOcMFQ0A7YIGXgp/nGVZZchuOcuiwkF5z/GTI14RZOiBFh5P2LR3pa56j4P4PrhWV5mGgAkdfDvh0DY0yWRTzjo0piZPBCnLf/hUn8rpT9T8xIqz0EDoH3pHRR/VKgGxFOcgRecSD+fTnYFGUEi4akcBT5Lgm11/c3VNbO3/nZq6dlTxbjT8/VGOps/tPWPHUUbf/8U1NTD46zjbRGWEjod7Pwnz1hFxU3ql0KBDBhS/J+0kSmz98CPmeS8uW0OCKPFvIoPYJhr9CsxJNVEiW2+pd/WabvlIeOXtmQKjjwvmQaW77FTkKVP8Y0+9qH8Ln4M9h4QrP69YHGBtt3oIej5MUDCoZ+ut1L7ikEHbuOEb1c1a2z0PdzooudgT+NMhcBlGCpoUiC9ZcspOJn+nU6IBkJ2Sjyfl/BrMTBmJ+rs3suoEY3NvA4gWRU9xevNKpjqNRtxiYLll1JZl43lJL5RkG4bXb5JK4nSwJfADu6aIhWL2IjpFYd93A4lg19jf3nVpcazxFXcYY7UpYDhOb7fbWYmI6xV+AX52SwTKRM9fLK7j0EWx/fo0SfdZUNl4T/dtPsqe8Te/ZzkQlHA8tbC5kQeEJxGw72lvjMHNq4Fv0hVZ7r4gEFZhiPlciYG9cOwG1A2GifGthy+1fsCnKxNBx/5Cf+1OOz8AY7ZL9ECSPOrK3zlpXC6P6HhxokvTe5qY9eIR0ztYg1vgxz+XrqzOU7drfUdDigt+uqRZwvfC5AoNF2e5bFO+y83fdeVisZI0qtsOElhBYS6EIHmh1LRNhRfD3tpRyFinNlVVbOy/33A7yEUv+ieO9hL5VOvkJEvEdmeTtcCevniESu2tQEANFUiI6NpoxNycmJaCeejiZ5LvrC+BQjylqPIqAhgHdfWDIcmKjRQuolkOQ2PbzRrGCCcV3sbDaCbH769hGrdBV06bN3gNZNvnAo6kafEw62RGRaGjxJ/O8zHRALVwDECLtE3yW9ghjgPdw2zGItza0qlG2Hr+nzER9aMLWI4dzqnMNFTtiqJDLkL2Qo33h8qtGTtIEuP8jjTbGqMbs8xFzsqPkeSROW34kLAzJold7JAoRLevFGAshk0kGv4C+sXexBwNuTn4JduUdB6niVxzKkhQM3OcKNuFQ0tZNQY8fxbg0h2YhONG3spfQ8UC2bT2lSJfWec26fP8W2VzjjVLeNxpODco0eHre3i/6BRSEn8q2i+n15zKtiDlcEw8R7phnjB3I+JCZAvwy33mI0qJ/5fKIzRKtYtzPWRDcoOazdtfByBZrXjVUpSIm0e4Dxl1AIyKj5ec5DC2Czv1p+uUYMA5lhw1alXOSrlzJnRnsnohtdXIgH+xEf19V6zYf6IQBsB+4Kz1hQYo1IVwKj6qkXReNy9tQ5OrBFMzDLrbCd50gaMyT+86R8EsSZ2nW5anIaMxvSERdmED7QZkizeyUHLyLFPduv20OYQbaUxQ0oRWxpCY9OOq/vxOwLLqoRU+ohc7wnLCjsUmjQA5V5zlBYok8TMv971WM2rqmOfa7F5uOxiQ5RJ4GLCMryBl0UuLpNmN2JTdq3RjzduiQP/osJspJP0evz9ln9b0sdf6KqSnCnTiu2NUMZHhj7oGpFjBZpG7KWROVcjUiS0OVmKWjbYHJE5DNXAK9zcHodPxrAYVxUG+lDhVJ+4GmNY5o+KO5yCOswD93HrTX+KkwaLG9vhdKM3IrC6ttynCzvl1CME5A9HL+VszsJQoXWnZYNl36pD7p1k8AMqINeAN+KahalogAoMXk,iv:CYw3LLwOeyEu3/BK/SjdjneQvXPk2mHMPiFm2T4sXHQ=,tag:Et4HAytIgiVg4n8+D5anfw==,type:str] @@ -25,8 +27,8 @@ sops: ZWRhWnBrY1FBNVQyOU0yVGFXb0QrVnMK26Nc5Bw/jOzuxXcufHcxnugG1bzqO9T8 LNIau17zdWX5bfWGDj++ipnm8x1sPswEULal4U2Muc2Iy7GuZPhVyg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-09-13T23:26:40Z" - mac: ENC[AES256_GCM,data:uUgDRhsPIF9lG9iFV+GGHzmR//Dor0B6Ph0Pxlu2L5ku9yhjK2PgFpucZhUZXHoU3o/EDLmGXNtLWjGaUOFZk21SVr8YMNzLlHJ/UaGgQdwcFYgUDUo/8CKeFZfQIxs+Dkjjnok6flWojyzo5SFhznpcgyskHXk88PhJYWMQlP0=,iv:73N4xGTM+Yw15nhoV2/fB82zwwIuJgq6RdkyH6xrlZE=,tag:1KykIwbWbM/F0FrHlsJgWg==,type:str] + lastmodified: "2022-09-14T08:59:21Z" + mac: ENC[AES256_GCM,data:WqdIdCfu1QJ4j8Xp7VLX2Jh3pTpyq6pLm2EIE3TCXyu2VRRGCV+Wd5AKRutMJlCS699PWUnUp3a69H6iilnYu3dXinJt7UQU+nCjk5eSkogwnb4dveAF3UfqgWor8WkxsRNiM3Q8HtkgurcHT9NjLCQvXQBCqWSVqp/6KCCetgE=,iv:ta2bK4VvxXmfAy95oyzp0PXgeoHtjUYQJa9GcVO0MK8=,tag:+tew2axfsw0yavybqUIf9Q==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/cluster/configuration/cluster-secrets.sops.yaml b/cluster/configuration/cluster-secrets.sops.yaml index 44b6cd04a..ca96df5c5 100644 --- a/cluster/configuration/cluster-secrets.sops.yaml +++ b/cluster/configuration/cluster-secrets.sops.yaml @@ -5,11 +5,6 @@ metadata: name: cluster-secrets namespace: flux-system stringData: - SECRET_BOOKSTACK_DB_PASSWORD: ENC[AES256_GCM,data:cq8X8QDvbi3IO/g2bEj1tQ==,iv:6YtfNCxqeq7iifIeSrA26DrEBKTjUNB4nrtM72hKpbY=,tag:DxX88KMJXYWM3FsYbK58+Q==,type:str] - SECRET_BOOKSTACK_TOKEN_ID: ENC[AES256_GCM,data:wR2K8DEdDiDBL1Q1QFLHPbbtPwCucXns3r0pt38kNmQ=,iv:yVWYuPMrxImLJQyw7yvqCESBLcMIMxUMbY9RVYH54JQ=,tag:mL1TDd2A+EsN0p5SPH6jKw==,type:str] - SECRET_BOOKSTACK_TOKEN_SECRET: ENC[AES256_GCM,data:zRNzXpum9u/6VEIIhoYdIyh9zrLq5gxYXTX5WHrb+fQ=,iv:oIU2pm6PO7tGHbuvVe1XC7VcmeAeewSV+PbU3Pj9b7s=,tag:Lcej5PL+aNgY3GLHrs6VwQ==,type:str] - SECRET_BOTKUBE_DISCORD_BOTID: ENC[AES256_GCM,data:zTskU2EM2/0EqQ99ioz/t6/7,iv:lPCL+q0blTcOEKuBp+tQLCEePSem6nW3gyb1Zt9ZSc4=,tag:6uvfMW1cpa9swL1dWKyTJQ==,type:str] - SECRET_BOTKUBE_DISCORD_TOKEN: ENC[AES256_GCM,data:KKdPGV5Q5/DmuwgeKh2NImDEpdJmHRZcIhME0eKGaouePtHz/57z5r5NnKye/pcmUzfpsLuJm/ygh2E=,iv:H1IpHRW/5XWIXuIeXKiI4TuUxKvWl6aVg9Q/uaO+juw=,tag:aRVNdZ/6BhER43gXcRgEFA==,type:str] SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:7BbZIX1f2j2a15gq1/gwqKcSTA==,iv:WOhJ5HlcnsPEeI/ALT5O+AnKtorJYueQqPJQStpvIMo=,tag:GPOpCrQ9F1ku7tqAtxHJdw==,type:str] SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str] SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str] @@ -19,10 +14,6 @@ stringData: SECRET_CLUSTER_OVH_CONSUMER_KEY: ENC[AES256_GCM,data:HwEaNSLEoON99KzgVLuDWxj8DPz1gz8tc3q/1hWJOvM=,iv:uTHCAT81Js9yQ/7iK90+elZzA0j6ia7AOWEufE1i/4k=,tag:D4tI50RyJz8o3n9hrrYz4Q==,type:str] SECRET_EMAIL_DOMAIN: ENC[AES256_GCM,data:tggMEXyLi03dAorm,iv:tXHmWmm9wUIOyGXbHUagS0gl4cEW588XSvBIoNsADFw=,tag:69X+WZoj6CiI6mUJT01DzQ==,type:str] SECRET_EMAIL_SMTP_USERNAME: ENC[AES256_GCM,data:U8UiC6SdBbX9JbpRglyXfofDzYf+LNY=,iv:BLqn6nWm+il2yxWBJgpjlLKp5/eVh8L9qSEfM9LzUEo=,tag:1+afhSVYeHTvzzBiTxP7Ew==,type:str] - SECRET_GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:IJiZAgExGAUcYW1L8jW0m2zr+hZL,iv:T+T9AM5wYqNoWKlDVDpsmxf4gvYSsLHwSoxxFAZfiuU=,tag:QeL6xFPsgxgBjMb79zrWZw==,type:str] - SECRET_GITEA_ADMIN_PASSWORD: ENC[AES256_GCM,data:w1BcZzMeLqEMVFdX94c=,iv:bc4IaH9YXvRQTW38Rb1tySKx9/1npWtqI2DtS0y/p3w=,tag:X3hyHEhbGNJcYaH2yWMQNQ==,type:str] - SECRET_GITEA_API_TOKEN: ENC[AES256_GCM,data:Xsk9tJLyy6LaoGdIhIQ0rrbu4qREg5fKWJ0KDp7f4qPme7Q1Iha7YA==,iv:uHcaLAaQ/l737UMTzjX3okEAba7gxrowMDu/GO98FnM=,tag:4rKcU+z1sqnDcZoZ+9Zqxg==,type:str] - SECRET_GITEA_DB_PASSWORD: ENC[AES256_GCM,data:1Nol+xY5U6bwK5OpCII=,iv:309gSLUAMPpou+D1+MqjaPXxz7fWPnJVV0y3irmQe68=,tag:NIAbD7cLSFJ3Na64H9PV7A==,type:str] SECRET_GITEA_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:VWetZHP8haXPy1r20RMJvECxEWw=,iv:B3+rjPXWSbyCdi4KAy/FeMbtNUv40UIWN462OWfv9Ww=,tag:5wK7nUGu7HmdC90d2jllwQ==,type:str] SECRET_GRAFANA_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:3igfeqGHygjnmJXnoiKV7W8Tm2M=,iv:Hrjh38GuRvzS4Hi69QftBhaAJ02is5B0E5h23XICpUc=,tag:O4JFVSaoTQDhf3QZPLbn1Q==,type:str] SECRET_HASS_DB_URL: ENC[AES256_GCM,data:Rrq3O82kQksrHzBlH/+iVFoyOGUNkvwO0PQa6wKWCjR9u4niYEFgy0q7pkU8VhF250GASrM2B+pGfio0+IfgAS1OHJdWIeqwA9N1Lw==,iv:YvdgnaSVhwFqB80wgbk5dhbri6BWV23wOFw7A7yvr+w=,tag:3+8heFgAELFJy/6HKWOFyA==,type:str] @@ -78,8 +69,8 @@ sops: WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-09-14T08:46:49Z" - mac: ENC[AES256_GCM,data:V937qTqC7tg+sR7RbR1MSZCnXzfT1Xwzq0XTjJKh8rJEYHx8MHHgw70Tjz1aFfDGBvFn2Cokom27lTZTU+zsEwj6Mz+ulf8WNDlQpmScz24kwHHEPJAJExs1RmL2QiXn3G9YqCHXrJDEzPrbYQn2Kf4QtM1ED36UJrpxSufHTJg=,iv:rUfXzDTGOnpg7PA3Z3JGl3AW9s9vUDScTo970pPsEG8=,tag:C5CK17hIuIZbLJoiXbn/iA==,type:str] + lastmodified: "2022-09-14T08:56:56Z" + mac: ENC[AES256_GCM,data:te7yzlwzehJrp5y62kFvLDlE+Sxi/84Li2sT2Kcv6g8I+FVErnWej0bfC6Hetp9xvkAOY8fmJqBLutlQW1GEboQuYoEM/eehW4etpCLS33teF8ETVG+9VVVh/hZ1PY9kwkAL0Q8JR7dZeRNc/mQoIoDY0fPoDZnwa0kvE4nfuNE=,iv:Z1Wdi68VRRWLRkB8/LB1HZC72yQQ5jmxsHjQHfU6Y6E=,tag:YYCJFoCyspgnwt8Yy11p9g==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3