diff --git a/bootstrap/github-deploy-key.sops.yaml b/bootstrap/github-deploy-key.sops.yaml new file mode 100644 index 0000000..8fbf15b --- /dev/null +++ b/bootstrap/github-deploy-key.sops.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Secret +metadata: + name: github-deploy-key + namespace: flux-system +stringData: + identity: ENC[AES256_GCM,data:9ErXHFZg+VRl+aP7fv6UgMVZ+W9nGbVvFOefX04xeZRGRMolzwHhCua5Lz0Mxp42QRqXUENu5wKmgnQUXkFSiXufOwp8Z264G94cyi3mqWpNfInEaGnttDYhof8C3azjwye2kEMU8AqBVZcfYFy7KOQwkxDtZJDuK/CtNVmVkStKbafAgBuO35Ezt9ysknWmE6YWBdhKm9kJI691ZajQksX9nYjKC8b3Ne+oFpfzpKrkotGBgrr5XUzddJoWZ0ODOrxohdnJXDJYlyoLu/POcVsmt95241Wqf7dd+UEcnEjkCZYJ94IvUd2Mqe3cT88zyX+pGFnLBiBxUcYXUVe5vt9Q6/eFDbqs5o3g4xv7aKI44Uw82NQpPuiIT8YUQ4Bwsygrw43rW7eE26bdonSxt5bqbt3c4c/cOpe3tnwhE14NGaY+r5DAIYvWSBxvUv/JRsrkccqjP9DE8LCO8b9MBoBCZIiBnp6GO3HEyufFpHxjzAd6vs6RlCcf8lG1GO6cqMQdwGVFfhD11kroov0F,iv:uta6j/3hGG4MokRzxCoxnApBCw+hbWKaZ4ZL8So3Q+0=,tag:MPOy62VD43gvUO9qAslX3g==,type:str] + known_hosts: ENC[AES256_GCM,data:1lj4PXXc/Gu0Dnpe6DuxYhdDVXZSOglJEE+duoIqGqu7aCoEe2iPbuS04h38U+5cm5eK/BH0rq7O7UhzTUfBHCeSvcpOpHWMZJCxmJGEs6lWyUvZoQ2x9CPhgBzRMdKl/OwiEfgUxzAYiCCmVGRlWhbxoSblcnXb2hn29PgXQ/9jLf8ihwQFuPm2OtGeKKxljhfi+0IDiU7AUou0Ttd6yA6jGDEMnX1RpcnejXlwCQK2eBjp56EafgyqYOw9ILONyE38On5bK9LqS5WuuLy+O78ll9V9T2u39aE+oMk6IvH5TSBkOst/mPKsSMvBQaz8WXhO3Z4APpgccFyGUTcCt+IDw+oZRW3mRd5rIkh2+IX06N5ushrm3mJ+w/Q4DaEytQ4WvUETecatZ7j2V2b/MaXU2HD70j147pzmkgImCdEe2TjZxN/MTPJBnE7fBQcG93tsM12SNBBPxcMIlCngUwBMsc62bCF0XwmQAJF6OrbQr+XlimsvVDwxA4QrQ8x33wRh+S7LwRc3+oOEh9GWjITheYble57WVUQD84Jk+tK+/0yoPwRZmXu9R4Op4HRlscKsI6Ictp8dIn5HC1nP0AH5syKlvbcmUJySDJQue3DBSxyvZRPtmmvRu/w7rQpR+wva5URY+YDnIH00nhNKwC88If3J38Au0p8aONfWDv5HjDZS4ZwRKx0ctA9fTWJUralJqjt47Dklo1gglkH8enGlZl/lL5unezHaHfmU+IATRMPGBuPG/2zdIAtcJQiwXXRG+EhQShLajHrCwmwNONeZut+KAuhRn7qhemd2Kytwg3PZzZipGC9lbNv9AzxwU2UQ9ModlXyqSYivY7rTc8wON8oqlsXXPlIQtLWOeXKezInvdNJsHfnERwCytSm68HgZ3k4ZBiAgmmvmmYrxzMHbclpttZYXnq7hu5tpe6EH7QFNTnm3QU6eufzILLrhcvRQ8oYZ9xp/te/J2sqL7wS9BJj49XNzhwG9WS+8MgMjRwtNV9HFYhoJx6P1stLnIvwSK8HC3TdzDJ3+nR7y7RO5wAiIiLhMFTPeNApAnMdSd/3aKmPftIZcUvjv3GKh5CaHoRVmE2BEbu2d,iv:JIE5uXwT4St5kuwU+os5bdSojt2paklsiG/J2B4enXA=,tag:Me5YWrxOBeOzC4yv7QYTsQ==,type:str] +sops: + age: + - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaE9vcFp1WTI5NndCbGZ3 + TTNsU3ZaNWNlTnZjWmNYZTAydUFmL0l4R3prCllKd0ZSSXlzRHpzbTNCb2xoZld3 + Z3JKK2V3QWZ3VlRQR2NBOVRHWEQwekUKLS0tIDMwZVhTWUE4STRtOXZyQXo5RG5j + WUhhWVc4ajRYeFNhbmJoSHlXcllnRmcKx2Qji2z5M0RKqSLFH8o8yZs5TkS9ksCi + M9VnRlZBZ8An4Wc3MrU33hHaD/v9c3Rxvm9Gatt6rEveZ8Vr1fPFtA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-07T15:51:27Z" + mac: ENC[AES256_GCM,data:yVTHBnOjHT3y1lgwxRbTe6QhBSDAIN488DC2006CXkle1+jhQutrGfa8/11Cb1QvOWTk1U5QKvaathKPxyEapoJB3quB7l3O2KyS1X0D7QTPmxlY9B9Bx8DRqr0/eMS4yUcLhGkxiYqiaUnj4zhhOug0J1wQ+9DX8OEDQnWI8Ag=,iv:4uWRVc7AvbsbF6XN0gVWEdJr/sgcLpDiUlkyJXH5WLw=,tag:0Lj/4dBOgqC5cK0hpsljuw==,type:str] + encrypted_regex: ^(data|stringData)$ + mac_only_encrypted: true + version: 3.11.0 diff --git a/bootstrap/sops-age.sops.yaml b/bootstrap/sops-age.sops.yaml index 826e861..b8131c1 100644 --- a/bootstrap/sops-age.sops.yaml +++ b/bootstrap/sops-age.sops.yaml @@ -4,20 +4,20 @@ metadata: name: sops-age namespace: flux-system stringData: - age.agekey: ENC[AES256_GCM,data:3oCB2w16ybwKpfHIZlhaW8re/uM79JB2xr47VGuqBkeLWgrKtQFDW2VeUmG74YTDhNVxgSO4JO2nfZprBn5Pk8ZbUWtgiYVBGTg=,iv:UqPliHvzkZ93st+ZWCyKibsO8+LKzgDhk5E69ajAAcc=,tag:Y/HQSCuMDYp3wHMmAXrGFw==,type:str] + age.agekey: ENC[AES256_GCM,data:R33wpDSdo3w/GAelWejBSrfqi65/Gjf4FBsBT7wg12e1j530ifz5132yFH86WHS8a9hS8ymjrU3MmiKhEO8AQ9H9b+I5vla9Row=,iv:yMBm+UAlPT4WMpBLs4HxE9ctLOFN/Tn1g4PZkC88+4k=,tag:3Jdv4tXSdlPRo/eo2yjiUA==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGU3RRZEtBbC8wSE9McFY3 - QjRrZVl1c2hLSGRvSXhSaGpnMDR3dDRDSGtVCkRDRTR3b1J0dXhUVDVRRytjWlNo - UXNhMUdGWjB1WGVwZjZxVFVVZk03eFUKLS0tIGxTL0huQXdtVnE5b0VSbis3bE9h - N3pYUUZEcjIvU0ZGSUxEQTJWbTI4OWMKZC4qYee+b0Dy2EfkWWbY4zyQqjDMEXeN - HSFec58fN+wB6pVtvmCRy1ssB6C2uyTcWlA7HfG4aQOcQRAEjZXZKw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1ZDNLa0ZHWS9SQlJMaUlE + NC9FeUpnMjdDbUpSUUE2WXBDL2E2MUxMdGpJCkdMQUxnWHdMRlBCL29ScjVCcW1l + djF1UkIyUlhLc0V6UHRab1dvSkYrNVEKLS0tIHd5ZEFDeFE1ZmE3NTZzVmVzV3lt + VzcrS3ppNFRWQlFOS0RpbDZHbjdHeU0KCApPAIWP1Xccz4yGUT3djOXPsnUw4pxa + fvSjviHiwQkVIGc2gHHR0cF4x3kIo6NkFB15sctmXrIuKJmzc47SPg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-07T15:15:44Z" - mac: ENC[AES256_GCM,data:gj6Jv31p6YG0D2NMsbWec1A5MJ2ognu70d8FFC/Dpjt4mtKpVR8MlZce7TxJeE3roKxdYswKUdAnJ1nuVVnEjtL9JfPeFBOiwayveovIxtsnnipsu8HIuqy1nOJlMRcEmXJ+lCgOo2c23Fy/367rAPuR+KDUdb43BhUi9NCYOKM=,iv:868gscNtX/aKAoEayf9s16evzpq5GwB6gDERbTVfHmE=,tag:mZCRkq4CmjX/R8dtE12O6A==,type:str] + lastmodified: "2026-02-07T16:13:20Z" + mac: ENC[AES256_GCM,data:D0Z2IzcxAsjQrSPFdJd0WheHUC5la4KoXPQoh3zSN5PEzudPYz8w7x2UIFlYUFJWNH9YDA0RVaHg+SVe3brRWh/mgrHuJCBJVPbyn2uG2Fb/UYCAcd5GKqFAUQ2i2FK+2yJE7Bh2+7txtIZIF1+kK7ojth6prRODD4N6im6wZEE=,iv:6UbcXVIIKUAY1mzySMlKouicCq26CUapBvzbYizwles=,tag:EdHd6/KaIEXIrjGkMWf1NQ==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/apps/cert-manager/cert-manager/app/secret.sops.yaml b/kubernetes/apps/cert-manager/cert-manager/app/secret.sops.yaml index 86ac9d1..e901b75 100644 --- a/kubernetes/apps/cert-manager/cert-manager/app/secret.sops.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/app/secret.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: cert-manager-secret stringData: - api-token: ENC[AES256_GCM,data:BAsLRYclE9DY3fNxpUWxMYXw7K0JrU5ZMEo4zPo5QmBMHj5OWXbJbQ==,iv:MGkHIYGTL+QcnXF+9OmcB6hb1aPuUKAJVVZjqk+ZNdk=,tag:p6OLD3MTaFEWjLg8SCcTTg==,type:str] + api-token: ENC[AES256_GCM,data:xdBpjIzUgPbizxsRuPEIG4Yt8c64fY3NCmGZyJxe9XYoUIII41ES+g==,iv:7k+0DSiv/V8iyqSr7l70tszSAVX456P9kgqoGoG85YI=,tag:iy2txSzIna/HCIkD2INQ4w==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGdVB2SHZBUVVJVm1SME14 - aU1IT3NGSWpxaHFUY3QvTmdhSWh2NStTVW5vClF1SkNsWHlrcVZtM3Zxb1RtSlMv - bVlWUnNJR3ZUc1c3dGdvZk5mVVh2WVEKLS0tIHVoYWVJWGxwQmlKL292ZElaZ1Z4 - RGZqUzhFQ0dCYWt0dWpOK29oVFdoQncKfzgPQ5czqmyeiiSQPbiZIw7rB4pMSxuJ - lYfaA6Du3YRnI2YR+DNeBopXvMDjCuHguwnPW4NiBfH1dBRD3H1NkA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3R0RwLzc2ai9jODlkWUFG + RXFMamEwbGFlZlNZbklVbmxzWm5OSjFIVW5nCjNJZHFIbEo2MmU1WmtmL2o1Ylls + dVduZXVaald0K0lWNkl6UkhCZ1hZZUEKLS0tIGlEa1ZFdlIvejlxbzRNcjBweW5n + MHpuc3lxY0tIWk04WHVYWmswVEkxWFEKsKed/DElYzkxC9lTQtSWHxxD75NAYhVq + ZIUsrMQarg2LhjMaDFOBXTfZ1vJ88OyIaDp0uNwisg8VfNCuIMEq4A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-07T15:15:44Z" - mac: ENC[AES256_GCM,data:Rog9knerVJ2zVWvSyPn+4Y53DJx6zZKe93e6ZIQ9A9/x8+XhbpH+ipDGbESp+crDdr939ylxulWC9WoxKX2PFn4o7S0JnlG40mvvgJOqFGU32GghRIIAsaT3smwbg6uzR1yCcRVdB1AgRoxntl3NDXgtNmyliA6P3caojjtmgJ0=,iv:ZENyMY53aRgWDraVQhV+ILFX695iAZi+qAupT9+7FgI=,tag:7eEDS45XCZXqebEfPNSv6g==,type:str] + lastmodified: "2026-02-07T16:13:21Z" + mac: ENC[AES256_GCM,data:AGYpCxN0bxcV6BDIEBm8pfgRnJAq0h7C5LM1z5uqVXGXvkriDQitfcGhR8Mych6GsU8qlDWAGkBV8UymDJ0G2DVEevr7zaPRZSzWp7YuGlLZpq5wFFTBncukKmLYA4/ekqQJFpay7vn3A3xCl9yIYDgAU+PvVrRW8hZ5xINKSDM=,iv:zmHe6XDPImYl3UZlcv77a7HORIrwmaC7ew3swQp34As=,tag:Zwo+uDhDZyncpR7rhYJDzA==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml b/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml index 63545ee..da768ab 100644 --- a/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml +++ b/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml @@ -21,7 +21,7 @@ spec: - notification-controller sync: kind: GitRepository - url: "https://github.com/dev/cluster.git" + url: "https://git.laurivan.com/Dev/talos-cluster.git" ref: "refs/heads/main" path: kubernetes/flux/cluster commonMetadata: diff --git a/kubernetes/apps/flux-system/flux-instance/app/secret.sops.yaml b/kubernetes/apps/flux-system/flux-instance/app/secret.sops.yaml index 38e0837..9c11c34 100644 --- a/kubernetes/apps/flux-system/flux-instance/app/secret.sops.yaml +++ b/kubernetes/apps/flux-system/flux-instance/app/secret.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: github-webhook-token-secret stringData: - token: ENC[AES256_GCM,data:RiZ7Z1A8GHbknZr4jIdo+LHKh6H/MMNvHWlhaLspLWwJskBhpTS3yw==,iv:5qQUOiSEhgZV7n85t14VDKYTCKnqaggu++mEIEelcZ8=,tag:chiBOVRfmp72kRWH1PkrGg==,type:str] + token: ENC[AES256_GCM,data:P+zAT/mQX8C0jU/hGldhlKqVa2NnxUEgcWFuGLglNJhAI6JHmVl53A==,iv:GHDWYYE07KkozqiIrXF+HI++2OY2YVBmJLpdsTU2LSw=,tag:LQEkKJhirxclTuX25zfQbw==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZGVPWU5Qa3RPaWxSc2E5 - UE5uWVNwYmlzUlhSUjJDbUNtRm1HVHNUMDJrCmVtREZXV1RldC96T2Yza1dnQVFN - OTNLaVpzbWViUE1vTm5hRDNRcnBWZ2cKLS0tIFhLb1VVU1owSithUlNKVWRYODJm - WGRxdSt0Y0d1OVY2bkJHbHJXdUZKcGMK0VZSsEF2rBIF3NtHPoQCnmQkVgyZ3/j3 - SsUAbGzxFKBBDAuqFrUYamUwi1gkVAXqymUkUyNyiWUrHSkg8fZ4yA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSzI0cld6Wk5xUVNOTFA2 + dG1XS0VpQmp3L0QrLy9FWDE4OHozS1luR0dFClVJa01kaVZPdURaWkg1Q1VpK0w0 + MXRwR1d2Y0VNNDF4MWVaTkt2M2tGMzgKLS0tIElvVGh5SFNVUG53VmdGb1pYbUNF + ZGpGMm1aV25zeC9RWi9iQVVGRDdIZDAKvFIHebgjop6cbtxwDW6ikzPF5qohWlvg + zsojWBZdZzQt2C+g9y6zZ9ZCGa3ISbTQUhtsH8MUQjze9Vb1/zwMTg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-07T15:15:44Z" - mac: ENC[AES256_GCM,data:w8TK6G/GF7j0jae2wuSUIX6g3wgkG4yr8wfcktuvFTANFFuIsbcM4cKnssTTSgeafZ2g2NKHgwev44Wf+VdLNWg3EJDbmyhtWpFRuEqB6781DoxtAsjx+xgoWViIB4iB9Bvf56o4xmwdM6fEZrzWCG6leHC+/UmSgd5FH4mzCpk=,iv:mdB61g/U9FWX6x0PvvdOdfbAlEpw8L7lno3EOr8ifNA=,tag:8QiZYzr2PtUHgEs3K99RUQ==,type:str] + lastmodified: "2026-02-07T16:13:21Z" + mac: ENC[AES256_GCM,data:JqrIUhchinSPIHgTr37AOk1F+kN9h6F7XyTFHRUYVuflmhksdlXP7NRvKE0snMoXBngIsmstLC1Ei/jz4u4dckgxkwWOPfjZpGHYF37z3xpgkWCSPNLlq1a0byxYtzd9jpV7zF4nMZsx5+wnvFs9yQtWcQqyjCqS5iUUul0R9mc=,iv:fylzT9VkNfNSSB1XQruoDNCCuJCYK5SFOYKhg51F7ao=,tag:IIWXnzD9DblDDwnC576R6A==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml b/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml index 981902e..2fdc755 100644 --- a/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml +++ b/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: cloudflare-dns-secret stringData: - api-token: ENC[AES256_GCM,data:F79HLoKG5mqzpXdU9clW8petK6OCeAdK7mXECfYZCjCBrIVgzq8xUA==,iv:Ofwx9/0NvJ+WIiSZSX5KGd/qr0OAXzHJzL0nBSgGCX0=,tag:aWRGgbwUVgpMpOKBNvzDWw==,type:str] + api-token: ENC[AES256_GCM,data:Wp95pxJL/RGvYqSxCwFMVxJn1ejaRIHi+Yf07hri3dqGgnoK3ECGTg==,iv:nVHpG63nOuu+LGFKUtvMdm60B7As0SVSlQUPP+nUadM=,tag:YpEp+KqEN1xj35Pj3pm7nQ==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUXllVjZnYlk0N1RmTkRp - U2Eralp4bm9DRkluZHcvRlZUcHdXbHMxRTBZClRINzlnd0ozRldDM1VXY2FUUUtO - aU9hNzRDSGlnTmRWQjJuc3I2YU1QV0kKLS0tIEd4WmExbGdkaEdLQTJGTUpqN3J6 - eDdwRDUzeGVSZWlBRnhrZ2UwWGNvYzQKkk1f371XFA+blq00HWotU31Q43LOMxdb - 2+ERD8pyPiYZvI0mFmEaTFSTp5AHBWAfOmfQ8R+1udY2pqM8MRDVjg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZVnF3Z09xemZIL05xUWZr + QW0vb2VRMFpid3FubEx5VDhJM1p2SGw3UUhVCkxhZklJQlQzVitMek9WcjBQOHlx + dGFHVXNaak4zL0owVWRoWlVGS21xencKLS0tIFlEc21pUC9jNWczM2paY0p6bDdQ + NHVEQktzVFJHVnNPRFFTMVo1QTZHQkUKOPo1tejuoA1vEt1AYsGe9EEwPWHhwpmO + ECCsjmTyzifmhkfDGu5dGVJmSHSujCet4Zj0aE8IDKN/eTFFReIUdQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-07T15:15:44Z" - mac: ENC[AES256_GCM,data:sc5ptbzkuuCLPhpEXtRoanOU2VaA1kJu9FKZ+uRoarhL06Bdk2v+6R+Ule0Zln2NVwPIt9hiPkmxCHpZce48gAHbxIwK6mBma2GgJjUAAo4yd24xnuBgPU5/fsoavdzwFnF5XDKLOS1jbLDZNZ2Nbk+GK1Q9cHFp3cwkCSipxsw=,iv:8E0nSI+nn75NlDFklQ3xpeOhFDGcqf4r/q/LGi0zMzY=,tag:9nam0padd3spfLEvXDFjKw==,type:str] + lastmodified: "2026-02-07T16:13:21Z" + mac: ENC[AES256_GCM,data:vyqlIPoZAXw7cBqUo0LaWOhRinx8B684l3iH0o9YVL5N39MdmyoG+KRoSFlwpRX7YufJEu9GxQtV5AfJmMiY7z1bNVgYKmfsUyQ+2atkWgToljfukSdGw5btqwDe3z/5NVbayq4xWCE/rTgu/jlS5Jeu3emcMhCUU9MspxJ/HCM=,iv:vNl5j74YCKe0exLcjJIcuzV9ilpPVGoGWwxKKUaNOKA=,tag:hnOgMXSB1mh1xEu6dP2Whg==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml b/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml index 2b0865e..c7a177c 100644 --- a/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml +++ b/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: cloudflare-tunnel-secret stringData: - TUNNEL_TOKEN: ENC[AES256_GCM,data:A0lC3Xvo/Q2IpnAVa7F1X91Lr33OOMfpA5xBW5Lg+PAf1Ii6KtG4d/xKL3HRBWzaOwNjG85Nv8l1i9gh/Vi79b55jzYSMOH29RQUpThyQC95t9+iwgQrwxqp6DqvSPbDu55nzanvxHCQ9/HEJHuUnpBqx9dCNbgVWzF72CuQo4UgTpwV2OJHhNTT/vi78lRrEE9auUjKkgnHULkKjtVuaaFKEL/DhQ/1EOwUtLTSQlENtHgQ,iv:joZczrGiut5zVFr18vukcCnn6UgBMn81dahsFMGcF7U=,tag:dXssD3i+feSjIos6jqk7kg==,type:str] + TUNNEL_TOKEN: ENC[AES256_GCM,data:2KFqQ4rwAjvL7hWPwwI3lVqzEY67xnCMCI8MBaGzqT7uP6eBrEmp8M3f0Uow1Px/hSuTMLh2wTJ1BSH/Ypm2OfkbEUTO9LEQ3r9pfERji4y7h17PoSl73/Nf0lSXzqZc9ICT9mA5a9yVzIX68S/LKsFQ8Z43EihC2ae8Q/6FjwCnmLrdwGB8KGesrIqpsiA6M4QgtAYKiRLv28qXUltUSYv3h64WqjkmNwLKmteiaLGi7wqy,iv:8Smo/SBR1rDQqaCmAS27uNc0nVR2IIovzlacO838wX4=,tag:sSUqqkWUK2U65hgiRNNl6w==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQUExSXFCSTA5MDE1MVVH - WmZlMWVUNzVQcFE4ZDdYczVCdU50UCtnK2lRCktEV3BGMVJZdUZJcVRZdExVY2pr - b1BmQUpsZVNTZ2pXSFhkaXRFMUs3VmcKLS0tIEp0ckJTaFZPTURsKzU5VWJFVS9k - Sm9NY2hVTnZ6MEF6cTBWQ2ppS2VsZ0UKwzfLpGjKurd26lIVIx3wIbxDI43IPL24 - EVflvmOaxDhfsj4KbWYa7sPXyn3rHt9UsV5ZguDmmi3IXeW5XLEclA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SFE3K1JySzc1RzNoNS9K + alpaMjVFWFZCNXBYeWo1VGZTZDhJak5IZHlzClZvY0FNandjcTY1U1orclF2N3lh + bzFFbSszTHlUdExoamZnWG1kTFZLTGcKLS0tIFJJRlZWR3d2eGY1N0NHNVhhSnVI + M1dpRkNGL2FqV0U5dUcxOXI4Y21PUjgKD4+lFoaYR+zHNXuBvxyUW7quwP/gY/K/ + TaEKOSueUMnDrrvDAdgdCbIS+jPIKoEs3682sqnZVujxD5ixCgyPqw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-07T15:15:44Z" - mac: ENC[AES256_GCM,data:ky8q5M9WJ+Am7APK27T4OZWSx0+CztAeYpJjrv4Jrqd24e3NABJ7ToSymE3XTrfbQ4pzvPg8e73oad2bJGg/bM/u7KTi0VG8oafRUmLB+d5ie+fJIpQu0gH7SeMmL85e/AzgNi+mFO+hWRdfImlad1Q3qWuToNdbmJd2kuRYsqM=,iv:8g0K5lrCo8KQjnU9yImYJ3c1wg7nJQWUexEjDhFMVGc=,tag:ZFLXf9wx88gmsY0kdbNkdQ==,type:str] + lastmodified: "2026-02-07T16:13:21Z" + mac: ENC[AES256_GCM,data:SB9qOJoaGN6Hm4pNx4TxGvhJNbBRUYwmknXKkKY1SaVAyDuYes0c1dhlZdP/Zz4Atv9sQrZlUutq2NY1ZJy+UjiuPOICy2RdADFZu+vkFrHdOUzuDVcPSj5Vxccb/gdn4N7WilUA7zu/V5pA799fGOArzR85mSUMeUO/0XdiDRc=,iv:Ad/f8WHT3q2diU6YI/2+6cUKoDDqH4O9BMi4nHBHyNA=,tag:YCYGFyKtH78SUJJcsNjCYA==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/components/sops/cluster-secrets.sops.yaml b/kubernetes/components/sops/cluster-secrets.sops.yaml index ac25b0d..69f9623 100644 --- a/kubernetes/components/sops/cluster-secrets.sops.yaml +++ b/kubernetes/components/sops/cluster-secrets.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: cluster-secrets stringData: - SECRET_DOMAIN: ENC[AES256_GCM,data:KQEracerlc4Kmx36,iv:SvLItsXBxWcIXvS5AYiOd8oamWHWaL4vZkbDpzvpcB4=,tag:y+aVrJKg1IFolZwTTO6c6w==,type:str] + SECRET_DOMAIN: ENC[AES256_GCM,data:khL1/g7yP8QmyQ4y,iv:fYCiVxr8D0XYPirwR5IfOEXUVMNr2ZhAhs5/fRcMVi4=,tag:lmUAxJjPPogizMYZrd0V0w==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV3hUWlFzV2JWUkU5NXhp - MkhFOGNSWWRRVUhjY0plQzF2UlBRTm43aUZVCmpxQy8zQy9ZQXI0a21LMk5CUm1V - Mjl6dXBULzVyRUtMdW1maHRFU2IzZW8KLS0tIDRWditxT0c3Z0U1dW9WcXp5bklB - ak92UnduNHA0ejBnMzk3bGNsVlp1NVEKVRqkajR4bHxA/0m1N6YjldpldNBpcz3j - sWWU4xvRglybf4EHF7iimWj7NGmANMFGDWE6jluT5JS1+ptajovT1A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvK01xN2NVSHVuRDA1T2gz + K2c2NTEzRHJqUDRiS0RWbHRuQXF0NmpEQkZFCjVQOFYrbkQ3SDErM3JzZGw4UEkv + cWpraUw2Nms0VTRLYXZCRlFSbmRzR1EKLS0tIGZkK0VQYng5UC9pWkxYc1JaTnV1 + RWVIOUVUd1J4eVpzWXhEVG9GZ01wdkEKwO2dNlcMdP4Q4BbKQpwQ7hxh9wc4MSJ3 + +BscZHxqDJTUwSI3RUNPA1kZ1J9Wiw3Q8gkZ9vdtVlqDIoNKGnI8/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-07T15:15:44Z" - mac: ENC[AES256_GCM,data:MKb2683b0l3ngTcY8eaK0o+hfw5CX4D3HMGiVjkLp823rF9uk7qbv3d/GmA/Q5noNIC74dp5/UHDRC9b3xBHMQofHHLh1I9QMfhQv/2TErZ80VDTlMVu6T7Sl/XuAokSW1mQ05kDMmq7AJ1g48JwSu16KMUNtzcuveL6r/Vu/Rk=,iv:GFD3SlCX5etgIhWJHnSfRxE8r0eJfECSXcRM/1Ejopc=,tag:0uyjBji4hf1BttEprs5zHA==,type:str] + lastmodified: "2026-02-07T16:13:21Z" + mac: ENC[AES256_GCM,data:SzH4m0t9NRPcdWjQb/RCz2tQsSpZCJwcMYGm0WMY8QjaOSletnGHSyaVn9iK1ZMZpFWoKrv2utqcf8DP5QpW7JSnQdV2kN76aGF0kOMDuq95XscuobevqussAQGHkGmfl8joBJoPf7cFKwflBhLoHwyjgqEWDq1JtQyqTPhvBJE=,iv:BqIY5ePbDSOu0hL2QJCd/Y166JCl8X2S/pi9W4mBc8E=,tag:nxsQB0c7Zmjd6JJqOKcoJg==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/templates/config/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml.j2 b/templates/config/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml.j2 index 5393920..ad66dee 100644 --- a/templates/config/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml.j2 +++ b/templates/config/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml.j2 @@ -22,7 +22,11 @@ spec: sync: kind: GitRepository #% if repository_visibility == 'private' %# + #% if repository_name.startswith('https://') %# + url: "#{ repository_name.replace('https://', 'ssh://git@').replace('.git', '') }#.git" + #% else %# url: "ssh://git@github.com/#{ repository_name }#.git" + #% endif %# pullSecret: github-deploy-key #% else %# url: "#{ repository_name if repository_name.startswith('https://') else 'https://github.com/' + repository_name + '.git' }#"