diff --git a/clusters/cl01tl/helm/grimmory/templates/external-secret.yaml b/clusters/cl01tl/helm/grimmory/templates/external-secret.yaml index 85ab951c9..eb53422f4 100644 --- a/clusters/cl01tl/helm/grimmory/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/grimmory/templates/external-secret.yaml @@ -1,10 +1,10 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: grimmory-database-config + name: grimmory-database-secret namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: grimmory-database-config + app.kubernetes.io/name: grimmory-database-secret {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: @@ -33,11 +33,11 @@ spec: - secretKey: access remoteRef: key: /digital-ocean/home-infra/mariadb-backups - property: access + property: AWS_ACCESS_KEY_ID - secretKey: secret remoteRef: key: /digital-ocean/home-infra/mariadb-backups - property: secret + property: AWS_SECRET_ACCESS_KEY --- apiVersion: external-secrets.io/v1 diff --git a/clusters/cl01tl/helm/grimmory/values.yaml b/clusters/cl01tl/helm/grimmory/values.yaml index 8d09eb481..d0ba29d65 100644 --- a/clusters/cl01tl/helm/grimmory/values.yaml +++ b/clusters/cl01tl/helm/grimmory/values.yaml @@ -27,7 +27,7 @@ grimmory: - name: DATABASE_PASSWORD valueFrom: secretKeyRef: - name: grimmory-database-config + name: grimmory-database-secret key: password - name: GRIMMORY_PORT value: 6060 @@ -98,7 +98,7 @@ mariadb-cluster: mariadb: rootPasswordSecretKeyRef: generate: false - name: grimmory-database-config + name: grimmory-database-secret key: password storage: size: 5Gi diff --git a/clusters/cl01tl/helm/matrix-synapse/values.yaml b/clusters/cl01tl/helm/matrix-synapse/values.yaml index c91ffc81a..3e7f46fbc 100644 --- a/clusters/cl01tl/helm/matrix-synapse/values.yaml +++ b/clusters/cl01tl/helm/matrix-synapse/values.yaml @@ -118,6 +118,8 @@ matrix-hookshot: type: deployment replicas: 1 strategy: Recreate + serviceAccount: + name: matrix-synapse containers: main: image: diff --git a/clusters/cl01tl/helm/openbao/templates/external-secret.yaml b/clusters/cl01tl/helm/openbao/templates/external-secret.yaml index 0b0734b93..76704e164 100644 --- a/clusters/cl01tl/helm/openbao/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/openbao/templates/external-secret.yaml @@ -45,19 +45,15 @@ spec: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal - property: TOKENS_1 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/openbao/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-1 --- apiVersion: external-secrets.io/v1 @@ -76,19 +72,15 @@ spec: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal - property: TOKENS_2 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/openbao/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-2 --- apiVersion: external-secrets.io/v1 @@ -107,56 +99,41 @@ spec: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal - property: TOKENS_3 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/openbao/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-3 -# --- -# apiVersion: external-secrets.io/v1 -# kind: ExternalSecret -# metadata: -# name: openbao-token -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: openbao-token -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: openbao -# data: -# - secretKey: token -# remoteRef: -# key: /cl01tl/openbao/token -# property: token -# - secretKey: unseal_key_1 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_1 -# - secretKey: unseal_key_2 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_2 -# - secretKey: unseal_key_3 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_3 -# - secretKey: unseal_key_4 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_4 -# - secretKey: unseal_key_5 -# remoteRef: -# key: /cl01tl/openbao/token -# property: unseal_key_5 +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: openbao-ntfy-unseal-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: openbao-ntfy-unseal-config + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + NOTIFY_QUEUE_URLS: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}/?priority=4&tags=vault,unseal&title=Vault+Unsealed" + data: + - secretKey: endpoint + remoteRef: + key: /cl01tl/ntfy/users/cl01tl + property: internal-endpoint-credential + - secretKey: topic + remoteRef: + key: /cl01tl/ntfy/topics + property: openbao diff --git a/clusters/cl01tl/helm/openbao/values.yaml b/clusters/cl01tl/helm/openbao/values.yaml index 73e7f51ee..e224f1a49 100644 --- a/clusters/cl01tl/helm/openbao/values.yaml +++ b/clusters/cl01tl/helm/openbao/values.yaml @@ -160,6 +160,8 @@ unseal: envFrom: - secretRef: name: openbao-unseal-config-1 + - secretRef: + name: openbao-ntfy-unseal-config resources: requests: cpu: 1m @@ -176,6 +178,8 @@ unseal: envFrom: - secretRef: name: openbao-unseal-config-2 + - secretRef: + name: openbao-ntfy-unseal-config resources: requests: cpu: 1m @@ -192,6 +196,8 @@ unseal: envFrom: - secretRef: name: openbao-unseal-config-3 + - secretRef: + name: openbao-ntfy-unseal-config resources: requests: cpu: 1m diff --git a/clusters/cl01tl/helm/vault/templates/external-secret.yaml b/clusters/cl01tl/helm/vault/templates/external-secret.yaml index 091e0dca4..27e9bd300 100644 --- a/clusters/cl01tl/helm/vault/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/vault/templates/external-secret.yaml @@ -93,7 +93,7 @@ spec: data: - secretKey: BUCKET remoteRef: - key: /digital-ocean/home-infra/vault-backup + key: /digital-ocean/home-infra/vault-backups property: BUCKET_PATH --- @@ -197,8 +197,8 @@ spec: property: token - secretKey: NTFY_ENDPOINT remoteRef: - key: /cl01tl/ntfy/users/cl01tl - property: endpoint + key: /cl01tl/ntfy/config + property: internal-endpoint - secretKey: NTFY_TOPIC remoteRef: key: /cl01tl/ntfy/topics