From bdac1c86328f77b0d5779d4c8796cdbd2d9f26ca Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Fri, 24 Apr 2026 01:42:14 +0000 Subject: [PATCH 1/2] chore: Update manifests after change --- .../grimmory/Deployment-grimmory.yaml | 2 +- ...ernalSecret-grimmory-database-secret.yaml} | 4 +-- ...ariadb-cluster-backup-secret-external.yaml | 4 +-- .../MariaDB-grimmory-mariadb-cluster.yaml | 2 +- .../Deployment-matrix-hookshot.yaml | 2 +- .../Deployment-openbao-unseal-unseal-1.yaml | 2 ++ .../Deployment-openbao-unseal-unseal-2.yaml | 2 ++ .../Deployment-openbao-unseal-unseal-3.yaml | 2 ++ ...rnalSecret-openbao-ntfy-unseal-config.yaml | 28 +++++++++++++++++++ ...xternalSecret-openbao-unseal-config-1.yaml | 10 ++----- ...xternalSecret-openbao-unseal-config-2.yaml | 10 ++----- ...xternalSecret-openbao-unseal-config-3.yaml | 10 ++----- ...alSecret-vault-backup-external-config.yaml | 2 +- .../ExternalSecret-vault-ntfy-config.yaml | 4 +-- 14 files changed, 53 insertions(+), 31 deletions(-) rename clusters/cl01tl/manifests/grimmory/{ExternalSecret-grimmory-database-config.yaml => ExternalSecret-grimmory-database-secret.yaml} (81%) create mode 100644 clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-ntfy-unseal-config.yaml diff --git a/clusters/cl01tl/manifests/grimmory/Deployment-grimmory.yaml b/clusters/cl01tl/manifests/grimmory/Deployment-grimmory.yaml index 6e9d74ccd..b08024bdf 100644 --- a/clusters/cl01tl/manifests/grimmory/Deployment-grimmory.yaml +++ b/clusters/cl01tl/manifests/grimmory/Deployment-grimmory.yaml @@ -52,7 +52,7 @@ spec: valueFrom: secretKeyRef: key: password - name: grimmory-database-config + name: grimmory-database-secret - name: GRIMMORY_PORT value: "6060" - name: SWAGGER_ENABLED diff --git a/clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-database-config.yaml b/clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-database-secret.yaml similarity index 81% rename from clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-database-config.yaml rename to clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-database-secret.yaml index 77a14617f..6bfaf2388 100644 --- a/clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-database-config.yaml +++ b/clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-database-secret.yaml @@ -1,10 +1,10 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: grimmory-database-config + name: grimmory-database-secret namespace: grimmory labels: - app.kubernetes.io/name: grimmory-database-config + app.kubernetes.io/name: grimmory-database-secret app.kubernetes.io/instance: grimmory app.kubernetes.io/part-of: grimmory spec: diff --git a/clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-mariadb-cluster-backup-secret-external.yaml b/clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-mariadb-cluster-backup-secret-external.yaml index 4c7bfece0..f8f18f5e0 100644 --- a/clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-mariadb-cluster-backup-secret-external.yaml +++ b/clusters/cl01tl/manifests/grimmory/ExternalSecret-grimmory-mariadb-cluster-backup-secret-external.yaml @@ -15,8 +15,8 @@ spec: - secretKey: access remoteRef: key: /digital-ocean/home-infra/mariadb-backups - property: access + property: AWS_ACCESS_KEY_ID - secretKey: secret remoteRef: key: /digital-ocean/home-infra/mariadb-backups - property: secret + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/grimmory/MariaDB-grimmory-mariadb-cluster.yaml b/clusters/cl01tl/manifests/grimmory/MariaDB-grimmory-mariadb-cluster.yaml index 8bd8d7c64..f58e70f12 100644 --- a/clusters/cl01tl/manifests/grimmory/MariaDB-grimmory-mariadb-cluster.yaml +++ b/clusters/cl01tl/manifests/grimmory/MariaDB-grimmory-mariadb-cluster.yaml @@ -31,6 +31,6 @@ spec: rootPasswordSecretKeyRef: generate: false key: password - name: grimmory-database-config + name: grimmory-database-secret storage: size: 5Gi diff --git a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-hookshot.yaml b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-hookshot.yaml index 35bf8ee9a..7c967dbae 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-hookshot.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-hookshot.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/name: matrix-hookshot spec: enableServiceLinks: false - serviceAccountName: default + serviceAccountName: matrix-synapse automountServiceAccountToken: true hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-1.yaml b/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-1.yaml index 2a8c93f82..204361a99 100644 --- a/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-1.yaml +++ b/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-1.yaml @@ -37,6 +37,8 @@ spec: - envFrom: - secretRef: name: openbao-unseal-config-1 + - secretRef: + name: openbao-ntfy-unseal-config image: ghcr.io/lrstanley/vault-unseal:1.0.0@sha256:9b936fadc8dea2a473972806bffc218a4dd2fbc3b373566138a60e058cc544aa name: main resources: diff --git a/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-2.yaml b/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-2.yaml index 3435a76eb..a3c6f9894 100644 --- a/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-2.yaml +++ b/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-2.yaml @@ -37,6 +37,8 @@ spec: - envFrom: - secretRef: name: openbao-unseal-config-2 + - secretRef: + name: openbao-ntfy-unseal-config image: ghcr.io/lrstanley/vault-unseal:1.0.0@sha256:9b936fadc8dea2a473972806bffc218a4dd2fbc3b373566138a60e058cc544aa name: main resources: diff --git a/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-3.yaml b/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-3.yaml index 83bef94ca..4c77ca0e4 100644 --- a/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-3.yaml +++ b/clusters/cl01tl/manifests/openbao/Deployment-openbao-unseal-unseal-3.yaml @@ -37,6 +37,8 @@ spec: - envFrom: - secretRef: name: openbao-unseal-config-3 + - secretRef: + name: openbao-ntfy-unseal-config image: ghcr.io/lrstanley/vault-unseal:1.0.0@sha256:9b936fadc8dea2a473972806bffc218a4dd2fbc3b373566138a60e058cc544aa name: main resources: diff --git a/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-ntfy-unseal-config.yaml b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-ntfy-unseal-config.yaml new file mode 100644 index 000000000..fdd5ad68d --- /dev/null +++ b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-ntfy-unseal-config.yaml @@ -0,0 +1,28 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: openbao-ntfy-unseal-config + namespace: openbao + labels: + app.kubernetes.io/name: openbao-ntfy-unseal-config + app.kubernetes.io/instance: openbao + app.kubernetes.io/part-of: openbao +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + NOTIFY_QUEUE_URLS: "{{ .endpoint }}/{{ .topic }}/?priority=4&tags=vault,unseal&title=Vault+Unsealed" + data: + - secretKey: endpoint + remoteRef: + key: /cl01tl/ntfy/users/cl01tl + property: internal-endpoint-credential + - secretKey: topic + remoteRef: + key: /cl01tl/ntfy/topics + property: openbao diff --git a/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-1.yaml b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-1.yaml index 9cecac843..5a9490d4b 100644 --- a/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-1.yaml +++ b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-1.yaml @@ -15,16 +15,12 @@ spec: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal - property: TOKENS_1 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/openbao/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-1 diff --git a/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-2.yaml b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-2.yaml index df1c9a7f9..4e3277aaf 100644 --- a/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-2.yaml +++ b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-2.yaml @@ -15,16 +15,12 @@ spec: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal - property: TOKENS_2 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/openbao/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-2 diff --git a/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-3.yaml b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-3.yaml index 1ca6a7873..7082552a2 100644 --- a/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-3.yaml +++ b/clusters/cl01tl/manifests/openbao/ExternalSecret-openbao-unseal-config-3.yaml @@ -15,16 +15,12 @@ spec: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/openbao/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/openbao/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/openbao/unseal - property: TOKENS_3 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/openbao/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-3 diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-backup-external-config.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-backup-external-config.yaml index 5e729f9a4..73379fd8f 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-backup-external-config.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-backup-external-config.yaml @@ -14,5 +14,5 @@ spec: data: - secretKey: BUCKET remoteRef: - key: /digital-ocean/home-infra/vault-backup + key: /digital-ocean/home-infra/vault-backups property: BUCKET_PATH diff --git a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-ntfy-config.yaml b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-ntfy-config.yaml index ea8c470ac..875e72495 100644 --- a/clusters/cl01tl/manifests/vault/ExternalSecret-vault-ntfy-config.yaml +++ b/clusters/cl01tl/manifests/vault/ExternalSecret-vault-ntfy-config.yaml @@ -18,8 +18,8 @@ spec: property: token - secretKey: NTFY_ENDPOINT remoteRef: - key: /cl01tl/ntfy/users/cl01tl - property: endpoint + key: /cl01tl/ntfy/config + property: internal-endpoint - secretKey: NTFY_TOPIC remoteRef: key: /cl01tl/ntfy/topics -- 2.49.1 From 6bcbc3b68de22189f3ef679985ed72c28e5947a0 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Fri, 24 Apr 2026 01:46:51 +0000 Subject: [PATCH 2/2] chore: Update manifests after change --- .../foldergram/PersistentVolumeClaim-foldergram-data.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/manifests/foldergram/PersistentVolumeClaim-foldergram-data.yaml b/clusters/cl01tl/manifests/foldergram/PersistentVolumeClaim-foldergram-data.yaml index 8bd7afc40..90c1ab5af 100644 --- a/clusters/cl01tl/manifests/foldergram/PersistentVolumeClaim-foldergram-data.yaml +++ b/clusters/cl01tl/manifests/foldergram/PersistentVolumeClaim-foldergram-data.yaml @@ -13,5 +13,5 @@ spec: - "ReadWriteOnce" resources: requests: - storage: "250Gi" + storage: "500Gi" storageClassName: "synology-iscsi-delete" -- 2.49.1