diff --git a/fider/.gitattributes b/fider/.gitattributes new file mode 100644 index 0000000..6c2aef3 --- /dev/null +++ b/fider/.gitattributes @@ -0,0 +1 @@ +**/*.env filter=age diff=age merge=age -text diff --git a/fider/config/base.env b/fider/config/base.env deleted file mode 100644 index 70c4000..0000000 --- a/fider/config/base.env +++ /dev/null @@ -1,21 +0,0 @@ -HOST_DOMAIN=fider.icb4dc0.de -LOG_SQL="false" -LOG_STRUCTURED="true" -LOG_LEVEL="DEBUG" - -# Metrics -METRICS_ENABLED=true -METRICS_PORT=4000 - -HOST_MODE=multi - -# SMTP setup -EMAIL_SMTP_HOST=smtp.gmail.com -EMAIL_SMTP_PORT="587" -EMAIL_SMTP_ENABLE_STARTTLS='true' - -# Blog storage -BLOB_STORAGE=s3 -BLOB_STORAGE_S3_REGION=us-east-1 -BLOB_STORAGE_S3_ENDPOINT_URL=https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com -BLOB_STORAGE_S3_BUCKET=fider diff --git a/fider/config/fider-secrets.enc.yaml b/fider/config/fider-secrets.enc.yaml deleted file mode 100644 index 4c80928..0000000 --- a/fider/config/fider-secrets.enc.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: fider-secret-config -stringData: - #ENC[AES256_GCM,data:vwh0HqyenM9A/otfsYrVAIYoivvbQ/IZkrohaeuMSRLDFpnr5TDD0CY93N84,iv:Y4RTLSQCKG9YIsyALJXVnSU9KRVPViFiNah7cpPj7ws=,tag:V5+AGSJ3RlBh18oVI6QoFA==,type:comment] - DATABASE_URL: ENC[AES256_GCM,data:I1FYx2MxmCVRv5f7TdyjFLElzbA2kPuwYHTtFeECkfBChNiVNgVJnKKTdTvfHgz9tazME8e8FzVrbQ+XkTaTnT0vPtDISTuzPbq4EK+wDQbmz+M0BW7Me1wz2061NVd+uXpFWaj6jg2PcY41TYptT6s=,iv:J2isIwnf4wkObZSSIBWyjiFNHDwOw+jT0/kGOtAbV9M=,tag:HiK1ZA3pv4uohTKWvVrmHg==,type:str] - #ENC[AES256_GCM,data:QXY/wGzJDrdgfEwE/Zq98dQ=,iv:3ZC3JGlZeBslZN5a5ndYoNA4BwdZ8Kb49tNrJXh3c74=,tag:i8dp8nj7ZUO4H25mCJFJZg==,type:comment] - EMAIL_NOREPLY: ENC[AES256_GCM,data:1lBgr0jlpfqapy/Be5y8y/9iSQ==,iv:duh4+wgwMgprUPr5jNtLvm1RG4gLB8zRUW4KH+aQIGo=,tag:b0D3PGDsEvjj6modicar6g==,type:str] - EMAIL_SMTP_PASSWORD: ENC[AES256_GCM,data:ldpok+OwavUpP487Gh52I858MRuTITiVdQ==,iv:RBcKpTo/F6Wqc715U89VCdojEemwHEjETTPZP6z3lj8=,tag:3eye+x5YqS0Y6oP75lE2BQ==,type:str] - EMAIL_SMTP_USERNAME: ENC[AES256_GCM,data:+ft+YqLBBgqo0AGl5c1dQyl4Uw==,iv:t8pt2lj2sht3nMyfzCQoRe1hYapydvQt0ylDUxBLieo=,tag:lxMQ8bIjNZz6y+jgBedMyQ==,type:str] - #ENC[AES256_GCM,data:tKFIJYaKj470Wukj+0kh,iv:iVl3U363ioCdvOGBxAq+on9PLHqPeZO9Zs26kP9z1RQ=,tag:4KDR6lCtgwZVuJ3Uc+LuIw==,type:comment] - JWT_SECRET: ENC[AES256_GCM,data:8xfY6sn3yVVd6UwqmDj5VR9kjf91GJKkAxxNwVPI7mfeoPkH+xdCVon88SHQ1Lh7XRDeWK/Fjt6LCpWqlntwBA==,iv:p2pL9B3QdKPb9Ifup9zMZlKYGJM0s+L7+P0buI6855g=,tag:gQWBoV77HsH9TAk6CUxKJQ==,type:str] - #ENC[AES256_GCM,data:tRPJxSMKKV36Tm28Om1xg6RFvKckNLFClw==,iv:qhAuF4zUrwgPyIG/2U28fz3FWbiOCDBtzhO7jux47Bg=,tag:BfOepgY9Z6/BfOwfNar5YA==,type:comment] - OAUTH_GITHUB_CLIENTID: ENC[AES256_GCM,data:EGvHYukKGoeqJtFkTDnJoXGGzvg=,iv:CrPC/TUd+A9jYt17R2MLe4h+OArcZPXMbUbn/e+1S4o=,tag:ptEDPa2FmFfHaf0IV+hIIQ==,type:str] - OAUTH_GITHUB_SECRET: ENC[AES256_GCM,data:EX4MeNyiJfOOM5tpIiVsWzN4PwxGKaiuEp/x2yLB6DKERUqnXBjPHQ==,iv:zIzv5x43gurxC0OPZAJ15kMuK/0YA8UWULns49W8tWE=,tag:yq/IT69Dk7BtJ5k+8HNu6A==,type:str] - #ENC[AES256_GCM,data:yepnpyfmV9t5CRucNg==,iv:186ZrE/ynkFhDjcmbdY+0eM//BWDMkQKQkUUj2OX0gw=,tag:3zjeG1sveTCCARG30vrtQQ==,type:comment] - BLOB_STORAGE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:h6C2TxHcBJH5a2+OGckctvKUnXLbe8gbH3OpQ1s8znw=,iv:VtB1MAb4lqUcPbSQzf/o1bPFEqtd9FYhdrItLIv9GQk=,tag:MbuJfTZPJSSzT/89IDXCig==,type:str] - BLOB_STORAGE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:nFbcxS5IJz2YOJZx15hRYGrfGdcN7FI7Z2k1C5uLRHXllqvbRw09ZFn0ed2ORH8mDSl/0NHzjtD4cTdZ8L/fOg==,iv:4Vgb9qBQD8kgr4iBVEsaQTY+i58MUu+Bu80XjZAY78Q=,tag:VSp88f5T+WV2ngvW6mHbYA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MHkwN1AyY0twMzlYT29D - bXBPTE4vV3lCZFROTG5FS2ZteHVWbjE3clVBCmFWV3FVYTMvejBINzZ1Sk5lcEFF - NTMvSWJlQ2Nad1oxNkVJdFlHbkdja2MKLS0tIDFicWs5QUlPeVpieitqRVNhSXEy - L3JKV0YzOUcvLys3TWd0Q3pOcFBsczQKxyY1BbhiAcFnEwMO3uEEssGX4vM9pjwo - 0hvqWULdsl6NpVd91lOpKgp9XwROSKwdYp5U0XX4oRF1mAI137a8WA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SHY0STF0TGJia2dqRk5k - QVpUeEsvUUpaUjBzOGtNV2dlQzBSNzVZNkRJCkxNc3RBUmgwVDBId3pqY2R6eWNa - WjZ6ZXV6RjFaWnp4ZXUveHBsMG1DR28KLS0tIEVOeGFPTUszbmYxU1hYZENZUWdl - bTk2dytOMmE0UkZYNUdOWHZuelJBK2sKCT4UeF/m0mMqs6jbT1KMLfx6YTQTwkbK - 7WcJKPlg2Jqmqi2G1tqKcjMui0g19vKPRDWGdtIOyYB83ThAVG0znA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-21T20:00:49Z" - mac: ENC[AES256_GCM,data:wDVyJOyMbbcQf/LIypuKIXYskE1+xlg43UY2NV3xIRZfVxN4uAJBtEEas+T6Y3jJoLJOkwjzkvncCv0cxzlJSQYmfoidaBIpNPKi6fSR1LjxELG0ErblVY/usgJ/ACvIfN+6SUC1sK/wxIbpLT+8TeUCvHEj/iuq0hslgdsomks=,iv:MdET9ouW4AVsbpLDtLpHzGQ6RTAHx3GvJg5TVaMzNug=,tag:UUDSIeK0cfd7Otn2XlsxlA==,type:str] - pgp: [] - unencrypted_regex: ^(apiVersion|metadata|kind|type)$ - version: 3.8.1 diff --git a/fider/config/fider.env b/fider/config/fider.env new file mode 100644 index 0000000..1f5d642 Binary files /dev/null and b/fider/config/fider.env differ diff --git a/fider/kustomization.yaml b/fider/kustomization.yaml index 276a70e..8846335 100644 --- a/fider/kustomization.yaml +++ b/fider/kustomization.yaml @@ -16,9 +16,6 @@ resources: - "resources/http_routes.yaml" secretGenerator: - - name: fider-base-config + - name: fider-config envs: - - "config/base.env" - -generators: - - ./secret-generator.yaml \ No newline at end of file + - "config/fider.env" \ No newline at end of file diff --git a/fider/resources/deployment.yaml b/fider/resources/deployment.yaml index ea053d2..f5f810a 100644 --- a/fider/resources/deployment.yaml +++ b/fider/resources/deployment.yaml @@ -23,9 +23,7 @@ spec: name: web envFrom: - secretRef: - name: fider-base-config - - secretRef: - name: fider-secret-config + name: fider-config resources: limits: cpu: 200m diff --git a/fider/secret-generator.yaml b/fider/secret-generator.yaml deleted file mode 100644 index 0aa7075..0000000 --- a/fider/secret-generator.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - # Specify a name - name: fider-secret-generator - annotations: - config.kubernetes.io/function: | - exec: - path: ksops -files: - - config/fider-secrets.enc.yaml \ No newline at end of file