chore: migrate forgejo to git-age
All checks were successful
Renovate / renovate (push) Successful in 18s

This commit is contained in:
Peter 2024-04-17 21:54:25 +02:00
parent 1c2d71391f
commit 22831f6a21
Signed by: prskr
GPG key ID: F56BED6903BC5E37
9 changed files with 10 additions and 127 deletions

1
forgejo/.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
**/secrets/*.y*ml filter=age diff=age merge=age -text

View file

@ -15,8 +15,11 @@ images:
newTag: "3.4.1" newTag: "3.4.1"
resources: resources:
- resources/secrets/admin-credentials.yaml
- resources/secrets/infra-credentials.yaml
- resources/routes.yaml - resources/routes.yaml
- resources/dragonfly.yml - resources/dragonfly.yml
- resources/runners/secrets/runners.yaml
- resources/runners/act-runner-arm64.yaml - resources/runners/act-runner-arm64.yaml
- resources/runners/act-runner-amd64.yaml - resources/runners/act-runner-amd64.yaml
- resources/runners/cache-pvc.yaml - resources/runners/cache-pvc.yaml
@ -41,6 +44,3 @@ helmCharts:
skipTests: true skipTests: true
apiVersions: apiVersions:
- "networking.k8s.io/v1/Ingress" - "networking.k8s.io/v1/Ingress"
generators:
- ./secret-generator.yaml

View file

@ -1,37 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: forgejo-admin-credentials
type: Opaque
stringData:
password: ENC[AES256_GCM,data:c7XwM+a8OHXU7yovRfvX,iv:LX/dP8QxQoRus/MGijpXO0t0PjFeAtB6iTBa2OlIceg=,tag:RJuxiISXnMQdkt44avhL3w==,type:str]
username: ENC[AES256_GCM,data:tkl0o85yyf41vPc=,iv:1zdcy3qhMmpFLP8BsNHJ+YBRbtDBWt8xtxSvNAuBMiM=,tag:1Cui9dcneiyAZb8y7zFWCA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0N2dUTE8rVVF4SVV0Z2Q5
aGZRdkI0QVc3N1BJRnN4dVpWRkxKa3Q1MkNBCmI3V1JiSzhEdk4rYzNNUFp0YklV
Y2dCSERmRXNMZGdldUg2emdrdGs0L0kKLS0tIFo1R3F1RFpoQXJ1WXdYMGErSGIv
UjBUODZudEVLOHJrbFBRNVJlYXVrb2cKwC13RKJZkF3bFA9AlXARfr03T0cKaCOR
RvtRKKHoS1iW095l1l2T+aSoPiAi1BdYBLuaH7fl6RhFW8q6veR64Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc3JJbVJPVUl4ZklaT2FU
RjBUb3NmTEVBTldEd2Q2Q0sxVjcxS1ViSkNzCnloUjB3ZVBmVmJDTmJpQ1JsbHdZ
cnpHU2VSTmFETHIyR0oxbUM3ei8wbGcKLS0tIFp6TUJHTzJpQzMydlo3YVoxQVBW
RldtRnI1YnBMTGt0SVN3OGt3empNRG8K72vZ0rxA2jUsqiqoWoYZyTWDwcJl+lhV
SVvbq6wtz5tMqsPY3zFyfehaLqRR21ADZhbJgWMNvUcqpJ1YJCznhA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-26T20:22:36Z"
mac: ENC[AES256_GCM,data:IBwGNRBOlZwXyL/m4NuwbQzh+Pdaitr7JBmJam1hrbGx//yFyrlcthLnCpxHRvxJ6+y05NZdzvSDiUILQeQGZ9kR7wjWxypBRV6tJw1k9kZ5tEiz/MMPLyXvTVr7jcv1lXV70qRzT/ZodMSwWyQz9t0rQchTdyUxA7wOxg6wqfE=,iv:U0hOm2Htxxi6ZZYLHPkgizaGHbPwi0ZMuUwyOmf15fs=,tag:RijQRWYqiEcprayxpVH91w==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

View file

@ -1,38 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: forgejo-credentials
type: Opaque
stringData:
database: ENC[AES256_GCM,data:kTQSEpMRi0ze+d0nsYerRFfhlS8VzZ7stF6AaXCKg4c=,iv:ZK+l+N2LTmXiJ7eHbNpgq5cQ2geXJJVUwcnhqSvJaTk=,tag:zfK4sXZVg89aXNco2zVYkw==,type:str]
attachment: ENC[AES256_GCM,data:1yXF5ynIGQ8gv6F9SkehA+xnwlI0b1BuZAaSpmymNF/nm01rM5St0G2HBRAQp9i9HeJuRL3DitywAXqVyT1Usx5PFZrK3DnN1NoCCKFEOq5E3JFDQcVrisWtqab562y4ucR5GlynZHG+mjWEExTldnCoQc03KM8m/JsHI4Z5lV23/p+yrSMu/GpxERsu,iv:Llsh9nftLztMX5+3HML0u3hnaKoFKADR0Lj8WCDtsaU=,tag:yH65vLuB+/jUL+Rvaxt6CA==,type:str]
storage: ENC[AES256_GCM,data:6RyQ4kXlBexGZbHd8/RO7TdZ6jv+I9LC7rqHfZo9949G4FWDS47PdAtMWWV9IG/k2RziB//aBe8E7C5uvFWIpSQF7p4gxNTmdSzRq4/e1HrSdOKZ2+GdDPAzD7PWo7L7GhDN5iuAlUKAVsl/DFJWUkH6vFWPmVf3nJ/sW5MRjpjgzWuAzQAgdJttCxEi,iv:Xoy0TJ4QSoyY/b+EWkFEnx3OlBQSXNLJQL3nwTOv6Tg=,tag:7E2AMs7IkdZkN99cb7gAAg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxM0lPdlVhQWp0ZlNtdnZn
QWREaDF0NGtkVmx4UHhhNXJEbW55SHdtcWlnCisxcFRzR3BzUXk1L05DYXgxRHpU
Q2QwbzlLVzdiS2Q4RlpBUnlLTmptbnMKLS0tIGx2OTFiUlRmZkNyRzFVbEhqVFQ0
c3NZQkYvbzFDM2hjcmVvbHJ6S3dLUkUK/ye/CGkeP+fyAR4SWzxvHYXfQUv1Trit
mW0DaG99PWGF3PuxjPRAVm/nZw7dRNtQkrqx88lSdObkMSq2pMwarw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlb2E3eGpqTFB1VExiNXNm
VXpRbjc1RmllaU1LSFdRZnpvWnZoWmR4RDJjCkJIRmdieXNzRGIzNnhuclg3LzRh
QU9tRnFzY0JHQWFvNWM3UEI2YmliRW8KLS0tIHNNemVzdmNrektDK0V0MHVSYjl3
bHk2WG41aDdPeWVJR0NjRWZOVnVMS2cKLZZt2VNc5XdqW9Cknr2Re7pW2+s5CSYj
hQyzCSAPp8hN9mietVqzX3eyFf9ngYJ96TjvBd+2dduxchxAEoi4tQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-07T21:04:47Z"
mac: ENC[AES256_GCM,data:+9JzeBV2UT8O+d98Pvmx4+IujahWvuIIQijjW/JYaE6vbNfzcp21L+3jtU4JZb5Yj3KTySLvlaMvHKDxER/xHsIbYKUF0MMm90eJnccxiiJ7YhPKMkHmRhGbNEP60COv01O1bba4RrAqFdS0velAo74PmYFZO0gAX5T0080+4KQ=,iv:9J6QCO1J4scRCQklRtc62rcNSaVxsKfgqHpjsITruZM=,tag:jlUKMcYvSWmG7KpUOhNN5A==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

View file

@ -1,36 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: forgejo-runner-secret
type: Opaque
stringData:
token: ENC[AES256_GCM,data:WDGyB/Kix8psyBGIa4s+9d92efqe2U8X8cYfauL9aHu0JS6QDqnODQ==,iv:ENvqwwi6Wp6oyVWHBe31EPq+k/NPjyYcW8oKlVzrK70=,tag:azOqnPyUekay1PtFjbf3ZQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1eUJYZGNhZ1ZocjBkZkdF
S1JGaFJXd0ErSWtySVcySy93bElLUjNTa1Q4Cko3UmR2bXo4L2RMaWJZQ1B4WTFW
QWhOWS9GVnVIa3hyTk1UNG5wVnVpOEEKLS0tIDM4cEZsZjVLR0dtQ1FkRnNPaVV5
ejUrMVRLMGROWjFrWUZpd1E5SmtDSzAKAbzU1DcQ6l7mSTLKTxzNFx0y9tMxw+dF
KFNKs/3YWpns07tomAdnDeKhXj6EvDsuxhz+wNg6b6/6wAISoYZI3g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByVExLZElOS29RQmRySnlV
blZ1SFZ5R1NoSlUxZ0JJOVkrL0xLaktraHlvCnQ5dlE0cEVpeW93K1BheWNDcUx1
b0lIVTNVaWxoZWhzTUlBQ0YwTDhxdHcKLS0tIFBGVEoyM21tM3BaVlZsNzBNaDgr
VnExSnBIcEVCRVNjeFdDbGZNbURLUEkKTZLpcYtYWKgHWISrxkvVeU+x56QHf0lF
xxG8xPUiesGm/MBidk19TblX14oWy+VYA65KQrHBtgBIJUmohnNLvw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-21T20:31:49Z"
mac: ENC[AES256_GCM,data:XyrEZRhWD6MW37MMpeVOS51wXjr5gtwU+sDXaRM4eETNUKmNniatblykZ8xE8Q1QPgUWnR6Styoexcvwhagljk7yUT1QaWKwLrPfvVdxtiMJe+bpvlhI1ab/lPDZZ0wOcm9VJOrUVu/t81DT2NmZdZ5NSPdOMS1IHi0cLzJbP/I=,iv:N0tsB0opPQ7xkw3nT0ka62wUs1mKcAV5MctsP5ovu/8=,tag:vUACVwv6RaSXN7yX7qh97Q==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

Binary file not shown.

View file

@ -0,0 +1,6 @@
age-encryption.org/v1
-> X25519 uDV7QKxmEkxayrj61x3RdTMfbA4tMhnU7VawlhhAERY
VrBnv6RDUduhQI99xRwN5Q3OWV40L7G+rgPsses8pKw
--- xaguz3upKpwxoczn1A1b/muPJhRKH6w9jb4z0NOfCsQ
}J—Ä5™”ÒUz0Uµ Ç<>±z
NT%êõÁ­À Im\˜jN)ß4„Nb¿½Ídöãó*€8–ìN驲x+%3M: g<>Fó4U%̵gÒê³<C3AA>dza€ý¾”$V<>ܨc(Zq„È".-ôH“Ldl¼Í^~±Òleq¶ŒÙÞ) b<EFBFBD>9> ‰ŠÞÕW×<>âaq¦*bKò§ûÚ­ž¶}

Binary file not shown.

View file

@ -1,13 +0,0 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
# Specify a name
name: hedgedoc-config-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./resources/credentials.enc.yaml
- ./resources/admin-credentials.enc.yaml
- ./resources/runners/runner-registrations.enc.yaml