From 97ada5cb3b8a82a2a4f84157f617c2af22c9d09c Mon Sep 17 00:00:00 2001
From: Peter Kurfer <peter@icb4dc0.de>
Date: Wed, 17 Apr 2024 21:12:57 +0200
Subject: [PATCH] chore: migrate coder to git-age

---
 coder/.gitattributes         |  1 +
 coder/config/secrets.enc.yml | 37 ------------------------------------
 coder/kustomization.yaml     |  6 ++----
 coder/resources/secret.yaml  |  5 +++++
 coder/secret-generator.yaml  | 10 ----------
 5 files changed, 8 insertions(+), 51 deletions(-)
 create mode 100644 coder/.gitattributes
 delete mode 100644 coder/config/secrets.enc.yml
 create mode 100644 coder/resources/secret.yaml
 delete mode 100644 coder/secret-generator.yaml

diff --git a/coder/.gitattributes b/coder/.gitattributes
new file mode 100644
index 0000000..72303bc
--- /dev/null
+++ b/coder/.gitattributes
@@ -0,0 +1 @@
+**/secret.yaml filter=age diff=age merge=age -text
diff --git a/coder/config/secrets.enc.yml b/coder/config/secrets.enc.yml
deleted file mode 100644
index cf4e71f..0000000
--- a/coder/config/secrets.enc.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: coder-secrets
-type: Opaque
-stringData:
-    OIDC_CLIENT_ID: ENC[AES256_GCM,data:4KD0RPoRdY23wwkwqoXFloAl3VHQsaVJq46psw/tybCic+g6,iv:LQuY/nTVbD8J62Ia4QNRPQq+mP2BX5cOufIOpaqdjHk=,tag:2hB0sZ6fG/Mdi/Mxi123yw==,type:str]
-    OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:8F2gjA8bMyh+g/MPppOtO8pGSvvjoNse2jPAYcH2vyfXNRNR2hn3OF56OkqAQUDgKh3mOMMIlOA=,iv:MSpf7TueXeJ9bJ9gMJAR7m97sbe/GG0GhIsDKOS8U5g=,tag:dJwpuxdG2tjEGSkoynstrg==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmNllWNkJSdm8rblRWQWY0
-            U05Bdkw4OUlhTmZTY2VPOXp3UStKMTZpTGpRCmlxRVFlREtuSG85Zk4vb2lIZm1H
-            SG9hTjc5bmppS0ZWNDVkajBHY2FlcnMKLS0tIGVPQTVHTktPbGVORys4Vk9pdEZp
-            ZnhvczRaK09YL0crK0hwYUllZXErSk0K23F5ItL9qHYbuNVuWGzpgaXMN5LNwc+n
-            LAtAoDwhsNhxNFTU+164rtjwHQ+NMp/xNIHiWMeOBz8zSkqCDAhxJg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaU5ldHg2RjVqdUQxMysv
-            d05jaEFsMXF6QXNlZ2I0SjhGb2pEeHl2WXh3CmtZcG1WZXY3SnBBTTU2cFh6Z1Vo
-            RGd1OGt1cUhXc2VoUmJJaHJhRlQ1QVUKLS0tIEhscmZWU3Y2UFI2UVorbXVoQ2Yz
-            VElCdDBrcEt0amlJUmlldENtSjYyczQK8BueJyu/9pJSqa3eYT/bW705O+Wzd6OF
-            +COLZ8HmD6RFy6K+1uqRqy8ETfSqsaNC06ZdBtH3VKNPOk0ayAuWeg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-21T13:40:45Z"
-    mac: ENC[AES256_GCM,data:nxoSscCX6drScTysPpdPCwNBpJ7IFjIHEDsoVtsMaC2XufxBHNs5iZLv0vc/QfPK4xTRuEjWxhpFq/XiqTkcArpj/19PopKawa9JAKwSjK+9h83rvhK2r0j8QUmKpx9CfRS4uR2e/u2SCLyGtoAFsZD/nwQYFh3o3y0GfpCz3FE=,iv:V/j4zOf2D9SFSJsr7v8/IM8Sor+pJDL520vXSQUwW6w=,tag:lvNKkyw51qVM/j0WB987JA==,type:str]
-    pgp: []
-    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
-    version: 3.8.1
diff --git a/coder/kustomization.yaml b/coder/kustomization.yaml
index 1964a5d..67ebc41 100644
--- a/coder/kustomization.yaml
+++ b/coder/kustomization.yaml
@@ -6,6 +6,7 @@ namespace: coder
 resources:
   - "resources/namespace.yaml"
   - "resources/http_routes.yaml"
+  - "resources/secret.yaml"
 
 helmCharts:
   - name: coder
@@ -14,7 +15,4 @@ helmCharts:
     namespace: coder
     version: "2.10.0"
     valuesFile: config/values.coder.yml
-    skipTests: true
-
-generators:
-  - ./secret-generator.yaml
\ No newline at end of file
+    skipTests: true
\ No newline at end of file
diff --git a/coder/resources/secret.yaml b/coder/resources/secret.yaml
new file mode 100644
index 0000000..fb46e8e
--- /dev/null
+++ b/coder/resources/secret.yaml
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> X25519 e7QN2SX0Cwxqlxs8lfyRUtizStuPdSALxGNfAx4dhHA
+0FizyLJg4M3L9Upj/nobfiLx77LsevekMBrOAd1PphM
+--- HirfSnnWW2oy1wWDRId2JzLbRkgTUWwHcHtsq9TLTEo
+cQÕ¿Yœâæ„Ý‘³ÌC_ZZmîºêW÷nì±ƒôI¾rd6•>Ç{_áÊlKšd	R*)Œmñn$µ£òrL”Um²6Û šÌ‚ú§K¦=–þE(˜ž¾“^zYÄ"i¡ÎS¢=L„ŸñO‡9>¿+t>4%iXT©E°6)É¸:¯õ'J¡tùà‹ÜÛcŸkUñ`rÔ§^$²”­‹Z«V'F£3UJ-†¨g ›|›Ãº×™ÐZ~"èhŸpqdñ†¥'ë6·­ÜñH@|ðö Yr“ƒ¤»=ðª¼—¯aV¥%Ò¡ð¯Ü®kë€ä‚­D•?{ä
\ No newline at end of file
diff --git a/coder/secret-generator.yaml b/coder/secret-generator.yaml
deleted file mode 100644
index 9c11746..0000000
--- a/coder/secret-generator.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: viaduct.ai/v1
-kind: ksops
-metadata:
-  name: coder-secret-generator
-  annotations:
-    config.kubernetes.io/function: |
-        exec:
-          path: ksops
-files:
-  - ./config/secrets.enc.yml
\ No newline at end of file