From a752c4a7318f0d08fb31598f7f153260e970cfec Mon Sep 17 00:00:00 2001
From: Peter Kurfer <peter@icb4dc0.de>
Date: Wed, 17 Apr 2024 22:04:33 +0200
Subject: [PATCH] chore: migrate hedgedoc to git-age

---
 hedgedoc/.gitattributes            |   1 +
 hedgedoc/config/base.env           |  38 ---------------------------
 hedgedoc/config/hedgedoc.env       | Bin 0 -> 1850 bytes
 hedgedoc/kustomization.yaml        |   7 ++---
 hedgedoc/resources/config.enc.yaml |  40 -----------------------------
 hedgedoc/resources/deployment.yaml |   4 +--
 hedgedoc/secret-generator.yaml     |  11 --------
 7 files changed, 4 insertions(+), 97 deletions(-)
 create mode 100644 hedgedoc/.gitattributes
 delete mode 100644 hedgedoc/config/base.env
 create mode 100644 hedgedoc/config/hedgedoc.env
 delete mode 100644 hedgedoc/resources/config.enc.yaml
 delete mode 100644 hedgedoc/secret-generator.yaml

diff --git a/hedgedoc/.gitattributes b/hedgedoc/.gitattributes
new file mode 100644
index 0000000..6c2aef3
--- /dev/null
+++ b/hedgedoc/.gitattributes
@@ -0,0 +1 @@
+**/*.env filter=age diff=age merge=age -text
diff --git a/hedgedoc/config/base.env b/hedgedoc/config/base.env
deleted file mode 100644
index d2265e3..0000000
--- a/hedgedoc/config/base.env
+++ /dev/null
@@ -1,38 +0,0 @@
-CMD_DOMAIN=md.icb4dc0.de
-CMD_URL_ADDPORT=false
-CMD_PROTOCOL_USESSL=true
-CMD_USECDN=false
-CMD_SESSION_LIFE=1209600000
-CMD_HSTS_ENABLE=true
-CMD_HSTS_MAX_AGE=31536000
-CMD_HSTS_INCLUDE_SUBDOMAINS=false
-CMD_HSTS_PRELOAD=true
-CMD_CSP_ENABLE=true
-CMD_ALLOW_GRAVATAR=true
-CMD_RESPONSE_MAX_LAG=70
-CMD_ALLOW_FREEURL=false
-CMD_FORBIDDEN_NOTE_IDS=robots.txt,favicon.ico,api
-CMD_DEFAULT_PERMISSION=editable
-CMD_ALLOW_ANONYMOUS_EDITS=false
-CMD_ALLOW_ANONYMOUS_VIEWS=true
-CMD_ALLOW_PDF_EXPORT=true
-CMD_DEFAULT_USE_HARD_BREAK=true
-CMD_LINKIFY_HEADER_STYLE=keep-case
-CMD_AUTO_VERSION_CHECK=true
-CMD_ALLOW_EMAIL_REGISTER=true
-CMD_EMAIL=false
-CMD_OAUTH2_BASEURL=https://code.icb4dc0.de
-CMD_OAUTH2_USER_PROFILE_URL=https://code.icb4dc0.de/login/oauth/userinfo
-CMD_OAUTH2_AUTHORIZATION_URL=https://code.icb4dc0.de/login/oauth/authorize
-CMD_OAUTH2_TOKEN_URL=https://code.icb4dc0.de/login/oauth/access_token
-CMD_OAUTH2_PROVIDERNAME=Forgejo
-CMD_OAUTH2_SCOPE=openid profile email
-CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
-CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
-CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
-CMD_IMAGE_UPLOAD_TYPE=minio
-CMD_S3_BUCKET=hedgedoc
-CMD_S3_PUBLIC_FILES=false
-CMD_MINIO_ENDPOINT=2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
-CMD_MINIO_PORT=443
-CMD_MINIO_SECURE=true
\ No newline at end of file
diff --git a/hedgedoc/config/hedgedoc.env b/hedgedoc/config/hedgedoc.env
new file mode 100644
index 0000000000000000000000000000000000000000..357417697a24de79de4c67ea0cfb95781f83dcdb
GIT binary patch
literal 1850
zcmV-A2gUedXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$STZ#=F*zVYVN`H0WGhv7Fm!iz
zQY%$8RXJEQS7=F3cUN*!R!Cz)b$B&uQgdTZL}v<QF>Nb3ZbmmVK|*6;OHWuzFga3L
zcyDfcMQl$?W_WCKZa8Q`L_}j~R4@uHEiE8LWKC*ka6wZ!HbqEDWN<QXXgEu4RzY)F
zc2Re9Fga3lcrbNBbYyo%YfTDa8D)TIjTtrLD`n%O)7uo075!)e4=-t|Z5(E__IhM-
zBk$N$pCzJps$@*U#n9C!G6?~Tn{v1sRwC2Boh_E#wr)Bc@|q5G0Ajjh4f6MgUV==B
zcB=6+YW22q^xW?3Sf!^rCBF&?3{ui-rAoqge4o}bEAbk<Jb~Y<x4N!s000j7|N5nH
z?et2XHU2!`1BjsQQzp4j_Mliv(QIiCo{}rIxYX&H-*D-Hm!%`Aef4{{A>X6`SuM({
zN7u_L?i)Q)qq|hhbk*{?8@uhbw^a+#%nJzHR<H8-ljn3y3%}EoKx`G=S#zX;8WC1n
z6+)n#fn=2f*H$*#y<6rd4MO%q&F*{1D@<O(%cshcvx@I!drP|Q!ju!MD3~$Qa#&lv
z?q07M7vPA(<b$~x9;z8SW8OuO<uz0p`^*4qdqOku)wArF<b#M<Kh6Of^}x*zNpCfc
z;q?Al`o%YhCGEkq5w@=t`Du;PI|3EFw?ccJ0Y1W*&0$a{`08Dm^+$C*Zg+*Q0xZ?P
zIOTHPTN+pZ*Jp^z8j@J1n`2bf3;V!q{gKkGz#(4^5;-J|hl42_pRFS(Ma2U5`xr89
z0rVME!WaQyM^v~{9_l9m+NLxUp6@aR{V9M>7s9dr?iI9Hu7U`>HKKeR)K)ZEuQ!H6
zb-YIAZ|P2)0d@upupKO`={5dzTS)BVJD%5uMvu$5D_2yIeZ4?MJ|zNLwh@Coxixfk
zzeOjW2s-Dy&o40vKSg$XYsV%SsAJuWN%S02{%!9%U)4R^__Q|R7fsoHdL;xrX<|Tn
zpE<o?REqi8PyvJ~arZmoVle*;00E(`9$o(w<W@p0M<`<;$(GBy0Ce1Y)t|HtY!8ng
zcMRlIFzW^gGCbj_9=hZ$<DN%YqOB;1X7XdVxzn9#s+@Z25t|9^#k(vGpj_)KbZlKo
zhe5<8Pe&k=QMj(ji;}%1G4|Rk44kK(bE;5aPBqAMqm5Xo@6_S8GK^E%N}9Q>Zdc8d
z;;iY<zUQ_`XLL!;zqVRtEVL0AX=@4fD~t$-wh&I}Hoe^Gco`{wf02f?YoS~#*F$|1
z-PcWm--@Nfi%2#WSW7Qp(R84(AE4A=WR$d!GL45~(xMZs5QR1T5ZO4!zUdKd)WFr%
zdg=_nUC>#AXDD3na{#-CtgP8R^(zK=Vde;I;(acDnd5;!p{01jOuI$d=!!BbC7mxk
z+zTdSXQ$kAkA4-c8c5r4bMd0}$V{DW=WB9;YW9P^40M#r(r(CEpV4o;kT8bwd$vOg
zh^t4cyOXLa{?zw4Hd&6G)UaH=LQTu-kI^RsT<PvqihA%aM!tFc#cFHZ_q1_$!z%P_
zW+bHgGi`6tp(EQRwob_V8rr7b#vsi0rXpcbH8u!SZ}GBCgG*Q7a-l5%g?tYlYhNj|
z+(?3wna+ZpX@SA!OWTJ3h+<@MjzgkP6)D|YhSJ>q4}I45IMLtft!XvzhGR-4<So)}
zdsNkS?k0gyJ{YYtPuGELok6*CX=Fs$y!V41@n};h`UU%$s<^}lY)oO#W<mi#bf1aU
zk15l1U`D@rAn8AlN*EK@o9+7hx?M$SOT<!-E<~rz{Zg-=c?`q8_?Dg;Hgf@HTDt(3
z{h+en4N0EgnQSN(<_PYojcJ`(PK$oh_HA9Sw502(|J)-L2fV_28m#N=zqay96;+1!
z0}AL0cv)_XE0Xpb{C@BwXbKDMY9f2hEagc|H!`V{2)K8GHI@61ZyRhpe-I;Iy&>->
zj$wdYyl<akS1}{PPuHOM&Bg<-+qXV9WlRGgnp4i#3F!v^GMk~?Q4&06T<h|G&Gej^
za)qeimVDL^JzCX3e;bIZ9h7~(aG9#91~pKbM}Y3$>HL~B2T9jAL-~4wjfOXr$liv!
zn}*$16mMzsY=H{FFjPIW07yLo5;5wl_pQn012RXp|KN7MVs5LQ54aT1TZbB3hlIct
z4is%3kY8&xR<K+v#~O(>K$n#BGi0I733<Cpb5y-33w*+h8as-)_LmCFmVBZSQ1*q#
z-g-I2Km{7@v8@ooQ*pK!H2X^|G{dl+_ktBvi1i50mlx%2aO&B=JHjO2V*NqMM*Xcr
z?7rXH{$_F-Q!asXnr;6%9{C)OB>9RyuAZbKX}eEz$zVA&U430tsi26(Jiuv|%_5yd
oB%ZinXJ@Re-LqoAC_Tyo?$#Hr`BCm4ErtdRY4H!k4b{-80bq1{`~Uy|

literal 0
HcmV?d00001

diff --git a/hedgedoc/kustomization.yaml b/hedgedoc/kustomization.yaml
index c6c4ece..c8c904c 100644
--- a/hedgedoc/kustomization.yaml
+++ b/hedgedoc/kustomization.yaml
@@ -20,10 +20,7 @@ resources:
   - "resources/service.yaml"
   - "resources/http_routes.yaml"
 
-generators:
-  - ./secret-generator.yaml
-
 secretGenerator:
-  - name: hedgedoc-base-config
+  - name: hedgedoc-config
     envs:
-      - "config/base.env"
+      - "config/hedgedoc.env"
diff --git a/hedgedoc/resources/config.enc.yaml b/hedgedoc/resources/config.enc.yaml
deleted file mode 100644
index 8dac50e..0000000
--- a/hedgedoc/resources/config.enc.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: hedgedoc-secret-config
-type: Opaque
-stringData:
-    CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:VqudURssSgmCDVhCRjak2TDG10pwvCNfi0w9FlEh4SI=,iv:VGavO528JfqsUVyvWSAlWkMTXJAmLUablaGZ3VCEtq8=,tag:unvEa2k/9AzfVMEnhCDB1Q==,type:str]
-    CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:/iQq6wnoH/WwEzApap6szpr7z+KZJ+twcuINgqtbHOMDXeVz9Yi7cjC0hGlqQHZTCO4jR5gp+OwdIkzRk0zDsw==,iv:1OHm8K3AA340q0xkNCF3RsPpcpKmUE5Yibu+IWIZ7+E=,tag:cB/pckdoEZQlzlRVWoYKmA==,type:str]
-    CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:x1zEeQl4WM49dmbx9v159APlimVVmQX4uPUTa0Nwu7jazcD1,iv:eXSk8Js2OhKC6q1M2anzCdC30IqA9YIj7rxmzFRE4bo=,tag:zgutG/3INA7DxUY5PRJoIg==,type:str]
-    CMD_OAUTH2_CLIENT_SECRET: ENC[AES256_GCM,data:biyLVbyONbJK2V16Zz9/MVdpdqu3iTzsyBVx0iKK5MCyNfU1Y0lV9g88w44junGvvby/LWOAEGs=,iv:uSRtuu+bHpt8JOVfw5BpCXjqWW07x0jJ8Ja2pIcoQf4=,tag:He4d6BrE1V9OJbNH3hrPcQ==,type:str]
-    CMD_SESSION_SECRET: ENC[AES256_GCM,data:Nq6arL1aE69BeTRjx4pA90xZqcOtqOb3R/Zt98FyIVd+Uq53dWsqURG2M+IQpvl9MEpY8FpUNY0=,iv:JaOAe8YgNVnDBzV2x1TSqMJq36Qwqazk6cCkWwseBZc=,tag:FMKKOhow/w5HLwfNarQdjQ==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cHVKUm5Nby9hSjdOM3JY
-            UWs0UWdrNC9FOVd1b1VjK1BmYVdwZng4T2tvCnBhYVdNbGFwWnBPMkJiSk1pbHlv
-            aGJTRjdsb1JrSHpIMk5JWEZNOTBoc0kKLS0tIEZscSs4SFVIVG5NanlUQU1IM1hv
-            M1F2WE1taWZ2bG0reU1EYWw2K1pZK2cKSHxed4HgSf0vKNGBMuFaS99znRPphkoF
-            TgjkD7nI/nyvflV0Bs1lqMlWZJsyY9+HaLp38j95mAcXc224SSBMxw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtd3k2MzQ2aGx0NmwzYU95
-            QkVNVkJuQmdrOEUwM3FJNGFOZndxYWFTeVFZCmo3RnRQakxoelV6WmJHK3UyMnBZ
-            NTMvYkxqWHhYbjVBSkV5YjZlZTdndjQKLS0tICs5UlQwNHAvdW5oYXlqYTFFOEM5
-            ZXpzNmEzbXhtZDkySFM2L0VQTzZCdTQKh46uRnVtRzzdnnnuCJNwgQo8AeNKpc6B
-            WC91My4qyOtvM9J+FJC71DTovfmHrZw0YWbPwXqNRU6XBWHfC/MViA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-20T20:40:53Z"
-    mac: ENC[AES256_GCM,data:DcoiksdfIUl5cCC8mSbzAUO9lWTeotr/UNMwIa+Z7aq9s4tzVn3YBbAPh5by5U7PVqAPkutoBjUk1IXCqWykkGXw/k9n7mAZn5AiCweLNY/d0gmKTpCUsGqaTg8gH7gQJy6+TNGxnq+Wm4GQNHAduYMJXS4/UdJcIAAc/id4JXo=,iv:+OYzaUHdJN4daTrAg561LxS0i6lozZ+OylhxubZplYc=,tag:7gElSJeGIaqXzjYTe9OTZQ==,type:str]
-    pgp: []
-    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
-    version: 3.8.1
diff --git a/hedgedoc/resources/deployment.yaml b/hedgedoc/resources/deployment.yaml
index f1eed14..43bb21b 100644
--- a/hedgedoc/resources/deployment.yaml
+++ b/hedgedoc/resources/deployment.yaml
@@ -25,9 +25,7 @@ spec:
             value: /certs/ca.crt
         envFrom:
           - secretRef:
-              name: hedgedoc-base-config
-          - secretRef:
-              name: hedgedoc-secret-config
+              name: hedgedoc-config
         ports:
         - containerPort: 3000
           protocol: TCP
diff --git a/hedgedoc/secret-generator.yaml b/hedgedoc/secret-generator.yaml
deleted file mode 100644
index 6dc7149..0000000
--- a/hedgedoc/secret-generator.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: viaduct.ai/v1
-kind: ksops
-metadata:
-  # Specify a name
-  name: hedgedoc-config-secret-generator
-  annotations:
-    config.kubernetes.io/function: |
-        exec:
-          path: ksops
-files:
-  - ./resources/config.enc.yaml
\ No newline at end of file