update arr secrets to use 1pass

cbc02009 · May 17, 2024 · 9b1247c · 9b1247c
1 parent e3e7f69
commit 9b1247c
Show file tree

Hide file tree

Showing 7 changed files with 126 additions and 164 deletions.
diff --git a/kubernetes/main/apps/organizarrs/animarr/app/externalsecret.yaml b/kubernetes/main/apps/organizarrs/animarr/app/externalsecret.yaml
@@ -1,22 +1,4 @@
 ---
-# yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/clustersecretstore_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: &name animarr
-  namespace: organizarrs
-spec:
-  provider:
-    doppler:
-      project: *name
-      config: prd
-      auth:
-        secretRef:
-          dopplerToken:
-            name: doppler-token-auth-api
-            key: dopplerToken
-            namespace: flux-system
----
 # yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
@@ -26,25 +8,30 @@ metadata:
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
-    name: *name
+    name: onepassword-connect
   target:
     name: *name
     creationPolicy: Owner
     template:
       engineVersion: v2
       data:
         # Sonarr
-        SONARR__API_KEY: "{{ .API_KEY }}"
-        SONARR__POSTGRES_USER: &dbuser "{{ .PG_USER }}"
-        SONARR__POSTGRES_PASSWORD: &dbpass "{{ .PG_PASS }}"
-        SONARR__POSTGRES_HOST: &dbhost "{{ .PG_HOST }}"
+        SONARR__API_KEY: "{{ .api_key }}"
+        SONARR__POSTGRES_USER: &dbuser "{{ .pg_user }}"
+        SONARR__POSTGRES_PASSWORD: &dbpass "{{ .pg_pass }}"
+        SONARR__POSTGRES_HOST: &dbhost "{{ .postgres_host }}"
         # Postgres Init
         INIT_POSTGRES_DBNAME: "animarr_main animarr_log"
         INIT_POSTGRES_HOST: *dbhost
-        INIT_POSTGRES_SUPER_PASS: "{{ .PG_SUPER_PASS }}"
+        INIT_POSTGRES_SUPER_PASS: "{{ .postgres_super_pass }}"
         INIT_POSTGRES_USER: *dbuser
         INIT_POSTGRES_PASS: *dbpass
   dataFrom:
-    - find:
-        name:
-          regexp: .*
+    - extract:
+        key: postgres
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "postgres_$1"
+    - extract:
+        key: animarr
diff --git a/kubernetes/main/apps/organizarrs/lidarr/app/externalsecret.yaml b/kubernetes/main/apps/organizarrs/lidarr/app/externalsecret.yaml
@@ -1,22 +1,4 @@
 ---
-# yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/clustersecretstore_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: &name lidarr
-  namespace: organizarrs
-spec:
-  provider:
-    doppler:
-      project: *name
-      config: prd
-      auth:
-        secretRef:
-          dopplerToken:
-            name: doppler-token-auth-api
-            key: dopplerToken
-            namespace: flux-system
----
 # yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
@@ -26,25 +8,30 @@ metadata:
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
-    name: *name
+    name: onepassword-connect
   target:
     name: *name
     creationPolicy: Owner
     template:
       engineVersion: v2
       data:
-        # Radarr
-        LIDARR__API_KEY: "{{ .API_KEY }}"
-        LIDARR__POSTGRES_USER: &dbuser "{{ .PG_USER }}"
-        LIDARR__POSTGRES_PASSWORD: &dbpass "{{ .PG_PASS }}"
-        LIDARR__POSTGRES_HOST: &dbhost "{{ .PG_HOST }}"
+        # Lidarr
+        LIDARR__API_KEY: "{{ .api_key }}"
+        LIDARR__POSTGRES_USER: &dbuser "{{ .pg_user }}"
+        LIDARR__POSTGRES_PASSWORD: &dbpass "{{ .pg_pass }}"
+        LIDARR__POSTGRES_HOST: &dbhost "{{ .postgres_host }}"
         # Postgres Init
         INIT_POSTGRES_DBNAME: "lidarr_main lidarr_log"
         INIT_POSTGRES_HOST: *dbhost
-        INIT_POSTGRES_SUPER_PASS: "{{ .PG_SUPER_PASS}}"
+        INIT_POSTGRES_SUPER_PASS: "{{ .postgres_super_pass }}"
         INIT_POSTGRES_USER: *dbuser
         INIT_POSTGRES_PASS: *dbpass
   dataFrom:
-    - find:
-        name:
-          regexp: .*
+    - extract:
+        key: postgres
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "postgres_$1"
+    - extract:
+        key: lidarr
diff --git a/kubernetes/main/apps/organizarrs/prowlarr/app/externalsecret.yaml b/kubernetes/main/apps/organizarrs/prowlarr/app/externalsecret.yaml
@@ -1,22 +1,4 @@
 ---
-# yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/clustersecretstore_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: &name prowlarr
-  namespace: organizarrs
-spec:
-  provider:
-    doppler:
-      project: *name
-      config: prd
-      auth:
-        secretRef:
-          dopplerToken:
-            name: doppler-token-auth-api
-            key: dopplerToken
-            namespace: flux-system
----
 # yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
@@ -26,24 +8,29 @@ metadata:
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
-    name: *name
+    name: onepassword-connect
   target:
     name: *name
     creationPolicy: Owner
     template:
       engineVersion: v2
       data:
         # Prowlarr
-        PROWLARR__API_KEY: "{{ .API_KEY }}"
-        PROWLARR__POSTGRES_USER: &dbuser "{{ .PG_USER }}"
-        PROWLARR__POSTGRES_PASSWORD: &dbpass "{{ .PG_PASS }}"
+        PROWLARR__API_KEY: "{{ .api_key }}"
+        PROWLARR__POSTGRES_USER: &dbuser "{{ .pg_user }}"
+        PROWLARR__POSTGRES_PASSWORD: &dbpass "{{ .pg_pass }}"
         # Postgres Init
         INIT_POSTGRES_DBNAME: "prowlarr_main prowlarr_log"
-        INIT_POSTGRES_HOST: "{{ .PG_HOST }}"
-        INIT_POSTGRES_SUPER_PASS: "{{ .PG_SUPER_PASS }}"
+        INIT_POSTGRES_HOST: "{{ .postgres_host }}"
+        INIT_POSTGRES_SUPER_PASS: "{{ .postgres_super_pass }}"
         INIT_POSTGRES_USER: *dbuser
         INIT_POSTGRES_PASS: *dbpass
   dataFrom:
-    - find:
-        name:
-          regexp: .*
+    - extract:
+        key: postgres
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "postgres_$1"
+    - extract:
+        key: prowlarr
diff --git a/kubernetes/main/apps/organizarrs/radarr/app/externalsecret.yaml b/kubernetes/main/apps/organizarrs/radarr/app/externalsecret.yaml
@@ -1,22 +1,4 @@
 ---
-# yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/clustersecretstore_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: &name radarr
-  namespace: organizarrs
-spec:
-  provider:
-    doppler:
-      project: *name
-      config: prd
-      auth:
-        secretRef:
-          dopplerToken:
-            name: doppler-token-auth-api
-            key: dopplerToken
-            namespace: flux-system
----
 # yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
@@ -26,25 +8,30 @@ metadata:
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
-    name: *name
+    name: onepassword-connect
   target:
     name: *name
     creationPolicy: Owner
     template:
       engineVersion: v2
       data:
-        # Radarr
-        RADARR__API_KEY: "{{ .API_KEY }}"
-        RADARR__POSTGRES_USER: &dbuser "{{ .PG_USER }}"
-        RADARR__POSTGRES_PASSWORD: &dbpass "{{ .PG_PASS }}"
-        RADARR__POSTGRES_HOST: &dbhost "{{ .PG_HOST }}"
+        # Lidarr
+        RADARR__API_KEY: "{{ .api_key }}"
+        RADARR__POSTGRES_USER: &dbuser "{{ .pg_user }}"
+        RADARR__POSTGRES_PASSWORD: &dbpass "{{ .pg_pass }}"
+        RADARR__POSTGRES_HOST: &dbhost "{{ .postgres_host }}"
         # Postgres Init
         INIT_POSTGRES_DBNAME: "radarr_main radarr_log"
         INIT_POSTGRES_HOST: *dbhost
-        INIT_POSTGRES_SUPER_PASS: "{{ .PG_SUPER_PASS }}"
+        INIT_POSTGRES_SUPER_PASS: "{{ .postgres_super_pass }}"
         INIT_POSTGRES_USER: *dbuser
         INIT_POSTGRES_PASS: *dbpass
   dataFrom:
-    - find:
-        name:
-          regexp: .*
+    - extract:
+        key: postgres
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "postgres_$1"
+    - extract:
+        key: radarr
diff --git a/kubernetes/main/apps/organizarrs/readarr/app/externalsecret.yaml b/kubernetes/main/apps/organizarrs/readarr/app/externalsecret.yaml
@@ -1,22 +1,4 @@
 ---
-# yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/clustersecretstore_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: &name readarr
-  namespace: organizarrs
-spec:
-  provider:
-    doppler:
-      project: *name
-      config: prd
-      auth:
-        secretRef:
-          dopplerToken:
-            name: doppler-token-auth-api
-            key: dopplerToken
-            namespace: flux-system
----
 # yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
@@ -26,25 +8,30 @@ metadata:
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
-    name: *name
+    name: onepassword-connect
   target:
     name: *name
     creationPolicy: Owner
     template:
       engineVersion: v2
       data:
         # Readarr
-        READARR__API_KEY: "{{ .API_KEY }}"
-        READARR__POSTGRES_USER: &dbuser "{{ .PG_USER }}"
-        READARR__POSTGRES_PASSWORD: &dbpass "{{ .PG_PASS }}"
-        READARR__POSTGRES_HOST: &dbhost "{{ .PG_HOST }}"
+        READARR__API_KEY: "{{ .api_key }}"
+        READARR__POSTGRES_USER: &dbuser "{{ .pg_user }}"
+        READARR__POSTGRES_PASSWORD: &dbpass "{{ .pg_pass }}"
+        READARR__POSTGRES_HOST: &dbhost "{{ .postgres_host }}"
         # Postgres Init
         INIT_POSTGRES_DBNAME: "readarr_main readarr_log readarr_cache"
         INIT_POSTGRES_HOST: *dbhost
-        INIT_POSTGRES_SUPER_PASS: "{{ .PG_SUPER_PASS }}"
+        INIT_POSTGRES_SUPER_PASS: "{{ .postgres_super_pass }}"
         INIT_POSTGRES_USER: *dbuser
         INIT_POSTGRES_PASS: *dbpass
   dataFrom:
-    - find:
-        name:
-          regexp: .*
+    - extract:
+        key: postgres
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "postgres_$1"
+    - extract:
+        key: readarr
diff --git a/kubernetes/main/apps/organizarrs/recyclarr/app/externalsecret.yaml b/kubernetes/main/apps/organizarrs/recyclarr/app/externalsecret.yaml
@@ -40,3 +40,42 @@ spec:
     - find:
         name:
           regexp: .*
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.kokoro.wtf/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name recyclarr
+  namespace: organizarrs
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: *name
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        RADARR_API_KEY: "{{ .radarr_api_key }}"
+        SONARR_API_KEY: "{{ .sonarr_api_key }}"
+        ANIMARR_API_KEY: "{{ .animarr_api_key }}"
+  dataFrom:
+    - extract:
+        key: radarr
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "radarr_$1"
+    - extract:
+        key: sonarr
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "sonarr_$1"
+    - extract:
+        key: animarr
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "animarr_$1"