From 02a3024caabad05ee4ea33c930b5ca8e1764e32f Mon Sep 17 00:00:00 2001 From: Nat Allan <19149206+Truxnell@users.noreply.github.com> Date: Sun, 12 Feb 2023 14:10:17 +1100 Subject: [PATCH] fix: removing sops --- .sops.yaml | 4 +- infrastructure/talos/hegira/talenv.sops.yaml | 35 -------- .../glauth/app/config/groups.sops.toml | 20 ----- .../glauth/app/config/server.sops.toml | 20 ----- .../glauth/app/config/users.sops.toml | 20 ----- .../security/glauth/app/externalsecret.yaml | 85 +++++++++++++++++++ .../security/glauth/app/kustomization.yaml | 8 -- 7 files changed, 87 insertions(+), 105 deletions(-) delete mode 100644 infrastructure/talos/hegira/talenv.sops.yaml delete mode 100644 kubernetes/apps/security/glauth/app/config/groups.sops.toml delete mode 100644 kubernetes/apps/security/glauth/app/config/server.sops.toml delete mode 100644 kubernetes/apps/security/glauth/app/config/users.sops.toml create mode 100644 kubernetes/apps/security/glauth/app/externalsecret.yaml diff --git a/.sops.yaml b/.sops.yaml index 3df185d788..68a489c048 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,10 +9,10 @@ creation_rules: age: >- age12kzuwvvedndehkke84apwamungqrcavf2khwjvd46f6lkq0wqq5q3s3vth - - path_regex: k8s/manifests/.*\.sops\.toml + - path_regex: kubernetes/.*\.sops\.toml age: >- age12kzuwvvedndehkke84apwamungqrcavf2khwjvd46f6lkq0wqq5q3s3vth - - path_regex: k8s/manifests/.*\.sops\.json + - path_regex: kubernetes/.*\.sops\.json age: >- age12kzuwvvedndehkke84apwamungqrcavf2khwjvd46f6lkq0wqq5q3s3vth diff --git a/infrastructure/talos/hegira/talenv.sops.yaml b/infrastructure/talos/hegira/talenv.sops.yaml deleted file mode 100644 index 536096b3d5..0000000000 --- a/infrastructure/talos/hegira/talenv.sops.yaml +++ /dev/null @@ -1,35 +0,0 @@ -aescbcEncryptionKey: ENC[AES256_GCM,data:dY0BdJjZle8Q2Wmcr+D7nhYL6IxNspPiU3MCn775ZDw+i6LSiaO3m1W94ps=,iv:aWRXZnrlQwoahP+qn5eMKunjYhodhuXeqVVHd7yr8+M=,tag:1hMTS9IiOy9xrHmnn4T+0g==,type:str] -clusterCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVRDZ0F3SUJBZ0lSQU5qc1BLYzNjaWh4L2hRclJUeDg3b2d3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlNakEwTWpBd09UUXlNRFZhRncwek1qQTBNVGN3T1RReQpNRFZhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVJmdHBic09SSll3eWsvK0hTa3BpTWN4aGpzNTBadGpaTWFkRGZzcXBJWHRWQ3dGODVwZkNEck1KOWwKektzMFpPOWl5MDFXM3F3VFhDUURYdG12MWNBbm8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGT3RWNG05TUd4QmZIV2J5d2xMdzBjY0g0UTgrTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDSUdHUTRuTGkKajhYazAxdTd4aGxGME1PSDNBYlhMZXZXK2o3UkxvVEQybm1yQWlCV3dpMkMreWYzaTR3dS9vMUZTWnh2c0ViOAphWmNXRThEK2d1SDFKZjM5YWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== -clusterCertKey: ENC[AES256_GCM,data:orBDxSxq7c3tVe/hKWJyhg3dfxWgnRycHcd30o7FRLZvuaV/usqSXC5PYeqcnDAZc/HJhWuDZ8EEAuQe/gbkPEN2Hm5WoqbzYyJEEvhYSg89QynrXZcCGtU+3Ac3ZAe0iVT+ExlAufVs2KT4K8LPDCS2GpxEJzDDHD9IVlg3eYbso6XchIxXdV6/P7FfHkR9IL2gq0Ujm132/51iTnuZyn6UbdqyiojT5UQ9XYC2cJO5V+9nikDBn90mOQ9vIEjBcxYbEG54ZhkCyOLKBxkRSDjmixhjdY96Azmce7e0oxZFM4oKV+VHvby/enieeRQDGxTb4038r8ElFoVddgOErzOFVWM3siZ2tTvG92IyjjJg4UcsOlkpbEGM5K3SlcvjTcUSBgtqmn3Rs+ToRpCx8A==,iv:dsepWrxeX3BAyloiKoZnGERkuASCJl9mF5/Tv3MXIhQ=,tag:+ug1kVtX0QQ6c/Hh58iMdg==,type:str] -clusterSecret: ENC[AES256_GCM,data:85j5MprpnOcOFsImG9pj0j15QDjf4drx9PdZHB3onNsVdmHtTLLNR7jltFs=,iv:PzNeyzuMG/IW1xXirZmDesa8L0AbIp7LzcgfjknOH7M=,tag:ZMDmbG6RGK5Bd/MXjeLOWw==,type:str] -clusterToken: ENC[AES256_GCM,data:8j9lfbZ5Ol4Aq2mfmq7ID8cF2cjtg0w=,iv:fPoV2uu2kwjShBPB1obpYfNiVgj/qmbBV9JFikifPdE=,tag:ah9tYLvyw1V5Qf/UL9aauw==,type:str] -etcdCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmakNDQVNPZ0F3SUJBZ0lRWW5TcDEvM2lFTS9mNTRNQmw3TzVjVEFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEl5TURReU1EQTVOREl3TlZvWERUTXlNRFF4TnpBNU5ESXdOVm93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkg2YjhzbWFzUzdjCk9xOFJQcmE3Ums5eDE4MGtoOWIweG1EQ2pia3BlcnVCUVRNc1ZZaE53M25GOHFWUUcybGgyK3BGRVpnK3hTRWgKdXJGTFlFSXY4TnFqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVcEp3NEI2R0VKU2c1CjRrajBURlRqRDh4bFFBOHdDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBS2NLK2crc2tSVVB6Zm9aMXlpblM5R3UKV3VxT2dmMHRhNS9vb0dSVDJKUVNBaUVBbUtndWhvRGpVSW9FRm90aXZ2TDBGTkRETTNYNmdPOTNpdnlnVisxaAprWmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K -etcdCertKey: ENC[AES256_GCM,data:DuylEMGLII/JFI/ApxKQmmjOky6Sq0GUi+x7BbI3W5/NrInmBJPItr7TLPAlXZdWvbAghZs1UQeQc8YcrRM0bRCmyaayFRgxbnZyCLw3JUldx4/i3w1DJ6O2QC7hCEDaLhbBnZv6xxxAx2ElePsi36TgKyEVir+0j2tkTM2gfy5RLkJz2TweRlvf3t43hW4ydSlgIhasnaifCGDYpWCsdUUt67ec22sLFYUxUe/t2mCqWKOQnNc1GHiOEU+LdB+PqCeLjlJ7C9+KWZg8L7edppRthXXMKxRYLvr5NrFw9oKMfm+leCdzhnTE0KR3pl9pFU4IanrbH6+IOqs2DrNUy/GCB+ROW6mWWCQ7C0M0093cgY35KLRfYh0F5SxVEEY5llUGP0uhOiP8FncoG2uvbg==,iv:M9Hv9u66cG7AaVNYc2vZY7oMC/0JUWJi9d0H8UOyEkg=,tag:lBtz2dsMbX52sIPCaxoiOQ==,type:str] -k8sAggregatorCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZRENDQVFhZ0F3SUJBZ0lSQUs0YVlRNTFTSVRlUDZMb0VSOTM5M0F3Q2dZSUtvWkl6ajBFQXdJd0FEQWUKRncweU1qQTBNakF3T1RReU1EVmFGdzB6TWpBME1UY3dPVFF5TURWYU1BQXdXVEFUQmdjcWhrak9QUUlCQmdncQpoa2pPUFFNQkJ3TkNBQVEwTHlLdElBSXR3VjRPdzRMQkR3Z0M4SUFncGphZlF4RlZhT2xEUVhSNTBhUFdVUFllClpBb3ZHOHJ1RVhPZjRKTk5JKzRrQ3dDSy9yYWhhSjJxOGtTN28yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXcKSFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4dwpIUVlEVlIwT0JCWUVGRndncjBhcEkwRXVBT0graFcxMHkyQ2dOVThBTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDCklFYnNicm1ONEJtSzlBd0h3ck9YYlV1WGx4ZUJHTTZiRWtlazZiSmUveXNMQWlFQTRZYTF6RFI4MU1nbDRwVVEKdFhjdUh0VU1jV3RxcmplSzBvQVFTVTE3QWd3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== -k8sAggregatorCertKey: ENC[AES256_GCM,data:IaMPrBPidjl6AWBo08x3uhc0uyTv99VxSETBKf0SDg/b7n80sc5YEFcygVpyzeAk5kjhGZMYhBatj1tC69lJzVlqO6iCjstK598lAIGYMkfUke4XoVwdbjJakkf1660EQU/9RwcR4ABM8hq0fbpmGWwBizmxrh4BwBeKt5LiXQBoTU3+xFyyDyMDfFsnaGKAtMFgzcxTMYGeA6W0znN8BvV0brx6wrb35bXjPztInmDhywx6Drhq/kPlqshnjFda40zL3ismr3GwMmbSytqNyqScSWi+qXpbqVABXNgP/Wla+cn1Ix5ukIKUd7t/5XGMFFcu5LtWyN4PQ7npPCWP1jPJ0lCxE0+zk219zHErg2yDVCQ8KyrH9smfp2pfs3wBbeRkik6gPxLVsUVawG49vA==,iv:zbPiHxBV0475v5GCFFaCTC9khWii5PPR86VB8I49xow=,tag:nHEQ58g2/QlNg6A7S2EKJQ==,type:str] -k8sServiceAccountKey: ENC[AES256_GCM,data:ErubMwINq73ZxRSBocxG37BxZysF6eh2lHW3CWBc+6n6G2fVmpoeYY+UTCTSzHdfJE+rOpTgPzj003+AoQKGtPuFwtCKy/T3DEymFeSYIzVEWXeCndp2u1Dx+mpaa1C8V0a3m+Z13XIXek5Rx7c9WL+oTkhOpV9rN1Qv224WSXvIXEaZypz/UyehrMVdHmgo/2oK0QpCpFxprBjfD+AzmRB/sXTUhaFyIAs0OYTEXfSd9Mcys+tMtz9Cr5j+Y5m6rJFR5+K7dBxexyp0552+qNtodDaR8Nc4JJDZoDhjae5jnPc6LbGdc/eUoBm7AannvlAo7Ykt2YSTDNPcc8Zt2P469NVYwnsJhlPuLy97xnB7W7y/EXK78hvqMlclUbv3kNYCaxdkdbX+Fog01G25cw==,iv:REXZPxKQPBPQEMaxxkD2J3Gt5oNxg7dEUt6ha+NVinM=,tag:IMW/D8rpzZ7av+AvlSe7+g==,type:str] -machineCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBK2hmTlVITk5KVWdybVJueUxuaSs5akFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qSXdOREl3TURrME1qQTFXaGNOTXpJd05ERTNNRGswTWpBMVdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUF5QytVODdVc1FMQjdOUlVQZmYvVUljTTlXZjVKV2syQXJsCjNJaFlKbXVZbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkpFTVMyNXhFNmcxVW1SNAowWEhKV2Y3ZGtpOXVNQVVHQXl0bGNBTkJBSmNsdFYyU2ZzZC9MTmVaZ3FTZCtYMHZFclVzZVpEcFhzYTlpYVZWCnU2MDk4TmR0MnFHdXhjemd3TFQ0NGhSOXNZNGdMV0IwSmxoaE1JUnV3a1JtcGdJPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== -machineCertKey: ENC[AES256_GCM,data:NizGBWOCW3RkN3/BcQehfmvUC7Tfp6qcXnC172EXLBTg723XQyWESIcSU5pm6BpUWSX4VRTvzV39/nXCCUWXfIS9RWnrxbAF29vbpwqlVOLGyOkWzqFb0uv5W5GMIm34MlwhMrbE0U4fV5eSywJPWLrdjE9o8wVqrrHbv1G22Sb2RQiQ1gutg2UaT4FNSPuml37XWxZsaubqCSWZqlMfKY4XpCUqXaWHCSi4SNWCMXf5tUts,iv:5TxXnEots7z7KfQzWSX+f0ZLUV980sbkcXl76sdX9wg=,tag:Vk1YAiiU85hB17XqhMnWPg==,type:str] -machineToken: ENC[AES256_GCM,data:DvMlj+OHbfwjB2WHjzy1/GpF7e5MrPo=,iv:4wps3iNAd9TGzX+jtvtuw81ssx9q+HI+DZMlHG4vuD0=,tag:a1B0UVqaqczy8E2lEDfEQw==,type:str] -domainName: natallan.com -clusterEndpointIP: hegira.natallan.com -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age12kzuwvvedndehkke84apwamungqrcavf2khwjvd46f6lkq0wqq5q3s3vth - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWm5xYzk5azRiRHMzM3B4 - Z1JGKzUxUStKQjcyZkkwNnF0eGpkOEUrNHhrCkpBV0dVM0RRSVZMdFQvcWRTWUNH - dmlLSWZ0Tkhnb0dta0xZTUF6cmNjTlUKLS0tIGJYdUVKUCtacmM0eW4rNHpFL3dh - ODhRMlNhRW01NEJHdzdralpWKzBDQlEKJaA1dzhD+qR8DsKxbH55s1yjiMvPrVkJ - HMsNqsniDD049NyoAR6AimSdPc14nsbwSnKnDOTnMWZNeDtz5PQcWw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-23T11:19:40Z" - mac: ENC[AES256_GCM,data:bP9k2jiuzPkEB2shQuM81xeXih2ql8yX/IpIWYMvqAzaciuzbDHfT7T/Go5LqIDKgJJjahIqU+xEKR5kq0Cs9wNMmo3pNMHV6ZVHJF/m9t6ILEa/ozM0tDj2ygYEsdQkHGNLsWDeJZtwhMfQczYUHlujfHQqjxBp4TrTJqaOiPA=,iv:Hcu1RJqv3VmyGISv92l0PDw2x4NendXmqGE2aS1Xf30=,tag:UQvt7yt4FwjXGjjMPqmmrg==,type:str] - pgp: [] - encrypted_regex: ((?i)(pass|secret($|[^N])|key|token|^data$|^stringData)) - version: 3.7.3 diff --git a/kubernetes/apps/security/glauth/app/config/groups.sops.toml b/kubernetes/apps/security/glauth/app/config/groups.sops.toml deleted file mode 100644 index 38190583bb..0000000000 --- a/kubernetes/apps/security/glauth/app/config/groups.sops.toml +++ /dev/null @@ -1,20 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:2PTgBKNTbNsCadJQ7YKTNp6NfAthvCN+uXSO+m0VXI9qpzzKBM+I1MSKN5O+KrCR6ZK665Hlp/+OydZeoe3WKn4fwEEB4O6WZafyS5c0ugUyGFunoEId4wvHxvwjme2okvwWwqi2zQVDz3bxvFKhmBgh0iA4AG3DMAoEsEzioLCjV+oTFiTsbOD3vxMn5pOIP+lUh0CEqahagHoQeK2jcC20uK40tRDj5apaZ6a1j9dVY1DcoTe/jf87uZB7OD2GXI0Osw==,iv:wiODKR/QSDdMAuWKnotTP/tWAQ770SJtTiSpJXyFZEA=,tag:1ROktAlZEcEcJJSSaS/4ng==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age12kzuwvvedndehkke84apwamungqrcavf2khwjvd46f6lkq0wqq5q3s3vth", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZ1JBbnVrSFBDQlV0VmpU\nYUZsUEpnVTMzM01DdXRrUEJxS1NRZDlhM0RBCk1NdU9BRFQvZUpacWY2TFZJM0t2\nbXBYM2FRL05oaXdGa2lYTmhuNlFockEKLS0tIDdtRHpDQmlDalZnY2JzWGRqclJo\nVTVoUnd6cktnQXhHZ2V2YWdVMFM0VEEKpTPb+aUUPle591ffA4sgoGZ9cP0xOQ8V\nGVK2FLofb+YTsZ+z2yj2+61HIc1lJMMaNtdGMEa68RqjudBZUoY9ew==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-08-21T01:24:47Z", - "mac": "ENC[AES256_GCM,data:IVSCM0QaZ8j5EFJOUJ6g1/HAj5zIslQRO/MTo1Z9GaPqvWd4KfYHvQspZzpPenI+ove320rKZqL07l6MVHknePTvqfoQwEk4b+gIJA+5JG7TGkxLZPzQXLYem3Fjohd8RL4JYNe25SAXGZ1bV9KyLxCEmVu+8gWSe9RSejNKjDc=,iv:MXJg+tbyAJU17+/Vdk+NE7LKopJRBcaBH/hWIAA0A50=,tag:bOLrvVyCgCFB5r8To8tVmQ==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} diff --git a/kubernetes/apps/security/glauth/app/config/server.sops.toml b/kubernetes/apps/security/glauth/app/config/server.sops.toml deleted file mode 100644 index e9af7abf8c..0000000000 --- a/kubernetes/apps/security/glauth/app/config/server.sops.toml +++ /dev/null @@ -1,20 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:FEEk+ole7CuwUD82HFg6BkoRQ1lkxjD5kwFEVRlo1zQ1X/aTpUjjI0P3g4dtJBBHHIaLZxQZq+9gV/Md7Ees+WhGx+LIPMRUQ+Mo7v8DiTMMzTkR9gVU0Q9v0cD3SK6l0hMTwJWe0RzEa+9EtCT60cznYp946OCs5Ho1yLeDP8vnn/7yRJihqGHRcePuCxFYzQzYog6eXiPefqKitMfGTp8FZCxWOoS3arhm5K9tUcWgRFdRnunJxBRj3yAhJrO2EwFjZrujju0H2cy06WvvD6hIPI8Ewl2DBU8f0DN3AR5/wR54+I+7ZjmulhWBwIlcuroLLCi0CsPx+7CwykWsOIJrMLeAajk/3us5y6LFbse+cG+5vzbXnlHOMQ==,iv:17hpvpZeoR/XM5YIzDM5ORoTdub0vvJiMyu9ts+fAqU=,tag:N/d07rSGSpE4/H633xzsHw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age12kzuwvvedndehkke84apwamungqrcavf2khwjvd46f6lkq0wqq5q3s3vth", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5eDJlczFsMWUweTErbkdV\naGtXbHdydXZTTFZSMWlRaXRBSGlNeGQ1bEZ3CnlXZHpIRWRxekZkQUU5UUtwUEdz\nUmxwbS83ZlZ2QThtRVlmTzNLdmRGOUUKLS0tIHZSUFFEWWpLQ3p5aVZiRFh3M1Vw\nc3QvODFYejVLYzR4dmN0THRvVXRCM1EKdiOmk4TpmlL02Vc7WYTtenR0uT69FdR6\nh+NfgmYK1HcESSa5udeNep38RF6pAl2cSFvO0jM1GLCfrTD2dg4Viw==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-08-21T01:24:11Z", - "mac": "ENC[AES256_GCM,data:k39aU9KSD6YdNPSRSn/ogG61R95KEKqfbEHR13yvcmPCY9mKlEw1kQehmAuG1U7klDSE9K5L2/qZ1N5LUWFY5Sj9CmpnEd0MxNhWyhSyFuk21dRBekBcpde/9DzwuuNpkA8O8UIRSgx1C/Rwo69bhA32TS32xCB4v9xi7YjlZFg=,iv:MomK1K3cnBD7xETmM5nxcrEyy/rQcXgrbs09kc3P4rY=,tag:KxcqCErYaoiSsksL0+zIKw==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} diff --git a/kubernetes/apps/security/glauth/app/config/users.sops.toml b/kubernetes/apps/security/glauth/app/config/users.sops.toml deleted file mode 100644 index d8d4660dd9..0000000000 --- a/kubernetes/apps/security/glauth/app/config/users.sops.toml +++ /dev/null @@ -1,20 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:abCuRd7SdC5/MlcWSOUCOcpWF6i4ARVarSDUKK3XwDJ0Mfc07uUq6WKt7+BA1p/pjrmf/lqLrusQWv8LaI2fK8HeidwfZNZoT2VrWjDFUyv+Yu6DTsNMvH0iVYbBGXFAWPuR9REE9JZ6O4Ju52Reuyh+yR5WKtS4R4+drxF5dF5U4VqsPE+DCb3hq9K9hl93i+xmHczYDDXAfUVqzHt7nbz/wcMlO++te5nRjQmGP/NvEun0gS6LameY1baUBqlK0LqzaPN1sQJMkC6SFejAd1bIgV/YWW/BKLIWAGD2DEL2EAB9/yPaWDDPD8fFy+P57gQy7YmKMPUTg/70dd+V6D/jYWD0Fy3ipaGda5DTyodykqRce4WXtwgpeQzjkb/eWODALULnH3CmflrFqm5GipwWUTINpeLMMO8qKnvuQ8S4lPJZRRxfaiGHX0OozVlv3IEyUTAWRHuIidLJEM4bymSR4e7bXqrhruuPEXkcu6JvfzZNHMCZs7ST0rruJCKadS1FgoF3wLxkcqNENylU/lw64cvTb4heHAz66F5/LHjgAvekri4K2/UKcrXJ1YE7gOvAd5q8oGk4C0y1MBVu9Fvuk+m7IQGux9LYrXkpTct2qu3QSII2fxXPuJo0eTcvubBQAIT3ohY8/X/LVpCBUfcdj+3AOT9DrJuO6eKXp9Caicvlq4uTIirUAC4tgeFe2UyxmkTDmlDnKRHT0zyVpNGuOQpwhnXO,iv:VxoHYoPbAonrfruDSpWmPlSooBFBBiw/qC5YjFSFyGY=,tag:OOu3oALhdEH6sEisa8SctQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age12kzuwvvedndehkke84apwamungqrcavf2khwjvd46f6lkq0wqq5q3s3vth", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWZXhlNGFvdlVwZDhMdHVO\nRW1xa2p6TDVEdzlCVWNpMldLUXpkbUl0anpZCnJqRGUwdVBiM3R1bkVhT29vMWVI\nL1VZV0E2R3lrYWlCbC81U3R0ejRSZ1kKLS0tIDFTS0hoYVVTYXA0cHZjMDZQbHRy\nZFB6NUloWW13TGhGTVE2WDY2dlRNRFEKW0nAT/+dFTnFKZzRwQfwmT/xEpigSnp6\ndW6C4oC7QOiFoYB65llyhRrOog2yzTx7i+tTMTqf67zzBnJ1FfGfZg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-08-24T09:31:51Z", - "mac": "ENC[AES256_GCM,data:VsZ/1GY0sZRpHlvzh2Pa1vY0ZG/dIev7X8gB7sjgy3WUjuIO6nRDRTMeQ2ESG6ZGnHA97yDPALI+WiKyCKcPhtU+dur9/NSVBdH9s23mZazJoi4ZITK82nhNyFGtveHWxSsUsuOpvUdMUwNTv82YSrp7+TjmGS6c1mc6JlXgXJ8=,iv:SzilZ55JKrmRZdPNKdbepimc8sNlNZ0UzIlf/eaRMtQ=,tag:jEeZAlDzXydvgBA51pLTWQ==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} diff --git a/kubernetes/apps/security/glauth/app/externalsecret.yaml b/kubernetes/apps/security/glauth/app/externalsecret.yaml new file mode 100644 index 0000000000..572e053d1f --- /dev/null +++ b/kubernetes/apps/security/glauth/app/externalsecret.yaml @@ -0,0 +1,85 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/clustersecretstore_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: &name glauth + namespace: security +spec: + provider: + doppler: + project: *name + config: prd + auth: + secretRef: + dopplerToken: + name: doppler-token-auth-api + key: dopplerToken + namespace: flux-system +--- +# yaml-language-server: $schema=https://kubernetes-schemas.trux.dev/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: &name glauth + namespace: security +spec: + secretStoreRef: + kind: ClusterSecretStore + name: *name + target: + name: *name + creationPolicy: Owner + template: + engineVersion: v2 + data: + server.toml: | + debug = true + [ldap] + enabled = true + listen = "0.0.0.0:389" + [ldaps] + enabled = false + [api] + enabled = true + tls = false + listen = "0.0.0.0:5555" + [backend] + datastore = "config" + baseDN = "dc=home,dc=arpa" + groups.toml: | + [[groups]] + name = "svcaccts" + gidnumber = 6500 + [[groups]] + name = "admins" + gidnumber = 6501 + [[groups]] + name = "people" + gidnumber = 6502 + # Create passbcrypt: + # https://gchq.github.io/CyberChef/#recipe=Bcrypt(12)To_Hex('None',0) + # or + # htpasswd -bnBC 10 "" YOUR_PASSWORD | tr -d ':\n' | od -A n -t x1 | sed 's/ *//g' | tr -d '\n' + users.toml: | + [[users]] + name = "search" + uidnumber = 5000 + primarygroup = 6500 + passbcrypt = "" + [[users.capabilities]] + action = "search" + object = "*" + [[users]] + name = "{{ .TRUX_USERNAME }}" + mail = "{{ .TRUX_EMAIL }}" + givenname ="{{ .TRUX_FIRSTNAME }}" + sn ="{{ .TRUX_SURNAME }}" + uidnumber = 5001 + primarygroup = 6502 + othergroups = [ 6501 ] + passbcrypt = "{{ .TRUX_PASS_BCRYPT }}" + dataFrom: + - find: + name: + regexp: .* diff --git a/kubernetes/apps/security/glauth/app/kustomization.yaml b/kubernetes/apps/security/glauth/app/kustomization.yaml index dde2e6071c..2d16de7ce0 100644 --- a/kubernetes/apps/security/glauth/app/kustomization.yaml +++ b/kubernetes/apps/security/glauth/app/kustomization.yaml @@ -5,13 +5,5 @@ kind: Kustomization namespace: security resources: - ./helmrelease.yaml -secretGenerator: - - name: glauth - files: - - server.toml=config/server.sops.toml - - groups.toml=config/groups.sops.toml - - users.toml=config/users.sops.toml generatorOptions: disableNameSuffixHash: true -metadata: - namespace: security