Make domain a secret

cluster/apps/authentik/helm-release.yaml

@@ -35,8 +35,8 @@ spec:
 #        password: "${SECRET_DATABASE_REDIS_PASS}"
     
     env:
-      AUTHENTIK_HOST: https://k3sauth.***REMOVED***
-      AUTHENTIK_HOST_BROWSER: https://k3sauth.***REMOVED***
+      AUTHENTIK_HOST: https://auth.${SECRET_DOMAIN_BASE}
+      AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_DOMAIN_BASE}
     
     envValueFrom:
       AUTHENTIK_SECRET_KEY:
@@ -58,7 +58,7 @@ spec:
         cert-manager.io/cluster-issuer: "letsencrypt-production"
         traefik.ingress.kubernetes.io/router.entrypoints: websecure
       hosts:
-        - host: k3sauth.***REMOVED***
+        - host: auth.${SECRET_DOMAIN_BASE}
           paths:
             - path: "/"
               pathType: Prefix

cluster/apps/authentik/ldap-outpost/helm-release.yaml

@@ -22,7 +22,7 @@ spec:
     env:
       AUTHENTIK_HOST: "http://authentik.authentik:80"
       AUTHENTIK_INSECURE: "true"
-      AUTHENTIK_HOST_BROWSER: "https://k3sauth.***REMOVED***"
+      AUTHENTIK_HOST_BROWSER: "https://auth.${SECRET_DOMAIN_BASE}"
 
     envFrom:
       # Sets AUTHENTIK_TOKEN

cluster/apps/database/postgresql/pgadmin4/helm-release.yaml

@@ -22,7 +22,7 @@ spec:
         cert-manager.io/cluster-issuer: "letsencrypt-production"
         traefik.ingress.kubernetes.io/router.entrypoints: websecure
       hosts:
-        - host: k3spga.***REMOVED***
+        - host: pgsql.database.${SECRET_DOMAIN_BASE}
           paths:
             - path: "/"
               pathType: Prefix

cluster/apps/download/bazarr/helm-release.yaml

@@ -36,7 +36,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "k3ssub.***REMOVED***"
+          - host: "subs.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/mylar3/helm-release.yaml

@@ -40,7 +40,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "k3smylar.***REMOVED***"
+          - host: "mylar.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/prowlarr/helm-release.yaml

@@ -47,7 +47,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "k3sprow.***REMOVED***"
+          - host: "prowlar.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/qbittorrent/ingress.yaml

@@ -9,7 +9,7 @@ metadata:
     traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
 spec:
   rules:
-    - host: "k3sqbit.***REMOVED***"
+    - host: "qbit.${SECRET_DOMAIN_BASE}"
       http:
         paths:
           - path: /

cluster/apps/download/radarr/helm-release.yaml

@@ -49,7 +49,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "k3srad.***REMOVED***"
+          - host: "radarr.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/readarr/audiobook-helm.yaml

@@ -47,7 +47,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "k3sabook.***REMOVED***"
+          - host: "abook.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/readarr/ebook-helm.yaml

@@ -47,7 +47,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "k3sebook.***REMOVED***"
+          - host: "ebook.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/sonarr/helm-release.yaml

@@ -49,7 +49,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "k3sson.***REMOVED***"
+          - host: "sonarr.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/audiobookshelf/helm-release.yaml

@@ -36,7 +36,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "k3sabs.***REMOVED***"
+          - host: "audiobooks.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/jellyfin/helm-release.yaml

@@ -41,7 +41,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "k3sjlyfn.***REMOVED***"
+          - host: "watch.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/jellyseerr/helm-release.yaml

@@ -39,7 +39,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "k3sjlyser.***REMOVED***"
+          - host: "request.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/kavita/helm-release.yaml

@@ -33,7 +33,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "k3skav.***REMOVED***"
+          - host: "books.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/komga/helm-release.yaml

@@ -35,7 +35,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "k3skom.***REMOVED***"
+          - host: "comics.${SECRET_DOMAIN_BASE}"
             paths:
               - path: /
                 pathType: Prefix

cluster/base/cluster-secrets.sops.yaml

@@ -6,6 +6,7 @@ metadata:
 stringData:
     SECRET_MY_EMAIL: ENC[AES256_GCM,data:o1mpa9VUFdZOepjGKkD76/Px,iv:u+2VUsHGP0O0Qw5ojE4zuSd80iGTDxB95rXB6JO2CJs=,tag:5xvoFP96iOoYSjbZ9NVX0A==,type:str]
     SECRET_LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:J3Q3okoZ4APVwMXcl00pCPnO,iv:F0L/cRRy5FWMqCF+lpQbZwytSl2OqVOLmVtS0B4jRvU=,tag:cnxZCYcFLDFjKNlbMz+dsg==,type:str]
+    SECRET_DOMAIN_BASE: ENC[AES256_GCM,data:vtG2sh+T1q7i7KZsoa45PQ==,iv:MVeiGFQgDgegk3d1UlPr1yKs430F8J6VjH1XI4xch/I=,tag:Us+rxCiPSw1ImybGe7Oe9Q==,type:str]
     SECRET_AUTHENTIK_SECRET_KEY: ENC[AES256_GCM,data:VNkSzACyKPK8Ois5RsddusfeopQ0/2dRZ2nTTFePz4Y=,iv:V3X1U37Aj5ja+iGuLL9DvLtW43TZvClBgNMQ419tnP8=,tag:cu4vS6fNh5H79KvjeKEtXA==,type:str]
     SECRET_DATABASE_PGSQL_USER_PASS: ENC[AES256_GCM,data:6WJahxUSCBVaQXz2x8lpbfGOubNSjsJ4UkT/IfuPUIk=,iv:cg9FbEn5NfSTug/LKLN9mkFOnOjyRhqtENd+NYnm9Sc=,tag:3XH1AAc/tstYKnzInXzvTw==,type:str]
     SECRET_DATABASE_PGSQL_ADMIN_PASS: ENC[AES256_GCM,data:746QiSbXgMZUeZ9CyanACXrqteInkEocwuxMTUI6ygo=,iv:2thgTjzT69tZakmJDXnl+5sCGtsiqLo8/NCz7pIVavo=,tag:emLcIk/6Dhw8HlymCRjqPQ==,type:str]
@@ -16,8 +17,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-04-07T04:30:52Z"
-    mac: ENC[AES256_GCM,data:F5wBOodjuvtckkHGUH9CrfG3cSICILUIXkhm/dKO82sqpJeA9n3GXqgBtyi7/HeP9YfCreFeichb+PY2RHUsYrdxvZGYu+qwmiASaO+WnuztgZc3/BCLm+oK27ANcmPys+N6fX3/qDcs+oNt7ASTIU5RNNWV/PIWy/icwVdW8D0=,iv:Us+jstvvBBJ0+idUyC4n+4x/C+ThcvUcCw0lBMMiglw=,tag:632u/nZdN3C3vFRfaWfHWA==,type:str]
+    lastmodified: "2023-04-10T03:53:42Z"
+    mac: ENC[AES256_GCM,data:i9EEDR7k6i7A5Wt4i59xTBIhYgOaN3wXIRHAFDLmYfYnWZ4SiCC7POvrtra6Gia5R5L2u31Z82OCkvEBMMKaCYOibIgm592E0dJf5sQPj72AtdhKolk/hXi9Io3r+EjPvuBdT01SBPrhn0b+cLVXketxieYebdCnHNikRXA8UEo=,iv:Ac6TdxCqZpzn0uTPPMwJU2uLoMuDtZsNJ36jVb7NBAM=,tag:qvNTZB/T/yExR22NqG6C1g==,type:str]
     pgp:
         - created_at: "2023-04-05T02:28:36Z"
           enc: |

cluster/core/networking/traefik/helm-release.yaml

@@ -86,7 +86,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.middlewares: "traefik-authentik@kubernetescrd"
         entryPoints: [ "websecure" ]
-        matchRule: Host(`k3st.***REMOVED***`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
+        matchRule: Host(`k3st.${SECRET_DOMAIN_BASE}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
 
     # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
     ingressClass:

cluster/core/storage/longhorn/ingress.yaml

@@ -7,7 +7,7 @@ metadata:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
   rules:
-    - host: "longhorn.***REMOVED***"
+    - host: "longhorn.${SECRET_DOMAIN_BASE}"
       http:
         paths:
           - path: /