diff --git a/cluster/apps/authentik/helm-release.yaml b/cluster/apps/authentik/helm-release.yaml index b337358..ccca9ce 100644 --- a/cluster/apps/authentik/helm-release.yaml +++ b/cluster/apps/authentik/helm-release.yaml @@ -35,8 +35,8 @@ spec: # password: "${SECRET_DATABASE_REDIS_PASS}" env: - AUTHENTIK_HOST: https://k3sauth.***REMOVED*** - AUTHENTIK_HOST_BROWSER: https://k3sauth.***REMOVED*** + AUTHENTIK_HOST: https://auth.${SECRET_DOMAIN_BASE} + AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_DOMAIN_BASE} envValueFrom: AUTHENTIK_SECRET_KEY: @@ -58,7 +58,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: k3sauth.***REMOVED*** + - host: auth.${SECRET_DOMAIN_BASE} paths: - path: "/" pathType: Prefix diff --git a/cluster/apps/authentik/ldap-outpost/helm-release.yaml b/cluster/apps/authentik/ldap-outpost/helm-release.yaml index 49ef322..30e2e3e 100644 --- a/cluster/apps/authentik/ldap-outpost/helm-release.yaml +++ b/cluster/apps/authentik/ldap-outpost/helm-release.yaml @@ -22,7 +22,7 @@ spec: env: AUTHENTIK_HOST: "http://authentik.authentik:80" AUTHENTIK_INSECURE: "true" - AUTHENTIK_HOST_BROWSER: "https://k3sauth.***REMOVED***" + AUTHENTIK_HOST_BROWSER: "https://auth.${SECRET_DOMAIN_BASE}" envFrom: # Sets AUTHENTIK_TOKEN diff --git a/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml b/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml index 5c73a53..a3a6ba5 100644 --- a/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml +++ b/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml @@ -22,7 +22,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: k3spga.***REMOVED*** + - host: pgsql.database.${SECRET_DOMAIN_BASE} paths: - path: "/" pathType: Prefix \ No newline at end of file diff --git a/cluster/apps/download/bazarr/helm-release.yaml b/cluster/apps/download/bazarr/helm-release.yaml index 0402918..1c4e97c 100644 --- a/cluster/apps/download/bazarr/helm-release.yaml +++ b/cluster/apps/download/bazarr/helm-release.yaml @@ -36,7 +36,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "k3ssub.***REMOVED***" + - host: "subs.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/mylar3/helm-release.yaml b/cluster/apps/download/mylar3/helm-release.yaml index ebd8f35..901c720 100644 --- a/cluster/apps/download/mylar3/helm-release.yaml +++ b/cluster/apps/download/mylar3/helm-release.yaml @@ -40,7 +40,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "k3smylar.***REMOVED***" + - host: "mylar.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/prowlarr/helm-release.yaml b/cluster/apps/download/prowlarr/helm-release.yaml index c93ed4c..bb2f60f 100644 --- a/cluster/apps/download/prowlarr/helm-release.yaml +++ b/cluster/apps/download/prowlarr/helm-release.yaml @@ -47,7 +47,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "k3sprow.***REMOVED***" + - host: "prowlar.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/qbittorrent/ingress.yaml b/cluster/apps/download/qbittorrent/ingress.yaml index b11e531..dd2cc73 100644 --- a/cluster/apps/download/qbittorrent/ingress.yaml +++ b/cluster/apps/download/qbittorrent/ingress.yaml @@ -9,7 +9,7 @@ metadata: traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd spec: rules: - - host: "k3sqbit.***REMOVED***" + - host: "qbit.${SECRET_DOMAIN_BASE}" http: paths: - path: / diff --git a/cluster/apps/download/radarr/helm-release.yaml b/cluster/apps/download/radarr/helm-release.yaml index cfb7d16..0b0f360 100644 --- a/cluster/apps/download/radarr/helm-release.yaml +++ b/cluster/apps/download/radarr/helm-release.yaml @@ -49,7 +49,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "k3srad.***REMOVED***" + - host: "radarr.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/readarr/audiobook-helm.yaml b/cluster/apps/download/readarr/audiobook-helm.yaml index a04ea11..245a675 100644 --- a/cluster/apps/download/readarr/audiobook-helm.yaml +++ b/cluster/apps/download/readarr/audiobook-helm.yaml @@ -47,7 +47,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "k3sabook.***REMOVED***" + - host: "abook.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/readarr/ebook-helm.yaml b/cluster/apps/download/readarr/ebook-helm.yaml index a91ce97..2fae466 100644 --- a/cluster/apps/download/readarr/ebook-helm.yaml +++ b/cluster/apps/download/readarr/ebook-helm.yaml @@ -47,7 +47,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "k3sebook.***REMOVED***" + - host: "ebook.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/sonarr/helm-release.yaml b/cluster/apps/download/sonarr/helm-release.yaml index 3329c60..fc30927 100644 --- a/cluster/apps/download/sonarr/helm-release.yaml +++ b/cluster/apps/download/sonarr/helm-release.yaml @@ -49,7 +49,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "k3sson.***REMOVED***" + - host: "sonarr.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/audiobookshelf/helm-release.yaml b/cluster/apps/media/audiobookshelf/helm-release.yaml index bd6205a..73ef5a0 100644 --- a/cluster/apps/media/audiobookshelf/helm-release.yaml +++ b/cluster/apps/media/audiobookshelf/helm-release.yaml @@ -36,7 +36,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "k3sabs.***REMOVED***" + - host: "audiobooks.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/jellyfin/helm-release.yaml b/cluster/apps/media/jellyfin/helm-release.yaml index 24ede1a..ed5eae8 100644 --- a/cluster/apps/media/jellyfin/helm-release.yaml +++ b/cluster/apps/media/jellyfin/helm-release.yaml @@ -41,7 +41,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "k3sjlyfn.***REMOVED***" + - host: "watch.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/jellyseerr/helm-release.yaml b/cluster/apps/media/jellyseerr/helm-release.yaml index 6fe3fbe..c400b5b 100644 --- a/cluster/apps/media/jellyseerr/helm-release.yaml +++ b/cluster/apps/media/jellyseerr/helm-release.yaml @@ -39,7 +39,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "k3sjlyser.***REMOVED***" + - host: "request.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/kavita/helm-release.yaml b/cluster/apps/media/kavita/helm-release.yaml index 2af763a..b690afd 100644 --- a/cluster/apps/media/kavita/helm-release.yaml +++ b/cluster/apps/media/kavita/helm-release.yaml @@ -33,7 +33,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "k3skav.***REMOVED***" + - host: "books.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/komga/helm-release.yaml b/cluster/apps/media/komga/helm-release.yaml index e4c8b71..56ffb70 100644 --- a/cluster/apps/media/komga/helm-release.yaml +++ b/cluster/apps/media/komga/helm-release.yaml @@ -35,7 +35,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "k3skom.***REMOVED***" + - host: "comics.${SECRET_DOMAIN_BASE}" paths: - path: / pathType: Prefix diff --git a/cluster/base/cluster-secrets.sops.yaml b/cluster/base/cluster-secrets.sops.yaml index 52be90f..4f58ab5 100644 --- a/cluster/base/cluster-secrets.sops.yaml +++ b/cluster/base/cluster-secrets.sops.yaml @@ -6,6 +6,7 @@ metadata: stringData: SECRET_MY_EMAIL: ENC[AES256_GCM,data:o1mpa9VUFdZOepjGKkD76/Px,iv:u+2VUsHGP0O0Qw5ojE4zuSd80iGTDxB95rXB6JO2CJs=,tag:5xvoFP96iOoYSjbZ9NVX0A==,type:str] SECRET_LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:J3Q3okoZ4APVwMXcl00pCPnO,iv:F0L/cRRy5FWMqCF+lpQbZwytSl2OqVOLmVtS0B4jRvU=,tag:cnxZCYcFLDFjKNlbMz+dsg==,type:str] + SECRET_DOMAIN_BASE: ENC[AES256_GCM,data:vtG2sh+T1q7i7KZsoa45PQ==,iv:MVeiGFQgDgegk3d1UlPr1yKs430F8J6VjH1XI4xch/I=,tag:Us+rxCiPSw1ImybGe7Oe9Q==,type:str] SECRET_AUTHENTIK_SECRET_KEY: ENC[AES256_GCM,data:VNkSzACyKPK8Ois5RsddusfeopQ0/2dRZ2nTTFePz4Y=,iv:V3X1U37Aj5ja+iGuLL9DvLtW43TZvClBgNMQ419tnP8=,tag:cu4vS6fNh5H79KvjeKEtXA==,type:str] SECRET_DATABASE_PGSQL_USER_PASS: ENC[AES256_GCM,data:6WJahxUSCBVaQXz2x8lpbfGOubNSjsJ4UkT/IfuPUIk=,iv:cg9FbEn5NfSTug/LKLN9mkFOnOjyRhqtENd+NYnm9Sc=,tag:3XH1AAc/tstYKnzInXzvTw==,type:str] SECRET_DATABASE_PGSQL_ADMIN_PASS: ENC[AES256_GCM,data:746QiSbXgMZUeZ9CyanACXrqteInkEocwuxMTUI6ygo=,iv:2thgTjzT69tZakmJDXnl+5sCGtsiqLo8/NCz7pIVavo=,tag:emLcIk/6Dhw8HlymCRjqPQ==,type:str] @@ -16,8 +17,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-04-07T04:30:52Z" - mac: ENC[AES256_GCM,data:F5wBOodjuvtckkHGUH9CrfG3cSICILUIXkhm/dKO82sqpJeA9n3GXqgBtyi7/HeP9YfCreFeichb+PY2RHUsYrdxvZGYu+qwmiASaO+WnuztgZc3/BCLm+oK27ANcmPys+N6fX3/qDcs+oNt7ASTIU5RNNWV/PIWy/icwVdW8D0=,iv:Us+jstvvBBJ0+idUyC4n+4x/C+ThcvUcCw0lBMMiglw=,tag:632u/nZdN3C3vFRfaWfHWA==,type:str] + lastmodified: "2023-04-10T03:53:42Z" + mac: ENC[AES256_GCM,data:i9EEDR7k6i7A5Wt4i59xTBIhYgOaN3wXIRHAFDLmYfYnWZ4SiCC7POvrtra6Gia5R5L2u31Z82OCkvEBMMKaCYOibIgm592E0dJf5sQPj72AtdhKolk/hXi9Io3r+EjPvuBdT01SBPrhn0b+cLVXketxieYebdCnHNikRXA8UEo=,iv:Ac6TdxCqZpzn0uTPPMwJU2uLoMuDtZsNJ36jVb7NBAM=,tag:qvNTZB/T/yExR22NqG6C1g==,type:str] pgp: - created_at: "2023-04-05T02:28:36Z" enc: | diff --git a/cluster/core/networking/traefik/helm-release.yaml b/cluster/core/networking/traefik/helm-release.yaml index f59a77f..998a054 100644 --- a/cluster/core/networking/traefik/helm-release.yaml +++ b/cluster/core/networking/traefik/helm-release.yaml @@ -86,7 +86,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.middlewares: "traefik-authentik@kubernetescrd" entryPoints: [ "websecure" ] - matchRule: Host(`k3st.***REMOVED***`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) + matchRule: Host(`k3st.${SECRET_DOMAIN_BASE}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes. ingressClass: diff --git a/cluster/core/storage/longhorn/ingress.yaml b/cluster/core/storage/longhorn/ingress.yaml index f57badb..1ce4428 100644 --- a/cluster/core/storage/longhorn/ingress.yaml +++ b/cluster/core/storage/longhorn/ingress.yaml @@ -7,7 +7,7 @@ metadata: traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: rules: - - host: "longhorn.***REMOVED***" + - host: "longhorn.${SECRET_DOMAIN_BASE}" http: paths: - path: /