Change domain secret name

cluster/apps/authentik/helm-release.yaml

@@ -35,8 +35,8 @@ spec:
 #        password: "${SECRET_DATABASE_REDIS_PASS}"
     
     env:
-      AUTHENTIK_HOST: https://auth.${SECRET_DOMAIN_BASE}
-      AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_DOMAIN_BASE}
+      AUTHENTIK_HOST: https://auth.${SECRET_DOMAIN}
+      AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_DOMAIN}
     
     envValueFrom:
       AUTHENTIK_SECRET_KEY:
@@ -58,7 +58,7 @@ spec:
         cert-manager.io/cluster-issuer: "letsencrypt-production"
         traefik.ingress.kubernetes.io/router.entrypoints: websecure
       hosts:
-        - host: auth.${SECRET_DOMAIN_BASE}
+        - host: auth.${SECRET_DOMAIN}
           paths:
             - path: "/"
               pathType: Prefix

cluster/apps/authentik/ldap-outpost/helm-release.yaml

@@ -22,7 +22,7 @@ spec:
     env:
       AUTHENTIK_HOST: "http://authentik.authentik:80"
       AUTHENTIK_INSECURE: "true"
-      AUTHENTIK_HOST_BROWSER: "https://auth.${SECRET_DOMAIN_BASE}"
+      AUTHENTIK_HOST_BROWSER: "https://auth.${SECRET_DOMAIN}"
 
     envFrom:
       # Sets AUTHENTIK_TOKEN

cluster/apps/database/postgresql/pgadmin4/helm-release.yaml

@@ -22,7 +22,7 @@ spec:
         cert-manager.io/cluster-issuer: "letsencrypt-production"
         traefik.ingress.kubernetes.io/router.entrypoints: websecure
       hosts:
-        - host: pgsql.database.${SECRET_DOMAIN_BASE}
+        - host: pgsql.database.${SECRET_DOMAIN}
           paths:
             - path: "/"
               pathType: Prefix

cluster/apps/download/bazarr/helm-release.yaml

@@ -36,7 +36,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "subs.${SECRET_DOMAIN_BASE}"
+          - host: "subs.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/mylar3/helm-release.yaml

@@ -40,7 +40,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "mylar.${SECRET_DOMAIN_BASE}"
+          - host: "mylar.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/prowlarr/helm-release.yaml

@@ -47,7 +47,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "prowlar.${SECRET_DOMAIN_BASE}"
+          - host: "prowlar.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/qbittorrent/ingress.yaml

@@ -9,7 +9,7 @@ metadata:
     traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
 spec:
   rules:
-    - host: "qbit.${SECRET_DOMAIN_BASE}"
+    - host: "qbit.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /

cluster/apps/download/radarr/helm-release.yaml

@@ -49,7 +49,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "radarr.${SECRET_DOMAIN_BASE}"
+          - host: "radarr.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/readarr/audiobook-helm.yaml

@@ -47,7 +47,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "abook.${SECRET_DOMAIN_BASE}"
+          - host: "abook.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/readarr/ebook-helm.yaml

@@ -47,7 +47,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "ebook.${SECRET_DOMAIN_BASE}"
+          - host: "ebook.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/download/sonarr/helm-release.yaml

@@ -49,7 +49,7 @@ spec:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "sonarr.${SECRET_DOMAIN_BASE}"
+          - host: "sonarr.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/audiobookshelf/helm-release.yaml

@@ -36,7 +36,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "audiobooks.${SECRET_DOMAIN_BASE}"
+          - host: "audiobooks.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/jellyfin/helm-release.yaml

@@ -39,7 +39,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "watch.${SECRET_DOMAIN_BASE}"
+          - host: "watch.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/jellyseerr/helm-release.yaml

@@ -42,7 +42,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "request.${SECRET_DOMAIN_BASE}"
+          - host: "request.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/kavita/helm-release.yaml

@@ -33,7 +33,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "books.${SECRET_DOMAIN_BASE}"
+          - host: "books.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/apps/media/komga/helm-release.yaml

@@ -35,7 +35,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
-          - host: "comics.${SECRET_DOMAIN_BASE}"
+          - host: "comics.${SECRET_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix

cluster/core/networking/traefik/helm-release.yaml

@@ -86,7 +86,7 @@ spec:
           cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.middlewares: "traefik-authentik@kubernetescrd"
         entryPoints: [ "websecure" ]
-        matchRule: Host(`k3st.${SECRET_DOMAIN_BASE}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
+        matchRule: Host(`k3st.${SECRET_DOMAIN}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
 
     # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
     ingressClass:

cluster/core/storage/longhorn/ingress.yaml

@@ -7,7 +7,7 @@ metadata:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
   rules:
-    - host: "longhorn.${SECRET_DOMAIN_BASE}"
+    - host: "longhorn.${SECRET_DOMAIN}"
       http:
         paths:
           - path: /

cluster/secrets/cluster-secrets.sops.yaml

@@ -3,10 +3,11 @@ kind: Secret
 metadata:
     name: cluster-secrets
     namespace: flux-system
+type: Opaque
 stringData:
     SECRET_MY_EMAIL: ENC[AES256_GCM,data:o1mpa9VUFdZOepjGKkD76/Px,iv:u+2VUsHGP0O0Qw5ojE4zuSd80iGTDxB95rXB6JO2CJs=,tag:5xvoFP96iOoYSjbZ9NVX0A==,type:str]
     SECRET_LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:J3Q3okoZ4APVwMXcl00pCPnO,iv:F0L/cRRy5FWMqCF+lpQbZwytSl2OqVOLmVtS0B4jRvU=,tag:cnxZCYcFLDFjKNlbMz+dsg==,type:str]
-    SECRET_DOMAIN_BASE: ENC[AES256_GCM,data:vtG2sh+T1q7i7KZsoa45PQ==,iv:MVeiGFQgDgegk3d1UlPr1yKs430F8J6VjH1XI4xch/I=,tag:Us+rxCiPSw1ImybGe7Oe9Q==,type:str]
+    SECRET_DOMAIN: ENC[AES256_GCM,data:9pkOjdhgZWjNAU8bqYYnoQ==,iv:kEfWr2NZesZ+SQLHAysAAUujT44dyDUqBtW1hM7yPEs=,tag:+Poe1kKR2noGYzlju3oSzA==,type:str]
     SECRET_AUTHENTIK_SECRET_KEY: ENC[AES256_GCM,data:VNkSzACyKPK8Ois5RsddusfeopQ0/2dRZ2nTTFePz4Y=,iv:V3X1U37Aj5ja+iGuLL9DvLtW43TZvClBgNMQ419tnP8=,tag:cu4vS6fNh5H79KvjeKEtXA==,type:str]
     SECRET_DATABASE_PGSQL_USER_PASS: ENC[AES256_GCM,data:6WJahxUSCBVaQXz2x8lpbfGOubNSjsJ4UkT/IfuPUIk=,iv:cg9FbEn5NfSTug/LKLN9mkFOnOjyRhqtENd+NYnm9Sc=,tag:3XH1AAc/tstYKnzInXzvTw==,type:str]
     SECRET_DATABASE_PGSQL_ADMIN_PASS: ENC[AES256_GCM,data:746QiSbXgMZUeZ9CyanACXrqteInkEocwuxMTUI6ygo=,iv:2thgTjzT69tZakmJDXnl+5sCGtsiqLo8/NCz7pIVavo=,tag:emLcIk/6Dhw8HlymCRjqPQ==,type:str]
@@ -17,8 +18,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-04-10T03:53:42Z"
-    mac: ENC[AES256_GCM,data:i9EEDR7k6i7A5Wt4i59xTBIhYgOaN3wXIRHAFDLmYfYnWZ4SiCC7POvrtra6Gia5R5L2u31Z82OCkvEBMMKaCYOibIgm592E0dJf5sQPj72AtdhKolk/hXi9Io3r+EjPvuBdT01SBPrhn0b+cLVXketxieYebdCnHNikRXA8UEo=,iv:Ac6TdxCqZpzn0uTPPMwJU2uLoMuDtZsNJ36jVb7NBAM=,tag:qvNTZB/T/yExR22NqG6C1g==,type:str]
+    lastmodified: "2023-04-10T04:52:25Z"
+    mac: ENC[AES256_GCM,data:VPcHPSzRC699WltrBi5J3nlnJ9Vr+PsL2YbtLbIYaLq2BqW2yj+FOLl89zrVddAcZHOd9IXUqelymaNr3IfzPASGuGZ1zwrf3d9Pf9sczawhfyiLx7MK4bZwU/r64y/1gzTZkkOLOCQEQoJzUfc4wqtcI/XmQWPZXVS0o0UFH7c=,iv:p6eMS83y81/1fEyClxVxXQ83VcbsSNx/YiHFDkMzNNo=,tag:+gGSHBOLYqlY36JtrdKUNA==,type:str]
     pgp:
         - created_at: "2023-04-05T02:28:36Z"
           enc: |