added cloudflare api key, sops encrypted version, and kustomization

2026-03-22 16:38:02 +13:00 · 2026-03-22 16:38:02 +13:00 · 8c93f3486a
parent b33a92df5d
commit 8c93f3486a
4 changed files with 41 additions and 0 deletions
--- a/infrastructure/certmanager/.sops.yaml
+++ b/infrastructure/certmanager/.sops.yaml
@ -0,0 +1,3 @@
+creation_rules:
+  - path_regex: '.*\.yaml$'
+    age: age15hfu6avfx8egwkhydm6yst3arep70sklrh7eah05wslud3v90vyqrpph4j
--- a/infrastructure/certmanager/cloudflareapikey.enc.yaml
+++ b/infrastructure/certmanager/cloudflareapikey.enc.yaml
@ -0,0 +1,23 @@
+apiVersion: ENC[AES256_GCM,data:Hag=,iv:1f4CAyLIzzvEFwmWVAm35vlHX0lJTMWxi0K5m+TkI20=,tag:R4hRY43pmjNNF41LB8AhKg==,type:str]
+kind: ENC[AES256_GCM,data:mCTDAVLb,iv:TSIGjqjQVjXumYhk1zSwDU64hwpNneysMv0ybyIeODE=,tag:X53fHlgw5VAGCPBM0+3xOQ==,type:str]
+metadata:
+    name: ENC[AES256_GCM,data:6FmuiIZQR9HZngWHKiQIIjpN,iv:T4VtvkGCwkqgo4fMMTvwMw9pH85biwi5Trb5xJa0wBs=,tag:R1lDINdYizF6eFUVEPUhUg==,type:str]
+    namespace: ENC[AES256_GCM,data:qFv1fMdoG+YGgV4s,iv:Vl3UFxq7J1IaKk/6ssyB2Wob1JV+J78zHB0TAhhHdFM=,tag:RpASN0/yTfc1ANSkck4FxA==,type:str]
+type: ENC[AES256_GCM,data:fzU0AxBh,iv:Rh9a+3BS4fFlC5ZNdgiK+4VfhN9fwQ7mG6ZQEJqxU+E=,tag:wJT8bumEo9WJhKJPsIAFgw==,type:str]
+stringData:
+    token: ENC[AES256_GCM,data:TewnG+eR339PJTrJcnVZy/R2ZR8WQdxJRx1ma9BSsL077XcLq4wba41fdAOzkHAcn3SS8Fc=,iv:0sy1X4vmP93db3b7JwPzn46qGOseE48K+f0goEmYGSI=,tag:kJ85hYG13reHqFIlWz1ZwQ==,type:str]
+sops:
+    age:
+        - recipient: age15hfu6avfx8egwkhydm6yst3arep70sklrh7eah05wslud3v90vyqrpph4j
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWWN2QTlFU1NaZm9VNFUr
+            MEJmMnZnTXZkR1V5U00xL0V2YWpuMkFVT3lBCnM4Y0NhTndySU5EdlV5OGlSVmNN
+            UVliaUlxN0o2ZnByTG9sUXBkZE1meGcKLS0tIGRaZElTRVNvbStOSUo0OGRYbGRw
+            Y0Y2RFdvcGFaUU5SbmI2TmZEc21zWFkK+AsM03RbilD41nUsBFx/OzE8crIGm9iJ
+            5N2qwqAdNyLCiy46RoZhSwwcJEp9wT00DT7Ey23vHEzLMnAuK1dQ9A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-22T03:32:30Z"
+    mac: ENC[AES256_GCM,data:yL6EqGeq5ue0F+CAYxna7igiItXKp+EbraqESPkTbMQeuWWK97RIzoxbMBaj8i/8DfhOaQKoH6kz1BoYu9/kH6ZfAIalRcyN/3qzK1xJzGIqgsidKuPtr6DuiXs3YIPBW8PIRCnJuEZlKV4cscXg8fIVLhTxB/9p8MJVfjJ1rHk=,iv:CeD/as5DStyhslAvb80uXn2vLMZAjWkSW3TR4GG3f7E=,tag:PH0wSXuZ2eNdp35oII9uVQ==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1
--- a/infrastructure/certmanager/clusterissuer.yaml
+++ b/infrastructure/certmanager/clusterissuer.yaml
@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    email: jethro.cotton3@gmail.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-account-key
+    solvers:
+      - http01:
+          ingress:
+            class: traefik
--- a/infrastructure/certmanager/kustomization.yaml
+++ b/infrastructure/certmanager/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
  - namespace.yaml
  - helmrelease.yaml
+  - cloudflareapikey.enc.yaml