From c247db3c15d142536a0abf648271cc01449d0aa0 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Fri, 19 Sep 2025 23:09:33 +0200 Subject: [PATCH] v3.12.2 fix production redirect domains --- .env | 2 +- .github/workflows/publish.yml | 2 +- .sops.yaml | 6 +- TODO-next-update.md | 32 ------ branding/constants/groups.js | 2 +- docker-compose.yml | 24 ++++- helmfile/environments/default.secrets.yaml | 101 ++++++++++++++++++ helmfile/environments/default.yaml.gotmpl | 25 ++++- helmfile/environments/production.secrets.yaml | 101 ++++++++++++++++++ helmfile/environments/production.yaml.gotmpl | 30 ++++-- helmfile/helmfile.yaml.gotmpl | 14 ++- helmfile/secrets/ocelot.yaml | 95 ---------------- helmfile/secrets/ocelot.yaml.gotmpl | 39 +++++++ helmfile/values/ocelot.yaml.gotmpl | 33 +++--- 14 files changed, 341 insertions(+), 165 deletions(-) delete mode 100644 TODO-next-update.md create mode 100644 helmfile/environments/default.secrets.yaml create mode 100644 helmfile/environments/production.secrets.yaml delete mode 100644 helmfile/secrets/ocelot.yaml create mode 100644 helmfile/secrets/ocelot.yaml.gotmpl diff --git a/.env b/.env index 4a7a04d..17a9e21 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -OCELOT_VERSION=sha-5bec51a +OCELOT_VERSION=sha-2c285d6 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4f16f74..dc9e7a9 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -54,7 +54,7 @@ jobs: uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 with: file: ${{ matrix.app.file }} - context: . + context: ${{ matrix.app.context || '.' }} push: true build-args: | OCELOT_VERSION=${{ env.OCELOT_VERSION }} diff --git a/.sops.yaml b/.sops.yaml index ef28634..9dbaa04 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,9 +5,13 @@ creation_rules: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp, age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr, age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s, - age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5, + age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 # age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 SOPS_KEY github secret # age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw @roschaefer +# age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp @mahula +# age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr @Elweyn # age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s @ulfgebhardt # age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 @Tirokk +# age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 @Bettelstab diff --git a/TODO-next-update.md b/TODO-next-update.md deleted file mode 100644 index 4cf3c8d..0000000 --- a/TODO-next-update.md +++ /dev/null @@ -1,32 +0,0 @@ -# Todo For Next Update - -When you overtake this deploy and rebrand repo to your network you have to recognize the following changes and doings … - -## This Latest Version >= 1.1.0 with 'ocelotDockerVersionTag' 1.1.0-205 - -### Deployment/Rebranding PR – chore: 🍰 Release v1.1.0 - Implement Categories Again #63 - -- You have to add the `CATEGORIES_ACTIVE` from the `deployment/kubernetes/values.template.yaml` to your `deployment/kubernetes/values.yaml` and set it to your prevered value. -- Make sure the correct categories are in your Neo4j database on the server. - -## Version >= 1.0.9 with 'ocelotDockerVersionTag' 1.0.9-199 - -### Deployment/Rebranding PR – chore: 🍰 Implement PRODUCTION_DB_CLEAN_ALLOW for Staging Production Environments #56 - -- Copy `PRODUCTION_DB_CLEAN_ALLOW` from `deployment/kubernetes/values.template.yaml` to `values.yaml` and set it to `false` for production envireonments and only for several stage test servers to `true`. - -### Deployment/Rebranding PR – chore: [WIP] 🍰 Refine docs, first step #46 - -- Commit: `Update cert-manager apiVersion "cert-manager.io/v1alpha2" to "cert-manager.io/v1" - - Check for `kubectl` and `helm` versions. - -## Version >= 1.0.8 with 'ocelotDockerVersionTag' 1.0.8-182 - -### PR – feat: 🍰 Configure Cookie Expire Time #43 - -- You have to add the `COOKIE_EXPIRE_TIME` from the `deployment/kubernetes/values.template.yaml` to your `deployment/kubernetes/values.yaml` and set it to your prevered value. -- Correct `locale` cookie exploration time in data privacy. - -## Version 1.0.7 with 'ocelotDockerVersionTag' 1.0.7-171 - -- No informations. diff --git a/branding/constants/groups.js b/branding/constants/groups.js index 25fc20d..5924440 100644 --- a/branding/constants/groups.js +++ b/branding/constants/groups.js @@ -1,5 +1,5 @@ // this file is duplicated in `backend/src/constants/group.js` and `webapp/constants/group.js` export const NAME_LENGTH_MIN = 3 export const NAME_LENGTH_MAX = 50 -export const DESCRIPTION_WITHOUT_HTML_LENGTH_MIN = 20 // with removed HTML tags +export const DESCRIPTION_WITHOUT_HTML_LENGTH_MIN = 10 // with removed HTML tags export const SHOW_GROUP_BUTTON_IN_HEADER = true diff --git a/docker-compose.yml b/docker-compose.yml index ed55653..22958ec 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,6 +12,12 @@ services: WEBSOCKETS_URI: ws://localhost:3000/api/graphql GRAPHQL_URI: http://backend:4000/ MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" + PUBLIC_REGISTRATION: "false" + INVITE_REGISTRATION: "false" + CATEGORIES_ACTIVE: "false" + BADGES_ENABLED: "false" + NETWORK_NAME: "freilernen.social" + ASK_FOR_REAL_NAME: "false" ports: - 3000:3000 depends_on: @@ -31,7 +37,19 @@ services: NEO4J_URI: bolt://neo4j:7687 MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" JWT_SECRET: "b/&&7b78BF&fv/Vd" - PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" + PUBLIC_REGISTRATION: "false" + INVITE_REGISTRATION: "false" + CATEGORIES_ACTIVE: "false" + MAX_PINNED_POSTS: "1" + SMTP_HOST: "mailserver" + SMTP_PORT: "1025" + SMTP_IGNORE_TLS: "true" + SMTP_USERNAME: + SMTP_PASSWORD: + SMTP_MAX_CONNECTIONS: "1" + SMTP_MAX_MESSAGES: "10" + EMAIL_DEFAULT_SENDER: "hello@ocelot.social" + EMAIL_SUPPORT: "hello@ocelot.social" ports: - 4000:4000 depends_on: @@ -50,6 +68,10 @@ services: neo4j: image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:master + ports: + - 7473:7473 + - 7474:7474 + - 7687:7687 environment: NEO4J_AUTH: none NEO4J_dbms_allow__format__migration: "true" diff --git a/helmfile/environments/default.secrets.yaml b/helmfile/environments/default.secrets.yaml new file mode 100644 index 0000000..18fa509 --- /dev/null +++ b/helmfile/environments/default.secrets.yaml @@ -0,0 +1,101 @@ +deploy: + ACME_EMAIL: ENC[AES256_GCM,data:kmD2u4WBF4t7VZBCrQye6g6jsD4=,iv:iU3Kka2logDrGpIv7mvU2w9/NtLhUhir1KNum35SmFY=,tag:etn5b0vZurGr/dKbi0ONlA==,type:str] +jwt: + JWT_SECRET: ENC[AES256_GCM,data:tMJ1ZGBiTNP5gW4FD7xRRg==,iv:dxXpqKqJw6AdOzWqLpsLKfZRpQCxSUVeRhtCC56REUk=,tag:2LGGWjv9k21CGNF8tXBcgQ==,type:str] +s3: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:KxmLK8Ru8lb4hgQbjgvVW1tXbZM=,iv:ntCc1dhRTi5Hi1x96Tun9cFzvnD/pG8EebKqsRbVFhg=,tag:uah2wbHm563biHRoD4YSTQ==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:OrgDTvSytCzqwGxIQqvLmk1MBQU+VL+68Hjm7FYxhZISkgt6knyD/Q==,iv:AS/s5hoZUL2AIZIx8ZUVqaN9t+P2ZB4Wn8EkdMdwM8s=,tag:LO81n0pk3Y93nYTBlIW/oA==,type:str] + AWS_ENDPOINT: ENC[AES256_GCM,data:R0DA8FYto2QThumIb5LwddkB2mz1W2YckUuBvIB8svmZP7Y=,iv:Vl3IsRXKHJovrB9wAwq6kpWvCOx4gAmaMZO9FwB4OT8=,tag:TElpGx//7Y4TmWNV9S/NRA==,type:str] + AWS_REGION: ENC[AES256_GCM,data:/yHagQ==,iv:xlg2Q3zNkVS5aMPoKFFwgeZEl2gmIWUuuRwreQNO6Hk=,tag:dVRPNSlY4KOhWGImHyiT4Q==,type:str] + AWS_BUCKET: ENC[AES256_GCM,data:GCA+eVb3NLieRttAfLxFYWGkQ+DzDLANcg==,iv:NkUkba1U7sgaFGCo00V+kDfTQaEf6AJKACzQRK4R2zc=,tag:Lb9P2qfSS63YOuIE6TB59w==,type:str] +email: + EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:8ELhuR2n3Q9f8yy/SOhs3bnfYCK7fzg=,iv:4Gaiv17G0k3xBh8DFMaM5l9gwMIpZxYLrTdrwmlaaTI=,tag:Zxxz70R/gp8rd8RvjHYKEQ==,type:str] + SMTP_HOST: ENC[AES256_GCM,data:veiciCjqVH35HfAatw==,iv:mHjvx77THSrFDwx+WY9od3ErMe0eRuXjjQyXC9JpDyI=,tag:SNMcU6TxbcT/OZWivrnqoA==,type:str] + SMTP_USERNAME: ENC[AES256_GCM,data:qwv5YCFbnfqrpgOx7fiJBMjlmx+BfHo=,iv:ic0WKEtfnJAis/1uulgUFwuUdrXZlpzMNz+kzln4pxw=,tag:1enF6z3wsl5uQVHyViBvdw==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:oy0VEgDaxTPcecw=,iv:sZ+cw3ZrvdhxNxsHE/Y+HkSK8FUhZJXdPQJ60KwpwFM=,tag:I05wxg/po/XdPFbscywjCg==,type:str] + SMTP_PORT: ENC[AES256_GCM,data:XCZl,iv:6oWAnxkIcA4XiQM/lOoTdhGSUln4raPqWbaLib9x4Hw=,tag:hXkA0luQMOIL1q2tU45lEQ==,type:str] + SMTP_IGNORE_TLS: ENC[AES256_GCM,data:Vq0nDQ==,iv:pJJUHng7GjtDLTUPVwqtghmjK8Mi5YXTEYWueUiA3oo=,tag:b9i6rPrl/p5t/VLjCw3zCA==,type:str] + #ENC[AES256_GCM,data:A27ANKNxRZzYfNIpp+zmxCYHsYuw/Yb3Me2gZ2lecaGpaD/L,iv:GJKErFFmUKoF8nVAL71VRIlKrD1LwKLCOW6w3676r30=,tag:oQCcqZcHoDsTLGPSPQXPSg==,type:comment] + SMTP_SECURE: ENC[AES256_GCM,data:/fzQGw==,iv:ovVDissg9Ek9ni/nsEOw3QFWi+g3O9kVmNsUds0hsx8=,tag:7+i6uzsUHnfBqFx7e8pZTw==,type:str] + SMTP_DKIM_PRIVATEKEY: ENC[AES256_GCM,data:Ko7k8xhLGEyErSdQ+1V291Ooxb8yEgmvwFmS/Sldp2rWZDoNyQKEKfi/O7oZS7V8oNaPyIpboaEqB4/T79OC7Dh5dmK9CJVO9ooNrE5aTeKOF61kIFDt/AkvOJ8mopj/74gicWkjGorHeW9A6fAGQW5NI8BT4WHim4aKjbhWD84wj4IF5q+yXi0CvrUHyj3LMqNeWade8i/LMl8vRyvUmQVSDsz+hyzdhz4X652f6AtuDFfxXDL7OV7vgvyd5EBEedcUGdXn3aRRJ39U3Ldbj5I8FskBEacbdYLNYzjZ6Qy7axPCT+TKAfhMhKdJfjb28B9YTsIfGhJDwrYQGMUSojYJAVD4ZntdpBUakTT9zrDDawaBnCudqmjy3KokwN8Fyjn/JJQSxXSniJMs/JfYiTd+4SOaByDROgDIbScbbpJLupWEwvEHJsGHZVQtkBoK/rJFolnW9+bgyJj5NkU4DYmnAEtvNYmExb18cCTqnrnlwa83h41GhpOINgrDo+VLw+Hx2ZQhnX6Q5PzzAWAkexkSD++pAPYA9KtaKeLydlBdjpx5BxFMd4RaodBh9wqrej2NOtwQ8kSRCGnYf4uqlVec6NH6bPCeoumL2GjCTYVARFeqTgflt0zEIIoH7AnxOanBz3NsLH/CMNxgXC8w7LN+lj6mFD+vQyB2WNowqaW8np5P+oqMWZ1/0CEg3Z0UVbQBnlAqD8v0miKj7VWMe6Ef4w5jpuxLUXeZEjRFirV1m6b4qEaJaGzFbPlN27bH78I9HL1s6MxXiiougLNvMyyErG33ZzXh68kqadagwHpD6Mz9lUvWcdr9SR4GJS9pMNMWNUTZqMAaQ8PzZqo0M5P7Tk2Hk8fY+miF2DWKnenRJjxTj+KpSwhCABJ+3BBwO0Of+zPZdyU+2FIZMJMuM3NAPuYi1gEgMWHfWrmMlHOwDp9UyiVsTP8ALEyfE60jsHXG85CL48Yp0Meec0/5+1hi/y+5X3OkVT9mQGJnTTx+dNnpLCKzMOF3hfBdt0Xw/hvM26Vou5Kclu2iwOX4hn5HFDXnYG94wHr/J+/bgGZFL9WVLcbafff96Hi9xiwZLbD2fnlXolmNFcoYCKtfuYYf/itdmZTr4GV9Oc4Qlg7sfu1mVbVfdgz9owddogORHcNrQ9Qhwjj5xVsCujeL7Ep9IYtY1yZ4HxvdOkYX1pyoO9IddhMgJwCUlsJq+Zbcf2/L7dqej8phSm4YaaTedrY758UR1kJdViFEAM+3vcYV1uK7cLtCPZIMRUV4eA9DueUNLGOBiLBJ6qZnA9EYh13ix4KM5ZONupnDbob2OkenWUKvRz+EzdeZeE+XeU+vUUbgDhmRLYTPB2NkYbLjh/mOQoeltPj51ryDtsVDMPJYyghJc3ZuO7Y9CmKhYfBALTA8vH5K+9fxquwzmeAe16+KGuAzzxepm/vQCV3ar9JFbo8Qtg08Yj9HxhI7lLQAxljNR6rpY+sdbravmMl0avvFY0Lw0bW5I6SjEorgrLGgjQ1mqz45Mbf1GfYzmO/pFcsaVCB2kIHaSeMWSX0FqoITp6neENOoBmAa4DNHVoMLWj1evTtYiskjFDmBQF2LFcRsqMO7B7hESs5naeDVN+Mkd1O5ST9FElG3rG+9cDDvRtE4nL8audp1QkneKIkgapxYubyVb8vD7mznQvGteSDBR4RjgDSTRn1Q+NywRs7fkiTjGgs4AtggD4scPdomHVmwNd3sMcmq/yQIYYJWZdnsG8z64fg+iM1r6zt6LyJnfZJMokr9s3GsYiosAl7ZddiL8VZtINvM9NBHJEv+aWWCh9nWTsJ9Cn1XYhdaN0TUWo2MZ+6fwQxhdDGIddlqqplpZ8+QkKIExy1nxX88nAzRKP5DXfbuo0N6CNDcOHXQsuyX0xBqzHC97ASVQJUgD+5pbcrOT/8hD1ub6UsQnlmUtiv7V/fBkbmxgzJoTJaZe0AI//dMrHjYnZ6o6quApis7ZMehTJFP5dht/fU4It2PIueiev6ti7wBaqcN4aohZadoIwiFCV5/1ebapltOfWu+0A6ln/XrBGMUgLMqHkIO9nomy079SnfcCdlGG8djGoTfGlnKD/+N7mGYMTTK91x+lcx89nr2JL8sYmf4S1UfjXvCB8VCCVa6/AjYJqpW7FTPnsW8x1n44vNcYQgdBZybN6ZPHwrXBIi6O+c8mlCtadbGG5RIkUjiI1tdcBCLL6P4BcvTENO9fcdO/w==,iv:usQCDw9BaXBWJMQ9mbw9A/KnpqzIGBj/14lrNAgIBjc=,tag:MQGYqAgnmfZ65gcmvP48uQ==,type:str] + SMTP_DKIM_DOMAINNAME: ENC[AES256_GCM,data:2VTQKux7gKOIt2lb6Om7SbE=,iv:fSLe5XA5mUkANps0WuLpWXsW09y4P+AYYA6+4dwGjtE=,tag:0OTPF7Tfab4yXRm7hIsP7A==,type:str] + SMTP_DKIM_KEYSELECTOR: ENC[AES256_GCM,data:gPjt0Q==,iv:SGO9hFgPB/BEv39VypU5S7cfAg/SECNMHRuGfFCC5tU=,tag:riwr3kAFmeuGsA0LKYw80Q==,type:str] + SMTP_MAX_CONNECTIONS: ENC[AES256_GCM,data:Xg==,iv:fCRBByuIPCZRVCItQ8paF5HqAVT6shTrxXSUdLCNE0g=,tag:pyNSCH5VFMNZ74tXgdunRQ==,type:str] +redis: + REDIS_PASSWORD: null +imagor: + IMAGOR_SECRET: ENC[AES256_GCM,data:DXH+2eDiffB+EJAjJwLvXYrOSFQGktfPOA==,iv:4pVVBE29PgfrDX2e+UQBH9OSIiH6Yd5e87qXqhWDHew=,tag:Zy1txdqIJl+cHBe/Xuumcw==,type:str] +neo4j: + NEO4J_USERNAME: null + NEO4J_PASSWORD: null +map: + MAPBOX_TOKEN: ENC[AES256_GCM,data:2Xq6+LyNVDSwZpl3m0KLsEVKYzVbtvBLwgzqhZiYGDSXtEOrw+1xVwArPUQlNrc71gvWGwDZeFzo8VztjoEZ18nMQovOmEICU8aEqzsDt3PESUCICTkx4+z2dqc=,iv:OXjYCZOV+WPrsg9OuRIpGjkZcu0AQoeggfA583yP5Ms=,tag:T68lf/kaT7PZBep7ZBrYpA==,type:str] +sops: + age: + - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd1BvUUVRbFZQemNtcFZ6 + dUliNmpIUDcvL2F1cENvWldsUE9FWVFxZ21rCm9GWkxKZ05qVjhMNy9ueW43d1Mz + TTI2RzFsR1B3RlFWVitwcUpqRTdEQjQKLS0tIENZeEJCSlJMcHVMaXB1dFB3YmhL + enVVbGVWcmJoM1hJNTlzSlhpaS8rUWsK9Y1sjUnFjB3s2wHVvMU3bVC1LIYvrz8t + n/QaIHUIEf0NB/ZPj6r6hplCnf+EJVKuVl5pu4xw2ED9PvXQ6UUZvQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydThhbUlBTGFIOElBUStr + WHdMNzBSbnlyYlFyVHhMbGJUSmozUjRINUhFCkNFbVBzTTl1cmVSRlRFL29VUFF0 + Qy9sQk8yc0Q1aGljMk1Ob1NFVkZQd2sKLS0tIGpidFhscFAwc2pVRWxtVFY1OFo3 + bzljNTc1MDQ4ckNQNzFjNDFGeVV5TzQKdIqZMcxhtjmPD8nsIHi8XbcZHcefo32l + AXXquc/+5+OBocUvAMZ9UWOdx8QCQAmaZ5YtXEePp+FFZKBcnPCRMQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clQ3NVM4eEpJTzgxVTR1 + cm9vMm1qTGkvWElpckxvOXBRMzMrUlNLaVhZCjJvRElJa1ptU2szZXZjUEZ0RXd5 + cndZWXI2RHhuYzRnOFBLV0lZelQzKzAKLS0tIGpnVzdqWEV5RlV0UVdLUTVneklT + SEw3RkdrN0xOWndLb01nd1ovR01JZ1EKCvlakyb1WQeDaeDHHdrQEzO9fIynZsjk + ci8ccnOuZYjCHOc6U4enjlD559IZdniOPA72qdEFgquCtMwDi72buA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcys4T2J1MkRHNHN2b2hB + akt4OEdYclBHaC9WNVdUdVhhalFaRzdDL1JVCkZDcElHclowaXFIRHJhaHluVW9j + d0VoVUZMcWlQclBrUXlRb3R3UzdpVzQKLS0tIEdyZ0dTc0lKOGJDTlNBUnZlcnp6 + Z1dZeWRsUkVpMzF4RWtMd0pqV3g5RHcKdmPPkfoMaHwmdfVm+vnaWpuzgEK4NREx + NSt4JDmqxDV0j4iQMzMyULgHdeyvxnXpHiyNh4FnKzZljh8J1O8/yw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYL3lnR2dZMmVpS3lMa1kz + b0lIeVVsUzUwSWszNzBVdWpCak5Rb0lKcFY4CnN0ckFjcDZtRDZsMkcxRWMvOHo4 + d01ySkJRemEzQ3dGK2NBU3pIZ0ROU0EKLS0tIFIwaVlhc2h0ZThwclBBMWNTc2dF + emdXSnhBV1VMbXp6ai9MaTBSZkNzYUUKkvZSOuYITTnDdm8RLk6h4inF3AqpfjX6 + TByKxFuoRWQNu0mB1RNniwwYegfY/hIoXQ8hFEBaYLqapqadz+X+Kg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK1lPTE9ac01kazdEVHd1 + c25FWFVZVDhkeUYyeXdqeGFabEZtY0haeGhBCnpRQ2wwTG96cmlTZXl3WHc2UytL + YzVYdEZ1U2EzVXltZ2FibERnRWM3Yk0KLS0tIHVpaDVIM1N5M2hMNHY0anNmK0c0 + cnp5ZU1lMzJrRlNFQ2VLSmxGUElOMjQKrbR6dL1UwkRTwdHFrq6HAvt4R8SsAbqE + V3tS9utgx5PEDQkVC/7ueuXFyeQyJFya7lvZREvJOLRTRDl6PbC/Ew== + -----END AGE ENCRYPTED FILE----- + - recipient: age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdDFhVU16KzhwMmdpUHRo + TWNTaWdlN1FWYzhFb00zWGpON29JTEhuRDE0CmxmdkQ4ZkYrWnJIblBDK3dIVUN5 + K2pKNmRkWnB4OVNreVJOV3JCUjNPY0UKLS0tIGVBaUN3VTZWOUkrcFZNTVV4S0RH + TTVLamdEaEZOYk55cldCVzBuWm1UTEEKjrVRYcy6P3JyPlgSrAxm127TqQzfi7mj + McQxS+qNleBjIvfWDhb8I7dsVt/3CSfZ+HHVZ3APhHLAT+av+pyi3w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-19T21:01:29Z" + mac: ENC[AES256_GCM,data:bM87/msfoSUjCZ0xIuK74grNT6C4/hQvxW1lFWh3vHN9ikLluZQqNAuqhjpO6uLaOkaP/tzXXqsCl2yE0h17RDGrNJ4qu6mVP0EvhfM8EIUakoza/2dseLiWFjDGG8gJKcRXth5RZHPAEYMIi/I51LvWQEypC3JBtP7TP6IZ5Gc=,iv:TIvWU3BlAs/XlLSUjO21eK7bNV5N5HYfQshXnFcwPJE=,tag:eCBOO3h3Jd5YXjZSRp7lag==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index ea975ed..1e61fbc 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,7 +1,22 @@ {{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} -domain: freilernen-social-staging.ocelot-social.it4c.org -redirect_domains: [] -namespace: freilernen-social-ocelot -image_tag: {{ $image_tag }} -github_repository: IT4Change/freilernen.social +deploy: + GITHUB_REPOSITORY: it4change/freilernen.social + IMAGE_TAG: {{ $image_tag }} + DOMAIN: freilernen-social-staging.ocelot-social.it4c.org + REDIRECT_DOMAINS: [] + NAMESPACE: freilernen-social-ocelot + RELEASE_NAME_OCELOT: freilernen-social + NEO4J_STORAGE: "5Gi" + +ocelot: + options: + PRODUCTION_DB_CLEAN_ALLOW: "false" + PUBLIC_REGISTRATION: "false" + INVITE_REGISTRATION: "false" + CATEGORIES_ACTIVE: "false" + MAX_PINNED_POSTS: "1" + BADGES_ENABLED: "false" + NETWORK_NAME: "freilernen.social" + ASK_FOR_REAL_NAME: "false" + REQUIRE_LOCATION: "false" diff --git a/helmfile/environments/production.secrets.yaml b/helmfile/environments/production.secrets.yaml new file mode 100644 index 0000000..af0059d --- /dev/null +++ b/helmfile/environments/production.secrets.yaml @@ -0,0 +1,101 @@ +deploy: + ACME_EMAIL: ENC[AES256_GCM,data:kmD2u4WBF4t7VZBCrQye6g6jsD4=,iv:iU3Kka2logDrGpIv7mvU2w9/NtLhUhir1KNum35SmFY=,tag:etn5b0vZurGr/dKbi0ONlA==,type:str] +jwt: + JWT_SECRET: ENC[AES256_GCM,data:tMJ1ZGBiTNP5gW4FD7xRRg==,iv:dxXpqKqJw6AdOzWqLpsLKfZRpQCxSUVeRhtCC56REUk=,tag:2LGGWjv9k21CGNF8tXBcgQ==,type:str] +s3: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:SbcgDj9ye9Xfz9qHmf5UmS46NEA=,iv:t8w0ssyPtq5TEMfrynSDEsrEFDIZEIr4jqbaGbxtpV8=,tag:vWHtTZxs154MJnxx0s2Ytw==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+WoU+LP7TmdWbYvPQH1HGhkdtJtvC81mIS3S2JDp2QGLX5J2+NtR4Q==,iv:Yd5f4LLcM8sfS4O8PZpk3vuk96QBtB7EeoEg8j3zGgM=,tag:kpKDGNQQ16uGhjblb9ppxQ==,type:str] + AWS_ENDPOINT: ENC[AES256_GCM,data:R0DA8FYto2QThumIb5LwddkB2mz1W2YckUuBvIB8svmZP7Y=,iv:Vl3IsRXKHJovrB9wAwq6kpWvCOx4gAmaMZO9FwB4OT8=,tag:TElpGx//7Y4TmWNV9S/NRA==,type:str] + AWS_REGION: ENC[AES256_GCM,data:/yHagQ==,iv:xlg2Q3zNkVS5aMPoKFFwgeZEl2gmIWUuuRwreQNO6Hk=,tag:dVRPNSlY4KOhWGImHyiT4Q==,type:str] + AWS_BUCKET: ENC[AES256_GCM,data:DKaLVmdL/A+gr3RlOgw8OtU=,iv:rdIV78cMU8ITWxVtnGZhr36DwCmYkdWoVoMOVtXNtx4=,tag:NMhzvI5i/CPoAeOSrkh2cA==,type:str] +email: + EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:8ELhuR2n3Q9f8yy/SOhs3bnfYCK7fzg=,iv:4Gaiv17G0k3xBh8DFMaM5l9gwMIpZxYLrTdrwmlaaTI=,tag:Zxxz70R/gp8rd8RvjHYKEQ==,type:str] + SMTP_HOST: ENC[AES256_GCM,data:veiciCjqVH35HfAatw==,iv:mHjvx77THSrFDwx+WY9od3ErMe0eRuXjjQyXC9JpDyI=,tag:SNMcU6TxbcT/OZWivrnqoA==,type:str] + SMTP_USERNAME: ENC[AES256_GCM,data:qwv5YCFbnfqrpgOx7fiJBMjlmx+BfHo=,iv:ic0WKEtfnJAis/1uulgUFwuUdrXZlpzMNz+kzln4pxw=,tag:1enF6z3wsl5uQVHyViBvdw==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:oy0VEgDaxTPcecw=,iv:sZ+cw3ZrvdhxNxsHE/Y+HkSK8FUhZJXdPQJ60KwpwFM=,tag:I05wxg/po/XdPFbscywjCg==,type:str] + SMTP_PORT: ENC[AES256_GCM,data:XCZl,iv:6oWAnxkIcA4XiQM/lOoTdhGSUln4raPqWbaLib9x4Hw=,tag:hXkA0luQMOIL1q2tU45lEQ==,type:str] + SMTP_IGNORE_TLS: ENC[AES256_GCM,data:Vq0nDQ==,iv:pJJUHng7GjtDLTUPVwqtghmjK8Mi5YXTEYWueUiA3oo=,tag:b9i6rPrl/p5t/VLjCw3zCA==,type:str] + #ENC[AES256_GCM,data:A27ANKNxRZzYfNIpp+zmxCYHsYuw/Yb3Me2gZ2lecaGpaD/L,iv:GJKErFFmUKoF8nVAL71VRIlKrD1LwKLCOW6w3676r30=,tag:oQCcqZcHoDsTLGPSPQXPSg==,type:comment] + SMTP_SECURE: ENC[AES256_GCM,data:/fzQGw==,iv:ovVDissg9Ek9ni/nsEOw3QFWi+g3O9kVmNsUds0hsx8=,tag:7+i6uzsUHnfBqFx7e8pZTw==,type:str] + SMTP_DKIM_PRIVATEKEY: ENC[AES256_GCM,data:Ko7k8xhLGEyErSdQ+1V291Ooxb8yEgmvwFmS/Sldp2rWZDoNyQKEKfi/O7oZS7V8oNaPyIpboaEqB4/T79OC7Dh5dmK9CJVO9ooNrE5aTeKOF61kIFDt/AkvOJ8mopj/74gicWkjGorHeW9A6fAGQW5NI8BT4WHim4aKjbhWD84wj4IF5q+yXi0CvrUHyj3LMqNeWade8i/LMl8vRyvUmQVSDsz+hyzdhz4X652f6AtuDFfxXDL7OV7vgvyd5EBEedcUGdXn3aRRJ39U3Ldbj5I8FskBEacbdYLNYzjZ6Qy7axPCT+TKAfhMhKdJfjb28B9YTsIfGhJDwrYQGMUSojYJAVD4ZntdpBUakTT9zrDDawaBnCudqmjy3KokwN8Fyjn/JJQSxXSniJMs/JfYiTd+4SOaByDROgDIbScbbpJLupWEwvEHJsGHZVQtkBoK/rJFolnW9+bgyJj5NkU4DYmnAEtvNYmExb18cCTqnrnlwa83h41GhpOINgrDo+VLw+Hx2ZQhnX6Q5PzzAWAkexkSD++pAPYA9KtaKeLydlBdjpx5BxFMd4RaodBh9wqrej2NOtwQ8kSRCGnYf4uqlVec6NH6bPCeoumL2GjCTYVARFeqTgflt0zEIIoH7AnxOanBz3NsLH/CMNxgXC8w7LN+lj6mFD+vQyB2WNowqaW8np5P+oqMWZ1/0CEg3Z0UVbQBnlAqD8v0miKj7VWMe6Ef4w5jpuxLUXeZEjRFirV1m6b4qEaJaGzFbPlN27bH78I9HL1s6MxXiiougLNvMyyErG33ZzXh68kqadagwHpD6Mz9lUvWcdr9SR4GJS9pMNMWNUTZqMAaQ8PzZqo0M5P7Tk2Hk8fY+miF2DWKnenRJjxTj+KpSwhCABJ+3BBwO0Of+zPZdyU+2FIZMJMuM3NAPuYi1gEgMWHfWrmMlHOwDp9UyiVsTP8ALEyfE60jsHXG85CL48Yp0Meec0/5+1hi/y+5X3OkVT9mQGJnTTx+dNnpLCKzMOF3hfBdt0Xw/hvM26Vou5Kclu2iwOX4hn5HFDXnYG94wHr/J+/bgGZFL9WVLcbafff96Hi9xiwZLbD2fnlXolmNFcoYCKtfuYYf/itdmZTr4GV9Oc4Qlg7sfu1mVbVfdgz9owddogORHcNrQ9Qhwjj5xVsCujeL7Ep9IYtY1yZ4HxvdOkYX1pyoO9IddhMgJwCUlsJq+Zbcf2/L7dqej8phSm4YaaTedrY758UR1kJdViFEAM+3vcYV1uK7cLtCPZIMRUV4eA9DueUNLGOBiLBJ6qZnA9EYh13ix4KM5ZONupnDbob2OkenWUKvRz+EzdeZeE+XeU+vUUbgDhmRLYTPB2NkYbLjh/mOQoeltPj51ryDtsVDMPJYyghJc3ZuO7Y9CmKhYfBALTA8vH5K+9fxquwzmeAe16+KGuAzzxepm/vQCV3ar9JFbo8Qtg08Yj9HxhI7lLQAxljNR6rpY+sdbravmMl0avvFY0Lw0bW5I6SjEorgrLGgjQ1mqz45Mbf1GfYzmO/pFcsaVCB2kIHaSeMWSX0FqoITp6neENOoBmAa4DNHVoMLWj1evTtYiskjFDmBQF2LFcRsqMO7B7hESs5naeDVN+Mkd1O5ST9FElG3rG+9cDDvRtE4nL8audp1QkneKIkgapxYubyVb8vD7mznQvGteSDBR4RjgDSTRn1Q+NywRs7fkiTjGgs4AtggD4scPdomHVmwNd3sMcmq/yQIYYJWZdnsG8z64fg+iM1r6zt6LyJnfZJMokr9s3GsYiosAl7ZddiL8VZtINvM9NBHJEv+aWWCh9nWTsJ9Cn1XYhdaN0TUWo2MZ+6fwQxhdDGIddlqqplpZ8+QkKIExy1nxX88nAzRKP5DXfbuo0N6CNDcOHXQsuyX0xBqzHC97ASVQJUgD+5pbcrOT/8hD1ub6UsQnlmUtiv7V/fBkbmxgzJoTJaZe0AI//dMrHjYnZ6o6quApis7ZMehTJFP5dht/fU4It2PIueiev6ti7wBaqcN4aohZadoIwiFCV5/1ebapltOfWu+0A6ln/XrBGMUgLMqHkIO9nomy079SnfcCdlGG8djGoTfGlnKD/+N7mGYMTTK91x+lcx89nr2JL8sYmf4S1UfjXvCB8VCCVa6/AjYJqpW7FTPnsW8x1n44vNcYQgdBZybN6ZPHwrXBIi6O+c8mlCtadbGG5RIkUjiI1tdcBCLL6P4BcvTENO9fcdO/w==,iv:usQCDw9BaXBWJMQ9mbw9A/KnpqzIGBj/14lrNAgIBjc=,tag:MQGYqAgnmfZ65gcmvP48uQ==,type:str] + SMTP_DKIM_DOMAINNAME: ENC[AES256_GCM,data:2VTQKux7gKOIt2lb6Om7SbE=,iv:fSLe5XA5mUkANps0WuLpWXsW09y4P+AYYA6+4dwGjtE=,tag:0OTPF7Tfab4yXRm7hIsP7A==,type:str] + SMTP_DKIM_KEYSELECTOR: ENC[AES256_GCM,data:gPjt0Q==,iv:SGO9hFgPB/BEv39VypU5S7cfAg/SECNMHRuGfFCC5tU=,tag:riwr3kAFmeuGsA0LKYw80Q==,type:str] + SMTP_MAX_CONNECTIONS: ENC[AES256_GCM,data:Xg==,iv:fCRBByuIPCZRVCItQ8paF5HqAVT6shTrxXSUdLCNE0g=,tag:pyNSCH5VFMNZ74tXgdunRQ==,type:str] +redis: + REDIS_PASSWORD: null +imagor: + IMAGOR_SECRET: ENC[AES256_GCM,data:DXH+2eDiffB+EJAjJwLvXYrOSFQGktfPOA==,iv:4pVVBE29PgfrDX2e+UQBH9OSIiH6Yd5e87qXqhWDHew=,tag:Zy1txdqIJl+cHBe/Xuumcw==,type:str] +neo4j: + NEO4J_USERNAME: null + NEO4J_PASSWORD: null +map: + MAPBOX_TOKEN: ENC[AES256_GCM,data:2Xq6+LyNVDSwZpl3m0KLsEVKYzVbtvBLwgzqhZiYGDSXtEOrw+1xVwArPUQlNrc71gvWGwDZeFzo8VztjoEZ18nMQovOmEICU8aEqzsDt3PESUCICTkx4+z2dqc=,iv:OXjYCZOV+WPrsg9OuRIpGjkZcu0AQoeggfA583yP5Ms=,tag:T68lf/kaT7PZBep7ZBrYpA==,type:str] +sops: + age: + - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd1BvUUVRbFZQemNtcFZ6 + dUliNmpIUDcvL2F1cENvWldsUE9FWVFxZ21rCm9GWkxKZ05qVjhMNy9ueW43d1Mz + TTI2RzFsR1B3RlFWVitwcUpqRTdEQjQKLS0tIENZeEJCSlJMcHVMaXB1dFB3YmhL + enVVbGVWcmJoM1hJNTlzSlhpaS8rUWsK9Y1sjUnFjB3s2wHVvMU3bVC1LIYvrz8t + n/QaIHUIEf0NB/ZPj6r6hplCnf+EJVKuVl5pu4xw2ED9PvXQ6UUZvQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAydThhbUlBTGFIOElBUStr + WHdMNzBSbnlyYlFyVHhMbGJUSmozUjRINUhFCkNFbVBzTTl1cmVSRlRFL29VUFF0 + Qy9sQk8yc0Q1aGljMk1Ob1NFVkZQd2sKLS0tIGpidFhscFAwc2pVRWxtVFY1OFo3 + bzljNTc1MDQ4ckNQNzFjNDFGeVV5TzQKdIqZMcxhtjmPD8nsIHi8XbcZHcefo32l + AXXquc/+5+OBocUvAMZ9UWOdx8QCQAmaZ5YtXEePp+FFZKBcnPCRMQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clQ3NVM4eEpJTzgxVTR1 + cm9vMm1qTGkvWElpckxvOXBRMzMrUlNLaVhZCjJvRElJa1ptU2szZXZjUEZ0RXd5 + cndZWXI2RHhuYzRnOFBLV0lZelQzKzAKLS0tIGpnVzdqWEV5RlV0UVdLUTVneklT + SEw3RkdrN0xOWndLb01nd1ovR01JZ1EKCvlakyb1WQeDaeDHHdrQEzO9fIynZsjk + ci8ccnOuZYjCHOc6U4enjlD559IZdniOPA72qdEFgquCtMwDi72buA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcys4T2J1MkRHNHN2b2hB + akt4OEdYclBHaC9WNVdUdVhhalFaRzdDL1JVCkZDcElHclowaXFIRHJhaHluVW9j + d0VoVUZMcWlQclBrUXlRb3R3UzdpVzQKLS0tIEdyZ0dTc0lKOGJDTlNBUnZlcnp6 + Z1dZeWRsUkVpMzF4RWtMd0pqV3g5RHcKdmPPkfoMaHwmdfVm+vnaWpuzgEK4NREx + NSt4JDmqxDV0j4iQMzMyULgHdeyvxnXpHiyNh4FnKzZljh8J1O8/yw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYL3lnR2dZMmVpS3lMa1kz + b0lIeVVsUzUwSWszNzBVdWpCak5Rb0lKcFY4CnN0ckFjcDZtRDZsMkcxRWMvOHo4 + d01ySkJRemEzQ3dGK2NBU3pIZ0ROU0EKLS0tIFIwaVlhc2h0ZThwclBBMWNTc2dF + emdXSnhBV1VMbXp6ai9MaTBSZkNzYUUKkvZSOuYITTnDdm8RLk6h4inF3AqpfjX6 + TByKxFuoRWQNu0mB1RNniwwYegfY/hIoXQ8hFEBaYLqapqadz+X+Kg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK1lPTE9ac01kazdEVHd1 + c25FWFVZVDhkeUYyeXdqeGFabEZtY0haeGhBCnpRQ2wwTG96cmlTZXl3WHc2UytL + YzVYdEZ1U2EzVXltZ2FibERnRWM3Yk0KLS0tIHVpaDVIM1N5M2hMNHY0anNmK0c0 + cnp5ZU1lMzJrRlNFQ2VLSmxGUElOMjQKrbR6dL1UwkRTwdHFrq6HAvt4R8SsAbqE + V3tS9utgx5PEDQkVC/7ueuXFyeQyJFya7lvZREvJOLRTRDl6PbC/Ew== + -----END AGE ENCRYPTED FILE----- + - recipient: age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdDFhVU16KzhwMmdpUHRo + TWNTaWdlN1FWYzhFb00zWGpON29JTEhuRDE0CmxmdkQ4ZkYrWnJIblBDK3dIVUN5 + K2pKNmRkWnB4OVNreVJOV3JCUjNPY0UKLS0tIGVBaUN3VTZWOUkrcFZNTVV4S0RH + TTVLamdEaEZOYk55cldCVzBuWm1UTEEKjrVRYcy6P3JyPlgSrAxm127TqQzfi7mj + McQxS+qNleBjIvfWDhb8I7dsVt/3CSfZ+HHVZ3APhHLAT+av+pyi3w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-09-19T21:03:44Z" + mac: ENC[AES256_GCM,data:VlhreSVihFsQVUh5u6M+cRdufMaM9wHcurQ9cZ0rTm9eFpQhHnRvkHsbRaDi5P1z09pio8TOD/kiCSxKKc3wmK4VRqwOS7GzIofm3LOemcdxjaKZpPaOlcfj/+57U+71UkA8hpJ0vt1weefFIy+PvIVC3KYF+PpA2aibiCtj+9o=,iv:Rh3GXXyefv/kqfc2Xygzc3I+QjyntHHjeNPeynQlYsc=,tag:gRfB5g3ojGdogOnl4W/Juw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/helmfile/environments/production.yaml.gotmpl b/helmfile/environments/production.yaml.gotmpl index e038725..f96ad76 100644 --- a/helmfile/environments/production.yaml.gotmpl +++ b/helmfile/environments/production.yaml.gotmpl @@ -1,11 +1,23 @@ -#{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} -#{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default (exec "../scripts/ocelot_image_tag.sh" (list) | trim) }} {{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} -domain: freilernen.social -redirect_domains: | # i don't understand it, but its the way to get it to work: https://stackoverflow.com/a/52840704 - [ "www.freilernen.social"] -namespace: freilernen-social-ocelot-production -#image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }} -image_tag: {{ $image_tag }} -github_repository: IT4Change/freilernen.social +deploy: + GITHUB_REPOSITORY: it4change/freilernen.social + IMAGE_TAG: {{ $image_tag }} + DOMAIN: freilernen.social + REDIRECT_DOMAINS: | + ["www.freilernen.social"] + NAMESPACE: freilernen-social-ocelot-production + RELEASE_NAME_OCELOT: freilernen-social + NEO4J_STORAGE: "5Gi" + +ocelot: + options: + PRODUCTION_DB_CLEAN_ALLOW: "false" + PUBLIC_REGISTRATION: "false" + INVITE_REGISTRATION: "false" + CATEGORIES_ACTIVE: "false" + MAX_PINNED_POSTS: "1" + BADGES_ENABLED: "false" + NETWORK_NAME: "freilernen.social" + ASK_FOR_REAL_NAME: "false" + REQUIRE_LOCATION: "false" diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index dc17e5c..be4cd65 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -3,27 +3,31 @@ environments: default: values: - ./environments/default.yaml.gotmpl + secrets: + - ./environments/default.secrets.yaml production: values: - ./environments/production.yaml.gotmpl + secrets: + - ./environments/production.secrets.yaml --- repositories: - name: ocelot-social url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/charts releases: - - name: freilernen-social - namespace: {{ .StateValues.namespace }} + - name: {{ .StateValues.deploy.RELEASE_NAME_OCELOT }} + namespace: {{ .StateValues.deploy.NAMESPACE }} chart: ocelot-social/ocelot-social values: - ./values/ocelot.yaml.gotmpl secrets: - - ./secrets/ocelot.yaml + - ./secrets/ocelot.yaml.gotmpl - name: ocelot-neo4j - namespace: {{ .StateValues.namespace }} + namespace: {{ .StateValues.deploy.NAMESPACE }} chart: ocelot-social/ocelot-neo4j values: - ./values/ocelot.yaml.gotmpl secrets: - - ./secrets/ocelot.yaml + - ./secrets/ocelot.yaml.gotmpl diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml deleted file mode 100644 index c4308f2..0000000 --- a/helmfile/secrets/ocelot.yaml +++ /dev/null @@ -1,95 +0,0 @@ -secrets: - acme_email: ENC[AES256_GCM,data:fLVDVocnZA9XmBLGfdqzRcYBMB4=,iv:2zOAEFwS3ycxIBSgLKNRJ4jknuBmG8nTt5l4PvKCNDU=,tag:rp9TqpiJRmHZAejZBg7pMQ==,type:str] - webapp: - env: - MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str] - backend: - env: - JWT_SECRET: ENC[AES256_GCM,data:VcwHkwob0cLgdyZh7tVzsQ==,iv:kEc6SERRgh7jHbQCoWtgCfmrFxnUmtwZFGhNCTj1VrE=,tag:nmeDl2e42iqNKfIvtKMqqA==,type:str] - MAPBOX_TOKEN: ENC[AES256_GCM,data:qK6iTYKiWfkvXBodm8zVmfr5ACTTz1+7Pt7Q/hwgv3SYERyo5NyqfsvbVKuDAD90kTCNODpSwUApJE6do/Umedg4s8mrnHXCckIDbX5BztoeHJBehsUC54ELcrQ=,iv:b65yqfdoOX366UXt7HS6nhL8hlZn4l5hQfrhI6NXc+I=,tag:vF48V+TRS5g9ezXhzAJnPw==,type:str] - PRIVATE_KEY_PASSPHRASE: ENC[AES256_GCM,data:05WXBFKIk0BtfUYmkWSwAP+/Y7v18LUow4X/,iv:y7VyymcoRLr2CK96BiErXvKP2Gn/QhECBZyeP+wo8LA=,tag:Hg/fIGyIDMY8P3mWfVupCw==,type:str] - #ENC[AES256_GCM,data:llx+JN8fRqwrLd2ahkmPrhPwcGIkn695l3Ox8VEs9YAR+1wpz3yujA==,iv:4Ctez8zMeqo3cpCCUVy6ZP4T1Z/myPw/FTq+++YAYbc=,tag:al/J8DLqNz6CoLl+TgUdOw==,type:comment] - EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:rHYc1YrDjpJkYz05ua5dTcj2UCzTc9s=,iv:c6qKbGkE3XjGOd6/iK91bKJs2HSCMJvCblmqbNDu1iU=,tag:TwCjrKyWMMTbU8zZedt0JA==,type:str] - SMTP_HOST: ENC[AES256_GCM,data:HqVYh7BujkaV4JtVCA==,iv:ThIn+GxK3cwUe3n6++/8KT66c1uc3xVOBqmQbEbRz58=,tag:uCYkyyGltP8YEsAL+DYHRQ==,type:str] - SMTP_USERNAME: ENC[AES256_GCM,data:6Ka6ZRqRHb00SlddEKRRMcZ9y+6XeSk=,iv:441t2vZ2X+7Jgwt5kRpPvqd1/p0MVHywDF08wsMVc8A=,tag:t48CFvRD263UBwcDO2VHsA==,type:str] - #ENC[AES256_GCM,data:DLZ/a631rjgJXCJ+Y1LxAaZJfv8+kYZF+X04jrbhNX0/pZvs,iv:0+JHKk2VlIFYy60QPhsVuy1DAFViAbkPnMChYeDndJ8=,tag:xuce3ODRSkQu3KOTz3VfQA==,type:comment] - SMTP_PASSWORD: ENC[AES256_GCM,data:MslALr1szdRq/wA=,iv:H/qm60wuSvc4o4EwVTIBFHyzFjJoaRgkjEp4amKt+GA=,tag:r4BGb/twbZn23SLDcMd2+g==,type:str] - SMTP_PORT: ENC[AES256_GCM,data:J9uY,iv:T/2Y9CLSR7y6vMDtBigcv6r4Q6nHeqKosKoO78qwC60=,tag:pVyv0sj6kXLJa7uyyOhFZA==,type:str] - SMTP_IGNORE_TLS: ENC[AES256_GCM,data:Q6Dm/A==,iv:mD8WdkyQ/MAtmkPehcQW/Zw2hiV2ymZLYMJ/7uyASgQ=,tag:5DgeSjQHIF3tSgbb2z6GRw==,type:str] - #ENC[AES256_GCM,data:wEE3/SPsZqy9LATseOZG7LsCbjG5gY4VUT/TzxhHLJqcYP5I,iv:gcOA0XiUGWq15G4zTRPZ0qZ/XYMTjr+9krbOx0dwpeY=,tag:jd8LTiVT7UQShqMR9zZUZA==,type:comment] - SMTP_SECURE: ENC[AES256_GCM,data:VRfz+Q==,iv:R+Zj1ok9/ArLUUILLVL0P5on/j91kO00YZ8ztDYA2dA=,tag:8V2h7DdthGofXoak4nrkTg==,type:str] - SMTP_DKIM_PRIVATKEY: ENC[AES256_GCM,data:eWKXz3Xoh9VA0rIlGJ8kOAix+VCQdAItoVdYz2Z80q3vWUF4hUJ4tNVIuZJwQoMuna5K+LC6NgfXhYFdxmYJiMn9Nc1l2bDTEVUMV7uTayp+VPaWKDordsM9YAaojDmnMTHVIOSdIMv5BKWwptIz5DP7tuZKk60bxCZsklgoQ/XWKo5r+GJDShRyV6EUPks622f6aMXNHaSD+n/8EAMRNklhRsnU9yVebP/IMl+nV/oL4n741Bngo+LjcPsdQjGsOZk1W8MPgustK0jxNCjmu+4A0d0t8dur3XkxXMdrex3eondyrT3Qjanp7dCwY+zY5Jtq7GCtRFoDdcVhZertF7vVdP9XsKNoQ4lsWvChn6VSQJDKwqTOc+Idif4i0NiQJsWpsLef6bVDZhF0wbORRLzmd4cA3SB70HKRqY81SV9mnLH3dhMLSSEGnNQR9dm/SF4jbHNinSyH2siagiz1QWBxiOS6dbMZAPmnLi3HVM33gQdeSRFE+J3KUz7xm8OPt2xn7MvuB/5FNHuoOOwZ1aYuKFJ2d4kTfsM2vZIBECFSftUCdwmVhrBMMEd+jhZkSXe9Msmhn+QUcbgV0CDxsqM4DAr4EgLhZWt1rUmHMysSaMki93uC8YOz4pi6ccQotlwqt3fTaaLFakK1zN5qjMwhOJMaa1wx2P3N+hM8n4iRtZtGF4GxgolmMGluA/ax4Ri4NCz/mkPxQ+EzfvqTxc9f7O09Y3Qv7s62iIU/5dU6uJzQ930C6liGrTQoQ2BWEZOqq2p7icJBkqMBgqbSF2sbcgnKagpJxR/LZXMecx0qETYHTswU6gfxFY8H8Ir18m9lYkPApgF+H103TMDbH4b3dkmzfax1tKOZgVb+7PMM3hTm3LpLpzZCu6AblaWbbQm4hgrQe4GAE+iuZCcN4GU2T7BGjG6EaNC2hG1zJe3LZPxFul+T38BtYLHYhmCYIDgu+8jqX3LFWa8iT4+01cnxvyhZlUb0N46gVW92q3y6eh77bcgOrjUECK6mmusVt0QcvodineJthGPMiaqOIzAdItm7of670iOIjBwMpdgzAeu8Asemzav+q1nz+OxMMPXtip78muQBM/hSrmgvFToPQs0oNcEzSt0F9XqHAUVL6bjkGy/1I4ghTR1dAu7w+u1HeR3xzkcTXyMptoHq7R7IZ4sovPK+xa/OvUZ0WYuMYHm+pvhc5XQXo7ucFLJftaL+9y7z16f0ru/Nd0K6pGU8yL61GdPF2d380Otn4Zc4Mni+uWJJU1DEHVbcuLZ5KajDkaS9AHHzR3ttB+MxCKeSUeRqNNTZftfVF0FFG0whTJKZDqb9lzIyaSzST9mjQDMd1ZcWZNQfROnbXTXjL9fhEgqIBV650HKjlmuT0nOH7AktM+elkeKCK1Zq4sPSARljEvxYaMi/CompSidypWFZ5RCYLL33XCfUIkin96IoQPIEdqE828sZRMt70ZDHW/sW4dLIvKW/XocwbdaA32nAeBktFFrnH/h+qYWUz1uJzyJ5AzIXnLWWSXzeISRAQxyUQWHCeDnyZImMEFhYpQrJOC8lGVkQRXjWV5+etP0ND9fRVZFXk0YK1ke1BsGwbWCFvU+jXG1eWe/CKnAs0jSNCxFpN37V9DE2V9Jx33iAECn2Tq8XZaN/nr6NaNO23J3bX3932O9e7oJsRthEFIkilseNX635MciW9aXCv5EVSO5PEIB0MnX2vtUS8ti4dth+9Gb1SfvJACFaElS8zgQVlw6diy2JMwiW1MwmQ+HbjkDWBtNEPm14tbO3tbhV+oWTgmmKxKI7fsEDya5+EwApR6KIzV+xIPN4GcMd/RylNgDYZfN47IePgBfs6YaQRI63cG3IuY3PN7jtM3cYVjjyNFU0htjiaUfRJO0KKOKlkB7C+2SKTupFFl0C5r9LK5wNtN+CVSO5DzX5I0J2Xq9eojv1j6siBQVrjGbSLZQNEa0DxBDbZvVIA5PlL1Uziacovp4De+2+90xXj2lTKhi8/jm9vbM7RqG3kIy3yRdanxsJ2kDuqvXV0U/o5GMzZoCfTUr7IFL4tlG92YfOWyXOHdfUONK36DH5fGhQJl/RpQezs1keU7cEbcgpuDWkGi4xzag/cr7pAiY2uVxtH+TzUFPdp9VCB0vL0WloMNlmXobqKGNu6Y31jVzfNgrICrN4Yo2Q29Whjx4uU++ifulkKQVghTK8gREHE7ZmqoG71OjFpq+8MtSfY+bHDIbxkTkDMMFkVlDftWkJA0ZKOW2Ete7NT47trIE=,iv:vambFbVHaNmdvec33gn/Dcy0OWTxTxiqGslAvuO1otY=,tag:ZQPHY9gqKyKz1k507f5iCQ==,type:str] - SMTP_DKIM_DOMAINNAME: ENC[AES256_GCM,data:ckEyqZOwAY301we7YnijXto=,iv:5q0JAgG8dUXFR9ArcB9HF1SjJ+vbcev90LrzASfGg9E=,tag:KmLUboHo4ZnKnhUCgzrECA==,type:str] - SMTP_DKIM_KEYSELECTOR: ENC[AES256_GCM,data:VePn4Q==,iv:/ieCYHt5mcFScDd7azPaGQfH1RWHcTAG1LotdBXle78=,tag:ZYxP7lBPwL5H5WvhC7QutA==,type:str] - NEO4J_USERNAME: null - NEO4J_PASSWORD: null - REDIS_PASSWORD: null - neo4j: - env: - NEO4J_USERNAME: "" - NEO4J_PASSWORD: "" -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MjZ5RGI0YTFIbDk3MnBs - ODN3RUg3ZVhsS1dEeDdodFJaQzg2RjFpcm1vClNzV1NwdEFwaXJnclRNVTJIbzVk - VEc3YUV4eWJLb04valdNV216SnhtbzQKLS0tIHpuR2JGZWp0WnNUdStuL1ZLU0FK - eGEreGNJTnU1OTgxL2ljVVRjUUxraEkKvkV7G56/GtJLbLVHvrq+rJ8npBckvww/ - Tq7/k/YmGV764d3Zb0Vs6TNJhoOvKF6sK645wrFlSzVNj51UxkhWYw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWTI4M202SmlhbzJnckF3 - ODZrY3ZQQkRLZmQrNmg4Uys2d0JBWWJMWkN3CmNwUi9HT2VYd0paMnJScnFxSXB0 - YThaU2RqWFdHMXczQ1VmdFdJQmJSU00KLS0tIDk4TW5DdUNJY3dnS1JGQUluaTJw - d3ErbWdrZ2I3ZU1ZZGZBZ1JZU0lZMUEKnQHREjKUZ6a2+Es7SlLY46h4NPdeaE8c - w4My+za7IjGSyL6HKqxSBLUS4Q79cI3iBNu8SwikocmEkqQ/DWlC6g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTmhYKzUyUGJnRHhjTU5m - TVVFOGl5d3ZFYzE4U216a1YvVUlXTGFvYTM4CkZaMTcvRk1CVDJwek9TT0UvOWMr - SWNrb0pvYTZaTHM4aGRpcG9odDhyUm8KLS0tIEkrSmc4V2c0Q0ltWkdRZWQ5NFEr - Y1VWV0JTRjVmWUU4U1pTZkVhbTVLREEKvCxhsCX//e7XawyJG3XeCGLOUqxCx9No - To4JGg10ciWcW0eqyP5lQfwdlECkmPapNz8gaf40DVpPDij5Nja+zA== - -----END AGE ENCRYPTED FILE----- - - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaHh6b3hpbFJrcHl6eHl6 - MkZmNUJWSTJRUFVNOHJaYld3QWUwSy93aEFNCjZTZnNZRlJRR3VEeXROOFBmY2Qz - SHF2bWMvdm5zNi92SUFlc2FZcFl1Y1kKLS0tIG4wYzdKTWFKaExiTVlFa0tRdzVs - bGFuMlF6bkw2Z1lGNmZTV1R0ZEs2T0EK78at74wFk1B5OgeMSKrGLl3sNiwrzitL - 0kcMVyxfV68mpjb0Cw2WtEUo0jFmKFXi7H5FbJeoPrDG0QFvIvgfsA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYXE0V2pFYnU5Slk5Nk5j - Snh2UElZajhMZnlZTjVkcFBSMnF2VFJ6TG40ClBFQzV4SUpUZTZaSWpRdXNIdDBq - ZHFUSG5uUHU0bXhhcEpCejh2elM1M2MKLS0tIEovMDdrUEs5blNvL3R0VGVaMVhw - Q3V1UmU0OUtWRmRuQ1dtMFROUDF6NG8KRJRymV0GaOW7sENEqYogNK2HeArsuY8Y - lVWepYYDoeRWwu7kmzORaEnW6G4m0F3rADfwMrQVTNvZ+1Xn/yFOXg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbHhMUElKUWhFMERGVWpz - cFRwTVovOStYNUQ4czIxR25MUzNON2ZzRmc0CjNvOGd4bmdjWHhwdEMzTzJkQU1Y - SHJrZG1pQ3pmZnZxWXh4bjkwN3ZvVFEKLS0tIHRhVDgzUHNsMHYrV0RoWCtmR0Nl - Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY - pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-13T04:20:22Z" - mac: ENC[AES256_GCM,data:p5ydLhC78MkvM77Tyj5+4UxP/rl2Dg4HERhpLOK4Ip3sD/e2toyPiPK0u3VHzeOjUhwmJbqnvF1J+BkCwStKPXi2PD4xzkMN01X9oYEVzLZtyY2Bb3npIaIy2nIGYk/cplo/6DmJrPXDepwCl76Gu1e+yPo6txbZe7Zkc3nYDf0=,iv:dJkfQbAkux1NNiFnCyymQ4igdM6ap2soZv9gnCSSqCo=,tag:ixAVYVD4m5MU5PfSUNHu2w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/helmfile/secrets/ocelot.yaml.gotmpl b/helmfile/secrets/ocelot.yaml.gotmpl new file mode 100644 index 0000000..aa05b77 --- /dev/null +++ b/helmfile/secrets/ocelot.yaml.gotmpl @@ -0,0 +1,39 @@ +{ + "data": "ENC[AES256_GCM,data:o6lSij6VCvx9cJ2tWq+vmsCyyhvq4qBvhUqzPlyzuY/HuQDisjxNLimAG38/AZT3qM6eB9EPAe9zHWXPfQgAv/PRxj2NALFKwsVR/IuNePyC52G4ONOrGwhm1vW/VpvNVy19sIrna35Odai6F5g+3eH2CISZsL71gE1xRJy5NU9u5qnjfBG2rRerMdeO8op5kAXUEkL+F2tr7ugCTC3t3NuZZ+5YGxSoIthyYibISX+K+979M7AlcNNqsVPaadVwg4FDdEAmOLrUz7f7Qq5iB4Bh2wM7aTCUiTAO0hX6X0TiHtXreRDkMmuzitALAbSjI7wT0fLkWVyzVM+yMQWQqNTMIB64d88J57oWFAs8PqaEARbwFWca9y4kUZTD/G3ZrSSljokp3QMRaxSXTWw4WumghK+LUt07HtI3K7DkKZP2fqxR3CfK9Ebv/T4vk53X5wcAvUSToaRAQ/C7zL3ojjwiu6sZTg4ZRwGnkjlwqE5d5YUQXZSltCiz63UXBxNjw0BY2s6i5bYOhZmUwU/z58H2KIDmQ6KLo0QYOOcqghpUW1t+Vfi8wNLE59Zbkaedq1ESgeEExkwDqFhVpcX7cfxqDb69iW8tHC8NSNXpkhETUl3/QzfgYk5p7M6RHkyyjr3WgbZN0CT6fil84wwvTVKjklG5rcq80PwSuxZRjlZD7msUCRSuu3z3vFmExjnI697s70pK7S/1ELlBG31xQTqxylaOpRFrO4YpUlAQTOcQyqU+wZsM0MQ4J7+VbFZd5A01M9NE04uDlEj+OkEuzSpbMJ15uPaRRKuT0CSYsl864f6WmljmZndTVQvI2FRandQuf+nPZioxecKClX7xWfCc2dx5/fVGw/MQcBZrqJ28c89Ym+2dtLXNBCCvHSFUPBEaz4L9mWzSIulh6hY6AAuYMfkIyIu+ChH69V6WpHYOA1YeQ8D+f2VUGUKGe4R+sBIIMMwYNbxv9dHD/uCgqBj/VmTl45PxGXODAhUt46iE+qOfTwLhamTnxEhv4y2KEmf+gCmDFLs5jGYlbXbiPMHTRVOADB/O73rs1GuXhniOwOGpY/Kub21Ff3M1pPRAZN9oa+D9DHgi/R0goB7ybPs3i1+uzES6KNpH9WfGO2jt6jyaIFkIhyv1ekYMHcgqIsYmd4RvpZD3i7SH/IDpKc5RL4xmIVgJsbsn9dWSD1jRmk8Tl5WnEQ/yoPQ1IUShQ+pXZiXbY5FgUU7oci5ElMya0O3AvEXN856nyjiaff9w6C77iKaR9gDywKU95m75/QF+y5YKUErIWEeC/8TuOnTyoJpk9eE8CUeZa8w90vOUdF2O+J+h/o9qNFlbFDs+kEklz95qI8c0NN2TOyWxrwQyPJNoQk7/N08RSe3cHGf3gmmhA8gFc0LaPedUddca4JpenCtAC7qskM5IDFUKYq+UJecYdelGjLmOSLo2KEzW28vfp2eJ96y8giOjxrci9YRVxZ+JFwNqmlssajYa31iijlQR69ilHeemDMvtAJoQgNwssCyYG/fUaqwuSm+HejfF1KPlIjq5jUSHDuYOZSHQf3pVZjWakyqId5PT6ZCVQOAIH/qwJuoJ9Xkd7X4jw256wvrXAohUX6ePECfrba8v1T+Fgk22zsJq62eWzxlgHHYENjIUKz9O0zOZdxxRb7CZML9jEV7M6Mflf7h5VRi0TS1WdZisn+Ey0jkc2us4B9UYIGUmNVqbAjlUhHIuRrJcOgWU40v5O0VMPjEYU3kzAkaxHcWnuKKKXAANqrezZy+K8B6yYFP+OisBK6o5YOcy8toqHSwhbmnqoY4UG1+pJLHYBC3+WiZvi6EyvL46Tct5zsJWNUTAyBhDYknYje44FwKSiJiB3hUwiI3klnHv3GIyKAv/jEv+nx00W9Rz+HNiFM0PhAtbiWTeGkZ2/oAu9YXIRfdLhH4X68m3FU/btT7R7x7UX46OrEkWb0CrmRRxBmHIgYCvdEETq6OPSTyaFk36BnTfiGMdX34BqjM7nhKO8L4Z/2ASCWDr+QHEm+38Ozhgvc9DBj5tSZWH3AgBP2yyBuS4Tvg/dpfepwkJqNuKxaHJADpmpFwNArbP5jWaca53OjeXIMxclkzMzbP5LLd+CrX1c4MIIKVFVyayPf4HpqhP4Q6LAnr7GPaH/oENo+R8Dy6XG3Aeq5VGdbn3e9EX2ImSnnqt1oC6ukWRkHM8tgFKvF/fGWH2wEWgJFCtLwpmwXbAaSbd+XaSKp8KcnBi+SPOrj0uVqAdeBs4t4wj8h56q2xgYg7zKH9/0ghognCzp7j5EVTOwihIYJCsmpYh1QyV/EG3bW2SJKisTJOnGtUe2MtJN170845igOlIVAI/fj6IIIZASDqDPq/nMODHNVqA4Du12n5vlwZmvTXPxTA9IgFDyxs8EJ60eCQ7AvNI3E52C6C52rYOdsaYTjwn6RivmOfWdK3LGg1R+3+BJ3bmc6H/VhC/O9UHpPMDjhLlBY021s/PmU4KU5QVCCh0cmGRi6OTAYGDodmGICKkeI0+2P0I7K5oR616C2lfsx+J67cpJ1azD4DDaApfA2DZvZuLC2V7dx+lpc8ZqYVAkHzh3dQzkhhbrBQR+2DaV4CQMAN3CoHXipyO2QqsTkRrFqzuLkw+QK1vNge8uetcWstDORMED8tMCowJPGRVnnKEaWTDf/4ewotuoStSPcJfms6qI0657YKJZCn5XHHQxz7yEVaRK5RuN3apgFtw3vpA3EHQHtecSt6ID+oI5L4VV2XdPGrJE3L7cA1tMGCi9oaSxA177MVJ+rQnHaMZqa4PWzMwo0psWiTs+Ckb5+sd1KLFYTApuA9BfrdPujtI+IZcbXlr2KqXz6WCzcXrg1LW9Z7Ybi+lyLqc9OjsgwsxBSjCRHpCMowfhJhJ/dGZef/NHc00bMDKf4R/FJRXXnGAUECeMMxdsTKlutHTrcsnKdOe5BvhbxuXVbkZAE4Th6CBQzat7ngy/Ia+pC9C8IdweNUE+4RBVfPjosXC215PNBZmI/QpCYgw1TXj2ziJGDIVKorj0FuFkNNtZBXmcHFJt1a6LP91FtaLc7z0Fyw55vvhw1iwSN/fDpo86bWpJhpM9IRCv0whUrKzqkv3p73Q/cd5yp1g53KCdJXDgk40YyhTVSBZbtsr0jYxDf79PSYQqTvrEN8PLRgPckLVyRTZeqoy+zOm2fpZ3IpMVOmZvR8KXB764n5T65CbMd8GlJnkbiunDGE9mglj3weRkHwNriTEDKm8quNbBzWlY572nMURpiklSzdUEKm5IaobN6sDTlqUSjW95CJ9Z4EJsfFQ7rj2cw==,iv:uYy1KO+4tjfGt7q8BgWoi1+XsbcwnolkI8yc6uZdAhw=,tag:fKokPwLUpDXiQYzeTnHMcw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTmx1dm0zOXAwckVER0hD\nNWQ4Q1QrYjFsTkFqWll3dEJqMFpuSmsrTVVRCnUwSG40MUYxd1hyUFZYOUdoUUxL\nYUZHK29ldHFlR3hPMDJYSXBDUU11OWsKLS0tIFVCTElSTDRvcFl4WkorMmc5L25x\nN1kraFYwSWxRSlZ3MCtmN3NhaVlyTGMKVrNUieVLwwB9DT86GMzsVZ3jYygX3EVQ\nsVtPBitjO2jAveQLvLNsTiXPPwdsrBK4Cw7nFWxo+Uk829otD4v4eQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNXZZV3A0K3U0YlFjbWlR\ndlk3UzV6WFF6eEttMDVuNHJEN3NjdmYvS1QwCk9JRnRHNzNkaDM3TW9xejN2dkRC\nS0JjODVyVTVoSVltdmFia1N0Ym5mYzgKLS0tIFV5WU04QnhEU3p1YjNlM21Gbmkw\nRk93bDFLdGkwSysyZFQwbHZpOUFMNXcKg85LKJftKBmnXywtqJylG1Izcq92IgaO\nxaWsUWJuzT/3Oowxgwgs4DjC0Yms9W8fq8Bp87DQAhRyzgm4U7tpng==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWHcvWTdMSGd5MERvdUZo\nWjh3bXMzc21wbjNKOFZSWERTalhEVUZCeFhzCm5QWlJhczJmRmJIWmEwUjNiVHNE\nWE94TTAxeGJwZ2h1eEtabkNFanNqNDQKLS0tIHhSSmw4eHRTaStkeEJnVkZMbG4x\nY1JzL2RMUnlSOGJQYjZCRE1zeWc3WHMKf5MVZOn13Kh0aiCFIZaOwf5BF5sI80gB\nQl51YC7EeIRjty7YXtW5m3CE16IL520nHLbiv0q5GL2bHzL+6sHx1A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZWltVG5pRUhBYTlhOXZY\naWthaXBya1o1VmdTUUhzdTVrb05jUU9MY1NBCndVMjQ3TEFRNnk0b1N2WVZ0dGFX\nQytoU2djYkwvOW93N1QzbTU1K25rczgKLS0tICtyeVN3OFZJNkFNVEpNenhsQ3ds\nakU1L0tLaFZ3QUt6Ynh4UXVGNHM3THcKr2K6Dr+5fo7Nvx/EyTwwPdhDxTsA86zb\n+FKplHEtG+ZIm42JF8IALdHjxhn00wpPQnH1Mm8GCzZUqrDy5J1tnQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBka1hpdkEwODI3cTBtTVFy\nSVBtVzdXcFBTbHFzbE80YjhIZUFHbUQ2UnlnClpQaG1wTXJCMXFWWE9VNWtPV2hj\nb0JJeWJZNXRBVUlEckwvRFE3K2NjZ1kKLS0tIENkTGFrYU94YVFFa2VEdnhYOUhR\neXNHaEt5NFY0dDNQalZJeFR5QjRCeU0KSwpW1ksG9+qcZ1DhbpsejmZE/4qJLvJe\ncGe4VEePaQ3x2tRCz1Cdnug4b7PdQ8Zu91t7Ai5Q8SQpJnrA2YHLhg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZGlQV0Y4TXpqc2FwZXZj\ncDc1K1A3c3JKZjJZUExEcVY2bjMzdVhRbkVRCjYrbmVYUjVMMEZUenZ4Z2o0Qmlt\nc2U0Q054UlFOWTE1ZGRBVGdtRVk1d0kKLS0tIFhySU8yVjFlMGtZeFN4TjA3cE54\nbkN6cUtCODQ2VmFMcEUvSGJwR3pPR0kK40+aZnAwKYnyJccZ1e6oLclmk1oDoGFa\n4EIQqkR5iJHzE/CUnNYLixLe8Gf8rIy780P3n2nUvei1w7dkwWZDUA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c2hEWGhkMFRHc1NhTHVh\nMzVRaTBLbk5oTUloZ1ZSR21oQ1N0K0J2WDNFCkxmVEo0aTRhNmxZSWN1OEdWTFRM\nRjM3YVkyRTBHTnZJMmIxUWEybHBiQXcKLS0tIG1ONkh2U215eW1ZdG5Hd2JiWG9T\naE9mWHhlS01QdUpHTjRVRDhrNGN1RDAKWpll0EIuBRpcDlVYYLGXzfiDvf3pwybI\nISoj8pSDJLttMHdrRq1ldzMCBPe31IA6mfvPVNwyO+T++8r34zoOKQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-18T22:05:09Z", + "mac": "ENC[AES256_GCM,data:rAg2sJDC88oGa1YyT1mM/QVW8DvTfUeLGv6CjyS3DwyHpsbK7rIe06XelO2uJPFGnIJGYNHAJlRZKe6oWFdLLR6b7LueTY2BYklqL8AgfVCvEx3h4TXzpEgpAgqgcKLXlynYIaYei8UJy3htL6et7YUU5mr1OSbkIgH3t/CVizo=,iv:r6t/RHzojLzSk5sTix1JjZeZtqvS+u0IROuK44i7ZD8=,tag:YVgh+x4ae7dYxW02I6U2cg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index cc6b471..16bddcd 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -1,5 +1,5 @@ -domain: {{ .StateValues.domain }} -redirect_domains: {{ .StateValues.redirect_domains }} +domain: {{ .StateValues.deploy.DOMAIN }} +redirect_domains: {{ .StateValues.deploy.REDIRECT_DOMAINS }} cert_manager: issuer: {{ .Release.Name }}-letsencrypt-prod @@ -8,37 +8,42 @@ underMaintenance: false global: image: - tag: {{ .StateValues.image_tag }} + tag: {{ .StateValues.deploy.IMAGE_TAG }} pullPolicy: Always backend: image: - repository: ghcr.io/{{ .StateValues.github_repository | lower }}/backend + repository: ghcr.io/{{ .StateValues.deploy.GITHUB_REPOSITORY | lower }}/backend storage: "10Gi" env: NEO4J_URI: "bolt://ocelot-neo4j-neo4j:7687" - # PRODUCTION_DB_CLEAN_ALLOW: "true" - PUBLIC_REGISTRATION: "false" - INVITE_REGISTRATION: "false" - CATEGORIES_ACTIVE: + PRODUCTION_DB_CLEAN_ALLOW: {{ .StateValues.ocelot.options.PRODUCTION_DB_CLEAN_ALLOW | quote }} + PUBLIC_REGISTRATION: {{ .StateValues.ocelot.options.PUBLIC_REGISTRATION | quote }} + INVITE_REGISTRATION: {{ .StateValues.ocelot.options.INVITE_REGISTRATION | quote }} + CATEGORIES_ACTIVE: {{ .StateValues.ocelot.options.CATEGORIES_ACTIVE | quote }} + MAX_PINNED_POSTS: {{ .StateValues.ocelot.options.MAX_PINNED_POSTS | quote }} webapp: image: - repository: ghcr.io/{{ .StateValues.github_repository | lower }}/webapp + repository: ghcr.io/{{ .StateValues.deploy.GITHUB_REPOSITORY | lower }}/webapp env: - PUBLIC_REGISTRATION: "false" - INVITE_REGISTRATION: "false" - NETWORK_NAME: "freilernen.social" + PUBLIC_REGISTRATION: {{ .StateValues.ocelot.options.PUBLIC_REGISTRATION | quote }} + INVITE_REGISTRATION: {{ .StateValues.ocelot.options.INVITE_REGISTRATION | quote }} + CATEGORIES_ACTIVE: {{ .StateValues.ocelot.options.CATEGORIES_ACTIVE | quote }} + BADGES_ENABLED: {{ .StateValues.ocelot.options.BADGES_ENABLED | quote }} + NETWORK_NAME: {{ .StateValues.ocelot.options.NETWORK_NAME | quote }} + ASK_FOR_REAL_NAME: {{ .StateValues.ocelot.options.ASK_FOR_REAL_NAME | quote }} + REQUIRE_LOCATION: {{ .StateValues.ocelot.options.REQUIRE_LOCATION | quote }} maintenance: image: - repository: ghcr.io/{{ .StateValues.github_repository | lower }}/maintenance + repository: ghcr.io/{{ .StateValues.deploy.GITHUB_REPOSITORY | lower }}/maintenance neo4j: image: repository: ghcr.io/ocelot-social-community/ocelot-social/neo4j tag: master - storage: "5Gi" + storage: {{ .StateValues.deploy.NEO4J_STORAGE | quote }} storageBackups: "10Gi" resources: requests: