From 5ef8db0dc13a83bf2e3b170416469938997a512c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 13 Sep 2025 14:34:54 +0200 Subject: [PATCH] v3.12.1 update secrets update secrets update quotes quote everything update secrets simplify future merges --- .env | 2 +- .sops.yaml | 4 - helmfile/environments/default.secrets.yaml | 29 ++++++- helmfile/environments/default.yaml.gotmpl | 24 ++++-- helmfile/helmfile.yaml.gotmpl | 9 +-- helmfile/secrets/ocelot.yaml | 92 ---------------------- helmfile/secrets/ocelot.yaml.gotmpl | 6 +- helmfile/values/ocelot.yaml.gotmpl | 36 ++++----- 8 files changed, 72 insertions(+), 130 deletions(-) delete mode 100644 helmfile/secrets/ocelot.yaml diff --git a/.env b/.env index b59a6c6..3ebc978 100644 --- a/.env +++ b/.env @@ -1 +1 @@ -OCELOT_VERSION=sha-31c6446 +OCELOT_VERSION=sha-00e718b diff --git a/.sops.yaml b/.sops.yaml index f7c8c59..9dbaa04 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,10 +8,6 @@ creation_rules: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5, age1t0ufylv5xfwhmcamu4gpwtay4wcuyqgzlkht4t04s9qjl8xjks9skxrt02 - # Ausnahme für die spezielle ocelot.yaml.gotmpl Datei - - # Keine Verschlüsselung - diese Regel hat keine encrypted_regex - # age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 SOPS_KEY github secret # age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw @roschaefer # age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp @mahula diff --git a/helmfile/environments/default.secrets.yaml b/helmfile/environments/default.secrets.yaml index cba9bee..2d524ee 100644 --- a/helmfile/environments/default.secrets.yaml +++ b/helmfile/environments/default.secrets.yaml @@ -1,9 +1,34 @@ +deploy: + ACME_EMAIL: ENC[AES256_GCM,data:kmD2u4WBF4t7VZBCrQye6g6jsD4=,iv:iU3Kka2logDrGpIv7mvU2w9/NtLhUhir1KNum35SmFY=,tag:etn5b0vZurGr/dKbi0ONlA==,type:str] +jwt: + JWT_SECRET: ENC[AES256_GCM,data:g+PuDCyOup6tSupdvXplQSYpTjWeDghj,iv:ETfdU1O1wU2EkZtnqy/s5MgS4D4lOMMdBeZ8ps2jlwE=,tag:fsTKMuttYaWWo8aknOW7nQ==,type:str] s3: AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:9vjauuOcV6ZBw75DaJymj8Y6Cgg=,iv:AoBz9RYzhao66xJKAJHQNhCX9/kOZCF3tq7XnFUP3C8=,tag:L+9Hdt2htHnbg0iWBzSeqw==,type:str] AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:IxvP7zbwUm9e/2QLzvIC9zE5Q9+c97r8/6vPPV+2UaNkVCMYqttOUg==,iv:GhIM8BTqlAiuaKZuT82QYrciQ4+UmII2yqOsoib0tbY=,tag:BjGA8jPH62EvlJdW+1+4kA==,type:str] AWS_ENDPOINT: ENC[AES256_GCM,data:R0DA8FYto2QThumIb5LwddkB2mz1W2YckUuBvIB8svmZP7Y=,iv:Vl3IsRXKHJovrB9wAwq6kpWvCOx4gAmaMZO9FwB4OT8=,tag:TElpGx//7Y4TmWNV9S/NRA==,type:str] AWS_REGION: ENC[AES256_GCM,data:Wyzv4xtbcMVlpA==,iv:3FytYgLFzjheww4faFvL/2cNFvMBUI4QFrQqtBsl69g=,tag:+wuNJIJwI+6VbGTZ1/BReQ==,type:str] AWS_BUCKET: ENC[AES256_GCM,data:+SCuUMhyAV5qPaJvyIYlSwbp3Kd7,iv:mudkJbvGzvtI6StOajJoYR4XUjlJ8315Yf3IZdcxb00=,tag:uA+z7dDja5D2F4i1hPCmog==,type:str] +email: + EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:jWxjlQlBJL6LROw09ipPXObsioE=,iv:Hq6Wjhn6tuYzloS0m5/lIrY5Fc4Etu5E3mQKGa0im9Y=,tag:vY/lmb3AcIjF2O9ez+qQXQ==,type:str] + SMTP_HOST: ENC[AES256_GCM,data:2IM+567JWBKTaNed,iv:r5IKf+xhQu5UDomQFBeAK4HFLevvLIpAGYTDEWla4qU=,tag:9CXbXyGBS7Wsy8hj77aw+g==,type:str] + SMTP_USERNAME: ENC[AES256_GCM,data:qHiNyGbh,iv:+M+m2ExbgRDaeW86EMKduwABwCOeSL5e5toHbZQseC0=,tag:Y0xo6m9apFrNm2OLCkxp5w==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:9a32IxgqYNOV/SZrE5/faDXlZCnms4iGZeCPbqUOy2k=,iv:bYyclI+GryY2DdCTsOBTPz2IbxkCWTxNJOxCVDAcDDo=,tag:B1xfizO+KjVQzQmO9XKS5g==,type:str] + SMTP_PORT: ENC[AES256_GCM,data:z2mi,iv:GxhWj1xu4Q5hPdgEdDKvofNiM2H001KwDnmwBOkZreQ=,tag:FR26qyT++nuBWYCdIaD8aA==,type:str] + SMTP_IGNORE_TLS: ENC[AES256_GCM,data:4kGb1Mg=,iv:vEmSMb2YO+V3TXi7zknAQnTi/+4P3tURYCe++W9cMPQ=,tag:t/ABaQ3xTgtAujJhI57KZA==,type:str] + #ENC[AES256_GCM,data:A27ANKNxRZzYfNIpp+zmxCYHsYuw/Yb3Me2gZ2lecaGpaD/L,iv:GJKErFFmUKoF8nVAL71VRIlKrD1LwKLCOW6w3676r30=,tag:oQCcqZcHoDsTLGPSPQXPSg==,type:comment] + SMTP_SECURE: ENC[AES256_GCM,data:n7fBfDU=,iv:f/0IlQhkuO10aUkbPFg8Ch7eG3yuzbE2kFYePoJBbck=,tag:5S0GdaqBDacD6YMdpzh6jA==,type:str] + SMTP_DKIM_PRIVATKEY: null + SMTP_DKIM_DOMAINNAME: null + SMTP_DKIM_KEYSELECTOR: null +redis: + REDIS_PASSWORD: null +imagor: + IMAGOR_SECRET: ENC[AES256_GCM,data:pvZNYv3vAUiCW65Mtu7W8dZ1B16dC+0Pc+kG/1WD+Hw=,iv:CIcJRqeDztLQb4a0WsDSlQCkZ6dpqzvotYQ3A424SKc=,tag:b1em2uJyQLzEenPU2U6VYw==,type:str] +neo4j: + NEO4J_USERNAME: null + NEO4J_PASSWORD: null +map: + MAPBOX_TOKEN: ENC[AES256_GCM,data:2Xq6+LyNVDSwZpl3m0KLsEVKYzVbtvBLwgzqhZiYGDSXtEOrw+1xVwArPUQlNrc71gvWGwDZeFzo8VztjoEZ18nMQovOmEICU8aEqzsDt3PESUCICTkx4+z2dqc=,iv:OXjYCZOV+WPrsg9OuRIpGjkZcu0AQoeggfA583yP5Ms=,tag:T68lf/kaT7PZBep7ZBrYpA==,type:str] sops: age: - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 @@ -69,7 +94,7 @@ sops: TTVLamdEaEZOYk55cldCVzBuWm1UTEEKjrVRYcy6P3JyPlgSrAxm127TqQzfi7mj McQxS+qNleBjIvfWDhb8I7dsVt/3CSfZ+HHVZ3APhHLAT+av+pyi3w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-12T21:24:21Z" - mac: ENC[AES256_GCM,data:9DF2HzlDBEzceiik7RpBjd8qWrUlVBL9VhgsF7DaIsj7SQXH8OqUcYGjG3x0rx00rzwUKZPBRqMQn13/N0KkHXN0cVuCokLidMn0DGl/nOQiyq9/FALIe8c4wYpECS1RRCFY2n1ALwv6g9eOXI7CLC8alfdXPl4zJ7wO7Rcn0+0=,iv:T8P6qwunLP5F/NqnR0CbNEzmP+ueN65KL846vdEFseo=,tag:VyPnrRwgOEBBrpI6VJj1dg==,type:str] + lastmodified: "2025-09-13T12:33:18Z" + mac: ENC[AES256_GCM,data:S0bcT+ZTDAbaNWPhsH6rO3ZhuYGfNVQTZ2bGIXxKQnFOyraEtrkGuqmimRjh8Uq+ZJL98QgC8bF8ODXeYis7Hk5xXq/wgYyxV1fJcEr0T+FmodarjcaOYvl1xuL+77y+8xmXXIPkHrN9DulyRxkkUTKfQc7ez8NnQbwlkOLtaS0=,iv:0GeOB+bEkMVNv9D9MPIQrjpI05PX+oB+29vSUUaqjwM=,tag:MIRnYyTuagwVVjVsSqNQbQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl index 6c3ce34..1fb6af5 100644 --- a/helmfile/environments/default.yaml.gotmpl +++ b/helmfile/environments/default.yaml.gotmpl @@ -1,7 +1,21 @@ {{ $image_tag := env "IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} -domain: stage.ocelot.social -redirect_domains: [] -namespace: ocelot-staging -image_tag: {{ $image_tag }} -github_repository: ocelot-social-community/stage.ocelot.social +deploy: + GITHUB_REPOSITORY: ocelot-social-community/stage.ocelot.social + IMAGE_TAG: {{ $image_tag }} + DOMAIN: stage.ocelot.social + REDIRECT_DOMAINS: [] + NAMESPACE: ocelot-staging + RELEASE_NAME_OCELOT: ocelot-social + +ocelot: + options: + PRODUCTION_DB_CLEAN_ALLOW: "false" + PUBLIC_REGISTRATION: "true" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: "true" + MAX_PINNED_POSTS: "1" + BADGES_ENABLED: "true" + NETWORK_NAME: "stage.ocelot.social" + ASK_FOR_REAL_NAME: "false" + REQUIRE_LOCATION: "false" diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl index 6d91728..be4cd65 100644 --- a/helmfile/helmfile.yaml.gotmpl +++ b/helmfile/helmfile.yaml.gotmpl @@ -16,19 +16,18 @@ repositories: url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/charts releases: - - name: ocelot-social - namespace: {{ .StateValues.namespace }} + - name: {{ .StateValues.deploy.RELEASE_NAME_OCELOT }} + namespace: {{ .StateValues.deploy.NAMESPACE }} chart: ocelot-social/ocelot-social values: - ./values/ocelot.yaml.gotmpl secrets: - - ./secrets/ocelot.yaml - ./secrets/ocelot.yaml.gotmpl - name: ocelot-neo4j - namespace: {{ .StateValues.namespace }} + namespace: {{ .StateValues.deploy.NAMESPACE }} chart: ocelot-social/ocelot-neo4j values: - ./values/ocelot.yaml.gotmpl secrets: - - ./secrets/ocelot.yaml + - ./secrets/ocelot.yaml.gotmpl diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml deleted file mode 100644 index aa2aebd..0000000 --- a/helmfile/secrets/ocelot.yaml +++ /dev/null @@ -1,92 +0,0 @@ -secrets: - acme_email: ENC[AES256_GCM,data:CqWQwY/Q6hrvuCqXiNn/8oQYsmw=,iv:cn0Jyedcir+Z2NFPbFy89K1W3vlmdIyTzuRrOsqlJM4=,tag:hf31Qpp0w7FlxO10R++9wg==,type:str] - webapp: - env: - MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str] - backend: - env: - JWT_SECRET: ENC[AES256_GCM,data:8qGviTFMOv9QyoNVwnlFNZ2PmvedbKJM,iv:rmZgs8h2QVsokzMzdGdEcInBLv8AX3xFUjkGhTf3sF0=,tag:SUJpMaIGAb14yg8RxCVUtA==,type:str] - MAPBOX_TOKEN: ENC[AES256_GCM,data:qK6iTYKiWfkvXBodm8zVmfr5ACTTz1+7Pt7Q/hwgv3SYERyo5NyqfsvbVKuDAD90kTCNODpSwUApJE6do/Umedg4s8mrnHXCckIDbX5BztoeHJBehsUC54ELcrQ=,iv:b65yqfdoOX366UXt7HS6nhL8hlZn4l5hQfrhI6NXc+I=,tag:vF48V+TRS5g9ezXhzAJnPw==,type:str] - #ENC[AES256_GCM,data:llx+JN8fRqwrLd2ahkmPrhPwcGIkn695l3Ox8VEs9YAR+1wpz3yujA==,iv:4Ctez8zMeqo3cpCCUVy6ZP4T1Z/myPw/FTq+++YAYbc=,tag:al/J8DLqNz6CoLl+TgUdOw==,type:comment] - EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:z1EyEokf/TNkFLhRzsCbHew/6T8=,iv:Satr1c8aZQE73ZolC6n+PO74r+Gj3un5Mj0DIYb3n14=,tag:iK6l0GXuhLauBtFXTmLyKQ==,type:str] - SMTP_HOST: ENC[AES256_GCM,data:r0qbaUBB3CSUHR76,iv:TJIx71HW1aBB0sCEd1TB/tTgPBxLR1sdGAEf0t7Qilg=,tag:arXYtwVbIXVaUJpyommokQ==,type:str] - SMTP_USERNAME: ENC[AES256_GCM,data:lZ05DvSu,iv:Tyu7poao1shqKGd/sjTCgGNHU1xgRpjwjMRd+ArGf6o=,tag:dKms4G683JvFzja7YOwYKg==,type:str] - SMTP_PASSWORD: ENC[AES256_GCM,data:c9rnPIaKHIh2LNIJON3ib1IsA09OWGchDxRPRpvrtJw=,iv:08Acxl74lJbYtEEU6crVIYRXwkER8t1XPrhBA2PwEio=,tag:F0xrrt2PkBUMEyp7a81ssw==,type:str] - SMTP_PORT: ENC[AES256_GCM,data:MGmv,iv:IFg6oEncN0ICEmw96XL4EuPKqEZ6KLwU5FJYkveMSpY=,tag:kIVXlt0o5TfhOtRVqU/c4w==,type:str] - SMTP_IGNORE_TLS: ENC[AES256_GCM,data:ORAIWtg=,iv:6X4V3RDeYHrFdBTjsb3Ji0KWsZ2meL8ilqHNGQbcV/M=,tag:R87FgoQwqpes+0ejcOlrPg==,type:str] - #ENC[AES256_GCM,data:wEE3/SPsZqy9LATseOZG7LsCbjG5gY4VUT/TzxhHLJqcYP5I,iv:gcOA0XiUGWq15G4zTRPZ0qZ/XYMTjr+9krbOx0dwpeY=,tag:jd8LTiVT7UQShqMR9zZUZA==,type:comment] - SMTP_SECURE: ENC[AES256_GCM,data:PowbGhU=,iv:a1dK5AVySu749vPQvX9OLfMuD+tZkLNtXTMr17+4KuA=,tag:fuJQ7c4RBl25If01MSAmug==,type:str] - SMTP_DKIM_PRIVATKEY: null - SMTP_DKIM_DOMAINNAME: null - SMTP_DKIM_KEYSELECTOR: null - NEO4J_USERNAME: null - NEO4J_PASSWORD: null - REDIS_PASSWORD: null - IMAGOR_SECRET: ENC[AES256_GCM,data:nPGDGgjnszFpvNk/ucl63/4o1Yd+rA7ty9PtHcIuOQ0=,iv:kN7ys7qyizLYINHUUTAb6UJh2TF6nnWcUmKKgB5sIdA=,tag:eZNlpZO4K2cNUnlvS1orag==,type:str] - neo4j: - env: - NEO4J_USERNAME: "" - NEO4J_PASSWORD: "" - imagor: - env: - IMAGOR_SECRET: ENC[AES256_GCM,data:EoUtgQJ9GHuhrt209iQMSs2SayaUJi1zIZC+TuEr4KQ=,iv:SU7KtV0izan3OUXN0A1vpmEPXdTogfBeEPzfcqdGIKQ=,tag:/IzzvWuFE/gHiZalXWshfw==,type:str] -sops: - age: - - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MjZ5RGI0YTFIbDk3MnBs - ODN3RUg3ZVhsS1dEeDdodFJaQzg2RjFpcm1vClNzV1NwdEFwaXJnclRNVTJIbzVk - VEc3YUV4eWJLb04valdNV216SnhtbzQKLS0tIHpuR2JGZWp0WnNUdStuL1ZLU0FK - eGEreGNJTnU1OTgxL2ljVVRjUUxraEkKvkV7G56/GtJLbLVHvrq+rJ8npBckvww/ - Tq7/k/YmGV764d3Zb0Vs6TNJhoOvKF6sK645wrFlSzVNj51UxkhWYw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWTI4M202SmlhbzJnckF3 - ODZrY3ZQQkRLZmQrNmg4Uys2d0JBWWJMWkN3CmNwUi9HT2VYd0paMnJScnFxSXB0 - YThaU2RqWFdHMXczQ1VmdFdJQmJSU00KLS0tIDk4TW5DdUNJY3dnS1JGQUluaTJw - d3ErbWdrZ2I3ZU1ZZGZBZ1JZU0lZMUEKnQHREjKUZ6a2+Es7SlLY46h4NPdeaE8c - w4My+za7IjGSyL6HKqxSBLUS4Q79cI3iBNu8SwikocmEkqQ/DWlC6g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTmhYKzUyUGJnRHhjTU5m - TVVFOGl5d3ZFYzE4U216a1YvVUlXTGFvYTM4CkZaMTcvRk1CVDJwek9TT0UvOWMr - SWNrb0pvYTZaTHM4aGRpcG9odDhyUm8KLS0tIEkrSmc4V2c0Q0ltWkdRZWQ5NFEr - Y1VWV0JTRjVmWUU4U1pTZkVhbTVLREEKvCxhsCX//e7XawyJG3XeCGLOUqxCx9No - To4JGg10ciWcW0eqyP5lQfwdlECkmPapNz8gaf40DVpPDij5Nja+zA== - -----END AGE ENCRYPTED FILE----- - - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaHh6b3hpbFJrcHl6eHl6 - MkZmNUJWSTJRUFVNOHJaYld3QWUwSy93aEFNCjZTZnNZRlJRR3VEeXROOFBmY2Qz - SHF2bWMvdm5zNi92SUFlc2FZcFl1Y1kKLS0tIG4wYzdKTWFKaExiTVlFa0tRdzVs - bGFuMlF6bkw2Z1lGNmZTV1R0ZEs2T0EK78at74wFk1B5OgeMSKrGLl3sNiwrzitL - 0kcMVyxfV68mpjb0Cw2WtEUo0jFmKFXi7H5FbJeoPrDG0QFvIvgfsA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYXE0V2pFYnU5Slk5Nk5j - Snh2UElZajhMZnlZTjVkcFBSMnF2VFJ6TG40ClBFQzV4SUpUZTZaSWpRdXNIdDBq - ZHFUSG5uUHU0bXhhcEpCejh2elM1M2MKLS0tIEovMDdrUEs5blNvL3R0VGVaMVhw - Q3V1UmU0OUtWRmRuQ1dtMFROUDF6NG8KRJRymV0GaOW7sENEqYogNK2HeArsuY8Y - lVWepYYDoeRWwu7kmzORaEnW6G4m0F3rADfwMrQVTNvZ+1Xn/yFOXg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbHhMUElKUWhFMERGVWpz - cFRwTVovOStYNUQ4czIxR25MUzNON2ZzRmc0CjNvOGd4bmdjWHhwdEMzTzJkQU1Y - SHJrZG1pQ3pmZnZxWXh4bjkwN3ZvVFEKLS0tIHRhVDgzUHNsMHYrV0RoWCtmR0Nl - Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY - pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-12T21:25:28Z" - mac: ENC[AES256_GCM,data:uyxe5nwAUIjif/tAADXYjP7MVFLUxReHkGkZOq8BK/0hecmj7uxGL0FOqzvWv1i84vy9sm1N4JrYxNjy60uHwHb9qwTuTzHeTTq1L+EnbHLJ7U3ES1g/ryqrXn2TNoIeMUVfvBwVu8B1kqtrVOxUNzxCBfqbC4FUj6tGt/4A6YI=,iv:2BN1wo6orOs3wMDhUSHRqAqWZ3miNF5igw/zPJ7Rco0=,tag:gu9cyHAuJKdNOwUj2dSX6Q==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/helmfile/secrets/ocelot.yaml.gotmpl b/helmfile/secrets/ocelot.yaml.gotmpl index 6400c26..a54c6eb 100644 --- a/helmfile/secrets/ocelot.yaml.gotmpl +++ b/helmfile/secrets/ocelot.yaml.gotmpl @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:I/zLWFDIFSBCN/13ESlOrdTZGUdqll59HW2j0QIBQuN8RTItJJ7CkfLeY5Yhvf5yLZur2WHrIXaWp/rDsmJYMPBRfybKaT1Qy2QPEF5sXEXIkmoDflADQxQ2lEVC+1jfTjlOa1wmkqY9DGE9ahcuNKG6cMIzi6ojnNpTwDSraBdna2sN/71Tu9aicnMr5mjpYRymHG9zPvWH1tfCmHXIXyuaJXPluSufL2gg14jIeYp1pGmcT6y53dKFGBuf+AwLqIw5tbreuEeP+iIUrJtPN5rx3FIklsOwY6/wxvrWPJ5osHnZ2aj7KFuDBmMNq4L89d9m92quYFCP0Fr3Dsy+dVniTfAHnyF1mVvDIqyF9ge21EqEW1MNdh7dVPBOQv7PJ0/Xwk026lZJGDse9DeeYMfsKZHhx4EpSTS+arDeEltYpwv5JuaNKn6iPOAGRSWPO0GjVGEZyiYn3ds2TW/GgI9p43GgmSn3nvgshDT5YttMmhVFoSk3R5WAHEevdMQ0gwqpNSTomCRFbNxT0MMPhcARpwhB/K1prKvLdrh2633zFT8iBiGEC1w4k28DsNjAH/vMJPo28FldmpCuYNCfaRs4UpkuQKXCFp6qLWk3BPafG4ffg91/snU29ULl1CkPYUIowhFVlHjSNIAAHVldMjnoXzyRDAyJpY/rWFmU2naBhXDrNac+Y+wG5Om9dmCbA2KO+wSHHiZ+eAm45OCzRI+5lgMoRs3CpuxaZIXNWRwlmrX6BtrwRJz1esDGqcNiuqT979DDQ3xLnU7jA8vwbYIORq6khuuo5ioZAAXcpfRyiOUmTSxPnssWmlImKPsEkR9TTDjWNs3gPH0srCcUe36m3qK2hiyL4NEKvt5aQ6YQz5lL,iv:b+f8fjc45Pv2Xysq/U6VWlZdvlHQd7ny/D4gQIgQS88=,tag:utEQ8CS/VGHBLUt0dcQUGA==,type:str]", + "data": "ENC[AES256_GCM,data:8yHUVzbD0M/dOMiDsovLW7am9aKVsaFJg49zHghEhxxxdgY3NmU95PDU1onhR7if/F/wD1aQI8EEJDvjHmHvXVgamZR2M3RW5TDd/fhFwAsZyPXQoQFYU8UKFZvtnMaZYuTB2Tt5B7g55O8ci+Z/GkjRB5OY89eQxcF5l3oeS+KhMNibkc92ZM1McHOPjalQUW4vEBzlnZoYHxQVpp35mRBPL+pVuPTZcaastx07Iva1p8DEM8/icwHQI2070ezQp9IxlV3rbpaCSCzKhBkIK3sEMPiSt5LEig/PBCQDLTRhyBtS4oagH1ql37Rft04h6kYqt6No6crKTFrB9N7C2HTUrQ46tpHrWApWdKSgCF+D14NY36CjqNZdR+Y6Vx8MjedTv4coQYJeUtp9aWIVwWdy8+ZuzyvvxXZr9DwS8UA0DiAJDYkYHE3KObdGHiGtwXRRwM1uc0eWZ3MPhgu/U6TsO1tPArAxXDyRP+Aa8V/X2JMDlIM6Zvfo2A3j+A4A1u9L+r5xNa1GBOAcSyBzruqmy1fh/nl/IvqILJxoby/2k7hMp7Ci06yrX+zoahs2ig0Nj+NSLyEqMWTYaOGNXT/2ON5S+HzBsneeQHgMrRu8mHuSCdbnqTrVXEyD7VmdP9t6rafmVKIMRVaWwTaf/m5YVSXPbISNFb96QhF+wahm8rXnj1K0pVnyiL/ZlpDAz5wfeIj6bTH+VT5KQE/GNDQbDPxgVbLl2a3Yz4DvR6m9LmkpBnPXErMyGSFcrGS2bYpBmE65RsWxoe/Sz9YQ7F8H2aMYy6b+/mikumEHCAvgYZcx04FBWLisj/Kx18tn02L6AzXizZJIrcxptujfxOWHo5xlxpp7/9xt1UvUwAxzYQU9ldZ7S2XR6kJBRwWU3wtYTMQZibxgry8MUlHZmVPOFr4cYEXGN6bKts19eioK6tgLDqTsGFn2CiXPNXtTSdpDAfamT58DbpYp50Qr/d/DMeH0qVsKKZ8nrzFCHDVpMrjkbAXiY4xN5FoZBhgc5hljV8nKZAzy0SuFAyaG4/O5xpPoNMnX3L9l/Btdje2lqCiUFqhODBXfiB03rsyW4SHl33MfKV3QnFf2SAaKIg7zQwRubnobd2/L9NbDOYr1/b0Z5CFs1ZP7HEBpWbGrJjb4zCRvZ2NP7dvnHiOc/+m4p45C2LuC7Eqi9r8TzIzM+QdtWNrZUC/ykuDisS4pVklm+efYlWulSPzK1S7MKMxIFlQJGIvvwE9o9zCMvmDuBL6U2zOA3sQZZxW0O++ww5V+CYN79DgfWe6LyQDLbRdx/2RV2p7xZrWy7GNQP25Jv96/wMkz97LcCOCblwB53oR50uUnhfsrwp0hMW84W9Yoac1sdAGCBudjPye686+A0IRB9WQUExGZvCxPW2LxmkBrV/vHoC7bhrM3Rzq6HFGKUKEfCNaLopF/2yXmmI2hBHG3RorOxa8odFMkk9pKgPbtJINI3X4RwbdW1+xs18c4ACQh3ZjyuAmZh/xMegpMz7ruuTATalFvzZseQ7e/OofVFUVazXpkFQWwOdbclXAnBcn6KTE/oUVLWt1Yg6/7k0ik18fHfKkde5SV4nwrQpIliYpJmtEtZ4qGLKxXJW7+TgWq+VwpAcvhJcXmWcZEHbEiZ5Tovpm93EQJLkCOd2IAHwTgE2MOhwsTRdyJlgpXlqM7GM18ihlgX73Pzz62hvOYOGPhpQypEC8ZCEC7repurhOldcQWJIqSRq4o32UDuVUDHr/nzaFSuDivlChWarSYMTp+ZIFLULJvC2wxgl9LOiGxJa2i0o4yWPzcQXEPiaif9fTnM5c7KeXR47tJ9WP6kTPbsgp0njBQYhifL1/o/0srSYUC03ojI/y1P9docEuXNsd47xyJWayt5SYaUIrf7/Ouu7Sk/7gcrHl2dD7PN6NZXwrVHH2zvPHcomEhDhAYN9tbc9s1MXkM6LgIH3QrTLiQXyPzkoHNFNwwFwyTsNytUaYnZdQLLNzVJgjJpMM4ie0Vk7H7ywBmUp8U07NbGwIvoVSF/kfogg++NLYLBps0c9doU2hHkkr4HjtLwh3pI8hPPOjjhynvFVlInG3eWR+9C7mDfEgvtLy9VR88NbLZKfErbVsdo61y57QEVBZaRna9SykPsjlJ+Gqw1RkkIG+E5NK/zaxj3iT30/y54FkTDzXU/YsPHPFnkDHN54vkDeK2fkPckuFWogie8rAkbhDgRy/SPSjKze3EP0fDzj5cAFYt2EqEOXSKMzSf+5ahV63RnX3MS4E1MqJ+WGuxjUOv8U45/o1scHjqV+FFpsJxZEyplJ9D99nIM6NXvK8bxU5NxmAMiZDpFX4YM1WHjqM10scu9DxIkV62sFzxFNUXjN40tHnkg9O/2aneOY0V0RiXHXP/YP8MpOfg2qn0QST9zE35j9FIecTPGwxEMyFmgEuu7+TlE731B9a7ALtMQGQqOWrhNbq6pokwlgZrgGCE0u24W4lrg3gAVZim1cG09bD9F5lBUPZyQsnMmcaY8xFzUlEiwRr+0tS8gBVdJvcxtckNyVnFekjDIpeiUxODoVRIEF6sH9t4oUTJJ9/3w3fua3twvXpC97aaiplviiJAYRZDvNPZuVT2lBJ67B7t32+zDI9hzBt7uhlk96QcoHnjCkZHZK+WmarH0lsBo8Z0N00vVqutiBPRXd0x/aQ81+mXlj/Anfde08g45Krq0OTlYC10brd22WmcQt7wxcHo8pMnbwLm4Dt7lij4exJqZXeDv+7MYebUWjX/wVK8gTWXX29LylsT/hP0qDGy8iuxoRPquljnO0eBQPI7AwmsoJxIP6PKHkJeRjo5kwW9KxQFFs3or8gg8EB/RixhsKC5E4nP2pxEUsasV5Mdp643eyDCUix9eXjugOTjiSmk6wSXM6dKA9RuKH1Hxk0zev+BKy2TgRJ2mUUCUv4K6ZeoNiakGG0PvZS7HyJ5+A1recylMYSp/qepxDmaZCUT5Xt1AEqEj3mGkRU2oY7nONkZ7va9wl9zb1oBb9idDSi28zSyEVvUAq/w,iv:7Yu5ZNp/PUQ5y0okED26WwmjVv+h/WfFEbyRDJDaNGI=,tag:tDdGnznUsFdWQ+molP7x7Q==,type:str]", "sops": { "age": [ { @@ -31,8 +31,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c2hEWGhkMFRHc1NhTHVh\nMzVRaTBLbk5oTUloZ1ZSR21oQ1N0K0J2WDNFCkxmVEo0aTRhNmxZSWN1OEdWTFRM\nRjM3YVkyRTBHTnZJMmIxUWEybHBiQXcKLS0tIG1ONkh2U215eW1ZdG5Hd2JiWG9T\naE9mWHhlS01QdUpHTjRVRDhrNGN1RDAKWpll0EIuBRpcDlVYYLGXzfiDvf3pwybI\nISoj8pSDJLttMHdrRq1ldzMCBPe31IA6mfvPVNwyO+T++8r34zoOKQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-12T21:19:11Z", - "mac": "ENC[AES256_GCM,data:FlWo5xyfUXXASo5p0fKTMytjaI+iJ3hzN9bEjp0b+Tf5T4un81yHG5ZgOuAgENVhtPsLQEyG/9RpRPQ+bjdx8BPV90JlkgPUxpX1vSOGnQynUfElJcynOSBEeZWaHf6AO6lEeNIfvnjIm7seDtY4zTl0IwwupzWZRecFMRbgfeo=,iv:b8YXL4wDK4JMk1o1rMlYucp1pAmDwRzdvUCR5Wh+5UU=,tag:lKTLR+efNOIhsFEYOKveIg==,type:str]", + "lastmodified": "2025-09-13T13:02:29Z", + "mac": "ENC[AES256_GCM,data:nCxBExLqc6Qs/LNr1y0kXXd9eWpVcWacKsEdbWA2WIiHJl9DUKye0nkH5kWYI6Nk/2KhBb9854TCiysFLRaJGw1zq87NacgOwYmsA2B5dT7jJ7wTX8qIIjhb4aErTssjiEpjx+CE5wUGtuCw5UpTvVUanCOFGmN/F8JA6iMaPdg=,iv:qgDq96Hrn1bzOHvjVqRLYEW4dQS58KtaAPFU/FgdZrQ=,tag:N5fFjhEShKxjOKsepdpVUg==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl index 7e5a3e9..2212dd8 100644 --- a/helmfile/values/ocelot.yaml.gotmpl +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -1,5 +1,5 @@ -domain: {{ .StateValues.domain }} -redirect_domains: {{ .StateValues.redirect_domains }} +domain: {{ .StateValues.deploy.DOMAIN }} +redirect_domains: {{ .StateValues.deploy.REDIRECT_DOMAINS }} cert_manager: issuer: {{ .Release.Name }}-letsencrypt-prod @@ -8,36 +8,36 @@ underMaintenance: false global: image: - tag: {{ .StateValues.image_tag }} + tag: {{ .StateValues.deploy.IMAGE_TAG }} pullPolicy: Always backend: image: - repository: ghcr.io/{{ .StateValues.github_repository | lower }}/backend + repository: ghcr.io/{{ .StateValues.deploy.GITHUB_REPOSITORY | lower }}/backend storage: "10Gi" env: NEO4J_URI: "bolt://ocelot-neo4j-neo4j:7687" - # PRODUCTION_DB_CLEAN_ALLOW: "true" - PUBLIC_REGISTRATION: "true" - INVITE_REGISTRATION: "true" - CATEGORIES_ACTIVE: "true" - MAX_PINNED_POSTS: "1" + PRODUCTION_DB_CLEAN_ALLOW: {{ .StateValues.ocelot.options.PRODUCTION_DB_CLEAN_ALLOW | quote }} + PUBLIC_REGISTRATION: {{ .StateValues.ocelot.options.PUBLIC_REGISTRATION | quote }} + INVITE_REGISTRATION: {{ .StateValues.ocelot.options.INVITE_REGISTRATION | quote }} + CATEGORIES_ACTIVE: {{ .StateValues.ocelot.options.CATEGORIES_ACTIVE | quote }} + MAX_PINNED_POSTS: {{ .StateValues.ocelot.options.MAX_PINNED_POSTS | quote }} webapp: image: - repository: ghcr.io/{{ .StateValues.github_repository | lower }}/webapp + repository: ghcr.io/{{ .StateValues.deploy.GITHUB_REPOSITORY | lower }}/webapp env: - PUBLIC_REGISTRATION: "true" - INVITE_REGISTRATION: "true" - CATEGORIES_ACTIVE: "true" - BADGES_ENABLED: "true" - NETWORK_NAME: "stage.ocelot.social" - ASK_FOR_REAL_NAME: "false" - REQUIRE_LOCATION: "false" + PUBLIC_REGISTRATION: {{ .StateValues.ocelot.options.PUBLIC_REGISTRATION | quote }} + INVITE_REGISTRATION: {{ .StateValues.ocelot.options.INVITE_REGISTRATION | quote }} + CATEGORIES_ACTIVE: {{ .StateValues.ocelot.options.CATEGORIES_ACTIVE | quote }} + BADGES_ENABLED: {{ .StateValues.ocelot.options.BADGES_ENABLED | quote }} + NETWORK_NAME: {{ .StateValues.ocelot.options.NETWORK_NAME | quote }} + ASK_FOR_REAL_NAME: {{ .StateValues.ocelot.options.ASK_FOR_REAL_NAME | quote }} + REQUIRE_LOCATION: {{ .StateValues.ocelot.options.REQUIRE_LOCATION | quote }} maintenance: image: - repository: ghcr.io/{{ .StateValues.github_repository | lower }}/maintenance + repository: ghcr.io/{{ .StateValues.deploy.GITHUB_REPOSITORY | lower }}/maintenance neo4j: image: