From d3b05b21772c1284eef97ac5847840c73608e6ef Mon Sep 17 00:00:00 2001 From: kirinnee Date: Sat, 10 Aug 2024 20:53:53 +0800 Subject: [PATCH] feat: switch to infisical --- .envrc | 2 +- .github/workflows/deployment.yaml | 22 +- chart/Chart.lock | 6 +- chart/Chart.yaml | 4 +- chart/README.md | 20 +- chart/charts/sulfoxide-bromine-1.2.3.tgz | Bin 2681 -> 0 bytes chart/charts/sulfoxide-bromine-1.5.1.tgz | Bin 0 -> 3039 bytes chart/values.entei.onyx.yaml | 5 + chart/values.entei.opal.yaml | 5 + chart/values.entei.ruby.yaml | 5 + chart/values.suicune.opal-ruby.yaml | 3 + chart/values.yaml | 11 +- flake.lock | 346 +++++++++++++++++++++-- flake.nix | 12 +- nix/packages.nix | 10 +- 15 files changed, 392 insertions(+), 59 deletions(-) delete mode 100644 chart/charts/sulfoxide-bromine-1.2.3.tgz create mode 100644 chart/charts/sulfoxide-bromine-1.5.1.tgz diff --git a/.envrc b/.envrc index b819d1c..8792cb0 100644 --- a/.envrc +++ b/.envrc @@ -1,2 +1,2 @@ -nix_direnv_watch_file "./nix/env.nix" "./nix/fmt.nix" "./nix/packages.nix" "./nix/shells.nix" "./nix/pre-commit.nix" "./flake.nix" "./parse.nix" +watch_file "./nix/env.nix" "./nix/fmt.nix" "./nix/packages.nix" "./nix/shells.nix" "./nix/pre-commit.nix" "./flake.nix" "./parse.nix" use flake diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml index 9385c25..601ca90 100644 --- a/.github/workflows/deployment.yaml +++ b/.github/workflows/deployment.yaml @@ -6,11 +6,13 @@ on: jobs: precommit: name: Pre-commit Check - runs-on: ubuntu-22.04 + runs-on: + - nscloud-ubuntu-22.04-amd64-4x8-with-cache + - nscloud-cache-size-50gb + - nscloud-cache-tag-sulfoxide-boron-nix-store-cache + - nscloud-git-mirror-1gb steps: - - uses: actions/checkout@v3 - - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + - uses: AtomiCloud/actions.setup-nix@v1.2.1 - name: Run pre-commit run: nix develop .#ci -c ./scripts/ci/pre-commit.sh @@ -19,12 +21,14 @@ jobs: needs: - precommit if: github.ref == 'refs/heads/main' - runs-on: ubuntu-latest + runs-on: + - nscloud-ubuntu-22.04-amd64-4x8-with-cache + - nscloud-cache-size-50gb + - nscloud-cache-tag-sulfoxide-boron-releaser-nix-store-cache + - nscloud-git-mirror-1gb steps: - - uses: actions/checkout@v3 - - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main - - uses: rlespinasse/github-slug-action@v3.x + - uses: AtomiCloud/actions.setup-nix@v1.2.1 + - uses: AtomiCloud/actions.cache-npm@v1.0.1 - name: Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/chart/Chart.lock b/chart/Chart.lock index a24fe87..c0c9c35 100644 --- a/chart/Chart.lock +++ b/chart/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: sulfoxide-bromine repository: oci://ghcr.io/atomicloud/sulfoxide.bromine - version: 1.2.3 -digest: sha256:f2fdc64db17b1f198bada642722a49910a615657a72622c2ed87e0b1683d8be6 -generated: "2023-10-21T00:49:01.799537+08:00" + version: 1.5.1 +digest: sha256:4ec580b8421d83638af37fe60a573a5bef09c0eb053dad1820a5e15c85492706 +generated: "2024-08-10T20:19:55.304944+08:00" diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 19923c8..003cda1 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -3,8 +3,8 @@ name: sulfoxide-boron description: Helm chart to deploy internal ingress controller with VPN access to internal services using cloudflared type: application version: 1.9.1 -appVersion: "2023.10.0" +appVersion: "2024.8.2" dependencies: - name: sulfoxide-bromine - version: 1.2.3 + version: 1.5.1 repository: oci://ghcr.io/atomicloud/sulfoxide.bromine diff --git a/chart/README.md b/chart/README.md index f9e4e93..c704e32 100644 --- a/chart/README.md +++ b/chart/README.md @@ -1,6 +1,6 @@ # sulfoxide-boron -![Version: 1.9.1](https://img.shields.io/badge/Version-1.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2023.10.0](https://img.shields.io/badge/AppVersion-2023.10.0-informational?style=flat-square) +![Version: 1.9.1](https://img.shields.io/badge/Version-1.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2024.8.2](https://img.shields.io/badge/AppVersion-2024.8.2-informational?style=flat-square) Helm chart to deploy internal ingress controller with VPN access to internal services using cloudflared @@ -8,15 +8,15 @@ Helm chart to deploy internal ingress controller with VPN access to internal ser | Repository | Name | Version | |------------|------|---------| -| oci://ghcr.io/atomicloud/sulfoxide.bromine | sulfoxide-bromine | 1.2.3 | +| oci://ghcr.io/atomicloud/sulfoxide.bromine | sulfoxide-bromine | 1.5.1 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | affinity | -| auth | object | `{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"OPAL_RUBY_INGRESS_TOKEN","secretStore":{"kind":"SecretStore","name":"doppler-boron"}},"internal":{"enable":false,"token":""},"secretName":"cloudflare-tunnel-token"}` | Cloudflare Tunnel Token | -| auth.external | object | `{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"OPAL_RUBY_INGRESS_TOKEN","secretStore":{"kind":"SecretStore","name":"doppler-boron"}}` | Use external secret | +| auth | object | `{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"OPAL_RUBY_INGRESS_TOKEN","secretStore":{"kind":"SecretStore","name":"boron"}},"internal":{"enable":false,"token":""},"secretName":"cloudflare-tunnel-token"}` | Cloudflare Tunnel Token | +| auth.external | object | `{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"OPAL_RUBY_INGRESS_TOKEN","secretStore":{"kind":"SecretStore","name":"boron"}}` | Use external secret | | auth.external.enable | bool | `true` | Enable the use of external secret | | auth.external.policy | object | `{"creation":"Owner","deletion":"Retain"}` | Secret policy | | auth.external.policy.creation | string | `"Owner"` | Creation policy | @@ -24,7 +24,7 @@ Helm chart to deploy internal ingress controller with VPN access to internal ser | auth.external.refreshInterval | string | `"1h"` | Refresh Rate | | auth.external.remoteSecretName | string | `"OPAL_RUBY_INGRESS_TOKEN"` | Remote Secret Reference name | | auth.external.secretStore.kind | string | `"SecretStore"` | Kind of the Secret Store: `ClusterSecretStore` or `SecretStore` | -| auth.external.secretStore.name | string | `"doppler-boron"` | Name of the Secret Store | +| auth.external.secretStore.name | string | `"boron"` | Name of the Secret Store | | auth.internal | object | `{"enable":false,"token":""}` | Secret directly inlined in value files | | auth.internal.enable | bool | `false` | Use hard coded secret | | auth.internal.token | string | `""` | Hard coded Cloudflare token | @@ -46,11 +46,11 @@ Helm chart to deploy internal ingress controller with VPN access to internal ser | secretAnnotation | object | `{"argocd.argoproj.io/sync-wave":"-2"}` | Secret Annotations (External Secrets) to control synchronization | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10000}` | Generate security Context | | serviceTree | object | `{"layer":"1","module":"tunnel","platform":"sulfoxide","service":"boron"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) | -| sulfoxide-bromine | object | `{"annotations":{"argocd.argoproj.io/sync-wave":"-3"},"rootSecret":{"ref":"SULFOXIDE_BORON"},"storeName":"doppler-boron"}` | Create SecretStore via secret of secrets pattern | -| sulfoxide-bromine.rootSecret | object | `{"ref":"SULFOXIDE_BORON"}` | Secret of Secrets reference | -| sulfoxide-bromine.rootSecret.ref | string | `"SULFOXIDE_BORON"` | DOPPLER Token Reference | -| sulfoxide-bromine.storeName | string | `"doppler-boron"` | Store name to create | +| sulfoxide-bromine | object | `{"annotations":{"argocd.argoproj.io/sync-wave":"-3"},"rootSecret":{"ref":{"clientId":"SULFOXIDE_BORON_CLIENT_ID","clientSecret":"SULFOXIDE_BORON_CLIENT_SECRET"}},"serviceTree":{"platform":"sulfoxide","service":"boron"},"storeName":"boron"}` | Create SecretStore via secret of secrets pattern | +| sulfoxide-bromine.rootSecret | object | `{"ref":{"clientId":"SULFOXIDE_BORON_CLIENT_ID","clientSecret":"SULFOXIDE_BORON_CLIENT_SECRET"}}` | Secret of Secrets reference | +| sulfoxide-bromine.rootSecret.ref | object | `{"clientId":"SULFOXIDE_BORON_CLIENT_ID","clientSecret":"SULFOXIDE_BORON_CLIENT_SECRET"}` | DOPPLER Token Reference | +| sulfoxide-bromine.storeName | string | `"boron"` | Store name to create | | tolerations | list | `[]` | toleration | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.1](https://github.com/norwoodj/helm-docs/releases/v1.11.1) \ No newline at end of file +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/chart/charts/sulfoxide-bromine-1.2.3.tgz b/chart/charts/sulfoxide-bromine-1.2.3.tgz deleted file mode 100644 index 95c25821051778341cf530e9b6832bd661f02aa9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2681 zcmV-<3WoI`iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH*eSK~JF`?LRwso8!C`@v2E0q*6!zCH@HrMn9~;I@6Y@7}Ir zj}tYr6poIr8Kn)j2 zq;!voJcd)0=QKh%lZYXlBEtLPm3i~8)uGmz>a|+L42jH;kP$gjIn@|OB5hsJ5p5lh zk{>V5e);}8`u4|>9Bu!+d6Hk8$bYKs?l*dfDSo}bd-D4KBEdCseKviw^7e;|t$1fU z-xnMD+c%eg+m7P=yT89ZQQ!90JT+sa=K*Al=tRi05-L1^0;vaO)Bs3DoHG+qOo;LT z7#XANf#2~x&#ga>sfj0q0pVO|8(fqLaU_n-mmZ=U4TQ&lmnM)ARs<}sGNuPt*9Fld zlA?)!v$0x0A0d)RG+MG|{e*HLj2X;WWEn&Gm6}FEJMPGa!{Wz+_}LK6=!6b(X=gU% zOx$hoW?qZFoy71Vh0rA>&|-uf5+Ub;bs4KYgYUw-5qND`qr8ujqsEe37$8S!msYGg zlj3sRm~J&Sykxn|ghHUo?IVF%3!{-<^8k2ty+I-4Vs^(2yvA`k$sfnZ2**9xKmO^b zHwPyl&W>Ln9F<(0V1g2Pgpf#)It|b5cjqK$+KP9^LoqkUss617(M%^XnF`r$rh7F7 zmy{kblObzO$Pg|_f81la(kLst_D2vBK2~3Zu#btMYUOg%5KC}GdEA5fUuUz`oWL=D zk1sTqU`f?1;!{V=zZT5z{~A*hSy8o)j?WHGLw%_qImdnZf4jTg*#EaTH@BDj|8u}0 zSDG+}F?=tyBr$%a;E)d_DieOR6wGWopPI`h{84b1|9==F%TTINXOB7x+~fbsU3TwlSfxB-d3+}cA3~ECuazujl5(AZ|D_7P zRDMY;ByzCm0)y!a_iRE0WGX{5=@@>?38M+c7)X}cMTg$c=!jcku9WOi$7Ct zb5T`!yXT@32@{Z*F%lv8|L=qU!GCbz*b`|gxZ`!9aN#f=vqNNQsD>@ee-Ey%;Eo_s zEHW(Fkc1BqUXIq`<+(Ah(v&K-41?<1dP-;uDlHR{MsR)Y_rN#L=jOStx4T$S$S~4E zzA4raR!p^!?C!M8YknhH7S4{*Ar-A@UG?hfh9ML9Ef*RalAfoM5>5sf2mP@lRGMvB zW4c3Am6FOL>Z+jsd3AO>;cC&z5MGE_O>C!y&L3dnO*08@)S)|i-z~plQ@q&-s5xNp z2@aVSvrH&T5!UQxDngz3iwcDuj>Z&X8 zy`=9K5B@>~=1k%D!8F|CcB zxH4~9JT*aaeu>WG42I*VBHmlE%h&**i5$3!{gbKXRyEXRUm62IP^|eij&EaogyV8` z01{K7XTq@px_zj`#0(9Bz zOqfn0HTh0QoQVig$5n;G1pb7wA}I$r+OV1EA(P3}wwTu6MPIqs|fZ*4aFf417) z<^BJ&zzY22?t1M_pHn+r43R@Wr!1y?02zr!WPmF4R^V(%6{tMRgwzVu5E+936MaaD zj)s&E)YTS`g!&{JLT-Ag?%#eUWGa}&qC6H_v%013cMqdid@0r{(|#cG^q-e-2o=q0i3y;{Cf?W8JLnho*y2 z4Q&zGBv*YB53p4r2NpM=JP|S_uAk-`rN<1vP8iXF`Yk6C*WioyXU#^wdnPdWK?Qx0 zId+?!jQ7kj!w)R_y>ocp({w}L-3#fhn5biNAvfud=vxjZ@bT*UBTOFI6lM5;S@u?^?~ico_xxIKjlb^O@=4FHcmDY6 zzQn}u@tm=B-_Gavu6&cu`#pcY_hgQae{GlZJRMVwW!t260!mA>kxt-aW6g%KXKQI{ z@>bj%RG4c>-f;H^w|g~tG6%aVOPn&p#nU%jH79n4+_2II*qGJi6LoFf$eXJM)YNqY zV}^|<>hQXmi(8GRW-Y(F-OEl|t+UrPVmmkep5O7;eb?3L_llUX?w9?b=2f|;`Rjf` z&F}fe{^peRdGx$Gc}zVWED-nU}pLS6_F|Js_Ow~Bjb)hfoVed>JauLigF|0CB(Ly-~o=zj&c z@BH7H%l~&e8_V@aW)kI1>L)!R`KkNz#lx=Gt!x_xk@<^Z$Rgw>Fmdf6oH9`+r8G nVZMm}-{bh-o*chjdj1lYu!JT2+2Fqc00960o+Dc zVQyr3R8em|NM&qo0PH(|bK5qu`J10&OQ)}Ko=HizWWUi&r{mi0tDD5>S-!M$nVSS6 zR}w0aU;)s!&eDDM8-Ty5pH5smxe@-bDRQycUF_a3Mk4wSg`_;}!u7sIqA35_bX#uI@= zP$QxsmI%_k1U^WgBt%3h6d@>X0Sr+=B={fbDUcC*bU?if(h5m{U6|8MOHCr|0*N9< zJ)#M+t}|L&ZpUp|Pc6)^u+7{5HDNKzhjajI?Ej#3a8R@VPOEvawg1OxJK#8Qtaw0A z7>|AEp}3|V!j(XDp@#_X(^vY=F0Z!X0@_IE8=5Yn{(B1Y7Ji=gBxEPxcK3z^pd2)G|J?NPLgvH%#F zpy-0#vMnp&-}kBZCxihBL#~W-k=n%(-`D@t2$SAGLLcx}J2Jvjhh>%ebm4B6BE291 zYX4XCRUG;Vo<*G5?$na5X}WVL*qmFr#af z+V|Gz)315o45VohoT~yCc#LAG;QX|a_;DC;G3UKA=WXfE37npR3ZLV+k0L~c8Sya0 z5QX726+>SR3;0HqZwn=Q@a*GSY_Wy#h#9zlKl!N z*)SVZvO)?QkTu4M7D7r!Y5WCf4P5f;-0#B4>+`dVs}Je>wf%b;!x@fr3Nk#svy;oS zt4tu5I6#4+hcFO4Nc3-RHNGY>OXj)|$Gi|i%oWwB8EU=-4oZ9%qow+_*;wmkWZMrv z$WlR?!4h>crg~Dbs|@RAqZ+-|f-<&S64l2O7E6Vq6fk`RF5qMNg$t)R&{&PiE$U(r zj%ld%Xzpt&2Jy+eT&m3dj{;%0?*W$m!gLY>d|2;-K52YfEp|kLYBDuCxe0}Xm@y6P+)y=gq!}lp7@iLd+uiTs z1r0qG`zuk{;OcGAZbo7xXs8BYe=D7DrJW&ji5PCmpp$cWVxlr2xeWE76ZkVGj1DOJ zK%&Sn?OMNKg51C>J%pYw34Qd4$-wad;Z?B}GE@yHGG77_2#f|a4FJ`MN_f$qm{~u) z=xJCjU>Tve>ssdn5Xg|oR6WvoQKp$d^NuRGp^WLsGM1W73B(YeQhSdnDinzha=pnu z=DL%DEd9QT=$Xv%JkK;>W92Pq%;k|FaW4~LC4DnGD=+U!TusBOxROCPH>Jgo74<94 ztM&_NmQ~NGncGxR5-3Lc$Tpf^17A#TovE_Cljk%O4O0*pG2$WE|7(N&!M?ZSIN?FS z!-Uq2+(iPJ5IaH^xN_7m^mpOz4pumclu0)uLy&NY@O-=n&#$$5WvW!lWob~mv~Ox? zk2Hqa%3EyAd#V`xOkoN;FeT1mF#hz=GWgy6uCvt#HGBE=hg4-7Ic}y zpD|Zhlk_~6fP`d-zSEy1h%&X!a*Qixs+3aOWV%Y=U+$bOM_f)iYQ!5MtB9?a&iOr5 zysjqB!Z}R#|EuMfE{cnlfa(oK=wVd_%C2#d2dal6spx@t9*;wnW;!=x)AT$}I$kVW zU#ehkk{y9sK(k?Vu)7RvSmwIq-!uGn`e1K_U``c2CH`9#|L3Wm4<>Q+$wxx#&VSmi zqiX!W-#j|pp8q~dE1&;n=LSxe%+o7DtB;DbtR&xfmO`X?)BqLni6Y%RNq=_-nf`1Z zg}?Brr@$s+Xv2$oSdbb*aqy5Bft@R-y$iPfY7B2SGv_*Ewc8u}P2 zXeSt|CpxRqRMwt3TsnmAnq#RvMSGd$&l8zyw>ZyaVsRQGp{OL_rO=so08m5>lOvi3 zo0z2&QI&nB4ggNd^DCSzBYTV!H%s_uYyt=jxGJP%B()rez(I~9MRBi@(@fWAkDk1k z%`C@ptovD2IekBGQg&(N{4~%61Yf46M}l8dA4MX++)OiZl30xj(Z(Uwu_j^1u^OES z)aWQ-vVbTZ36uEVj^|$Bo2n#OKDxMyThZRmr z!Lpm3)WdA%ECETMOH5*TO$84FEr3+`Ol-Y9r!gV?J&p9$+W}G2t(+{ zl=(CqLPWeV8KQKp9k?1%2{Mi%E|dg0LdIaocpn0yyb%qDdmxYzMXwPeqDH0nB=oHv z2yvL4slSK>4(KiVpnVg3v+Kg!kWGMxn3oDhD1d1{X1S-m56J?#18Iuj-ANC8Dx~EO zscM+N3Hg@W|CeZ(zuAk?u%Z8CKjn4UC=m6DH;yA1P=?Za>B^hPdg=Db*m~)zKtFRq zht|t~TRZTM2+Cs#=ci}Va#Po5xztC}NWcaE!*Z{s$9-&k4F_lQ_J4VHeER0h4Ib|N zevSQiI_*}y{&&B*-TysG+gVU&Ykl+nU8S(LDEp(q(3K-|h@j)xKJkaxNP!&#>(Edy z^(3jM`$4J+!|w--C`bMo6M?(%&HJl*A@7<2G`v#+-(-yAdL{FkF$#FcfUh0HvL2=y zdUY+dwWGa`j#VscYKp|Bpv3{xtWL;0<;ncArj=U9De%6bUx;&5x;@Lo>HSnUH9xh|wG z$y!!zWu7!m#sd|^E~a9IZB>lwlj~#6u;nws>a3Vs26oqO*?V?!1Hta53&)=c{bwbNKEnXa$nenujXJVUvu=s)#p1WYZ3hJX_rEYyNL?OI zZa@1f*t+~ryLC8M|F^yW^*F6|rz%gTcEKos1>hwPw+mVq)?d4#+&6p3MHiQx>|^yB zQGTJMxct%k`|F?H{(gRX_Tl{P>G{Rkhw6=)>gA1P!0EM^?UjWUZJqr`g#G3Af6(5q z+kfleXlwtE(e7ja5n*4U{XeyYzwEZg{zcrMJc9k#?|&b)4!8CHkJ9d8|5_KmLi_*H zBk-qf%kBS`1QGl6qQ6pGXaB8Eef>Y|9BkwNM`_FLKce0!o?HLRcAaJ!7nyU(CV#wq h`{w-OY-@(wwr$(CZC_OTPXGV_|Nme&_kRFR002sl1f&1} literal 0 HcmV?d00001 diff --git a/chart/values.entei.onyx.yaml b/chart/values.entei.onyx.yaml index 77987c3..058adc2 100644 --- a/chart/values.entei.onyx.yaml +++ b/chart/values.entei.onyx.yaml @@ -11,6 +11,11 @@ auth: refreshInterval: 1h remoteSecretName: ONYX_JADE_INGRESS_TOKEN +sulfoxide-bromine: + serviceTree: + landscape: entei + cluster: onyx + replicaCount: 1 autoscaling: diff --git a/chart/values.entei.opal.yaml b/chart/values.entei.opal.yaml index afec363..61ab3d9 100644 --- a/chart/values.entei.opal.yaml +++ b/chart/values.entei.opal.yaml @@ -11,6 +11,11 @@ auth: refreshInterval: 1h remoteSecretName: OPAL_RUBY_INGRESS_TOKEN +sulfoxide-bromine: + serviceTree: + landscape: entei + cluster: opal + replicaCount: 1 autoscaling: diff --git a/chart/values.entei.ruby.yaml b/chart/values.entei.ruby.yaml index d59078d..47eba99 100644 --- a/chart/values.entei.ruby.yaml +++ b/chart/values.entei.ruby.yaml @@ -11,6 +11,11 @@ auth: refreshInterval: 1h remoteSecretName: OPAL_RUBY_INGRESS_TOKEN +sulfoxide-bromine: + serviceTree: + landscape: entei + cluster: ruby + replicaCount: 1 autoscaling: diff --git a/chart/values.suicune.opal-ruby.yaml b/chart/values.suicune.opal-ruby.yaml index fedac2b..49caa9e 100644 --- a/chart/values.suicune.opal-ruby.yaml +++ b/chart/values.suicune.opal-ruby.yaml @@ -4,6 +4,9 @@ serviceTree: # -- Create SecretStore via secret of secrets pattern sulfoxide-bromine: + serviceTree: + landscape: suicune + cluster: opal-ruby annotations: # -- Helm hook to run helm.sh/hook: pre-install,pre-upgrade diff --git a/chart/values.yaml b/chart/values.yaml index 6f0edc9..b332b17 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -7,14 +7,19 @@ serviceTree: # -- Create SecretStore via secret of secrets pattern sulfoxide-bromine: + serviceTree: + platform: sulfoxide + service: boron annotations: argocd.argoproj.io/sync-wave: "-3" # -- Store name to create - storeName: doppler-boron + storeName: boron # -- Secret of Secrets reference rootSecret: # -- DOPPLER Token Reference - ref: "SULFOXIDE_BORON" + ref: + clientId: SULFOXIDE_BORON_CLIENT_ID + clientSecret: SULFOXIDE_BORON_CLIENT_SECRET # -- Secret Annotations (External Secrets) to control synchronization @@ -50,7 +55,7 @@ auth: # Secret Store to reference secretStore: # -- Name of the Secret Store - name: doppler-boron + name: boron # -- Kind of the Secret Store: `ClusterSecretStore` or `SecretStore` kind: SecretStore diff --git a/flake.lock b/flake.lock index bb11881..3e90208 100644 --- a/flake.lock +++ b/flake.lock @@ -3,6 +3,35 @@ "atomipkgs": { "inputs": { "dev-atomi": "dev-atomi", + "dev-atomi_classic": "dev-atomi_classic_3", + "dev-npkgs": "dev-npkgs_3", + "dev-npkgs-unstable-05-Jun-2024": "dev-npkgs-unstable-05-Jun-2024", + "dev-npkgs-unstable-05-Oct-2022": "dev-npkgs-unstable-05-Oct-2022_3", + "dev-npkgs-unstable-07-Feb-2024": "dev-npkgs-unstable-07-Feb-2024_3", + "dev-npkgs-unstable-11-Dec-2022": "dev-npkgs-unstable-11-Dec-2022_3", + "fenix": "fenix_3", + "flake-utils": "flake-utils_6", + "npkgs": "npkgs_3", + "npkgs-unstable": "npkgs-unstable_3" + }, + "locked": { + "lastModified": 1720858656, + "narHash": "sha256-k/EE+GrQYP0BDYhdS/YWULMNrewZm4Y7+wWncal4Udk=", + "owner": "kirinnee", + "repo": "test-nix-repo", + "rev": "164d6fd91e41410bfd0d8737ec77388346045665", + "type": "github" + }, + "original": { + "owner": "kirinnee", + "ref": "v27.0.0", + "repo": "test-nix-repo", + "type": "github" + } + }, + "dev-atomi": { + "inputs": { + "dev-atomi": "dev-atomi_2", "dev-atomi_classic": "dev-atomi_classic_2", "dev-npkgs": "dev-npkgs_2", "dev-npkgs-unstable-05-Oct-2022": "dev-npkgs-unstable-05-Oct-2022_2", @@ -28,7 +57,7 @@ "type": "github" } }, - "dev-atomi": { + "dev-atomi_2": { "inputs": { "dev-atomi_classic": "dev-atomi_classic", "dev-npkgs": "dev-npkgs", @@ -97,6 +126,27 @@ "type": "github" } }, + "dev-atomi_classic_3": { + "inputs": { + "flake-utils": "flake-utils_5", + "pkgs": "pkgs_3", + "pkgs_25_Jul_2021": "pkgs_25_Jul_2021_3" + }, + "locked": { + "lastModified": 1689236000, + "narHash": "sha256-MEqyIPlD4ueJji6FtfDs8qqZifM9hyYH1svBs3oxrrc=", + "owner": "kirinnee", + "repo": "test-nix-repo", + "rev": "2d9d80544d2e81ff736fa23345ad0a9cc5a6c8ab", + "type": "github" + }, + "original": { + "owner": "kirinnee", + "ref": "classic", + "repo": "test-nix-repo", + "type": "github" + } + }, "dev-npkgs": { "locked": { "lastModified": 1704290814, @@ -113,6 +163,21 @@ "type": "github" } }, + "dev-npkgs-unstable-05-Jun-2024": { + "locked": { + "lastModified": 1717196966, + "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", + "type": "indirect" + } + }, "dev-npkgs-unstable-05-Oct-2022": { "locked": { "lastModified": 1664847737, @@ -143,6 +208,21 @@ "type": "indirect" } }, + "dev-npkgs-unstable-05-Oct-2022_3": { + "locked": { + "lastModified": 1664847737, + "narHash": "sha256-Wxl0CtRH3Vo8+qEZ/PbCcx+9D8wEEi56tJPmROum2ss=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "de80d1d04ee691279e1302a1128c082bbda3ab01", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "rev": "de80d1d04ee691279e1302a1128c082bbda3ab01", + "type": "indirect" + } + }, "dev-npkgs-unstable-07-Feb-2024": { "locked": { "lastModified": 1707092692, @@ -173,6 +253,21 @@ "type": "indirect" } }, + "dev-npkgs-unstable-07-Feb-2024_3": { + "locked": { + "lastModified": 1707092692, + "narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "faf912b086576fd1a15fca610166c98d47bc667e", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "rev": "faf912b086576fd1a15fca610166c98d47bc667e", + "type": "indirect" + } + }, "dev-npkgs-unstable-11-Dec-2022": { "locked": { "lastModified": 1670681895, @@ -203,6 +298,21 @@ "type": "indirect" } }, + "dev-npkgs-unstable-11-Dec-2022_3": { + "locked": { + "lastModified": 1670681895, + "narHash": "sha256-kZH9DSU36W4fn1z81a/24JCGkU517TcY50VE0RFJ9k4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f82f0ec1b70b2879c3f3d9a1015a05c73a90a17c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "rev": "f82f0ec1b70b2879c3f3d9a1015a05c73a90a17c", + "type": "indirect" + } + }, "dev-npkgs_2": { "locked": { "lastModified": 1704290814, @@ -219,6 +329,22 @@ "type": "github" } }, + "dev-npkgs_3": { + "locked": { + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "fenix": { "inputs": { "nixpkgs": "nixpkgs", @@ -257,6 +383,25 @@ "type": "github" } }, + "fenix_3": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "rust-analyzer-src": "rust-analyzer-src_3" + }, + "locked": { + "lastModified": 1706941198, + "narHash": "sha256-t6/qloMYdknVJ9a3QzjylQIZnQfgefJ5kMim50B7dwA=", + "owner": "nix-community", + "repo": "fenix", + "rev": "28dbd8b43ea328ee708f7da538c63e03d5ed93c8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -349,6 +494,24 @@ "inputs": { "systems": "systems_5" }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_6" + }, "locked": { "lastModified": 1705309234, "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", @@ -363,9 +526,27 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_7": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_8": { + "inputs": { + "systems": "systems_8" }, "locked": { "lastModified": 1701680307, @@ -418,18 +599,18 @@ "type": "github" } }, - "nixpkgs-sep-24-23": { + "nixpkgs-240810": { "locked": { - "lastModified": 1695360818, - "narHash": "sha256-JlkN3R/SSoMTa+CasbxS1gq+GpGxXQlNZRUh9+LIy/0=", + "lastModified": 1723175592, + "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f", + "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", "type": "github" }, "original": { "id": "nixpkgs", - "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f", + "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", "type": "indirect" } }, @@ -467,20 +648,36 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1695360818, - "narHash": "sha256-JlkN3R/SSoMTa+CasbxS1gq+GpGxXQlNZRUh9+LIy/0=", + "lastModified": 1706732774, + "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1723175592, + "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f", + "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", "type": "github" }, "original": { "id": "nixpkgs", - "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f", + "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1704842529, "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", @@ -496,7 +693,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1705856552, "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", @@ -560,6 +757,22 @@ "type": "github" } }, + "npkgs-unstable_3": { + "locked": { + "lastModified": 1707092692, + "narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "faf912b086576fd1a15fca610166c98d47bc667e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "npkgs_2": { "locked": { "lastModified": 1704290814, @@ -576,6 +789,22 @@ "type": "github" } }, + "npkgs_3": { + "locked": { + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "pkgs": { "locked": { "lastModified": 1643805626, @@ -636,12 +865,42 @@ "type": "indirect" } }, + "pkgs_25_Jul_2021_3": { + "locked": { + "lastModified": 1627107260, + "narHash": "sha256-CwvSwz3kvpp7uEFyOj2Dq6bdtY6P2N0Bzd7ZVgsIICw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "537678cb1ead06fca831077c3b193566cbc3f406", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "rev": "537678cb1ead06fca831077c3b193566cbc3f406", + "type": "indirect" + } + }, + "pkgs_3": { + "locked": { + "lastModified": 1643805626, + "narHash": "sha256-AXLDVMG+UaAGsGSpOtQHPIKB+IZ0KSd9WS77aanGzgc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "554d2d8aa25b6e583575459c297ec23750adb6cb", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "rev": "554d2d8aa25b6e583575459c297ec23750adb6cb", + "type": "indirect" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_8", "gitignore": "gitignore", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -661,9 +920,9 @@ "root": { "inputs": { "atomipkgs": "atomipkgs", - "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_3", - "nixpkgs-sep-24-23": "nixpkgs-sep-24-23", + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_4", + "nixpkgs-240810": "nixpkgs-240810", "pre-commit-hooks": "pre-commit-hooks", "treefmt-nix": "treefmt-nix" } @@ -702,6 +961,23 @@ "type": "github" } }, + "rust-analyzer-src_3": { + "flake": false, + "locked": { + "lastModified": 1706875368, + "narHash": "sha256-KOBXxNurIU2lEmO6lR2A5El32X9x8ITt25McxKZ/Ew0=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "8f6a72871ec87ed53cfe43a09fb284168a284e7e", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -792,9 +1068,39 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1707300477, diff --git a/flake.nix b/flake.nix index 8fcbe81..2c861db 100644 --- a/flake.nix +++ b/flake.nix @@ -6,9 +6,9 @@ pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; # registry - nixpkgs.url = "nixpkgs/e35dcc04a3853da485a396bdd332217d0ac9054f"; - nixpkgs-sep-24-23.url = "nixpkgs/e35dcc04a3853da485a396bdd332217d0ac9054f"; - atomipkgs.url = "github:kirinnee/test-nix-repo/v23.0.1"; + nixpkgs.url = "nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b"; + nixpkgs-240810.url = "nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b"; + atomipkgs.url = "github:kirinnee/test-nix-repo/v27.0.0"; }; @@ -23,7 +23,7 @@ # registries , atomipkgs , nixpkgs - , nixpkgs-sep-24-23 + , nixpkgs-240810 } @inputs: (flake-utils.lib.eachDefaultSystem @@ -31,7 +31,7 @@ system: let pkgs = nixpkgs.legacyPackages.${system}; - pkgs-sep-24-23 = nixpkgs-sep-24-23.legacyPackages.${system}; + pkgs-240810 = nixpkgs-240810.legacyPackages.${system}; atomi = atomipkgs.packages.${system}; pre-commit-lib = pre-commit-hooks.lib.${system}; in @@ -44,7 +44,7 @@ }; packages = import ./nix/packages.nix { - inherit pkgs pkgs-sep-24-23 atomi; + inherit pkgs pkgs-240810 atomi; }; env = import ./nix/env.nix { inherit pkgs packages; diff --git a/nix/packages.nix b/nix/packages.nix index 7cb5a4a..caebbf9 100644 --- a/nix/packages.nix +++ b/nix/packages.nix @@ -1,4 +1,4 @@ -{ pkgs, atomi, pkgs-sep-24-23 }: +{ pkgs, atomi, pkgs-240810 }: let all = { @@ -6,13 +6,12 @@ let with atomi; { inherit - infisical pls sg; } ); - sep-24-23 = ( - with pkgs-sep-24-23; + p240810 = ( + with pkgs-240810; { inherit coreutils @@ -25,6 +24,7 @@ let # lint treefmt + infisical # infra k3d @@ -41,4 +41,4 @@ let in with all; atomipkgs // -sep-24-23 +p240810