diff --git a/flux-applications/sorasaki-hina.yaml b/flux-applications/sorasaki-hina.yaml index 1f3859e..74871d9 100644 --- a/flux-applications/sorasaki-hina.yaml +++ b/flux-applications/sorasaki-hina.yaml @@ -12,3 +12,7 @@ spec: sourceRef: kind: GitRepository name: applications + decryption: + provider: sops + secretRef: + name: sops-gpg diff --git a/sorasaki-hina/.sops.yaml b/sorasaki-hina/.sops.yaml new file mode 100644 index 0000000..2fc872c --- /dev/null +++ b/sorasaki-hina/.sops.yaml @@ -0,0 +1,4 @@ +creation_rules: + - path_regex: '.*.yaml' + encrypted_regex: '^(data|stringData)$' + pgp: A638A6B54530D54E868F9D3238736C662F799E0D diff --git a/sorasaki-hina/kustomization.yaml b/sorasaki-hina/kustomization.yaml index e518e85..ed71123 100644 --- a/sorasaki-hina/kustomization.yaml +++ b/sorasaki-hina/kustomization.yaml @@ -12,3 +12,5 @@ resources: - deploy.hina-backend.yaml - svc.hina-backend.yaml - ing.sorasaki-hina.yaml + - secret.backend.yaml + - secret.dcbot.yaml diff --git a/sorasaki-hina/secret.backend.yaml b/sorasaki-hina/secret.backend.yaml new file mode 100644 index 0000000..81bc719 --- /dev/null +++ b/sorasaki-hina/secret.backend.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: hina-backend +data: + BOT_ID: ENC[AES256_GCM,data:lxAh/WBSdfNeCOKCQ7tgO3iHg9UgGCE73X0LFQ==,iv:0qpg/SHBkyNa3oTcjjtSFSK9ou1nzwOF7dQCxDSbSv8=,tag:mxQmjji0HhyFlgMf96BQpg==,type:str] + BOT_TOKEN: ENC[AES256_GCM,data:vbqkyRmoExQvFvk0NSF/Hyq7aTgz2KaFjn1+qxUJAf/zg4I/57uoiEBLKMsZcQbiZhcvcz+XcyOyKRQ1wIhD2ar4spnALlOKErqugNcjY3HsBHpVuPrPlacjsnJbvbFw,iv:ET7JTVupM68pwFULW+pZ/r3pUGh3odTkDRl9xSfDhIU=,tag:CynsFC2Ho5zwCf9dbAfYLg==,type:str] + GUILD_ID: ENC[AES256_GCM,data:9o+W9tgwef8ADxPp2FyTPsVe2szPOZ4Y,iv:bl44Rw1WoKoRO2mNho/X0pzT4H3UX2st5OhEEjCiKKM=,tag:Nihl1jVbFJf7j9zp+wN1KQ==,type:str] + ME_ID: ENC[AES256_GCM,data:j/AxTVfCZ91hdbUp8LxH1Nkbp6psY1fP6niIlw==,iv:WWcCX/LY8qJee8hklQVHB/YvBMKMRrM2bRn9q/Zk9ro=,tag:TvVJe4llXJW/82EsI+p11w==,type:str] + MINIO_ACCESSKEY: ENC[AES256_GCM,data:DeWiQ8etAc4=,iv:MCvoOkUoEk7XIV2obkIZvzpT1jZ36vSr1vz91T8bdrg=,tag:rYmewq/8LyMgZIpSR93lUA==,type:str] + MINIO_SECRETKEY: ENC[AES256_GCM,data:Og0fwVEr8sigmWYSsaMPVRgC36M=,iv:AwqR6tRxDghDMTsG+Nj0Tp9c6PatM7DPpOCktlISgAQ=,tag:+FAQaSCb0D/Gyc3xISIP6A==,type:str] + MONGODB_HOST: ENC[AES256_GCM,data:ewotDNsXxawHIAc3kPNP4czfgl0r2XsK,iv:YB527mxFQa4gLPjKaeXZkE1PdxeMlZcjCG2PKW0+iBk=,tag:QjAotDN3MTiUoW+ECw6m9A==,type:str] + MONGODB_PASS: ENC[AES256_GCM,data:U8Ia2UXxVlUhIw6JhWYujG+vQlWY6txS4GGo3Q==,iv:8jynQfs1dcP9N0W/AGZGvtIzGiGJ/n4sR1YNj8IlaK4=,tag:gcYn6yf4W8EACPD6WPZ6iw==,type:str] + MONGODB_USER: ENC[AES256_GCM,data:khQoTWvmCGU=,iv:002X6g/L7stf3UAmn29jtdgbFx0dNsNslq4jHo8UHoM=,tag:x5bTDrUSKb9Cyv/VG5XgzQ==,type:str] + MY_ID: ENC[AES256_GCM,data:ByxxIqHw7+OXvTFCQQSMpKYfuANQafuy,iv:hc/maHumyOyTPmK49gHg5tQu6gQe2Fgs5RBVNe36qCo=,tag:tKujJRWLF05Kc77uCnq5Bw==,type:str] +sops: + lastmodified: "2025-07-30T07:18:20Z" + mac: ENC[AES256_GCM,data:6RRSIs0HKy8ONK1BjEL6y60bX8Aa1QClFN8xeDe5NLT+NNAmcubeYOfEl1whDmebhbAtWt4RzYp/WEGJX98LnhiqGjyXqAp8sQZZjJmZNy0rgVW0T80pn6nhk30p0EDn4IXAcTYqi2Kuga9M5gzJew/2d5Qfo3jz3norqtWI1KE=,iv:Ad8q/dN1EZRlKMpjmOEuVHvt+jofmuj/tb+v3eJpfrM=,tag:LuXk51YuYONnaj8/ZGb+iQ==,type:str] + pgp: + - created_at: "2025-07-30T07:18:20Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA+nT7MSlwYOAAQ//cjH6wlgxBuVhsvJ7lsVjyXDgBfuRKwGz5fwn7y878xI6 + 6ItSf6cBgEsJEUPcCJPQ8Z1RJHtSMhEMyFdwAk45nSjyFzsRKNYtDKLHpYprVqxi + EyGzN04B/Z5sawIjSQ20Cdp6FLcNVlGl26nZvAeUkjU68umi6DrXulSyipyCrVnA + f+YODmfcC1hHBu55C17k4ri1/EFvtpfLVeFiAQn2nsI0JWLBrEJg7L6ypLnKaGQH + g208/8mpD38/3xOShn/apKayFDMT3Nc8FELrCezZdbWu8/sGRXLJ6TbDnB1Er4aS + SQGthpY0vqlg5HAaqfRI0QQeMNiDSKZMRdQmnpsxe8FU2TFJggpR8pwlEy/ChL5L + X2Sm7PnOKRjLv8z/9mso4S7LNPO5Aaq/Om/V7TpZiXTk1Kwao9vPEEt+uV9GRj9f + w1zjEVql3iFiICkDGsuGP6HiSeRbu94a6kjmYHf4OnweUdZKvgg5Yk5qIdMnVHE4 + uPusOQaDTIhvM9voFgBH/ge0uk8nTJQPcKVi/br3HDMvLEpt7YJDWYfutfOdSk3g + QfXTPN+L7xqVxyGwzWHhgT2TAW+S+lCWI3St5W+NJer4MxKzLUDSEYzXehC/v1Lm + 9hJt8TlqckWidtQgdxb9pxdr6MxYyWOXGrcInGo16fZh0aRvLTW38zHJe1AIzHLS + XgHDSUmkmF0Ssm2HK5g7c988bV2yF+3tvs8tOhvh9Xwt5TI3Gvyj7UHqnj6wR+AL + mHZlN054PisZQrJtzCCjXrc0GnGyH5HoapzbUX23ANE3IB//IjjxJDDwX/q+9I8= + =2Vv/ + -----END PGP MESSAGE----- + fp: A638A6B54530D54E868F9D3238736C662F799E0D + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/sorasaki-hina/secret.dcbot.yaml b/sorasaki-hina/secret.dcbot.yaml new file mode 100644 index 0000000..4ac73c4 --- /dev/null +++ b/sorasaki-hina/secret.dcbot.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: hina-dcbot +data: + BOT_ID: ENC[AES256_GCM,data:8ed5LZWrYzAraY/WPqtM3Nfq68fSwvgZ+tsbUg==,iv:x67nlpCAlJ14DK/Zuu9xeHT1WWF9E5pJ7VjGcx1P6JQ=,tag:BXCQnGD3xQK361p8g0Wo8w==,type:str] + BOT_TOKEN: ENC[AES256_GCM,data:f1dcD8RGSWNoyiKUhZjjNtOs/u0HY0l0OfVHIUU/NUlSOCs3EyEd42fYr20RNSH3HEIANjHL2UMPCqwEEakMW9P3dWUDhCvwi0VhIs9RGWLshBueb6daXhrXW+nbGOt3,iv:hi9I6Nr6c2/6jeHrr9a3Be3ZL0zK/dx6BzZOVDrF7fM=,tag:JduwfiCNP2hcEeiSARJQ3Q==,type:str] + GUILD_ID: ENC[AES256_GCM,data:OAUHPXjMRZen1uCFW2ZORdZJgv6aPI0B,iv:VKwkaAwnZvMiQMib1rUacvktt43LmQVRnyZ6CA1OJlo=,tag:A3+KrYyOMzo6v/rG38Vkrg==,type:str] + ME_ID: ENC[AES256_GCM,data:aYP7ZaZtiLYViq67s2lELvPfMHJfLnq1hll7VA==,iv:KyW+NWSg/M3byylxguLKwfl76/Olt4OZgYbkMViM/6Q=,tag:8FeBlaqdPq/ZyDXsv1fzMQ==,type:str] + MINIO_ACCESSKEY: ENC[AES256_GCM,data:ZFRbO11Lqcc=,iv:Dw7znSmG3KMx6Z6acuWPruiS06YAY+tH/qtovh2u8uc=,tag:65D9Ka5rDYp1uTeHrjc4Yg==,type:str] + MINIO_SECRETKEY: ENC[AES256_GCM,data:j85/St7hDttWe5M9bugHWRMM8cE=,iv:/R8vMYNrGIiRioSXK4jFDLMUePSEK/m164HtQBO2Ryk=,tag:U1LETtSRKXgdy1ERV7ydxA==,type:str] + MONGODB_HOST: ENC[AES256_GCM,data:eexMFuz2mPygyundxo16DOhk62L8F8En,iv:NB6ue3KKxWWs4tCGyQn39KhgQsF6AC62PTiNGpvnOfA=,tag:c9in4HLFCafUwIhgzgg36w==,type:str] + MONGODB_PASS: ENC[AES256_GCM,data:EcHa9CoVvhY6tbRK6RIbgTVzht8jiNRBtR3+/w==,iv:hTNORFw46+GKj6hc2RvAgD4+Q+zfzlpYrVRMg8+o2q8=,tag:xFPTlzYasAVQlQeybaoFDA==,type:str] + MONGODB_USER: ENC[AES256_GCM,data:NmRFNtqnfl8=,iv:RA1CM5NLyWm1gnirsFF6biwqTSZw9f305haz8d2QHvI=,tag:+kDcs3sMQYxmdvqYoD6xjA==,type:str] + MY_ID: ENC[AES256_GCM,data:vr2ZphTiF6vkrZm4FiOAUNKL7MQ0wFgl,iv:UgfvfT3xWPXxZEMea63y/sUzr7oizk1flUT8Fj6Nlmw=,tag:rzQQwCPnI/axDURPheQh7Q==,type:str] +sops: + lastmodified: "2025-07-30T07:18:22Z" + mac: ENC[AES256_GCM,data:S/uk022IcCUpvU41VzYPIpTzXwzuVXiJn1wTGirKd80xRa3JfM/ThdPrmzsPtPQWzUCdBoWuayrb5+rCb8+JMp/pefRqb+P6T02Jz54Ehk0J/9Zc5i9AM+K9RrtR0jbY3amETjD61KcBxnACr6CDvsaeIdRYdmEzAX4gIGw/orc=,iv:OhDl1fOMCsGjnayh07d7ryb99cIPhu2UZendmhgD8Eg=,tag:0FLkSeCA+V/Z7kR0aM9UBg==,type:str] + pgp: + - created_at: "2025-07-30T07:18:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA+nT7MSlwYOAAQ/+JlWAQOgCImaMSu2dIyQ4YKObIzJYHIzl+H2vBF2zwPpw + EsMtVvJxiujuhNEoBkaZMqDUycqTzHf1DXvE3ihNFDnF8cp2AwneaL5C+VQw7bHK + /N+3uyzFj9vfoIqzXPI4j0zxSV/pappyuAUn2UDSI279kPdCQC4T7wT1Kli/8zGg + 30EOMUZD3OUJxDHPQmebns3oGlsMtBiIeonYKwngyZKhDxv4TQhef476JQMsp0KP + w5RWplbzWe6orezSkEl/CUVzIrsocaiOhD2YGDvJzsYUojSI38wTYy95gP9sRN3B + ie9oNv9thBtedPwOb1aGGbVckQOHtrsSgy6Fw7AL9+WD29XXeAsqXYNd9xxoQaLY + f+qVpHUSbIruysBW8LWLmrMqrqw+qgrWzW5otT5sFqbErmV1AFxr4NsZ67ksXIm4 + 9Zkq+eWW7ZEvxkdglgMwoc5wbEdLmOIV+aPiAfjfjOcwRtnObWDTdAVc0Ut1Kf6P + trbcD85Q9uPMtTJU/FjyM19Llcu59oQMKKFn3Ivqzxtm/qq9P/+I04WzQb4D67OC + dATyQkXE++oQmf3veXFODWpmyR9ySZWJRxgogP2dxXc/4h+cXjynAsbK00shnn+t + NmZTa9O2e5O9B0FN4KHuPHDNjnq0PtMK3WmwtYzB0IldddGeCbxJ8WKNZ6HgOEHS + XgFxVbtn01Uxoj1wec+8Rwo6RNA3YaSCS2DRF0hSEPxev/zzGBmtX0Yb7+kfLN6p + Jpj+DUkDJ3WBhqen0oLIlo4T9jnt7idtesu4N94Y6v0qcPnwi4B+TbFBsWxiLYg= + =Rr7+ + -----END PGP MESSAGE----- + fp: A638A6B54530D54E868F9D3238736C662F799E0D + encrypted_regex: ^(data|stringData)$ + version: 3.10.2