From 99f17c71aee680102657988b69cf7e6caeeb0195 Mon Sep 17 00:00:00 2001
From: "AB from home.homenet" <home@hexor.cy>
Date: Wed, 11 Feb 2026 21:22:13 +0200
Subject: [PATCH] Added secrets

---
 .../{deployment.yaml => daemonset.yaml}       | 12 +++++++--
 k8s/apps/mtproxy/external-secrets.yaml        | 25 +++++++++++++++++++
 k8s/apps/mtproxy/kustomization.yaml           |  3 ++-
 3 files changed, 37 insertions(+), 3 deletions(-)
 rename k8s/apps/mtproxy/{deployment.yaml => daemonset.yaml} (82%)
 create mode 100644 k8s/apps/mtproxy/external-secrets.yaml

diff --git a/k8s/apps/mtproxy/deployment.yaml b/k8s/apps/mtproxy/daemonset.yaml
similarity index 82%
rename from k8s/apps/mtproxy/deployment.yaml
rename to k8s/apps/mtproxy/daemonset.yaml
index cd30ab7..cf06ade 100644
--- a/k8s/apps/mtproxy/deployment.yaml
+++ b/k8s/apps/mtproxy/daemonset.yaml
@@ -40,14 +40,22 @@ spec:
               mtproto-proxy
               -u nobody
               -p 8888
-              -H 30443
+              -H $(PORT)
               -M 1
               -S $(SECRET)
               --aes-pwd /etc/mtproxy/proxy-secret
               /etc/mtproxy/proxy-multi.conf
           env:
             - name: SECRET
-              value: "4ef8819478eb9c8928ab741300235a8e"
+              valueFrom:
+                secretKeyRef:
+                  name: tgproxy-secret
+                  key: SECRET
+            - name: PORT
+              valueFrom:
+                secretKeyRef:
+                  name: tgproxy-secret
+                  key: PORT
           volumeMounts:
             - name: data
               mountPath: /data
diff --git a/k8s/apps/mtproxy/external-secrets.yaml b/k8s/apps/mtproxy/external-secrets.yaml
new file mode 100644
index 0000000..f60e412
--- /dev/null
+++ b/k8s/apps/mtproxy/external-secrets.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: tgproxy-secret
+spec:
+  target:
+    name: tgproxy-secret
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        SECRET: |-
+          {{ .secret }}
+        PORT: "30443"
+  data:
+    - secretKey: secret
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 58a37daf-72d8-430d-86bd-6152aa8f888d
+        property: fields[0].value
+
diff --git a/k8s/apps/mtproxy/kustomization.yaml b/k8s/apps/mtproxy/kustomization.yaml
index 7691f9f..faa2752 100644
--- a/k8s/apps/mtproxy/kustomization.yaml
+++ b/k8s/apps/mtproxy/kustomization.yaml
@@ -3,6 +3,7 @@ kind: Kustomization
 
 resources:
   - ./app.yaml
-  - ./deployment.yaml
+  - ./daemonset.yaml
+  - ./external-secrets.yaml
 # - ./storage.yaml
 # - ./service.yaml