homelab/k8s/apps/vpn/external-secrets.yaml

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: outfleet-secrets
spec:
  target:
    name: outfleet-secrets
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        TIMEZONE: Asia/Nicosia
        POSTGRES_DB: outfleet
        POSTGRES_HOST: psql.psql.svc
        POSTGRES_PORT: "5432"
        POSTGRES_USER: outfleet
        CELERY_BROKER_URL: "redis://localhost:6379/0"
        POSTGRES_PASSWORD: |-
          {{ .pg_pass }}
        SECRET_KEY: |-
          {{ .secret_key }}
        EXTERNAL_ADDRESS: |-
          {{ .external_address }}
        CSRF_TRUSTED_ORIGINS: |-
          {{ .external_address }}
  data:
    - secretKey: external_address
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 760ed4c1-8441-4f11-ac88-aa3717d4b092 # Outfleet
        property: fields[1].value
    - secretKey: secret_key
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 760ed4c1-8441-4f11-ac88-aa3717d4b092 # Outfleet
        property: fields[0].value
    - secretKey: pg_pass
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 2a9deb39-ef22-433e-a1be-df1555625e22 # postgers-users
        property: fields[1].value

---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: outline-config
spec:
  target:
    name: outline-config
    deletionPolicy: Delete
    template:
      type: Opaque
      data:
        SB_API_PORT: "1285"
        SB_CLIENT_PORT: "1257"
        SB_API_PREFIX: |-
          {{ .api_prefix }}
        PROM_USER: |-
          {{ .prom_user }}
        PROM_PASS: |-
          {{ .prom_token }}
        shadowbox.crt: |-
          {{ .cert }}
        shadowbox.key: |-
          {{ .key }}
  data:
    - secretKey: api_prefix
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 760ed4c1-8441-4f11-ac88-aa3717d4b092 # Outfleet
        property: fields[2].value
    - secretKey: cert
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: c4549690-945d-4bf0-af09-a178c7711f87 # Outline cert
        property: notes
    - secretKey: key
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 353eae71-4828-431b-9c65-dc1a8fd61ef6 # Outline key
        property: notes
    - secretKey: prom_user
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 7cec6228-7dca-45a9-9eff-6b27a47cdfd3 # Outline prom creds
        property: login.username
    - secretKey: prom_token
      sourceRef:
        storeRef:
          name: vaultwarden-login
          kind: ClusterSecretStore
      remoteRef:
        key: 7cec6228-7dca-45a9-9eff-6b27a47cdfd3 # Outline prom creds
        property: login.password