diff --git a/provisioning/cloud-init.yaml b/provisioning/cloud-init.yaml index de4736a..2b56705 100644 --- a/provisioning/cloud-init.yaml +++ b/provisioning/cloud-init.yaml @@ -4,17 +4,17 @@ package_upgrade: true package_reboot_if_required: true users: -- name: ${username} - groups: [ sudo ] - shell: /usr/bin/zsh - hashed_passwd: ${user_hashed_password} - lock_passwd: false - ssh_authorized_keys: - %{ for key in user_ssh_public_keys ~} - - ${key} - %{ endfor ~} -- name: git - lock_passwd: true + - name: ${username} + groups: [sudo] + shell: /usr/bin/zsh + hashed_passwd: ${user_hashed_password} + lock_passwd: false + ssh_authorized_keys: +%{ for key in user_ssh_public_keys ~} + - ${key} +%{ endfor ~} + - name: git + lock_passwd: true packages: - apt-transport-https @@ -34,18 +34,18 @@ write_files: - content: | #!/bin/sh GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2) - kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" /bin/sh "$@" + kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" /bin/sh "$@" path: /usr/local/bin/gitea-shell - permissions: '0755' + permissions: "0755" - content: | #!/bin/sh GITEA_POD=$(kubectl --kubeconfig /home/git/.kube/config get po -n gitea -l app=gitea -o name --no-headers=true | cut -d'/' -f2) - kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- /usr/local/bin/gitea keys -e git -u $1 -t $2 -k $3 - permissions: '0755' + kubectl --kubeconfig /home/git/.kube/config exec -i -n gitea $GITEA_POD -c gitea -- /usr/local/bin/gitea keys -e git -u $1 -t $2 -k $3 + permissions: "0755" path: /usr/local/bin/gitea-keys ssh: - emit_keys_to_console: false + emit_keys_to_console: true ssh_pwauth: false disable_root: true @@ -77,7 +77,13 @@ runcmd: - chown -R ${username}:${username} /home/${username}/.kube - chmod 600 /home/${username}/.kube/config # Dotfiles - - su ${username} -c 'curl https://raw.githubusercontent.com/LordMathis/dotfiles/main/install.sh | /usr/bin/zsh -s -- server' + - | + su ${username} -c ' + cd /home/${username} + curl -fsSL https://raw.githubusercontent.com/LordMathis/dotfiles/main/install.sh > /tmp/install_dotfiles.sh + chmod +x /tmp/install_dotfiles.sh + /tmp/install_dotfiles.sh server + ' # Helm - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh @@ -87,10 +93,9 @@ runcmd: - mv kustomize /usr/local/bin/ - chmod +x /usr/local/bin/kustomize # Sops - - curl -LO https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 - - mv sops-v3.9.0.linux.amd64 /usr/local/bin/sops + - curl -LO https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.2.linux.amd64 + - mv sops-v3.9.2.linux.amd64 /usr/local/bin/sops - chmod +x /usr/local/bin/sops - # Install and bootstrap Flux + # Install and Flux - curl -s https://fluxcd.io/install.sh | bash - - su ${username} -c 'export GITHUB_TOKEN=${github_token} && flux bootstrap github --owner=${github_username} --repository=${github_repo} --path=clusters/prod --personal' -final_message: "The system is finally up, after $UPTIME seconds" \ No newline at end of file +final_message: "The system is finally up, after $UPTIME seconds" diff --git a/provisioning/secrets.enc.yaml b/provisioning/secrets.enc.yaml index c1184bb..f8e98d0 100644 --- a/provisioning/secrets.enc.yaml +++ b/provisioning/secrets.enc.yaml @@ -1,10 +1,10 @@ -username: ENC[AES256_GCM,data:qJXed8c=,iv:dGFC8UnSfWCTFgyNmksaKVSBkSpimhbR5yRVXi2nQow=,tag:PB/5INPqD/PiOScixN1doQ==,type:str] -user_hashed_password: ENC[AES256_GCM,data:hbxVZ8/YXLmz0p8umwX3IUy5IFfb3VPai3JjrLzE8Jj7QHWcYj8IhjzanCWRCSKWdoQi+9RgbrxMBTkXjs+4OYl/krBOhSNTTR8kZASSoaUQRBuY655aLoCAHRD+3v1/4Wu61JeNik9u6Q==,iv:vo7++SuaSCZo9jIgkZ9Tze57yeri0qtFfgdEsLDQxCU=,tag:R7hP2rfbhpR4VwbvnclMBA==,type:str] -user_ssh_public_keys: ENC[AES256_GCM,data:6LZ/9n61otgYXyFJL6OIoiazYyltt4OHM8oO3yaFmuYI/P22JsayGXSM2TVK5RUXUZrhxVOnFt23AkhfbmD62PgF0PoIQPmNxkPAOnsrj/lTcNiwBOyl/N15xtSungdOtP21o2k8Fbdh+LOCj7VWcZx3kibDqiBtxAAeR8Dchx+dIoSsR6li0/JcTCbbbA5Da09zsNJQJMXGo1gCyzUDyT7HLre+DEmHZ5MAaeCHQ9wGvNLsHngP5AEDM/uBEDhJap4/pQ==,iv:vpq6a6BG8t+KI5bmwKm0uMtWhNnUmpMif2oon1+OpxE=,tag:Nx15fkrg0X5RNufaJ7golQ==,type:str] -domain_name: ENC[AES256_GCM,data:nBo6h6tt3T2H,iv:+JKlfTBwapwJRVo3tp/LExRbNDj1qeURUXeFhR1fcE4=,tag:Pq4jpAMNeDUze8RA1NkoJg==,type:str] -github_username: ENC[AES256_GCM,data:n0Ny1oQ9zj5vug==,iv:rLytoaTItOqKo55Da82lMyxPt20bPMly840Ks7R5Yh4=,tag:ws5xNltx331xTDeQKpKDHA==,type:str] -github_repo: ENC[AES256_GCM,data:SpkdFGSgCwpRJOc=,iv:hbuqxj1aCdHC93l7TlB1vGJiZnww0/LD6eQ0qXq/4po=,tag:r6rJ/YKrFmDZGlPKmKXk6w==,type:str] -github_token: ENC[AES256_GCM,data:X8BsxGukFwfOVdCQQvvWxbIIctwDrZvLGs3+qiUrS4lJkLwpAvYPlw==,iv:XrRGAGEh7YmCyxess/1Yqqc8jQGgSkp2js8+HzLakTc=,tag:ARwToRhx+iyJAQnajbWCfg==,type:str] +username: ENC[AES256_GCM,data:xoigb84=,iv:rZMb7IAITp2PQkTzn91sjjEpy+NnGlT5R6qEGZ7XtLk=,tag:e/3I0w4PTTpu0xw37fQC/g==,type:str] +user_hashed_password: ENC[AES256_GCM,data:59Kht3ENNeOV0WQRIoX426HNihhuuc1RDYM8WF6nWLBXBs0YhQPvBSEGYjJwpO+P5ZiCHbb6w+1NHgSI2h7FmI3k8w8epodUTY5CQyDibG/PKF3IhlkXeWXJ41JDP96IGNWhMMQiVNsIb4DpyFELiu7xC3ggkA==,iv:b/zA+T5ONGv8251ljBER9rIsvpw6eFQOlgWo315VoEI=,tag:u//kZEU/cS2d6K4dIajRuQ==,type:str] +user_ssh_public_keys: ENC[AES256_GCM,data:uzw2NMc9CiNLyNJyjtlowPWTRRKGB1W2DVzHXxRraIa7zvN8h81bVr+kDuro+0wpzcVKFHB51yJ1ZfHiFmZrNLb4SwUavLPpNIuQIldgrmoyqMC5pWQCtKRTDnWTOn2370OIj6zpXZejUH/58XdXqBGVLaDz+8D7lk5u2eajDw98A6apOYWyC+R7LGO5nvTelEXndQ7mnz2+5k9Fq/AzbuzaE2l0o7fz5H3Ph+DhVSV4aVxkd0D/10lV8GBBEyMo,iv:8DyDxn+ocAi2rZHYEqGFI9U0Ftmp+4KZl84zvHjfpAU=,tag:vRpA2scqweJRnclXs9/3eg==,type:str] +domain_name: ENC[AES256_GCM,data:TSNuG6PTDWwY,iv:hphsK1t/Ma8ZqHxkU29FXpXCp+vcLmZVb9DUhe+W4hM=,tag:bRfGvtqdYhY2txLzyMYZtw==,type:str] +github_username: ENC[AES256_GCM,data:Wym1wOWdzS89kQ==,iv:LSCMO+D+yYoqJV3CAkYd5oYkFYYyBRT4MVs0kFAAB6s=,tag:T34UFbd1n6x8dil+8UvvRw==,type:str] +github_repo: ENC[AES256_GCM,data:AiHlbMJB8QVJie8=,iv:+IbbDHNSA9liSmve5gDZgA5PhKs9MUPl2Brk/aQbSaw=,tag:r+loYZAfjJhZvo7DEGJ+yQ==,type:str] +github_token: ENC[AES256_GCM,data:YT+No478cc2gt/b6PXoL6HDCfruzo5PtZWQoLr2RLogwYpkAhIHwWQ==,iv:BeKPob0gXdFp9iPrO1hIikL296gMqOMBgPhMLfbIIp0=,tag:cvyTy+6o8ZzMbHKHR8i1BA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReloyQkVsZDhVclh2N2lj - SDRlaHNqdkYxcytBWFNScUdVdTd4ZFZBdHljCkVJMXB2azBqcUFmVWdKR3d6dnR5 - TEFhZ2lVN3VXM3dmdk9YTGp6djhXem8KLS0tIFBEOExUdFp6NWhvYzVQN1hBcDZz - eU1ISWMvdTVMWnYwL2Y0cnRhUjdlbWcKnZJLl5K+SyjQl84rLKaHUWq6N/XbY+yZ - Bluc2JTQYZecCZSi+Y6Bt/7TjI8298pmP6MlqhH5lJPUF3vruxXiqw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSk9xeGtHd25EL0IyTzVn + RWhENmhsWHpYZ3NITmpadHBQTmVLVFU4bUVvCk1DTVdoajN1QmVCSUNKbnVoMDhh + dnViMWRSdEZOWkhONENaTXVKSTNDTlkKLS0tIHZCNU1MM2ZRRnRwZXA3VWRtUEVi + Q2ZBRjRDRG9Ob2RZMk9xN2lpcVpPMGMKKCRXGXxg35M8lLecffyLx5YBFpzdA6ZC + G0z5YKT/mkjjG8oL4BktaNGF9xYMeuoDPCfjl7AVfMD0VvrnbVC8bQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-22T17:26:55Z" - mac: ENC[AES256_GCM,data:N8hqHkpgV5h3WNbbAlM6wPEQYlvzZx83JPeb+OB1KQkmY/7fMaWH9KgFt0CdrGMyN9LE55lMYkmmmn4clhIR/3h5c3sUMbl2OWBc9ggTTGnWmu3rohrJR5WF+3OXnhD04/e/azjNsBTILRT08Beg+QzgKFAApWgN8kCOk2iTaHU=,iv:dhm/OADE0aAVq8kIU/gc6XOaC6nLpeJSaEiRk+87zrc=,tag:Zqz86ugFIvFPQxzPooFPCA==,type:str] + lastmodified: "2024-12-22T21:26:25Z" + mac: ENC[AES256_GCM,data:y2Q1Og/kP7bvpgf/rYBjsaPDixdlThcgYkx4WgCuRzrFoVukhk3IePQUXX67ahM9awIHHW8uL+c+DWibRF8gUnYphuZ/l9BlJqNh+wO6Q5HEYNHUUe0Wc12pAo482zJBlIcgKCEUp5qLkoohfNkLN/ki620BHQSutnJaIpJq9cg=,iv:dMPQkb4y8hKFw2OHaeTLaiF014ZXYm/d6k6veug/hvU=,tag:DFQ4o1u2qtE58yKllj2brQ==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.9.0