From a5c12c9eb1ee749d0e099e367e9b741ecbb07f67 Mon Sep 17 00:00:00 2001
From: LordMathis <matus@namesny.com>
Date: Thu, 31 Jul 2025 21:15:45 +0200
Subject: [PATCH] Add llamactl-proxy configuration

---
 apps/base/llamactl-proxy/kustomization.yaml |  7 ++++
 apps/base/llamactl-proxy/namespace.yaml     |  4 +++
 apps/base/llamactl-proxy/service.yaml       | 12 +++++++
 apps/prod/kustomization.yaml                |  3 +-
 apps/prod/llamactl-proxy/ingress.yaml       | 16 +++++++++
 apps/prod/llamactl-proxy/kustomization.yaml |  7 ++++
 cluster-vars/prod/secret.enc.yaml           | 39 +++++++++++----------
 7 files changed, 69 insertions(+), 19 deletions(-)
 create mode 100644 apps/base/llamactl-proxy/kustomization.yaml
 create mode 100644 apps/base/llamactl-proxy/namespace.yaml
 create mode 100644 apps/base/llamactl-proxy/service.yaml
 create mode 100644 apps/prod/llamactl-proxy/ingress.yaml
 create mode 100644 apps/prod/llamactl-proxy/kustomization.yaml

diff --git a/apps/base/llamactl-proxy/kustomization.yaml b/apps/base/llamactl-proxy/kustomization.yaml
new file mode 100644
index 0000000..146f3d4
--- /dev/null
+++ b/apps/base/llamactl-proxy/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: llamactl
+
+resources:
+  - namespace.yaml
+  - service.yaml
\ No newline at end of file
diff --git a/apps/base/llamactl-proxy/namespace.yaml b/apps/base/llamactl-proxy/namespace.yaml
new file mode 100644
index 0000000..82ae514
--- /dev/null
+++ b/apps/base/llamactl-proxy/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: llamactl
\ No newline at end of file
diff --git a/apps/base/llamactl-proxy/service.yaml b/apps/base/llamactl-proxy/service.yaml
new file mode 100644
index 0000000..9803293
--- /dev/null
+++ b/apps/base/llamactl-proxy/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: llamactl-proxy
+  namespace: llamactl
+spec:
+  type: ExternalName
+  externalName: ${LLAMACTL_INTERNAL_IP}
+  ports:
+  - port: 80
+    targetPort: ${LLAMACTL_INTERNAL_PORT}
+    name: http
\ No newline at end of file
diff --git a/apps/prod/kustomization.yaml b/apps/prod/kustomization.yaml
index c9aa92e..1dd4228 100644
--- a/apps/prod/kustomization.yaml
+++ b/apps/prod/kustomization.yaml
@@ -6,4 +6,5 @@ resources:
   - gitea
   - lemma
   - ghost
-  - dashboard
\ No newline at end of file
+  - dashboard
+  - llamactl-proxy
\ No newline at end of file
diff --git a/apps/prod/llamactl-proxy/ingress.yaml b/apps/prod/llamactl-proxy/ingress.yaml
new file mode 100644
index 0000000..3dcec4c
--- /dev/null
+++ b/apps/prod/llamactl-proxy/ingress.yaml
@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: llamactl-ingress
+  namespace: llamactl
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`${LLAMACTL_DOMAIN}`)
+    kind: Rule
+    services:
+    - name: llamactl-proxy
+      port: 80
+    middlewares:
+      - name: "auth-authelia@kubernetescrd"
\ No newline at end of file
diff --git a/apps/prod/llamactl-proxy/kustomization.yaml b/apps/prod/llamactl-proxy/kustomization.yaml
new file mode 100644
index 0000000..8a0bbb0
--- /dev/null
+++ b/apps/prod/llamactl-proxy/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: llamactl
+
+resources:
+  - ../../base/llamactl-proxy
+  - ingress.yaml
\ No newline at end of file
diff --git a/cluster-vars/prod/secret.enc.yaml b/cluster-vars/prod/secret.enc.yaml
index 833ed39..d5b2937 100644
--- a/cluster-vars/prod/secret.enc.yaml
+++ b/cluster-vars/prod/secret.enc.yaml
@@ -4,29 +4,32 @@ metadata:
     name: cluster-vars-prod
     namespace: flux-system
 stringData:
-    DOMAIN: ENC[AES256_GCM,data:hByh9FaUl7/O,iv:6t1ffAIfjtEOFazJLl/Z6CV+m/XYIwZmvkifzcTdZSA=,tag:ed8Ya+MbdFylYlaN9zmspw==,type:str]
-    DOMAIN2: ENC[AES256_GCM,data:jKNLvvWjL0crLQ==,iv:C6dxML68X4F+NZ+XWX0P+93XUO3Y5gyboNDiX6+8OwM=,tag:Ck2mnCZXKlnicRJuuX7vZg==,type:str]
-    GITEA_DOMAIN: ENC[AES256_GCM,data:h/c+AoLVU4YF6jhjfQ==,iv:069auYUU4/02rwzanZ4a6NjT8wLtiomgf99fy8EKxdM=,tag:s+ucBGonm09YMCgtzfN1TA==,type:str]
-    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:zNrUMFcRycNGx6yn6HI=,iv:lulV5b06SzarEpdqFpCBkD7RUwjCKu6Xl5WZ/3omM9A=,tag:hqEI8I+0yhxdXvuj87bqBA==,type:str]
-    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:+ZZIUlkI0y1kp1vjgxTJdpc=,iv:xFU0CApWQJVXFwxWOrnrHoMBDiebwxIaNw4pMk/0mg0=,tag:4NWEuSjTz4GLAw2e7imEIQ==,type:str]
-    LEMMA_DOMAIN: ENC[AES256_GCM,data:E9Ca6TKCEC/8tIwMALhB,iv:6XzbMS3mwQPLWo0bzz4jfT9TKsndqJsOAI1zePKq3gQ=,tag:JWyF8Vlh9EJn6C/2ENQ4og==,type:str]
-    GHOST_DOMAIN: ENC[AES256_GCM,data:Jjxz44sjjzKT13C+DJVGjg==,iv:NAjMkxD4vKzgL3tR96PS7tZuhVEGIROO8JAg2F52Yv0=,tag:B7Of55BFt2Bv+al74lyC+Q==,type:str]
-    K8S_DASHBOARD_DOMAIN: ENC[AES256_GCM,data:wqnr7CoBAel+eYFNUg==,iv:zKCIqAgfRS4ZCKtU4Gte4QcujlygR2z9QEuZhnuYMFk=,tag:o2Rlc5sYjXfNz9M2g9EMmg==,type:str]
-    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:iTeIQ/EhY2TwH+dAwvZir3TMZaHtb8g=,iv:eE2iwYO3b+V1xlbbSOr5gS+lP9meOq6s0916qgFjJHQ=,tag:nc4c/JL9DruDDj+kj0/TWg==,type:str]
-    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:YQe6qkqu0J/VXaq8ff2Eaf0=,iv:CBsAS9Iwvsh80HAK41WprM26nEvN6GUotcLBrGRXHko=,tag:hmJ5bGNFDB+qfc0UOrLnAw==,type:str]
-    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:5G8CLASYsd2hOSQLtWfo+z8=,iv:b3Ku5oXxqBk3yPdul0WQCc61IG0Vkv9wmq6zu0C0F+M=,tag:mPGBqGfBQUdjXoo/dxUSow==,type:str]
+    DOMAIN: ENC[AES256_GCM,data:jIu2DVtdBDS6,iv:j3eDAY3LEC+UY5qSM2AbcOp6sLWOpE9ZxiYTM66Fq3Y=,tag:sPZ2Z5sbCQb1rDRJC12LWg==,type:str]
+    DOMAIN2: ENC[AES256_GCM,data:xOhhhx9rof7rbQ==,iv:Kz2Yo4fFe0MBVETqsdi9HBv0enLAEHkGnxcq6SvqKb0=,tag:7XHqkfw9MZXtM2O7+rmP3w==,type:str]
+    GITEA_DOMAIN: ENC[AES256_GCM,data:iZu8VIIsf5id2lI9fA==,iv:EQkbIS/c3M50QaIswSLeYzv3k9oXKUGYp4Rbp1Po0oQ=,tag:obGpMil1JmXDLJoWsl3RYQ==,type:str]
+    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:efvxiqH4Xgx29b/yrsg=,iv:nMFkh0uiPg5qr0uU/CV3RW2fe2ucRDA+Q/DlbBh7NnA=,tag:Dq/7RbzoTMIRb+SjZqzGyA==,type:str]
+    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:lB/czTCvA8QjCpiXBuiKOxo=,iv:umrYjX0nzutrhigOjdfDXD/hIGCPQiotDmWjpdxrATA=,tag:JRXbieXvXfW0KEbXLRYNpQ==,type:str]
+    LEMMA_DOMAIN: ENC[AES256_GCM,data:PCFMX/szv8zw5uywj9CW,iv:wMNs0UWEhiHKK7C2MnrKCHMZu5xzGRhTCxXhn+CEEuc=,tag:0xNw/3GCjWEHtVczq8Q+IQ==,type:str]
+    GHOST_DOMAIN: ENC[AES256_GCM,data:A4aQ+cA+pwOXs4fDWKfKUw==,iv:fLtDLUpa1g4vhkIpJl7s/1ndoAKfWwEo7EJkzMobl+E=,tag:vFZdWj4JmKjKO4tCJOZMfg==,type:str]
+    K8S_DASHBOARD_DOMAIN: ENC[AES256_GCM,data:BEuW2FuPLjvYALo07A==,iv:SWdQm9TqiEcNYDYdtgQ8sFzIFCh4MzE4y4g3zSdMW+o=,tag:VV6ZvYA2gxYMsYc3VdMaag==,type:str]
+    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:ROOumTFavn1VZI/CHTTUyvmCbuDGMJQ=,iv:XsHyu5th7JgaruqvWlHI1pG2NpMxtQsQOrmQYqJ4oUc=,tag:quAahRcsuslbb+L2ihwagg==,type:str]
+    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:fTF2cOxKT/AaDKUSxPV8fVI=,iv:fCsHOPBSgV+EV3xINN/WAnfXv+0Cv5o72ecUtawXnrY=,tag:5uWHsNnXTTmBERMNzY1Icg==,type:str]
+    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:YL05tAOHPrAFc6Iol5fId1I=,iv:y2+hIWo1cS8nBHyJjQ0Ay4/Evef34vDOnBT/OwMiny0=,tag:9DBBqLvvljsDRay4MTZx5A==,type:str]
+    LLAMACTL_DOMAIN: ENC[AES256_GCM,data:X1+WrSR4wnzadpnztbQyncBA,iv:/WVpPrCnNQ75ikz62wS08/M+4M2ByuWArp28WYgNVG4=,tag:F7D8+0atZpkHYFt/571eug==,type:str]
+    LLAMACTL_INTERNAL_IP: ENC[AES256_GCM,data:95WdatcQtNRuqiWV+oY=,iv:Y1QdWH+PcoLh1LTFbvaA4BFQunk8Lq8+zo4vR8e1PfY=,tag:I3s1LxZZ70htaJp1SXhPiw==,type:str]
+    LLAMACTL_INTERNAL_PORT: ENC[AES256_GCM,data:Y2ScMg==,iv:dvQpB/eIuoseZwd1yczZzm0jmgHgSEiT5405g0iWxdQ=,tag:XmVA/Da+R3AbPyVhcCXC/Q==,type:str]
 sops:
     age:
         - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5MGdOcC96c1lTRkcreExZ
-            WkNTTmUrTkZjeXk3azJJQzJ6U2FyTEdlb0ZrCkhuL1VhUXJLYjJGWld3dE41aXRr
-            MXZ6bGRzY0V4ZjBVaWFSdG83Q01RTEUKLS0tIHpLTTZ6Mk03RExGaUJqejlkai9S
-            b0t0UkVkKzZUQUNGcVhYZlBhVG96RE0KPlLg5voWGR99kDA/rK174RxshYkCFeV8
-            lkNgdv3KQWy2BgVfkk9IbxRKjIDYKCS79d2lsyAtnCN/H2LFshB/Fg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5M1V6aDFjLzhsUU8rd3lr
+            T0d4M080TDFXelV3a3FmUFNkZEdrbmk2cVZ3CjVscW92eGZRQXZhNWltSUZzZnZj
+            b3ZGYzdVM0pyUE1lSmZlMGM3bEF6Z1UKLS0tIFdWR2IvcUJiaGR0T1FLV0tpU0tY
+            SWhxaGkrWUZ2MURpemlRSWNqcDFKL1kKyfoWnUhfjKVhO4b6wYIfx+qeOymAm5iK
+            AKG6zJCugwd/tft0V0rj0udaCLE45CE66DHloX3l+pXQYXzbIDoDyQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-14T19:54:02Z"
-    mac: ENC[AES256_GCM,data:/oGIJAb+suk+xTcTaRDbJCjwBH6W3Ed7N8p8Z4tCgYwvC0PoU9FTUYeWCIez0JZYM1i/duGWU+ldbGS/SJO1r3Q9ijlNQg27VwY2yU6Y142B0i41N44CCg7m1PscLHnIE07f8bvldfjO19YcxbaLmKcdVNzxqZfNT+2F1SiF8dQ=,iv:7pQuXKKStFvKEvd6X/Mo5kO35nUZYv9/1qIFY0/6ePw=,tag:eHxjWO1u4Uuclb90Pxqjig==,type:str]
+    lastmodified: "2025-07-31T19:14:46Z"
+    mac: ENC[AES256_GCM,data:OorhubDNJXUuGRv/ayLk1B3sZPgTTnDBVCBq2FklPrO/faB7lQeg+iw62X0P1lHFIZbGW1aGdJdQm1Iu3Fz4FBesqBMrYTWOZcgF+Xxr6nbaxOPParHKvZBpeg3NRhaNpXabDyiU9xptiZaWsN36J68TwlI3xzj5VeJqLsfEu1Q=,iv:oa6SLPY81oPoyvMmYUEq1zmJQWOxsVoe/ukeT/cBtkQ=,tag:aodpjgDV37NAeZm+xDtouA==,type:str]
     unencrypted_regex: ^(apiVersion|metadata|kind|type)$
     version: 3.10.2