From f40194e50dd6229ffd23ff6f7fb79e054bfc3d8e Mon Sep 17 00:00:00 2001 From: Shahab Dogar Date: Mon, 28 Jul 2025 15:36:42 +0500 Subject: [PATCH] fix: update postgres cert expiry, add cloudflare token secret --- 1password/index.ts | 3 ++- 1password/secrets.json | 6 ++++++ helm/values/gitea.values.yaml | 2 +- postgres/index.ts | 10 ++++++++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/1password/index.ts b/1password/index.ts index 329f2c1..5100cd2 100644 --- a/1password/index.ts +++ b/1password/index.ts @@ -4,6 +4,7 @@ import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest"; import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider"; type OnePasswordSecret = { + id?: string; name: string; namespace: string; itemPath: string; @@ -24,7 +25,7 @@ export class OnePassword extends Construct { ); secrets.forEach((secret) => { - new Manifest(this, secret.name, { + new Manifest(this, secret.id ?? secret.name, { provider: options.provider, manifest: { apiVersion: "onepassword.com/v1", diff --git a/1password/secrets.json b/1password/secrets.json index ae7a87a..70c0ac7 100644 --- a/1password/secrets.json +++ b/1password/secrets.json @@ -29,6 +29,12 @@ "namespace": "cert-manager", "itemPath": "vaults/Lab/items/Cloudflare" }, + { + "name": "cloudflare-token", + "id": "cloudflare-ddns-api-token", + "namespace": "cloudflare-system", + "itemPath": "vaults/Lab/items/Cloudflare" + }, { "name": "authentik-postgres", "namespace": "authentik-system", diff --git a/helm/values/gitea.values.yaml b/helm/values/gitea.values.yaml index c764985..2d98152 100644 --- a/helm/values/gitea.values.yaml +++ b/helm/values/gitea.values.yaml @@ -40,7 +40,7 @@ gitea: database: DB_TYPE: postgres HOST: postgres-cluster-rw.postgres-system.svc.cluster.local:5432 - NAME: giteadb + NAME: gitea USER: gitea cache: ADAPTER: memcache diff --git a/postgres/index.ts b/postgres/index.ts index bf85f07..b597027 100644 --- a/postgres/index.ts +++ b/postgres/index.ts @@ -80,6 +80,8 @@ export class PostgresCluster extends Construct { algorithm: "ECDSA", size: 384, }, + duration: "52560h", // 6 years + renewBefore: "8760h", // 1 year before expiration issuerRef: { name: "selfsigned-issuer", kind: "Issuer", @@ -142,6 +144,8 @@ export class PostgresCluster extends Construct { "postgres-cluster-r.postgres-system.svc.cluster.local", "postgres.dogar.dev", ], + duration: "4380h", // 6 months + renewBefore: "720h", // 30 days before expiration issuerRef: { name: `${caNames.server}-issuer`, kind: "Issuer", @@ -169,6 +173,8 @@ export class PostgresCluster extends Construct { algorithm: "ECDSA", size: 256, }, + duration: "52560h", // 6 years + renewBefore: "8760h", // 1 year before expiration issuerRef: { name: "selfsigned-issuer", kind: "Issuer", @@ -226,6 +232,8 @@ export class PostgresCluster extends Construct { secretName: certNames.client, usages: ["client auth"], commonName: "streaming_replica", + duration: "4380h", // 6 months + renewBefore: "720h", // 30 days before expiration issuerRef: { name: "postgres-client-ca-issuer", kind: "Issuer", @@ -251,6 +259,8 @@ export class PostgresCluster extends Construct { secretName: `${user}-client-cert`, usages: ["client auth"], commonName: user, + duration: "4380h", // 6 months + renewBefore: "720h", // 30 days before expiration issuerRef: { name: "postgres-client-ca-issuer", kind: "Issuer",