shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: update postgres cert expiry, add cloudflare token secret

Browse Source
This commit is contained in:
Shahab Dogar
2025-07-28 15:36:42 +05:00
parent b6cb6c70bc
commit f40194e50d
4 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
1password/index.ts
View File

@@ -4,6 +4,7 @@ import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
type OnePasswordSecret = {
id?: string;
name: string;
namespace: string;
itemPath: string;
@@ -24,7 +25,7 @@ export class OnePassword extends Construct {
);
secrets.forEach((secret) => {
new Manifest(this, secret.name, {
new Manifest(this, secret.id ?? secret.name, {
provider: options.provider,
manifest: {
apiVersion: "onepassword.com/v1",

6
1password/secrets.json
View File

@@ -29,6 +29,12 @@
"namespace": "cert-manager",
"itemPath": "vaults/Lab/items/Cloudflare"
},
{
"name": "cloudflare-token",
"id": "cloudflare-ddns-api-token",
"namespace": "cloudflare-system",
"itemPath": "vaults/Lab/items/Cloudflare"
},
{
"name": "authentik-postgres",
"namespace": "authentik-system",

2
helm/values/gitea.values.yaml
View File

@@ -40,7 +40,7 @@ gitea:
database:
DB_TYPE: postgres
HOST: postgres-cluster-rw.postgres-system.svc.cluster.local:5432
NAME: giteadb
NAME: gitea
USER: gitea
cache:
ADAPTER: memcache

10
postgres/index.ts
View File

@@ -80,6 +80,8 @@ export class PostgresCluster extends Construct {
algorithm: "ECDSA",
size: 384,
},
duration: "52560h", // 6 years
renewBefore: "8760h", // 1 year before expiration
issuerRef: {
name: "selfsigned-issuer",
kind: "Issuer",
@@ -142,6 +144,8 @@ export class PostgresCluster extends Construct {
"postgres-cluster-r.postgres-system.svc.cluster.local",
"postgres.dogar.dev",
],
duration: "4380h", // 6 months
renewBefore: "720h", // 30 days before expiration
issuerRef: {
name: `${caNames.server}-issuer`,
kind: "Issuer",
@@ -169,6 +173,8 @@ export class PostgresCluster extends Construct {
algorithm: "ECDSA",
size: 256,
},
duration: "52560h", // 6 years
renewBefore: "8760h", // 1 year before expiration
issuerRef: {
name: "selfsigned-issuer",
kind: "Issuer",
@@ -226,6 +232,8 @@ export class PostgresCluster extends Construct {
secretName: certNames.client,
usages: ["client auth"],
commonName: "streaming_replica",
duration: "4380h", // 6 months
renewBefore: "720h", // 30 days before expiration
issuerRef: {
name: "postgres-client-ca-issuer",
kind: "Issuer",
@@ -251,6 +259,8 @@ export class PostgresCluster extends Construct {
secretName: `${user}-client-cert`,
usages: ["client auth"],
commonName: user,
duration: "4380h", // 6 months
renewBefore: "720h", // 30 days before expiration
issuerRef: {
name: "postgres-client-ca-issuer",
kind: "Issuer",