From 0b4ce800a3a69b4140a77c1964d3a2a654b21d14 Mon Sep 17 00:00:00 2001
From: Dreaded_X <tim@huizinga.dev>
Date: Wed, 3 Dec 2025 04:43:16 +0100
Subject: [PATCH] feat: Use pre-generated deploy key

---
 .gitattributes                  |   1 +
 .secretsignore                  |   1 +
 bootstrap.sh                    |   6 +++++-
 clusters/testing/deploy.key     | Bin 0 -> 527 bytes
 clusters/testing/deploy.key.pub |   1 +
 5 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 .gitattributes
 create mode 100644 .secretsignore
 create mode 100644 clusters/testing/deploy.key
 create mode 100644 clusters/testing/deploy.key.pub

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..b9f5107
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+deploy.key filter=git-crypt diff=git-crypt
diff --git a/.secretsignore b/.secretsignore
new file mode 100644
index 0000000..a8de54c
--- /dev/null
+++ b/.secretsignore
@@ -0,0 +1 @@
+deploy.key
diff --git a/bootstrap.sh b/bootstrap.sh
index 8888375..4a3c63c 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -124,5 +124,9 @@ cilium-cli status --wait
 # cilium-cli connectivity test --namespace-labels pod-security.kubernetes.io/enforce=privileged
 
 echo "Bootstrapping flux..."
-flux bootstrap git --url ssh://git@huizinga.dev/infra/foundation --branch=main --path=clusters/${cluster_name} \
+flux bootstrap git \
+	--url ssh://git@huizinga.dev/infra/foundation \
+	--branch=main \
+	--private-key-file=clusters/${cluster_name}/deploy.key
+	--path=clusters/${cluster_name} \
 	--components-extra=source-watcher
diff --git a/clusters/testing/deploy.key b/clusters/testing/deploy.key
new file mode 100644
index 0000000000000000000000000000000000000000..7ee226e81e2c3f27b57400dcd22959da741a92f7
GIT binary patch
literal 527
zcmV+q0`UC+M@dveQdv+`0IiHdvK&ZCCj(_OReAM6>Qf_aRFduHtBVp7tjm*<$AWEo
zLXhKXLB)n&3E*<Naa&=-@o(E!>U-Q%?F(qn%nAVews!2kaCh^KghdDWy4uH0+jmP&
zs&>K7eif-Ny=R4s{H5?r{97+na(|@>C*g`03s(O&fPV2o61;kwww;Y7n!v+p`1R_H
ziH_p);%taJ?)Z`PIhHq)?scQkgHhX+YNy4FBd3gyU)q4>))S{SId#A#^HvH8daI$7
z7^y996RAha9N$zmH-n>IDSmAEB?Q=->G7#=Hx))PKJeQ*T~h3I=;Tby&t4nv^V4~Z
z7B>~b3T<Ly-~C=gOAMvU;N>g`!8RPKD6Ya645vn2-07}-ZVMmk-Xg#dpxMJO+H#)1
zW8{t)EjmhT(IQ=Ul3NeE(a%y3lxL&1_Ml9LC)k^MzvGphSmS)TYlO+bx0NSTi5ZwY
zfU32eQ-yth%M3Oxj*b*X^z>}r!f}xK%+OBDz4XyM;bF<t)5p$rqxM>E_jDC{ew|(o
zrHXOBe~G6nh>u1t3ms~600eY@MiHnZTzwZOIi7#K>pZ`tE5A%PmCE~UPEB`FvS^(_
zo&GCH{jc_Kk9yGq9xnR}tqGR8xOs-wQ>7RiqzF3F6{h-9FJV=VP67CjiA*fNGq>a4
RCs<<($tcUQ^tB5wWE+ao2<-p>

literal 0
HcmV?d00001

diff --git a/clusters/testing/deploy.key.pub b/clusters/testing/deploy.key.pub
new file mode 100644
index 0000000..1471886
--- /dev/null
+++ b/clusters/testing/deploy.key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8tDQzizeDrkzi8MQkIhnI3mZ+x2Rc7JM3K/uU56+griU6hsyG0EijuDlAxsZ2I4iynpG5PkWpRJ4BdPETVZpI= tim@zeus