From 39929c9a74a5a5612bc9d8b7bf9e4efff6a477db Mon Sep 17 00:00:00 2001
From: Dreaded_X <tim@huizinga.dev>
Date: Wed, 3 Dec 2025 04:43:16 +0100
Subject: [PATCH] feat: Use pre-generated deploy key

---
 .gitattributes                  |   1 +
 .secretsignore                  |   1 +
 bootstrap.sh                    |   6 +++++-
 clusters/testing/deploy.key     | Bin 0 -> 527 bytes
 clusters/testing/deploy.key.pub |   1 +
 5 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 .gitattributes
 create mode 100644 .secretsignore
 create mode 100644 clusters/testing/deploy.key
 create mode 100644 clusters/testing/deploy.key.pub

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..b9f5107
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+deploy.key filter=git-crypt diff=git-crypt
diff --git a/.secretsignore b/.secretsignore
new file mode 100644
index 0000000..a8de54c
--- /dev/null
+++ b/.secretsignore
@@ -0,0 +1 @@
+deploy.key
diff --git a/bootstrap.sh b/bootstrap.sh
index 8888375..aee3314 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -124,5 +124,9 @@ cilium-cli status --wait
 # cilium-cli connectivity test --namespace-labels pod-security.kubernetes.io/enforce=privileged
 
 echo "Bootstrapping flux..."
-flux bootstrap git --url ssh://git@huizinga.dev/infra/foundation --branch=main --path=clusters/${cluster_name} \
+flux bootstrap git \
+	--url ssh://git@huizinga.dev/infra/foundation \
+	--branch=main \
+	--private-key-file=clusters/${cluster_name}/deploy.key -s \
+	--path=clusters/${cluster_name} \
 	--components-extra=source-watcher
diff --git a/clusters/testing/deploy.key b/clusters/testing/deploy.key
new file mode 100644
index 0000000000000000000000000000000000000000..9896085366a1d2f215fabe6d325b5a7275971a97
GIT binary patch
literal 527
zcmV+q0`UC+M@dveQdv+`0R7-RTq|y>{D7?=lmZR<_UHoBaPw>v@Ok($_}#UFcTyx(
z4^MUa%=U;^JH*TJ6I=9rXgzlaXjDnVBs&0O1RW60L#L7GdjTFtKrYBf3dB0rvQmJe
z6G#1^$W6(eY}OocFZkXc?Pd~w{<cF7MuVns^t9G;gt!-|3$*nJ>*RXM;&25F>$fdL
z%}_yD3Q6JM+Jdd8;9q>BsAx;WBSr|rU>&7X<gAdcJ@5wP1{8b>92uiK<W+B&E0}v4
z#Q3eMWfv0#Dr)AvoWdXROO1oU<{}#Mhvg@ZyFe;8Lg*C*NGWELp5u8>mk2g-!hOqG
z8-SLU-}tm%9AU75N>4r5wz5F=?H-ap>_)nd#Rt*efJ<Dbj%v^Id~G6!Ui%B~xFujG
z1#d`XRvX>@jDH&wZ)M9Y#!C9X)Njo*Fi-jx)i_}W;!Y71N!<vPsVm<lOfRhW3SLx?
zZL`akp`fd`6(uWhql*g}C0}lQ<MH=9?N7RtQ-DAXW+5AyLD00D?U?o1?ps9@Vc6u&
z$s=f-Q|(hX6PbT=M8ve?1D-Uuke=19W+P%FZl-B&KfL0N;_P@xe98#MyR<;!Sv9h%
zGN6S%_U!`3>CseV_IwZ%YQu+~dQ#`nlK_{fR?sXgO=9k}z8&pGy@p2FoJH?8MD+>e
R?x=p$&u`dI!&-wy<~#bU12+Hw

literal 0
HcmV?d00001

diff --git a/clusters/testing/deploy.key.pub b/clusters/testing/deploy.key.pub
new file mode 100644
index 0000000..759f8dd
--- /dev/null
+++ b/clusters/testing/deploy.key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK59NC6hLyDf+9zeOQ0stZeay51UyUpoBgONh0xxJFIlgra5ojyhrrQVlfjcUqdLe5yijWU1nCxKpaFGDPMdNE4= flux@testing