diff --git a/clusters/testing/kustomization.yaml b/clusters/testing/kustomization.yaml index 63a30d5..04bb595 100644 --- a/clusters/testing/kustomization.yaml +++ b/clusters/testing/kustomization.yaml @@ -14,4 +14,5 @@ resources: - ../../configs/letsencrypt/letsencrypt.yaml - ../../configs/certificates/certificates.yaml - ../../configs/alerts/telegram/alerts-telegram.yaml + - ../../configs/alerts/repo/alerts-repo.yaml - ../../configs/longhorn-jobs/longhorn-jobs.yaml diff --git a/configs/alerts/repo/alert.yaml b/configs/alerts/repo/alert.yaml new file mode 100644 index 0000000..b473ce0 --- /dev/null +++ b/configs/alerts/repo/alert.yaml @@ -0,0 +1,12 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Alert +metadata: + name: repo + namespace: flux-system +spec: + providerRef: + name: repo + eventSeverity: info + eventSources: + - kind: Kustomization + name: "*" diff --git a/configs/alerts/repo/alerts-repo.yaml b/configs/alerts/repo/alerts-repo.yaml new file mode 100644 index 0000000..368dd78 --- /dev/null +++ b/configs/alerts/repo/alerts-repo.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: alerts-repo + namespace: flux-system +spec: + interval: 1h + retryInterval: 2m + timeout: 5m + sourceRef: + kind: ExternalArtifact + name: alerts-repo + decryption: + provider: sops + secretRef: + name: sops-gpg + path: ./ + prune: true + wait: true diff --git a/configs/alerts/repo/kustomization.yaml b/configs/alerts/repo/kustomization.yaml new file mode 100644 index 0000000..cb33418 --- /dev/null +++ b/configs/alerts/repo/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - secret-repo.enc.yaml + - provider.yaml + - alert.yaml diff --git a/configs/alerts/repo/provider.yaml b/configs/alerts/repo/provider.yaml new file mode 100644 index 0000000..8e0cce9 --- /dev/null +++ b/configs/alerts/repo/provider.yaml @@ -0,0 +1,10 @@ +apiVersion: notification.toolkit.fluxcd.io/v1beta3 +kind: Provider +metadata: + name: repo + namespace: flux-system +spec: + type: gitea + address: https://git.huizinga.dev/infra/foundation + secretRef: + name: repo diff --git a/configs/alerts/repo/secret-repo.enc.yaml b/configs/alerts/repo/secret-repo.enc.yaml new file mode 100644 index 0000000..21726a3 --- /dev/null +++ b/configs/alerts/repo/secret-repo.enc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +stringData: + token: ENC[AES256_GCM,data:RZLFgmuin4hjJ1gSOFZLFeLpF/KjIr6vBGgovhyfLD9PQKSQq6eg5g==,iv:VUTnjgcoqfVcZrDM1S2VqBdSCYXC6hj4lHx/mI8bw8s=,tag:QSj3c5OX6JqJxt6WnglAIw==,type:str] +kind: Secret +metadata: + name: repo + namespace: flux-system +sops: + age: + - recipient: age1860txadrlqrjwnqh0g466re2nt8jk7xhj640pq9gpsddpg23uynqsp2hul + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNmJhYUtTYnNRcTlvaXFE + WHNsWFVrUDMrZzUyTHJ4WGJTOU4rL29pRmtZCkNqRGVYa0hOWWljSThsUHlDSnVD + UGpBcS9UZDU2Q2NMOEtCaC9qcnREY0EKLS0tIERpQ01LVnh5dm5wRjFnUVlXWmxr + OUYvK29RUXNjeE02Q1l6TDZaNzhSNG8K5JPUi2txe31/cgLF0+WnEDmSpgDhMGdv + CDP4b7O0VpN32sE3t19cFeuZ38oS/kn0d4Lsw4eu7L+uuZheq2PN0Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hktythzvsnth6u5en2lvag0tftnj9r03w7rpnzfgzgf5w95qxycq2azufj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MkJOdlF2YVVES3ZnTm1t + QXJLSUF6OWJrWmhOamVOK2JOY2lWdXFxT1h3CnRkOHpCY2dRU2xLRzdCKzVHY2R3 + ZUdBTldwWVRYNkN0SUpiQjJTL2h5UzQKLS0tIEpXTWRNbTh2YW13V0psVzU0Zkxo + RE5SSzI4MmdOWGhBTGNzR2NPeHArSHcK8sOiSL6tfAT6KFLkFy0NpRuiVbFayJPR + vtki2eku7b0MKsQKCv/JPwSdOa7q/8Mxngiajxqwae0nObETSR+2TA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-12-15T00:11:25Z" + mac: ENC[AES256_GCM,data:xXPnZ5DP90FtT7yDUOPAMHl7vXgFM8JEnm/mpozB5/I4f3xxGP9b3RVfK3zESgqHREVUoD/hIQaTCwYHeqqWKwB7yQxc4ZuMKlTJ11iw0R8vsbj0Lk/a8v0kzCx5CDoTcvZE78go8LtIfYVxBKvcwP9ZN0Q9RuR235RVMW5Rz5M=,iv:oS9OUiyhliHzl1NEgfFr+eEfmgXlMX7VeeOcE382p1k=,tag:w6t9lNHqUYAFcEI3E4UBcQ==,type:str] + pgp: + - created_at: "2025-12-09T02:34:13Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA51kG++kLewoARAAxzvoy2eJdqO5p12H8PzOqp6viq2c6G8VGULDOOWUk7VG + DTfzEjOTjnGooz1dMHb0MdYGm5DVyuxp+6AW/i5XZmPSiV1fWuROUFaf9qb+EcVS + mq7Csor0MKbQAns2C7xWe1AZq73AL1cXsWAWOvNuAKnP510nLds08FHAUhirylkl + X2Jv/xys+gaY/XpyvkIPyRKfCfO1IzwjHy1OiIkvx+QZWaEjm5psP262ckZlMl+R + nf3rF/ZNzyo2Nli1wnUPKtcCXanfZXuDadgUlc+9ISMB2UEFlUC8lvQngXPwTdmN + etXYvy/OI2Hyx5ynVvewAGLSHhwOlCjH7/6xGvTOhFzVsi/Tk4TsJTKZu25/j0Jy + pgZ/WNPQegq0o/vxxiyU+OJdDv8SDew6f5mjgfD1wikvMDBBgW3TLrNnlQMqSPpr + KSLLlgkLkie21F0YVlDh3MK5MDWySZC6VZfuD/kZIpsqeatka3IRDsRRvFV6teGM + cJ1eNFRDAXnI9GB8KpuRH9sYLVzgQdmLBfP8ksadci/ykjtQp/92mwf7nMThT+09 + cYG36Y8G5HCly0ZdY+Zl1Evw43W8vp5Va5Zc8EWvz51kk03gQd7jlOjGFgCarSOv + w3jKC1CUVKQi+JIfeufYb6vPWvYWJKTvP2yikw46nwoHkPixeRhelR27qWLWu3jS + XAF+wgVNKSJPC94eVbRBjpj51IN/gyj051ria/uw++Z8SuHVGiqT1B+gTd6pyVSU + cHGRCPkIC0g75q9Fgmxfob9hAkybGxJ+fWOzBTpmnzG+1VScNAYTbyXiOFVo + =fVSN + -----END PGP MESSAGE----- + fp: CD17A34CBFB21DE9A73D47EB76BDEC4E165D8AD9 + encrypted_regex: ^(data|stringData)$ + version: 3.11.0 diff --git a/configs/artifacts.yaml b/configs/artifacts.yaml index 352689a..809ad7c 100644 --- a/configs/artifacts.yaml +++ b/configs/artifacts.yaml @@ -24,6 +24,11 @@ spec: copy: - from: "@foundation/configs/alerts/telegram/**" to: "@artifact/" + - name: alerts-repo + originRevision: "@foundation" + copy: + - from: "@foundation/configs/alerts/repo/**" + to: "@artifact/" - name: longhorn-jobs originRevision: "@foundation" copy: