Added sops keys

2025-12-01 01:59:39 +01:00
parent 1da24905ef
commit f5798dae4c
7 changed files with 21 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1,3 @@
 _secrets.yaml filter=git-crypt diff=git-crypt
 secrets.yaml filter=git-crypt diff=git-crypt
+*.agekey filter=git-crypt diff=git-crypt
--- a/nodes/_defaults.yaml
+++ b/nodes/_defaults.yaml
@@ -31,3 +31,4 @@ patches:
  - !patch cilium
 patchesControlPlane:
  - !patch allow-control-plane-workloads
+  - !patch sops
--- a/nodes/testing/_age.agekey
+++ b/nodes/testing/_age.agekey
--- a/nodes/testing/_defaults.yaml
+++ b/nodes/testing/_defaults.yaml
@@ -6,3 +6,4 @@ cluster:
  name: testing
  controlPlaneIp: 192.168.1.100
  secretsFile: !realpath _secrets.yaml
+  sopsKeyFile: !realpath _age.agekey
--- a/nodes/titan/_age.agekey
+++ b/nodes/titan/_age.agekey
--- a/nodes/titan/_defaults.yaml
+++ b/nodes/titan/_defaults.yaml
@@ -5,3 +5,4 @@ cluster:
  name: titan
  controlPlaneIp: 10.0.2.1
  secretsFile: !realpath _secrets.yaml
+  sopsKeyFile: !realpath _age.agekey
--- a/patches/sops.yaml
+++ b/patches/sops.yaml
@@ -0,0 +1,17 @@
+cluster:
+  inlineManifests:
+    - name: sops-key
+      contents: |
+        apiVersion: v1
+        kind: Namespace
+        metadata:
+          name: flux-system
+        ---
+        apiVersion: v1
+        kind: Secret
+        metadata:
+          name: sops-gpg
+          namespace: flux-system
+        data:
+          age.agekey: |
+            {{ helper.load_secret(node.cluster.sopsKeyFile) }}