admin/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
homelab/.sops.yaml

21 lines
899 B
YAML
Raw Permalink Normal View History

Initial homelab GitOps repository setup This commit establishes the foundation for the homelab GitOps repository: - Created layered architecture (infrastructure/platform/apps) - Added MCP servers umbrella chart with SOPS-encrypted secrets - Configured Flux Kustomizations for infrastructure and platform layers - Set up SOPS + Age for secrets management - Added .gitignore and documentation MCP servers include: - Gateway with auth (API keys in encrypted secrets) - n8n MCP (workflow automation) - Playwright MCP (browser automation) - Kubernetes MCP (kubectl operations) - GitHub MCP (repository management) - Gitea MCP (self-hosted git) - SQLite MCP (database operations) - Filesystem MCP (file operations) - Fetch MCP (HTTP requests) - Memory MCP (shared memory/state) All secrets are encrypted with SOPS using Age encryption.
2025-11-16 02:28:44 -05:00
creation_rules:
Configure MCP servers to use Harbor OCI registry - Updated Chart.yaml dependencies to use OCI registry - Added HelmRepository resource for Harbor - Created Harbor registry secret (SOPS-encrypted) - Updated HelmRelease to use HelmRepository instead of Git source - Packaged and pushed all 16 MCP charts to Harbor OCI registry - Updated .sops.yaml to handle platform secrets All MCP charts are now available at: oci://images.caffeinetux.com/mcp-charts
2025-11-16 03:04:40 -05:00
# Platform secrets
- path_regex: platform/.*/.*secret.*\.yaml$
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key|auth|\.dockerconfigjson)$
age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
Add Flux bootstrap and Gotify notifications - Added SOPS-encrypted Gotify API token - Created Gotify notification provider for Flux alerts - Added bootstrap Kustomization for notifications - Updated .sops.yaml to handle bootstrap directory - Configured alerts for all GitRepository, Kustomization, and HelmRelease events
2025-11-16 02:34:11 -05:00
# Bootstrap secrets
- path_regex: bootstrap/.*\.yaml$
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
Initial homelab GitOps repository setup This commit establishes the foundation for the homelab GitOps repository: - Created layered architecture (infrastructure/platform/apps) - Added MCP servers umbrella chart with SOPS-encrypted secrets - Configured Flux Kustomizations for infrastructure and platform layers - Set up SOPS + Age for secrets management - Added .gitignore and documentation MCP servers include: - Gateway with auth (API keys in encrypted secrets) - n8n MCP (workflow automation) - Playwright MCP (browser automation) - Kubernetes MCP (kubectl operations) - GitHub MCP (repository management) - Gitea MCP (self-hosted git) - SQLite MCP (database operations) - Filesystem MCP (file operations) - Fetch MCP (HTTP requests) - Memory MCP (shared memory/state) All secrets are encrypted with SOPS using Age encryption.
2025-11-16 02:28:44 -05:00
# Default rule for all encrypted files
- path_regex: .*\.enc\.yaml$
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
# Alternative pattern for secrets files
- path_regex: secrets.*\.yaml$
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
Reference in New Issue Copy Permalink