diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 00000000..827de062 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,9 @@ +creation_rules: + - path_regex: ./* + key_groups: + - age: + - age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x # jacques + - age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 # github-repo + - age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg # Anthony Le-Courric + - age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 # Antoine Lebaud + diff --git a/bin/Tiltfile b/bin/Tiltfile index e95e111d..347b6138 100644 --- a/bin/Tiltfile +++ b/bin/Tiltfile @@ -21,7 +21,7 @@ docker_build( 'localhost:5001/impress-y-webrtc-signaling:latest', context='..', dockerfile='../src/frontend/Dockerfile', - only=['./src/frontend/', './docker/', './dockerignore'], + only=['./src/frontend/', './docker/', './.dockerignore'], target = 'y-webrtc-signaling', live_update=[ sync('../src/frontend/apps/y-webrtc-signaling/src', '/home/frontend/apps/y-webrtc-signaling/src'), @@ -32,7 +32,7 @@ docker_build( 'localhost:5001/impress-frontend:latest', context='..', dockerfile='../src/frontend/Dockerfile', - only=['./src/frontend', './docker', './dockerignore'], + only=['./src/frontend', './docker', './.dockerignore'], target = 'impress', live_update=[ sync('../src/frontend', '/home/frontend'), diff --git a/bin/start-kind.sh b/bin/start-kind.sh old mode 100644 new mode 100755 diff --git a/secrets b/secrets index a2b1357c..1485c6dc 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit a2b1357c0a28fffa3beaac196dbe0092724ab07c +Subproject commit 1485c6dc9d63bbd2665504be96d77a95b1fe26f2 diff --git a/src/helm/env.d/dev/secrets.enc.yaml b/src/helm/env.d/dev/secrets.enc.yaml index b2a410eb..5d2f78b4 100644 --- a/src/helm/env.d/dev/secrets.enc.yaml +++ b/src/helm/env.d/dev/secrets.enc.yaml @@ -1,7 +1,9 @@ -djangoSecretKey: ENC[AES256_GCM,data:2b4nHO2i/HtaNJYi1d8xJyhCpK1qV7fHD45T6VarWpNg1HkcJgC7zTgHMEvfedRd2tE=,iv:qcHlXG/mNr3CFtZhjbw3AVRbMxkGZaAZPtHtS8ksO58=,tag:mTC6mc5JKqpEQ/9ubggKmA==,type:str] +djangoSuperUserEmail: ENC[AES256_GCM,data:7b1xfYmr1g0RlBmsHBRA39ZPV/6+1DrtHQ==,iv:/GW7oLxPTZYmRWVPvyAQMoZl1owHM4Fo0XAOtyEh2rA=,tag:DaqoW+dglyAOXMm5+mrDfA==,type:str] +djangoSuperUserPass: ENC[AES256_GCM,data:RQgX,iv:q3CdfmwGfHSTjLXTimDk/1MyoFLviRuwmZa2E7GUzhY=,tag:HCtdtqgSxdJIHFhI8xpegQ==,type:str] +djangoSecretKey: ENC[AES256_GCM,data:mtJCf6mKfj/fJkg4wmfIvvU1vkUEF77BI8TUFikp/M3nPveDXhKmy3Cw3cXFpOYiFZ0=,iv:qwPRKsPS1Jhylj5asbmknXm1xOX3nfp9iccuorUrcj0=,tag:ENVfAt4i3PttoqD8+Kc4wQ==,type:str] oidc: - clientId: ENC[AES256_GCM,data:gcwhXfL4iNwWWleR/l3p2aRSp9nsdLhQtUMlglLqJSdDy6iu,iv:WxK7BBQrVa115dsHEiMC7NyvlQXuhLiZzHYSuhZYy4w=,tag:RYwutm8QB+mIl7b+AYvqxg==,type:str] - clientSecret: ENC[AES256_GCM,data:9rU6HWRiX+6afLf4fGyIRyiv/pyihbCbO9DA2L4HOz/RAMaO9iZWW1QqIK8JCBuGh/XP1I3sd0mlbiXxCv1X3w==,iv:0NgcQtCVjIWhfzQbBx2Hh7NxumF3xW8nNuReUkvdk58=,tag:rkMAJ8Ilk8Pusw3PAyW/6A==,type:str] + clientId: ENC[AES256_GCM,data:wndPCbysbWDybdHglcG+wkMWk1rrD40hKqFxct9T3TLEGOk/,iv:RH1OdBX1GYIT90sSq0AGz49fFi6dL0m49Pegs6Ko9tQ=,tag:/tKytQwoZkBX1Tf96gAjIA==,type:str] + clientSecret: ENC[AES256_GCM,data:MUJ0wsg+LC2QZ1jZ0Twd3FS3dQevmJq9/97qVI3ARHuJIVlQz0Qah4vE7/iR+sn7ME2o1s1AzV4c1Yx/F3nHBg==,iv:LvinICSzF/8EvrHZD4Jp6lt7g3yxSOEgVHPrc3SShjo=,tag:yvkyyBXmhEkmGL7jZevUCA==,type:str] sops: kms: [] gcp_kms: [] @@ -11,50 +13,41 @@ sops: - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiem9OZTZYQnV5UVpzaHN0 - MlpGL2xaMTVldkVPY2Jub3IxU2FhcVBNYWxvCk1qbHJFa2ZVdmp4Yy9COGFPNzlL - amh5S21qbm1jTlgxZjBZMk5BTllNZlUKLS0tIGM5aTJrbnRSdXZPWVF3RVR2dlRD - NThRV1hpb0k5RElvRlYySTZyMXp3dGsK92FrBnrHAIRcGooyJviJSUA+eHiwvVkm - b1T9jk9bmoipV/8WkXbGyk0TZKYuB4pvPE88eNLrYeotTiRu9tJUNw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SEZZa0l2QXVleFBsZ3Ja + aVVkdkQySXp5OGF6K2R1K21JSS9jR1BLRVEwCnFJemdITElaVytiS0NDbktlT3Fk + cTdMREFjTXZSMlUzMEtENS94eUw3RDAKLS0tIHlsK0t6YTZuQllERmMwYklORTBU + NjdoazdLekZja0FqMWJmRTgvY3lRQjQKq73e9CaI5ooS9IHg/lID6l1nhQE5eOCH + agLfEIjAHXwyZvwOPUal96A1uf+79bvC6xz8jsyCwlaTzSdKQAc5bg== -----END AGE ENCRYPTED FILE----- - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQUhLb2Z4N3ptTjBHZ3N3 - cVBNMDJFS09wck9LcytJR1h4WCtlblZpYkJnCmdBN1laOGdiN1lKbUFBOTdLTUM1 - NHFLZm51M0dLakIxcG1ncnFrb3dCeXMKLS0tIDdWUmlkYy9PSWhoYkRPNXc4aDNa - TWxUMUlqUHhNL3NZL0R2WE9ySU5wcTAKMzwEzXiGSGr4BJNZ78mo68V1Jq4ydOWl - dlSkEe+zv2jYYmLxirBDbLN+dwUwyAA8/eYYidvuMvHw1sfT14GyRw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV0wzN213a2xDNUFhWnpQ + bzlsS3o3bys3UGVhTjRzSVRWZndBMmVDTDJRCjdiQ3JEOGRwVEc4YWRHR3crd01y + clpnODZaNkR4MlhiNklUTHo0anBwU00KLS0tIGtwdnVxeGprZ1FteC8rdThpK3F4 + cDFyMlJsWkZzNWZmV2J0YmFiM1g4TUEKnX6NvHhSvYQN2VtCSY/z1ejXMeTZRn7M + dY3QyMnyxFyAOi/f7d0oI3ni9vpXwxUor2yC5Jl0ZUypAuPys58E0A== -----END AGE ENCRYPTED FILE----- - recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZFRjVmtiVXpONk4xZktB - TXo5OE1Jam1qREdPTjJSanUvd3R3dWI5SDA0CjZqZDNxZklNZXhvOExSaGlzOW85 - OFYxMzhYMTFDUStpYTdLdEFEdUU3ZW8KLS0tIDVkYmVQMTcvbFhFa0xPb2h6TlFW - TmJUY2hncjg4TkhxOWRxazh5cXQyWHcKgDbgGfl1WQiT6tIG/pmikYUYIF0l4kj7 - ZxlgL+Vn9y3fl5B2LGn/fXfi9B/exgLMCR/GRm3vF4OpPqLYbL0rzw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaY2h5UWlBb20zWnFJd09Q + QkZRVWl6S3lhcHl6YnBBcFRmZHYxRlVFdFU4CnJYU3NneStsSGlaYnpCQnhuazFh + RmYvNCsvVkpEYVo1TW83TDRuL1hKdjQKLS0tIE5QMEdoY0ZuOU9WTzJCYjNGWUQ0 + QlNOcUtmanZ3aGRxTk1YNzk2d25YZ0UKe2cxQ/KKWTPKOe904Fz+LnGQSONzyQwR + MvRuoH8GMpGVAdmWSGyX/lfhy3GKm0b4p6eUhjNGWMqTDx/D2Wyxwg== -----END AGE ENCRYPTED FILE----- - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWanllM2FDOStFNWVhR1A3 - MVJMRDFCTHY3ZlF3MHg3MGxOWGRtSko0MVd3CmFheUllSkN4VTF5WmZubU1BeWtp - em1tL3dwWGszYmVYSUlwVVZDR3BIK0UKLS0tIDQrWEtuZGVSM3JwM0xYc2N2alpG - eEtzN3Y3UVZkQVlBd0dUWmdVdStSUmcKNQZ0uj0Sj3e7Q9PKsZi4CcS5LEWlD9tL - nOaoMiN1AA307uvePKgFAuChQ5VsAGMcegLJ5M8w516/+yO42yexUw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbGFHck12OTZ3UmZJb1Zr + aEx6eUFmVEdSN0tXd3o3aFh5cnlTV1gyN0RVCm1xODQ1dE5CcUlla0o1K3FZR2l5 + ejJtYWtKY1J3VExUVGgyMVE1aEdVWHcKLS0tIFErOXUzZmkrZitReWRad2pod3g4 + Y2lvZ0ZSQTQ1clpVRjVqVkpiU29xMHMKmJx6THddKTBkKwX7iZzXkZPLHowLZEGp + rDkOw5w+V1ECbGmpkYssh8Cv0WsJVXpxfdLhzrzAWPJEQFz7T8sqYw== -----END AGE ENCRYPTED FILE----- - - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxa0F4VW5oRGFYSVpPOTVW - QjEvL2czQkRwK0tWOStxYkJRaUlHUjlSWWswClE4TW9tLy9oQXZQSVc3R3cwTGU1 - ZGh4UTUzR0FKY0NmMFFaaTFKakVNNlkKLS0tIFRvZ0V5emV6cjBqNlZxOEpwVy8y - N0ZkVmNzTzhhRTA5TDMxc2tGN3BFemMKlyPtb7gfYREoPaU3ZlpynCuqxo4KW0b9 - G+3aGz7SKZ7pcuAaWuuMdyA6XzwS/HOe2L2cW3P5x/0k0JQd2Ie8jA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T14:59:54Z" - mac: ENC[AES256_GCM,data:Pv37FsNCpk5Ckx3a+j+daPB6f34X5kIko/AZIQkgfRXs3SRJtAdp5VuwYTtwcp/s3Hxi6ZZPLZ+YRh6OqN5g3GaOBR4z2Ohv0ioB/5FLMICOt7VM/zroyXWIjWwpRPsRwjesba7nr9CqbQNDYt8ko4O9kR4w6y2JHbzLeOkohHc=,iv:+/B4m+c03e9iQMrijg7hJhDwQJZP55Bhnsr0n00Y2Cw=,tag:vXVZVbU+R1FpNVUSgnFA9A==,type:str] + lastmodified: "2024-07-02T10:03:17Z" + mac: ENC[AES256_GCM,data:qx236E1cFtBmbYyUf6B95/Fwu2hoi9ZAhUcYiY/tsG9h1+kwXntfkvbH3ekyI7A5ZrpJXMeQZ7gLc+ohci4m5Ju+/G39MjMt+ww0Y6gBMqe59YlHfeFD2mYsnn9j1pqtbrIJ6+8fLDmhaXtGtXP3qRmFTc9LwL6Rm+5gn8cjcnA=,iv:TC7zBnQ0hRz0JSytrYVnyJiI1eMWRTBqctLajZYUhvU=,tag:wCBeo2xD5UpdRqGjkZxbXA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 \ No newline at end of file + version: 3.8.1 diff --git a/src/helm/env.d/preprod/values.impress.yaml.gotmpl b/src/helm/env.d/preprod/values.impress.yaml.gotmpl index 2cc51acc..8ff95658 100644 --- a/src/helm/env.d/preprod/values.impress.yaml.gotmpl +++ b/src/helm/env.d/preprod/values.impress.yaml.gotmpl @@ -129,6 +129,9 @@ ingress: className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: htaccess + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' ingressWS: enabled: true @@ -136,6 +139,9 @@ ingressWS: className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: htaccess + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' ingressAdmin: enabled: true diff --git a/src/helm/env.d/production/values.impress.yaml.gotmpl b/src/helm/env.d/production/values.impress.yaml.gotmpl index 54aa1e3b..05212d21 100644 --- a/src/helm/env.d/production/values.impress.yaml.gotmpl +++ b/src/helm/env.d/production/values.impress.yaml.gotmpl @@ -129,6 +129,9 @@ ingress: className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: htaccess + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' ingressWS: enabled: true @@ -136,6 +139,9 @@ ingressWS: className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: htaccess + nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' ingressAdmin: enabled: true diff --git a/src/helm/impress/templates/secret.yaml b/src/helm/impress/templates/secret.yaml new file mode 100644 index 00000000..1a06a2d0 --- /dev/null +++ b/src/helm/impress/templates/secret.yaml @@ -0,0 +1,9 @@ +{{ if .Values.htaccess }} +apiVersion: v1 +kind: Secret +metadata: + name: htaccess + namespace: {{ .Release.Namespace | quote }} +stringData: + auth: {{ .Values.htaccess }} +{{ end }}