argo-cd: global: domain: argocd.infra.dubyatp.xyz configs: cm: admin.enabled: false dex.config: | connectors: - config: issuer: https://auth.dubyatp.xyz/application/o/argocd/ clientID: ZZ4Rt3ZixVu9ote8yzryHFrEhlbY85C24Hh9Uo98 clientSecret: $weyma-argocd-secrets:dex.authentik.clientSecret insecureEnableGroups: true scopes: - openid - profile - email name: authentik type: oidc id: authentik resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: | jsonPointers: - /webhooks/0/clientConfig/caBundle resource.customizations.ignoreDifferences.admissionregistration.k8s.io_ValidatingWebhookConfiguration: | jsonPointers: - /webhooks/0/clientConfig/caBundle resource.customizations.ignoreDifferences.Secret: | jsonPointers: - /data params: server.insecure: true ssh: extraHosts: | git.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw== git-ssh.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw== rbac: policy.csv: | g, ArgoCD Admins, role:admin server: ingress: enabled: true extraObjects: - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: weyma-argocd-secrets labels: app.kubernetes.io/part-of: argocd spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: weyma-argocd-secrets creationPolicy: Owner data: - secretKey: webhook.gitea.secret remoteRef: key: argo-cd property: webhook.gitea.secret - secretKey: admin.password remoteRef: key: argo-cd property: admin.password - secretKey: admin.passwordMtime remoteRef: key: argo-cd property: admin.passwordMtime - secretKey: dex.authentik.clientSecret remoteRef: key: argo-cd property: dex.authentik.clientSecret - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-core-apps labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-core-apps creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.core-apps - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-weyma-talos labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-weyma-talos creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.weyma-talos - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-williamp-sites labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-williamp-sites creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.williamp-sites - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-db-operators labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-db-operators creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.db-operators