viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/nextcloud
History
Viktor Barzin fca99fd418 fix DB password desync + migrate remaining tfvars to Vault 
DB desync fix: Stacks with Vault DB engine rotation (24h) now read
the password from vault-database ClusterSecretStore instead of vault-kv.
9 stacks updated with db ExternalSecrets reading from static-creds/*.

Stacks fixed: speedtest, hackmd, health, trading-bot, claude-memory,
woodpecker, linkwarden, nextcloud, url.

terraform.tfvars migration:
- plotting-book: google_client_id/secret → Vault KV + secret_key_ref
- tandoor: email_password var removed (was default="", now optional ESO)
- infra: ssh_private_key, vm_wizard_password, dockerhub_registry_password
  → Vault KV at secret/infra + data source
2026-03-18 08:04:03 +00:00
..
.terraform.lock.hcl remove SOPS pipeline, deploy ESO + Vault DB/K8s engines 2026-03-18 08:04:01 +00:00
backend.tf [ci skip] Move Terraform modules into stack directories 2026-02-22 14:38:14 +00:00
chart_values.yaml add pod dependency management via Kyverno init container injection 2026-03-18 08:04:02 +00:00
main.tf fix DB password desync + migrate remaining tfvars to Vault 2026-03-18 08:04:03 +00:00
providers.tf regenerate providers.tf: remove vault_root_token variable [ci skip] 2026-03-18 08:04:03 +00:00
secrets [ci skip] Move Terraform modules into stack directories 2026-02-22 14:38:14 +00:00
terragrunt.hcl migrate all secrets from SOPS to Vault KV 2026-03-18 08:03:59 +00:00
tiers.tf [ci skip] Phase 1: PostgreSQL migrated to CNPG on local disk 2026-02-28 19:08:06 +00:00