viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks
History
Viktor Barzin a8d944eb9b migrate all secrets from SOPS to Vault KV 
- Add vault provider to root terragrunt.hcl (generated providers.tf)
- Delete stacks/vault/vault_provider.tf (now in generated providers.tf)
- Add 124 variable declarations + 43 vault_kv_secret_v2 resources to
  vault/main.tf to populate Vault KV at secret/<stack-name>
- Migrate 43 consuming stacks to read secrets from Vault KV via
  data "vault_kv_secret_v2" instead of SOPS var-file
- Add dependency "vault" to all migrated stacks' terragrunt.hcl
- Complex types (maps/lists) stored as JSON strings, decoded with
  jsondecode() in locals blocks

Bootstrap secrets (vault_root_token, vault_authentik_client_id,
vault_authentik_client_secret) remain in SOPS permanently.

Apply order: vault stack first (populates KV), then all others.
2026-03-14 17:15:48 +00:00
..
actualbudget migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
affine migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
audiobookshelf migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
blog migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
calibre migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
changedetection migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
city-guesser migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
claude-memory migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
coturn migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
cyberchef migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
dashy Right-size CPU requests cluster-wide and remove missed CPU limits 2026-03-14 09:22:24 +00:00
dawarich migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
descheduler migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
diun migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
ebook2audiobook migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
echo migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
excalidraw migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
f1-stream migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
forgejo migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
freedify migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
freshrss migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
frigate migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
grampsweb migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
hackmd migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
health migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
homepage migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
immich migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
infra migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
isponsorblocktv migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
jsoncrack migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
k8s-dashboard migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
kms migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
linkwarden migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
matrix Migrate Matrix Synapse from SQLite to PostgreSQL 2026-03-13 23:21:59 +00:00
meshcentral Remove all CPU limits cluster-wide to eliminate CFS throttling 2026-03-14 08:51:45 +00:00
n8n migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
navidrome migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
netbox migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
networking-toolbox Remove all CPU limits cluster-wide to eliminate CFS throttling 2026-03-14 08:51:45 +00:00
nextcloud migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
ntfy Remove all CPU limits cluster-wide to eliminate CFS throttling 2026-03-14 08:51:45 +00:00
ollama migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
onlyoffice migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
openclaw migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
osm_routing Right-size CPU requests cluster-wide and remove missed CPU limits 2026-03-14 09:22:24 +00:00
owntracks migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
paperless-ngx migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
platform migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
plotting-book migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
poison-fountain Remove all CPU limits cluster-wide to eliminate CFS throttling 2026-03-14 08:51:45 +00:00
privatebin Remove all CPU limits cluster-wide to eliminate CFS throttling 2026-03-14 08:51:45 +00:00
real-estate-crawler migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
reloader [ci skip] phase 5+6: update CI pipelines for SOPS, add sensitive=true to secret vars 2026-03-07 14:30:36 +00:00
resume migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
rybbit migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
send Remove all CPU limits cluster-wide to eliminate CFS throttling 2026-03-14 08:51:45 +00:00
servarr migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
shadowsocks migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
speedtest migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
stirling-pdf Right-size CPU requests cluster-wide and remove missed CPU limits 2026-03-14 09:22:24 +00:00
tandoor migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
terminal Add terminal stack - reverse proxy to ttyd behind authentik 2026-03-10 23:46:01 +00:00
tor-proxy Remove all CPU limits cluster-wide to eliminate CFS throttling 2026-03-14 08:51:45 +00:00
trading-bot migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
travel_blog Remove all CPU limits cluster-wide to eliminate CFS throttling 2026-03-14 08:51:45 +00:00
tuya-bridge migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
url migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
vault migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
wealthfolio migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
webhook_handler migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
whisper Remove all CPU limits cluster-wide to eliminate CFS throttling 2026-03-14 08:51:45 +00:00
woodpecker migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00
ytdlp migrate all secrets from SOPS to Vault KV 2026-03-14 17:15:48 +00:00