feat: cleanup domain references

joryirving · Feb 2, 2025 · a2c8ca9 · a2c8ca9
1 parent 05c6f2f
commit a2c8ca9
Show file tree

Hide file tree

Showing 108 changed files with 183 additions and 184 deletions.
diff --git a/kubernetes/main/apps/cert-manager/cert-manager/issuers/clusterissuer.yaml b/kubernetes/main/apps/cert-manager/cert-manager/issuers/clusterissuer.yaml
@@ -16,7 +16,7 @@ spec:
               name: cloudflare
               key: CLOUDFLARE_DNS_TOKEN
         selector:
-          dnsZones: ["jory.dev"]
+          dnsZones: ["${SECRET_DOMAIN}"]
 ---
 # yaml-language-server: $schema=https://kube-schemas.pages.dev/cert-manager.io/clusterissuer_v1.json
 apiVersion: cert-manager.io/v1
@@ -35,4 +35,4 @@ spec:
               name: cloudflare
               key: CLOUDFLARE_DNS_TOKEN
         selector:
-          dnsZones: ["jory.dev"]
+          dnsZones: ["${SECRET_DOMAIN}"]
diff --git a/kubernetes/main/apps/cert-manager/cert-manager/tls/certificates.yaml b/kubernetes/main/apps/cert-manager/cert-manager/tls/certificates.yaml
@@ -3,11 +3,11 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: "jory.dev"
+  name: "${SECRET_DOMAIN}"
 spec:
-  secretName: "jory.dev-tls"
+  secretName: "${SECRET_DOMAIN}-tls"
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "jory.dev"
-  dnsNames: ["jory.dev", "*.jory.dev"]
+  commonName: "${SECRET_DOMAIN}"
+  dnsNames: ["${SECRET_DOMAIN}", "*.${SECRET_DOMAIN}"]
diff --git a/kubernetes/main/apps/cert-manager/cert-manager/tls/pushsecret.yaml b/kubernetes/main/apps/cert-manager/cert-manager/tls/pushsecret.yaml
@@ -10,7 +10,7 @@ spec:
       kind: ClusterSecretStore
   selector:
     secret:
-      name: jory.dev-tls
+      name: ${SECRET_DOMAIN}-tls
   template:
     engineVersion: v2
     data:

diff --git a/kubernetes/main/apps/cert-manager/cert-manager/tls/staging.yaml b/kubernetes/main/apps/cert-manager/cert-manager/tls/staging.yaml
@@ -9,5 +9,5 @@ spec:
   issuerRef:
     name: letsencrypt-staging
     kind: ClusterIssuer
-  commonName: "jory.dev"
-  dnsNames: ["jory.dev", "*.jory.dev"]
+  commonName: "${SECRET_DOMAIN}"
+  dnsNames: ["${SECRET_DOMAIN}", "*.${SECRET_DOMAIN}"]
diff --git a/kubernetes/main/apps/database/crunchy-postgres/cluster/cluster.yaml b/kubernetes/main/apps/database/crunchy-postgres/cluster/cluster.yaml
@@ -172,7 +172,7 @@ spec:
         - name: repo3
           s3: &minio
             bucket: postgresql
-            endpoint: s3.jory.dev
+            endpoint: s3.${SECRET_DOMAIN}
             region: ca-west-1
           schedules:
             full: "15 1 * * 0" # Sunday at 01:15
@@ -192,7 +192,7 @@ spec:
       service:
         metadata:
           annotations:
-            external-dns.alpha.kubernetes.io/hostname: cpgo.jory.dev
+            external-dns.alpha.kubernetes.io/hostname: cpgo.${SECRET_DOMAIN}
             lbipam.cilium.io/ips: 10.69.1.34
         type: LoadBalancer
       port: 5432

diff --git a/kubernetes/main/apps/downloads/bazarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/bazarr/app/helmrelease.yaml
@@ -108,7 +108,7 @@ spec:
           gethomepage.dev/widget.url: http://bazarr.downloads:6767
           gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_BAZARR_TOKEN}}` }}"
         hosts:
-        - host: "{{ .Release.Name }}.jory.dev"
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
           paths:
           - path: /
             service:

diff --git a/kubernetes/main/apps/downloads/dashbrr/app/externalsecret.yaml b/kubernetes/main/apps/downloads/dashbrr/app/externalsecret.yaml
@@ -17,10 +17,10 @@ spec:
         DASHBRR_MAINTAINERR_API_KEY: "{{ .MAINTAINERR_API_KEY }}"
         DASHBRR_PLEX_API_KEY: "{{ .PLEX_API_KEY }}"
         # OIDC
-        OIDC_ISSUER: "https://sso.jory.dev/application/o/dashbrr/"
+        OIDC_ISSUER: "https://sso.${SECRET_DOMAIN}/application/o/dashbrr/"
         OIDC_CLIENT_ID: "{{ .DASHBRR_CLIENT_ID }}"
         OIDC_CLIENT_SECRET: "{{ .DASHBRR_CLIENT_SECRET }}"
-        OIDC_REDIRECT_URL: "https://dashbrr.jory.dev/api/auth/callback"
+        OIDC_REDIRECT_URL: "https://dashbrr.${SECRET_DOMAIN}/api/auth/callback"
         # Database
         DASHBRR__DB_TYPE: postgres
         DASHBRR__DB_NAME: '{{ .dbname }}'

diff --git a/kubernetes/main/apps/downloads/dashbrr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/dashbrr/app/helmrelease.yaml
@@ -92,7 +92,7 @@ spec:
           # gethomepage.dev/widget.url: http://dashbrr.downloads
           # gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_DASHBRR_TOKEN}}` }}"
         hosts:
-        - host: "{{ .Release.Name }}.jory.dev"
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
           paths:
           - path: /
             service:

diff --git a/kubernetes/main/apps/downloads/kapowarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/kapowarr/app/helmrelease.yaml
@@ -61,7 +61,7 @@ spec:
           gethomepage.dev/icon: calibre-web.png
           gethomepage.dev/description: Comic Downloads
         hosts:
-          - host: "{{ .Release.Name }}.jory.dev"
+          - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
             paths:
               - path: /
                 service:

diff --git a/kubernetes/main/apps/downloads/metube/app/helmrelease.yaml b/kubernetes/main/apps/downloads/metube/app/helmrelease.yaml
@@ -61,7 +61,7 @@ spec:
       app:
         className: internal
         hosts:
-        - host: "{{ .Release.Name }}.jory.dev"
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
           paths:
           - path: /
             service:

diff --git a/kubernetes/main/apps/downloads/mylar/app/helmrelease.yaml b/kubernetes/main/apps/downloads/mylar/app/helmrelease.yaml
@@ -74,7 +74,7 @@ spec:
           gethomepage.dev/widget.url: http://mylar.downloads:8090
           gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_MYLAR_TOKEN}}` }}"
         hosts:
-          - host: "{{ .Release.Name }}.jory.dev"
+          - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
             paths:
               - path: /
                 service:

diff --git a/kubernetes/main/apps/downloads/prowlarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/prowlarr/app/helmrelease.yaml
@@ -81,7 +81,7 @@ spec:
           gethomepage.dev/widget.url: http://prowlarr.downloads
           gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_PROWLARR_TOKEN}}` }}"
         hosts:
-        - host: "{{ .Release.Name }}.jory.dev"
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
           paths:
           - path: /
             pathType: Prefix

diff --git a/kubernetes/main/apps/downloads/qbittorrent/app/helmrelease.yaml b/kubernetes/main/apps/downloads/qbittorrent/app/helmrelease.yaml
@@ -114,7 +114,7 @@ spec:
             proxy_hide_header "content-security-policy";
             proxy_hide_header "X-Frame-Options";
         hosts:
-          - host: "{{ .Release.Name }}.jory.dev"
+          - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
             paths:
               - path: /
                 service:

diff --git a/kubernetes/main/apps/downloads/radarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/radarr/app/helmrelease.yaml
@@ -101,7 +101,7 @@ spec:
           gethomepage.dev/widget.url: http://radarr.downloads
           gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_RADARR_TOKEN}}` }}"
         hosts:
-        - host: "{{ .Release.Name }}.jory.dev"
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
           paths:
           - path: /
             service:

diff --git a/kubernetes/main/apps/downloads/readarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/readarr/app/helmrelease.yaml
@@ -84,7 +84,7 @@ spec:
           gethomepage.dev/widget.url: http://readarr.downloads
           gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_READARR_TOKEN}}` }}"
         hosts:
-        - host: "{{ .Release.Name }}.jory.dev"
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
           paths:
           - path: /
             service:

diff --git a/kubernetes/main/apps/downloads/sabnzbd/app/helmrelease.yaml b/kubernetes/main/apps/downloads/sabnzbd/app/helmrelease.yaml
@@ -42,7 +42,7 @@ spec:
               TZ: America/Edmonton
               SABNZBD__PORT: &port 8080
               SABNZBD__HOST_WHITELIST_ENTRIES: >-
-                sabnzbd, sabnzbd.downloads, sabnzbd.downloads.svc, sabnzbd.downloads.svc.cluster, sabnzbd.downloads.svc.cluster.local, sabnzbd.jory.dev
+                sabnzbd, sabnzbd.downloads, sabnzbd.downloads.svc, sabnzbd.downloads.svc.cluster, sabnzbd.downloads.svc.cluster.local, sabnzbd.${SECRET_DOMAIN}
             envFrom:
             - secretRef:
                 name: sabnzbd-secret
@@ -105,7 +105,7 @@ spec:
           gethomepage.dev/widget.url: http://sabnzbd.downloads:8080
           gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_SABNZBD_TOKEN}}` }}"
         hosts:
-        - host: "{{ .Release.Name }}.jory.dev"
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
           paths:
           - path: /
             service:

diff --git a/kubernetes/main/apps/downloads/sonarr/app/helmrelease.yaml b/kubernetes/main/apps/downloads/sonarr/app/helmrelease.yaml
@@ -100,7 +100,7 @@ spec:
           gethomepage.dev/widget.url: http://sonarr.downloads
           gethomepage.dev/widget.key: "{{ `{{HOMEPAGE_VAR_SONARR_TOKEN}}` }}"
         hosts:
-        - host: "{{ .Release.Name }}.jory.dev"
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
           paths:
           - path: /
             service:

diff --git a/kubernetes/main/apps/flux-system/flux-operator/instance/webhook/ingress.yaml b/kubernetes/main/apps/flux-system/flux-operator/instance/webhook/ingress.yaml
@@ -6,7 +6,7 @@ metadata:
 spec:
   ingressClassName: external
   rules:
-    - host: flux-webhook.jory.dev
+    - host: flux-webhook.${SECRET_DOMAIN}
       http:
         paths:
           - path: /hook/

diff --git a/kubernetes/main/apps/flux-system/headlamp/app/externalsecret.yaml b/kubernetes/main/apps/flux-system/headlamp/app/externalsecret.yaml
@@ -13,7 +13,7 @@ spec:
     template:
       data:
         # OIDC
-        OIDC_ISSUER_URL: "https://sso.jory.dev/application/o/headlamp/"
+        OIDC_ISSUER_URL: "https://sso.${SECRET_DOMAIN}/application/o/headlamp/"
         OIDC_CLIENT_ID: "{{ .HEADLAMP_CLIENT_ID }}"
         OIDC_CLIENT_SECRET: "{{ .HEADLAMP_CLIENT_SECRET }}"
         OIDC_SCOPES: "openid email profile"

diff --git a/kubernetes/main/apps/flux-system/headlamp/app/helmrelease.yaml b/kubernetes/main/apps/flux-system/headlamp/app/helmrelease.yaml
@@ -49,7 +49,7 @@ spec:
       enabled: true
       ingressClassName: internal
       hosts:
-        - host: headlamp.jory.dev
+        - host: headlamp.${SECRET_DOMAIN}
           paths:
             - path: /
               type: Prefix

diff --git a/kubernetes/main/apps/games/core-keeper/app/dnsendpoint.yaml b/kubernetes/main/apps/games/core-keeper/app/dnsendpoint.yaml
@@ -6,9 +6,9 @@ metadata:
   name: core-keeper
 spec:
   endpoints:
-    - dnsName: "core-keeper.jory.dev"
+    - dnsName: "core-keeper.${SECRET_DOMAIN}"
       recordType: CNAME
-      targets: ["ipv4.jory.dev"]
+      targets: ["ipv4.${SECRET_DOMAIN}"]
       providerSpecific:
         - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
           value: 'false'
diff --git a/kubernetes/main/apps/games/core-keeper/app/helmrelease.yaml b/kubernetes/main/apps/games/core-keeper/app/helmrelease.yaml
@@ -84,9 +84,9 @@ spec:
     #     enabled: false #nginx doesn't support non-https
     #     className: external
     #     annotations:
-    #       external-dns.alpha.kubernetes.io/target: ipv4.jory.dev
+    #       external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN}
     #     hosts:
-    #     - host: "{{ .Release.Name }}.jory.dev"
+    #     - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
     #       paths:
     #       - path: /
     #         service:

diff --git a/kubernetes/main/apps/games/minecraft/create/dnsendpoint.yaml b/kubernetes/main/apps/games/minecraft/create/dnsendpoint.yaml
@@ -6,9 +6,9 @@ metadata:
   name: create
 spec:
   endpoints:
-    - dnsName: "create.jory.dev"
+    - dnsName: "create.${SECRET_DOMAIN}"
       recordType: CNAME
-      targets: ["mc.jory.dev"]
+      targets: ["mc.${SECRET_DOMAIN}"]
       providerSpecific:
         - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
           value: 'false'
diff --git a/kubernetes/main/apps/games/minecraft/create/helmrelease.yaml b/kubernetes/main/apps/games/minecraft/create/helmrelease.yaml
@@ -73,7 +73,7 @@ spec:
         enabled: true
         existingClaim: *app
     serviceAnnotations:
-      mc-router.itzg.me/externalServerName: &host create.jory.dev
+      mc-router.itzg.me/externalServerName: &host create.${SECRET_DOMAIN}
     minecraftServer:
       eula: true
       version: "1.20.1"
@@ -111,7 +111,7 @@ spec:
           ingressClassName: external
           enabled: true
           annotations:
-            external-dns.alpha.kubernetes.io/target: mc.jory.dev
+            external-dns.alpha.kubernetes.io/target: mc.${SECRET_DOMAIN}
             external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
           hosts:
            - name: *host

diff --git a/kubernetes/main/apps/games/minecraft/mc-router/dnsendpoint.yaml b/kubernetes/main/apps/games/minecraft/mc-router/dnsendpoint.yaml
@@ -6,9 +6,9 @@ metadata:
   name: mc-router
 spec:
   endpoints:
-    - dnsName: "mc.jory.dev"
+    - dnsName: "mc.${SECRET_DOMAIN}"
       recordType: CNAME
-      targets: ["ipv4.jory.dev"]
+      targets: ["ipv4.${SECRET_DOMAIN}"]
       providerSpecific:
         - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
           value: 'false'
diff --git a/kubernetes/main/apps/games/minecraft/mc-router/helmrelease.yaml b/kubernetes/main/apps/games/minecraft/mc-router/helmrelease.yaml
@@ -28,4 +28,4 @@ spec:
         type: LoadBalancer
         annotations:
           lbipam.cilium.io/ips: 10.69.1.40
-          external-dns.alpha.kubernetes.io/hostname: mc.jory.dev
+          external-dns.alpha.kubernetes.io/hostname: mc.${SECRET_DOMAIN}
diff --git a/kubernetes/main/apps/games/minecraft/takocraft/dnsendpoint.yaml b/kubernetes/main/apps/games/minecraft/takocraft/dnsendpoint.yaml
@@ -6,9 +6,9 @@ metadata:
   name: takocraft
 spec:
   endpoints:
-    - dnsName: "takocraft.jory.dev"
+    - dnsName: "takocraft.${SECRET_DOMAIN}"
       recordType: CNAME
-      targets: ["mc.jory.dev"]
+      targets: ["mc.${SECRET_DOMAIN}"]
       providerSpecific:
         - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
           value: 'false'
diff --git a/kubernetes/main/apps/games/minecraft/takocraft/helmrelease.yaml b/kubernetes/main/apps/games/minecraft/takocraft/helmrelease.yaml
@@ -73,7 +73,7 @@ spec:
         enabled: true
         existingClaim: *app
     serviceAnnotations:
-      mc-router.itzg.me/externalServerName: &host takocraft.jory.dev
+      mc-router.itzg.me/externalServerName: &host takocraft.${SECRET_DOMAIN}
     minecraftServer:
       eula: true
       version: "1.21"
@@ -112,7 +112,7 @@ spec:
           ingressClassName: external
           enabled: true
           annotations:
-            external-dns.alpha.kubernetes.io/target: mc.jory.dev
+            external-dns.alpha.kubernetes.io/target: mc.${SECRET_DOMAIN}
             external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
           hosts:
            - name: *host

diff --git a/kubernetes/main/apps/games/minecraft/vibecraft/dnsendpoint.yaml b/kubernetes/main/apps/games/minecraft/vibecraft/dnsendpoint.yaml
@@ -6,9 +6,9 @@ metadata:
   name: vibecraft
 spec:
   endpoints:
-    - dnsName: "vibecraft.jory.dev"
+    - dnsName: "vibecraft.${SECRET_DOMAIN}"
       recordType: CNAME
-      targets: ["mc.jory.dev"]
+      targets: ["mc.${SECRET_DOMAIN}"]
       providerSpecific:
         - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
           value: 'false'
diff --git a/kubernetes/main/apps/games/minecraft/vibecraft/helmrelease.yaml b/kubernetes/main/apps/games/minecraft/vibecraft/helmrelease.yaml
@@ -81,7 +81,7 @@ spec:
       #     subPath: config.yml
       #     readOnly: true
     serviceAnnotations:
-      mc-router.itzg.me/externalServerName: &host vibecraft.jory.dev
+      mc-router.itzg.me/externalServerName: &host vibecraft.${SECRET_DOMAIN}
     minecraftServer:
       eula: true
       version: "1.21"
@@ -117,7 +117,7 @@ spec:
           ingressClassName: external
           enabled: true
           annotations:
-            external-dns.alpha.kubernetes.io/target: mc.jory.dev
+            external-dns.alpha.kubernetes.io/target: mc.${SECRET_DOMAIN}
             external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
           hosts:
            - name: *host

diff --git a/kubernetes/main/apps/games/palworld/app/dnsendpoint.yaml b/kubernetes/main/apps/games/palworld/app/dnsendpoint.yaml
@@ -6,9 +6,9 @@ metadata:
   name: palworld
 spec:
   endpoints:
-    - dnsName: "palworld.jory.dev"
+    - dnsName: "palworld.${SECRET_DOMAIN}"
       recordType: CNAME
-      targets: ["ipv4.jory.dev"]
+      targets: ["ipv4.${SECRET_DOMAIN}"]
       providerSpecific:
         - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
           value: 'false'
diff --git a/kubernetes/main/apps/games/palworld/app/helmrelease.yaml b/kubernetes/main/apps/games/palworld/app/helmrelease.yaml
@@ -57,7 +57,7 @@ spec:
               PUBLIC_PORT: &port 8211
               RCON_ENABLED: true
               RCON_PORT: &rcon-port 25575
-              PUBLIC_IP: palworld.jory.dev
+              PUBLIC_IP: palworld.${SECRET_DOMAIN}
               ## Webhook Settings
               WEBHOOK_ENABLED: true
             envFrom:
@@ -128,9 +128,9 @@ spec:
         enabled: false #nginx doesn't support non-https
         className: external
         annotations:
-          external-dns.alpha.kubernetes.io/target: ipv4.jory.dev
+          external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN}
         hosts:
-        - host: "{{ .Release.Name }}.jory.dev"
+        - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
           paths:
           - path: /
             service:

diff --git a/kubernetes/main/apps/games/vrising/app/dnsendpoint.yaml b/kubernetes/main/apps/games/vrising/app/dnsendpoint.yaml
@@ -6,9 +6,9 @@ metadata:
   name: vrising
 spec:
   endpoints:
-    - dnsName: "vrising.jory.dev"
+    - dnsName: "vrising.${SECRET_DOMAIN}"
       recordType: CNAME
-      targets: ["ipv4.jory.dev"]
+      targets: ["ipv4.${SECRET_DOMAIN}"]
       providerSpecific:
         - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
           value: 'false'
diff --git a/kubernetes/main/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/main/apps/kube-system/cilium/app/helmrelease.yaml
@@ -64,4 +64,4 @@ spec:
             gethomepage.dev/name: Hubble
             gethomepage.dev/group: Observability
             gethomepage.dev/description: Network Monitoring Dashboard
-          hosts: ["hubble.jory.dev"]
+          hosts: ["hubble.${SECRET_DOMAIN}"]