yesod-mirror/k8s/configs/environments/network/main.jsonnet

local base = import "k8s/configs/base.libsonnet";
local secrets = import "k8s/configs/environments/network/secrets.json";
local ddclient = import "k8s/configs/templates/core/network/ddclient.libsonnet";
local oauth2Proxy = import "k8s/configs/templates/core/security/oauth2-proxy.libsonnet";
local nginx = import "k8s/configs/templates/core/network/nginx-ingress.libsonnet";

local namespace = "network";
local ctx = base.NewContext(base.helm);


{
    namespace: {
        apiVersion: "v1",
        kind: "Namespace",
        metadata: {
            name: namespace,
        },
    },
    secrets: {
        oauth2ProxyKubeDomain: oauth2Proxy.Secret(oauth2Proxy.SecretParams {
            namespace: "network",
            name: "oauth2-proxy-kube-domain",
            cookieSecret: secrets.oauth2_kube_cookie_secret,
            clientSecret: secrets.oauth2_kube_client_secret,
            clientId: secrets.oauth2_kube_client_id,
        }),
        oauth2ProxyDominionDomain: oauth2Proxy.Secret(oauth2Proxy.SecretParams {
            namespace: "network",
            name: "oauth2-proxy-dominion-domain",
            cookieSecret: secrets.oauth2_dominion_cookie_secret,
            clientSecret: secrets.oauth2_dominion_client_secret,
            clientId: secrets.oauth2_dominion_client_id,
        })
    },
    apps: {
        acmeStagingIssuer: base.ClusterIssuer(namespace, "letsencrypt-production") {
            spec+: {
                acme+: {
                    email: "acmcarther+web@gmail.com",
                    server: "https://acme-v02.api.letsencrypt.org/directory",
                    privateKeySecretRef: {
                    name: "letsencrypt-production",
                    },
                    solvers: [
                    {
                        http01: {
                        ingress: {
                            class: "nginx",
                        },
                        },
                    },
                    ],
                },
            },
        },
        acmeProdIssuer: base.ClusterIssuer(namespace, "letsencrypt-staging") {
            spec+: {
                acme+: {
                    email: "acmcarther+web@gmail.com",
                    server: "https://acme-staging-v02.api.letsencrypt.org/directory",
                    privateKeySecretRef: {
                    name: "letsencrypt-staging",
                    },
                    solvers: [
                    {
                        http01: {
                        ingress: {
                            class: "nginx",
                        },
                        },
                    },
                    ],
                },
            },
        },
        app: nginx.App(nginx.Params {
            namespace: namespace,
            name: "nginx-ingress",
        }),

        ddclientCheapassbox: ddclient.App(ddclient.Params {
            namespace: namespace,
            name: "ddclient",
            filePath: std.thisFile,
            configClaimName: "ddclient-config",
            login: "cheapassbox.com",
            password: secrets.ddclient_cheapassbox_password,
        }),
        ddclientCsbx: ddclient.App(ddclient.Params {
            namespace: namespace,
            name: "ddclient-csbx",
            filePath: std.thisFile,
            configClaimName: "ddclient-csbx-config",
            login: "csbx.dev",
            password: secrets.ddclient_csbx_password,
        }),
        /*
        ddclientCsbx: ddclient.App(ddclient.Params {
            namespace: namespace,
            name: "ddclient-cheapassusercontent",
            filePath: std.thisFile,
            configClaimName: "ddclient-cheapassusercontent-config",
            login: "cheapassusercontent.com",
            password: "3c02309b5b794823b1dce8343a300566",
        }),
        */
        oauth2ProxyCheapassboxCom: oauth2Proxy.App(oauth2Proxy.Params {
            namespace: namespace,
            name: "oauth2-proxy-default-cheapassbox-com",
            filePath: std.thisFile,
            ingressHost: "oauth.cheapassbox.com",
            domains: ["cheapassbox.com"],
            oicdIssuerURL: "https://authentication.cheapassbox.com/realms/kube",
            secretName: "oauth2-proxy-kube-domain"
        }),
        oauth2ProxyCsbxDev: oauth2Proxy.App(oauth2Proxy.Params {
            namespace: namespace,
            name: "oauth2-proxy-default-csbx-dev",
            filePath: std.thisFile,
            ingressHost: "oauth.csbx.dev",
            domains: ["csbx.dev"],
            oicdIssuerURL: "https://auth.csbx.dev/realms/kube",
            secretName: "oauth2-proxy-kube-domain"
        }),
        oauth2ProxyDominionCheapassboxCom: oauth2Proxy.App(oauth2Proxy.Params {
            namespace: namespace,
            name: "oauth2-proxy-dominion-cheapassbox-com",
            filePath: std.thisFile,
            ingressHost: "oauth-dominion.cheapassbox.com",
            domains: ["cheapassbox.com"],
            oicdIssuerURL: "https://authentication.cheapassbox.com/realms/dominion",
            secretName: "oauth2-proxy-dominion-domain"
        }),
        oauth2ProxyDominionCsbxDev: oauth2Proxy.App(oauth2Proxy.Params {
            namespace: namespace,
            name: "oauth2-proxy-dominion-csbx-dev",
            filePath: std.thisFile,
            ingressHost: "oauth-dominion.csbx.dev",
            domains: ["csbx.dev"],
            oicdIssuerURL: "https://auth.csbx.dev/realms/dominion",
            secretName: "oauth2-proxy-dominion-domain"
        }),

        // TODO: Oauth2 proxy
        // TODO: nginx ingress
    },
}
Project import generated by Copybara. GitOrigin-RevId: 6370f6ea785709295b6abcf9c60717cacf3ac432 2026-01-20 13:24:59 -08:00			`local base = import "k8s/configs/base.libsonnet";`
			`local secrets = import "k8s/configs/environments/network/secrets.json";`
			`local ddclient = import "k8s/configs/templates/core/network/ddclient.libsonnet";`
			`local oauth2Proxy = import "k8s/configs/templates/core/security/oauth2-proxy.libsonnet";`
			`local nginx = import "k8s/configs/templates/core/network/nginx-ingress.libsonnet";`

			`local namespace = "network";`
			`local ctx = base.NewContext(base.helm);`


			`{`
			`namespace: {`
			`apiVersion: "v1",`
			`kind: "Namespace",`
			`metadata: {`
			`name: namespace,`
			`},`
			`},`
			`secrets: {`
			`oauth2ProxyKubeDomain: oauth2Proxy.Secret(oauth2Proxy.SecretParams {`
			`namespace: "network",`
			`name: "oauth2-proxy-kube-domain",`
			`cookieSecret: secrets.oauth2_kube_cookie_secret,`
			`clientSecret: secrets.oauth2_kube_client_secret,`
			`clientId: secrets.oauth2_kube_client_id,`
			`}),`
			`oauth2ProxyDominionDomain: oauth2Proxy.Secret(oauth2Proxy.SecretParams {`
			`namespace: "network",`
			`name: "oauth2-proxy-dominion-domain",`
			`cookieSecret: secrets.oauth2_dominion_cookie_secret,`
			`clientSecret: secrets.oauth2_dominion_client_secret,`
			`clientId: secrets.oauth2_dominion_client_id,`
			`})`
			`},`
			`apps: {`
			`acmeStagingIssuer: base.ClusterIssuer(namespace, "letsencrypt-production") {`
			`spec+: {`
			`acme+: {`
			`email: "acmcarther+web@gmail.com",`
			`server: "https://acme-v02.api.letsencrypt.org/directory",`
			`privateKeySecretRef: {`
			`name: "letsencrypt-production",`
			`},`
			`solvers: [`
			`{`
			`http01: {`
			`ingress: {`
			`class: "nginx",`
			`},`
			`},`
			`},`
			`],`
			`},`
			`},`
			`},`
			`acmeProdIssuer: base.ClusterIssuer(namespace, "letsencrypt-staging") {`
			`spec+: {`
			`acme+: {`
			`email: "acmcarther+web@gmail.com",`
			`server: "https://acme-staging-v02.api.letsencrypt.org/directory",`
			`privateKeySecretRef: {`
			`name: "letsencrypt-staging",`
			`},`
			`solvers: [`
			`{`
			`http01: {`
			`ingress: {`
			`class: "nginx",`
			`},`
			`},`
			`},`
			`],`
			`},`
			`},`
			`},`
			`app: nginx.App(nginx.Params {`
			`namespace: namespace,`
			`name: "nginx-ingress",`
			`}),`

			`ddclientCheapassbox: ddclient.App(ddclient.Params {`
			`namespace: namespace,`
			`name: "ddclient",`
			`filePath: std.thisFile,`
			`configClaimName: "ddclient-config",`
			`login: "cheapassbox.com",`
			`password: secrets.ddclient_cheapassbox_password,`
			`}),`
			`ddclientCsbx: ddclient.App(ddclient.Params {`
			`namespace: namespace,`
			`name: "ddclient-csbx",`
			`filePath: std.thisFile,`
			`configClaimName: "ddclient-csbx-config",`
			`login: "csbx.dev",`
			`password: secrets.ddclient_csbx_password,`
			`}),`
			`/*`
			`ddclientCsbx: ddclient.App(ddclient.Params {`
			`namespace: namespace,`
			`name: "ddclient-cheapassusercontent",`
			`filePath: std.thisFile,`
			`configClaimName: "ddclient-cheapassusercontent-config",`
			`login: "cheapassusercontent.com",`
			`password: "3c02309b5b794823b1dce8343a300566",`
			`}),`
			`*/`
			`oauth2ProxyCheapassboxCom: oauth2Proxy.App(oauth2Proxy.Params {`
			`namespace: namespace,`
			`name: "oauth2-proxy-default-cheapassbox-com",`
			`filePath: std.thisFile,`
			`ingressHost: "oauth.cheapassbox.com",`
			`domains: ["cheapassbox.com"],`
			`oicdIssuerURL: "https://authentication.cheapassbox.com/realms/kube",`
			`secretName: "oauth2-proxy-kube-domain"`
			`}),`
			`oauth2ProxyCsbxDev: oauth2Proxy.App(oauth2Proxy.Params {`
			`namespace: namespace,`
			`name: "oauth2-proxy-default-csbx-dev",`
			`filePath: std.thisFile,`
			`ingressHost: "oauth.csbx.dev",`
			`domains: ["csbx.dev"],`
			`oicdIssuerURL: "https://auth.csbx.dev/realms/kube",`
			`secretName: "oauth2-proxy-kube-domain"`
			`}),`
			`oauth2ProxyDominionCheapassboxCom: oauth2Proxy.App(oauth2Proxy.Params {`
			`namespace: namespace,`
			`name: "oauth2-proxy-dominion-cheapassbox-com",`
			`filePath: std.thisFile,`
			`ingressHost: "oauth-dominion.cheapassbox.com",`
			`domains: ["cheapassbox.com"],`
			`oicdIssuerURL: "https://authentication.cheapassbox.com/realms/dominion",`
			`secretName: "oauth2-proxy-dominion-domain"`
			`}),`
			`oauth2ProxyDominionCsbxDev: oauth2Proxy.App(oauth2Proxy.Params {`
			`namespace: namespace,`
			`name: "oauth2-proxy-dominion-csbx-dev",`
			`filePath: std.thisFile,`
			`ingressHost: "oauth-dominion.csbx.dev",`
			`domains: ["csbx.dev"],`
			`oicdIssuerURL: "https://auth.csbx.dev/realms/dominion",`
			`secretName: "oauth2-proxy-dominion-domain"`
			`}),`

			`// TODO: Oauth2 proxy`
			`// TODO: nginx ingress`
			`},`
			`}`