bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,931 Commits 23 Branches 0 Tags
Commit Graph

51 Commits

Author SHA1 Message Date
Brad Stein
fdc80b9c0f sso: route metis through dedicated oauth2 proxy 2026-03-31 17:32:19 -03:00
Brad Stein
00c0375790 comms: add synapse admin ensure job 2026-01-27 04:48:44 -03:00
Brad Stein
6062e266aa vault: allow ariadne to use vault-admin role 2026-01-26 22:26:13 -03:00
Brad Stein
096bb329e6 jenkins: sync harbor pull secret from vault 2026-01-22 04:45:24 -03:00
Brad Stein
ee4af80e15 jenkins: use shared harbor creds when present 2026-01-22 03:15:38 -03:00
Brad Stein
0ab34c0af5 ariadne: split portal and ariadne db secrets 2026-01-21 03:39:17 -03:00
Brad Stein
0680926dae vault: allow ariadne to read needed secrets 2026-01-21 03:21:01 -03:00
Brad Stein
587a0af1d7 maintenance: wire ariadne db and dashboards 2026-01-20 23:03:39 -03:00
Brad Stein
a6b317097e fix: allow maintenance vault sync role 2026-01-19 19:07:00 -03:00
Brad Stein
f3620aa2a4 chore: centralize harbor pull credentials 2026-01-19 19:02:14 -03:00
Brad Stein
11a06e7683 feat: add Ariadne service and glue scheduling 2026-01-19 16:58:02 -03:00
Brad Stein
47fdd97120 vault: allow vaultwarden mailu secret 2026-01-19 02:23:16 -03:00
Brad Stein
e4a06c4ffb portal: use mailu smtp secret 2026-01-19 00:56:07 -03:00
Brad Stein
cb5d38e979 vault: allow portal to read postmark relay 2026-01-18 01:17:52 -03:00
Brad Stein
e0cc02d480 vault: make retry helper resilient 2026-01-17 03:09:33 -03:00
Brad Stein
dfcf9bcc58 vault: retry vault cli operations 2026-01-17 03:00:25 -03:00
Brad Stein
8f5efd3df9 vault: retry status checks in config jobs 2026-01-17 02:49:25 -03:00
Brad Stein
15021dd2dc finance: seed vault secrets 2026-01-17 00:54:49 -03:00
Brad Stein
05cdf75dc6 finance: add actual budget and firefly 2026-01-16 23:52:56 -03:00
Brad Stein
5ba9501db9 longhorn: use harbor mirrors and vault pull secret 2026-01-16 17:31:29 -03:00
Brad Stein
90a25ac73e platform: add cert-manager and align postgres vault path 2026-01-16 11:14:48 -03:00
Brad Stein
a603b88eea vault/keycloak: restore kv access and wger sync rbac 2026-01-16 03:46:07 -03:00
Brad Stein
b308ee8d55 vault: allow admin kv browse 2026-01-16 03:20:32 -03:00
Brad Stein
05b0242e26 vault: allow UI mount listing for admins 2026-01-16 02:06:31 -03:00
Brad Stein
d4f110534f vault: allow admin policy to update shared secrets 2026-01-15 04:17:14 -03:00
Brad Stein
ebca451243 vault: allow sso role to read portal admin secret 2026-01-15 03:46:58 -03:00
Brad Stein
ee1fd7f458 vault: default oidc claims type 2026-01-15 02:20:53 -03:00
Brad Stein
d82146cfd6 vault: harden oidc claims type 2026-01-15 02:18:50 -03:00
Brad Stein
a4d20efe7d vault: allow oidc tuning 2026-01-15 02:16:55 -03:00
Brad Stein
2b934d4263 vault: use static token reviewer 2026-01-15 02:14:08 -03:00
Brad Stein
53c4faf2f7 vault: add admin role for config jobs 2026-01-15 02:06:28 -03:00
Brad Stein
1eab80648d vault: finalize sidecar migration 2026-01-15 01:52:24 -03:00
Brad Stein
d957e7e7f7 vault: read oidc config from vault 2026-01-14 23:20:04 -03:00
Brad Stein
fb05c442f5 longhorn: read oauth2-proxy secrets from vault 2026-01-14 17:48:12 -03:00
Brad Stein
4f99000aab vault: inject remaining services with wrappers 2026-01-14 17:29:09 -03:00
Brad Stein
4279db1619 vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00
Brad Stein
c9483b2d80 vault: sync harbor pulls 2026-01-14 10:07:31 -03:00
Brad Stein
e897858d97 monitoring: move grafana smtp to vault 2026-01-14 06:41:34 -03:00
Brad Stein
c24c7284e5 vault: add remaining secret syncs 2026-01-14 06:16:42 -03:00
Brad Stein
bdc32b7a36 vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00
Brad Stein
58a9eb8a35 vault: send oidc role payload as json 2026-01-14 03:45:03 -03:00
Brad Stein
3bcf04f754 vault: write bound_claims as file 2026-01-14 02:56:29 -03:00
Brad Stein
3c65695dfc vault: wire more services to CSI 2026-01-14 02:54:59 -03:00
Brad Stein
7d884b2bc8 vault: fix oidc scopes parsing 2026-01-14 02:52:51 -03:00
Brad Stein
ca0c618f82 vault: run oidc config with sh 2026-01-14 02:28:38 -03:00
Brad Stein
0d9291da7e vault: align oidc roles with keycloak 2026-01-14 02:24:32 -03:00
Brad Stein
8567cfbee2 fix: detect vault initialized state correctly 2026-01-14 01:42:28 -03:00
Brad Stein
ed7ff3b810 fix: make vault k8s auth script posix 2026-01-14 01:38:27 -03:00
Brad Stein
c096b35078 fix: run vault k8s auth config with sh 2026-01-14 01:35:06 -03:00
Brad Stein
5d53d900aa feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00