bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,417 Commits 14 Branches 0 Tags
Commit Graph

78 Commits

Author SHA1 Message Date
Brad Stein
728f2cd2ee vault: pin cronjobs to service IP 2026-01-17 03:17:36 -03:00
Brad Stein
ef5ac62544 vault: make retry helper resilient 2026-01-17 03:09:33 -03:00
Brad Stein
a9c2d3c5e8 vault: retry vault cli operations 2026-01-17 03:00:25 -03:00
Brad Stein
9a3c3a3d3e vault: retry status checks in config jobs 2026-01-17 02:49:25 -03:00
Brad Stein
62fa6ef371 finance: seed vault secrets 2026-01-17 00:54:49 -03:00
Brad Stein
3e3061fe5b finance: add actual budget and firefly 2026-01-16 23:52:56 -03:00
Brad Stein
401df4d68c longhorn: use harbor mirrors and vault pull secret 2026-01-16 17:31:29 -03:00
Brad Stein
9f3d2db63d platform: add cert-manager and align postgres vault path 2026-01-16 11:14:48 -03:00
Brad Stein
5cd196e043 vault/keycloak: restore kv access and wger sync rbac 2026-01-16 03:46:07 -03:00
Brad Stein
8ad9f0a664 vault: allow admin kv browse 2026-01-16 03:20:32 -03:00
Brad Stein
f5231d282b vault: allow UI mount listing for admins 2026-01-16 02:06:31 -03:00
Brad Stein
bb1bf3c017 fix ingress tls routing 2026-01-16 01:40:50 -03:00
Brad Stein
5899c9acb3 vault: allow admin policy to update shared secrets 2026-01-15 04:17:14 -03:00
Brad Stein
c30f1fc587 vault: allow sso role to read portal admin secret 2026-01-15 03:46:58 -03:00
Brad Stein
feb9d6997c vault: prepopulate oidc job 2026-01-15 02:22:52 -03:00
Brad Stein
9e6673d02e vault: default oidc claims type 2026-01-15 02:20:53 -03:00
Brad Stein
d69545cdb5 vault: harden oidc claims type 2026-01-15 02:18:50 -03:00
Brad Stein
756a1af2e6 vault: allow oidc tuning 2026-01-15 02:16:55 -03:00
Brad Stein
74a2b3e28d vault: use static token reviewer 2026-01-15 02:14:08 -03:00
Brad Stein
e885c7d6ce vault: allow vault-admin token review 2026-01-15 02:09:34 -03:00
Brad Stein
86c9951cc4 vault: add admin role for config jobs 2026-01-15 02:06:28 -03:00
Brad Stein
85c3d9c2f7 vault: finalize sidecar migration 2026-01-15 01:52:24 -03:00
Brad Stein
82090c1953 vault: read oidc config from vault 2026-01-14 23:20:04 -03:00
Brad Stein
bb9a4e6d8b longhorn: read oauth2-proxy secrets from vault 2026-01-14 17:48:12 -03:00
Brad Stein
fb671865e5 vault: inject remaining services with wrappers 2026-01-14 17:29:09 -03:00
Brad Stein
89f4b0dbdf vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00
Brad Stein
b1f9df4d83 vault: sync harbor pulls 2026-01-14 10:07:31 -03:00
Brad Stein
b8e50bb0a6 monitoring: move grafana smtp to vault 2026-01-14 06:41:34 -03:00
Brad Stein
37302664c2 vault: add remaining secret syncs 2026-01-14 06:16:42 -03:00
Brad Stein
de3db3133b vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00
Brad Stein
8d526e383f vault: send oidc role payload as json 2026-01-14 03:45:03 -03:00
Brad Stein
4111fb079f vault: write bound_claims as file 2026-01-14 02:56:29 -03:00
Brad Stein
fd2ae6bdd5 vault: wire more services to CSI 2026-01-14 02:54:59 -03:00
Brad Stein
8a358832f3 vault: fix oidc scopes parsing 2026-01-14 02:52:51 -03:00
Brad Stein
c3541b72c3 vault: run oidc config with sh 2026-01-14 02:28:38 -03:00
Brad Stein
55234f8536 vault: align oidc roles with keycloak 2026-01-14 02:24:32 -03:00
Brad Stein
50aec198a4 fix: detect vault initialized state correctly 2026-01-14 01:42:28 -03:00
Brad Stein
cb5796cb71 fix: make vault k8s auth script posix 2026-01-14 01:38:27 -03:00
Brad Stein
5a9ceeab24 fix: run vault k8s auth config with sh 2026-01-14 01:35:06 -03:00
Brad Stein
b82195f2d7 feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00
Brad Stein
4a1c4766b8 feat: add harbor/vault oidc automation 2026-01-14 01:07:47 -03:00
Brad Stein
77ecf3229e vault: use dedicated service account for k8s auth 2025-12-25 03:43:17 -03:00
Brad Stein
4d47e2c693 vault: revert ui default auth block (not supported) 2025-12-24 20:16:33 -03:00
Brad Stein
cf2e4c8bb2 jitsi: require auth to start rooms; vault ui default oidc 2025-12-24 20:11:29 -03:00
Brad Stein
dba8364c74 vault: probes use http VAULT_ADDR for http listener 2025-12-20 00:09:44 -03:00
Brad Stein
e354f8bc3f vault: keep probes HTTPS, drop ingress backend tweaks 2025-12-20 00:03:11 -03:00
Brad Stein
fa977a69f4 vault: run http inside cluster (tls terminated at ingress) 2025-12-19 23:54:28 -03:00
Brad Stein
d3ca57eabf vault: backend over https with serversTransport 2025-12-19 23:52:19 -03:00
Brad Stein
c2dfba67c2 vault: remove serversTransport, speak http to service 2025-12-19 23:51:32 -03:00
Brad Stein
f243be21e6 vault: drop unused redirect middleware 2025-12-19 23:50:44 -03:00