From 0323c5f63a9b5be7150c88fe72a86bcbcd9717bb Mon Sep 17 00:00:00 2001
From: Gabriel Radureau <arcodange@gmail.com>
Date: Sat, 3 Jan 2026 18:46:23 +0100
Subject: [PATCH] .duckdns.org to internal dns .lab

---
 .gitea/workflows/vault.yaml | 8 ++++++--
 chart/templates/config.yaml | 2 +-
 chart/values.yaml           | 6 +++---
 test/.env.example           | 2 +-
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/.gitea/workflows/vault.yaml b/.gitea/workflows/vault.yaml
index b535e29..c49c237 100644
--- a/.gitea/workflows/vault.yaml
+++ b/.gitea/workflows/vault.yaml
@@ -16,10 +16,11 @@ concurrency:
 
 .vault_step: &vault_step
   name: read vault secret
-  uses: https://gitea.arcodange.duckdns.org/arcodange-org/vault-action.git@main
+  uses: https://gitea.arcodange.lab/arcodange-org/vault-action.git@main
   id: vault-secrets
   with:
-    url: https://vault.arcodange.duckdns.org
+    url: https://vault.arcodange.lab
+    caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
     jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
     role: gitea_cicd_webapp
     method: jwt
@@ -49,9 +50,12 @@ jobs:
     env:
       OPENTOFU_VERSION: 1.8.2
       TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
+      VAULT_CACERT: "${{ github.workspace }}/homelab.pem"
     steps:
       - *vault_step
       - uses: actions/checkout@v4
+      - name: prepare vault self signed cert
+        run: echo -n "${{ secrets.HOMELAB_CA_CERT }}" | base64 -d > $VAULT_CACERT
       - name: terraform apply
         uses: dflook/terraform-apply@v1
         with:
diff --git a/chart/templates/config.yaml b/chart/templates/config.yaml
index b5bf7e5..2407687 100644
--- a/chart/templates/config.yaml
+++ b/chart/templates/config.yaml
@@ -11,7 +11,7 @@ data:
   # DOLI_DB_USER: root
   # DOLI_DB_PASSWORD: root
   DOLI_DB_NAME: erp
-  DOLI_URL_ROOT: 'https://erp.arcodange.duckdns.org'
+  DOLI_URL_ROOT: 'https://erp.arcodange.lab'
   # DOLI_ADMIN_LOGIN: 'admin'
   # DOLI_ADMIN_PASSWORD: 'admininitialpassword'
   DOLI_ENABLE_MODULES: Societe,Facture
diff --git a/chart/values.yaml b/chart/values.yaml
index ed0ad29..356f151 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -50,11 +50,11 @@ ingress:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
     traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
-    traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org
-    traefik.ingress.kubernetes.io/router.tls.domains.0.sans: erp.arcodange.duckdns.org
+    traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.lab
+    traefik.ingress.kubernetes.io/router.tls.domains.0.sans: erp.arcodange.lab
     traefik.ingress.kubernetes.io/router.middlewares: localIp@file
   hosts:
-    - host: erp.arcodange.duckdns.org
+    - host: erp.arcodange.lab
       paths:
         - path: /
           pathType: Prefix
diff --git a/test/.env.example b/test/.env.example
index 7403bfa..c49d634 100644
--- a/test/.env.example
+++ b/test/.env.example
@@ -1,4 +1,4 @@
-DOLIBARR_ADDRESS=https://erp.arcodange.duckdns.org
+DOLIBARR_ADDRESS=https://erp.arcodange.lab
 DOLI_DB_PASSWORD=
 DOLI_ADMIN_LOGIN=admin
 DOLI_ADMIN_PASSWORD=""