.duckdns.org to internal dns .lab

2026-01-03 18:46:23 +01:00
parent 5d41173f8d
commit afba67c68c
5 changed files with 12 additions and 8 deletions
--- a/.gitea/workflows/vault.yaml
+++ b/.gitea/workflows/vault.yaml
@@ -16,10 +16,11 @@ concurrency:

 .vault_step: &vault_step
  name: read vault secret
-  uses: https://gitea.arcodange.duckdns.org/arcodange-org/vault-action.git@main
+  uses: https://gitea.arcodange.lab/arcodange-org/vault-action.git@main
  id: vault-secrets
  with:
-    url: https://vault.arcodange.duckdns.org
+    url: https://vault.arcodange.lab
+    caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
    jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
    role: gitea_cicd_webapp
    method: jwt
@@ -49,9 +50,12 @@ jobs:
    env:
      OPENTOFU_VERSION: 1.8.2
      TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
+      VAULT_CACERT: "${{ github.workspace }}/homelab.pem"
    steps:
      - *vault_step
      - uses: actions/checkout@v4
+      - name: prepare vault self signed cert
+        run: echo -n "${{ secrets.HOMELAB_CA_CERT }}" | base64 -d > $VAULT_CACERT
      - name: terraform apply
        uses: dflook/terraform-apply@v1
        with:
--- a/chart/templates/config.yaml
+++ b/chart/templates/config.yaml
@@ -11,7 +11,7 @@ data:
  # DOLI_DB_USER: root
  # DOLI_DB_PASSWORD: root
  DOLI_DB_NAME: erp
-  DOLI_URL_ROOT: 'https://erp.arcodange.duckdns.org'
+  DOLI_URL_ROOT: 'https://erp.arcodange.lab'
  # DOLI_ADMIN_LOGIN: 'admin'
  # DOLI_ADMIN_PASSWORD: 'admininitialpassword'
  DOLI_ENABLE_MODULES: Societe,Facture
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -50,11 +50,11 @@ ingress:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
-    traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org
-    traefik.ingress.kubernetes.io/router.tls.domains.0.sans: erp.arcodange.duckdns.org
+    traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.lab
+    traefik.ingress.kubernetes.io/router.tls.domains.0.sans: erp.arcodange.lab
    traefik.ingress.kubernetes.io/router.middlewares: localIp@file
  hosts:
-    - host: erp.arcodange.duckdns.org
+    - host: erp.arcodange.lab
      paths:
        - path: /
          pathType: Prefix
--- a/iac/providers.tf
+++ b/iac/providers.tf
@@ -8,7 +8,7 @@ terraform {
 }

 provider vault {
-    address = "https://vault.arcodange.duckdns.org"
+    address = "https://vault.arcodange.lab"
    auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
        mount = "gitea_jwt"
        role = "gitea_cicd_erp"
--- a/test/.env.example
+++ b/test/.env.example
@@ -1,4 +1,4 @@
-DOLIBARR_ADDRESS=https://erp.arcodange.duckdns.org
+DOLIBARR_ADDRESS=https://erp.arcodange.lab
 DOLI_DB_PASSWORD=
 DOLI_ADMIN_LOGIN=admin
 DOLI_ADMIN_PASSWORD=""