Merge pull request 'argocd: add telegram-gateway application' (#6 ) from feat/homelab-gateway-app into main

Reviewed-on: #6
argocd: rename homelab-gateway → telegram-gateway
2026-05-09 12:41:49 +02:00 · 2026-05-09 12:35:37 +02:00 · 2026-05-09 12:25:30 +02:00 · 2026-05-06 15:03:33 +02:00 · 2026-05-06 14:48:05 +02:00
3 changed files with 23 additions and 2 deletions
--- a/ansible/arcodange/factory/inventory/group_vars/all/gitea.yml
+++ b/ansible/arcodange/factory/inventory/group_vars/all/gitea.yml
@@ -0,0 +1,11 @@
 ---
 # Gitea ownership configuration consumed by playbooks running on `localhost`
 # (e.g. tools/hashicorp_vault.yml). Role-level defaults (gitea_username,
 # gitea_organization) live in roles/gitea_secret/defaults/main.yml ; this file
 # is for fact lists that the inventory should declare.
 # Users (Gitea owner_type=user) to which org-level Gitea Action secrets must
 # also be propagated. Repos owned by these users cannot read org-level secrets,
 # so the secret propagation playbook iterates over this list.
 gitea_secret_propagation_users:
  - arcodange
--- a/ansible/arcodange/factory/playbooks/tools/roles/hashicorp_vault/tasks/gitea_oidc_auth.yml
+++ b/ansible/arcodange/factory/playbooks/tools/roles/hashicorp_vault/tasks/gitea_oidc_auth.yml
@@ -36,6 +36,11 @@
 # WARNING : this disables AND wipes ALL gitea_cicd_* per-app JWT roles
 # (created by tools/hashicorp-vault/iac/) every time it runs. Default is OFF
 # to preserve those roles across normal ansible runs ; opt-in only when you
 # really want to rebuild the OIDC backend from scratch (e.g. config drift on
 # bound_issuer or similar).
 - name: Delete existing Gitea OIDC backends if they exist
  include_tasks: vault_cmd.yml
  vars:
@@ -48,6 +53,7 @@
    - gitea_jwt
  loop_control:
    loop_var: backend_name
  when: vault_oidc_force_reset | default(false) | bool
 - name: use tofu to provision vault
  block:
@@ -123,7 +129,6 @@
      }) | b64encode }}
    gitea_owner_type: 'user'
    gitea_owner_name: '{{ item }}'
-  loop:
+  loop: '{{ gitea_secret_propagation_users }}'
    - arcodange
  loop_control:
    label: '{{ item }}'
--- a/argocd/values.yaml
+++ b/argocd/values.yaml
@@ -14,6 +14,11 @@ gitea_applications:
    annotations:
      argocd-image-updater.argoproj.io/image-list: webapp=gitea.arcodange.lab/arcodange-org/webapp:latest
      argocd-image-updater.argoproj.io/webapp.update-strategy: digest
  telegram-gateway:
    org: arcodange
    annotations:
      argocd-image-updater.argoproj.io/image-list: telegram-gateway=gitea.arcodange.lab/arcodange/telegram-gateway:latest
      argocd-image-updater.argoproj.io/telegram-gateway.update-strategy: digest
  erp:
    annotations: {}
  cms:
Author	SHA1	Message	Date
arcodange	4163b06659	Merge pull request 'argocd: add telegram-gateway application' (#6 ) from feat/homelab-gateway-app into main Reviewed-on: #6	2026-05-09 12:41:49 +02:00
Gabriel Radureau	3fb7544351	argocd: rename homelab-gateway → telegram-gateway Aligns with the upstream repo rename (arcodange/homelab-gateway → arcodange/telegram-gateway) so the name matches the public URL tg.arcodange.fr and Arcodange's naming conventions.	2026-05-09 12:35:37 +02:00
Gabriel Radureau	5038956332	argocd: add homelab-gateway application Adds the homelab-gateway Argo CD Application pointing at arcodange/homelab-gateway (user space, like dance-lessons-coach). Image Updater watches gitea.arcodange.lab/arcodange/homelab-gateway:latest with digest strategy. Phase 1 of the Telegram webhook gateway — a long-running pod that receives webhooks (no more polling) and routes per-bot to handler implementations. Initial bot: @arcodange_factory_bot, slug=factory, echo handler.	2026-05-09 12:25:30 +02:00
Gabriel Radureau	6ede249da9	🔒 fix(ansible): gate vault auth disable behind vault_oidc_force_reset (default off) (#5 ) Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-06 15:03:33 +02:00
Gabriel Radureau	9e821e1626	♻️ refactor(ansible): move gitea secret user-propagation list to inventory (#4 ) Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-06 14:48:05 +02:00