From 00f7aed32c3fdede769cc46e994748b68080a038 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= <marcio.fernandes@outlook.pt>
Date: Tue, 2 Jun 2026 21:30:13 +0000
Subject: [PATCH] flux: prep git repo

---
 README.md                      | 26 ++++++++++++++++++++++++++
 deploy/flux/git-repo.yaml      | 12 ++++++++++++
 deploy/flux/kustomization.yaml | 12 ++++++++++++
 ops-scripts/apply-flux.sh      |  7 +++++++
 4 files changed, 57 insertions(+)
 create mode 100644 deploy/flux/git-repo.yaml
 create mode 100644 deploy/flux/kustomization.yaml
 create mode 100755 ops-scripts/apply-flux.sh

diff --git a/README.md b/README.md
index f6f2a65..a4c686c 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,30 @@ References:
 - <https://gitea.com/gitea/helm-gitea>
 - <https://dl.gitea.com/charts/>
 
+Migration to flux
+
+For fluxcd setup execute.
+
+```bash
+ops-scripts/apply-flux.sh
+```
+
+**sops / age:**
+
+``` bash
+age-keygen -o deploy/clusters/prod/flux-system/.env.d/age.agekey
+cat deploy/clusters/prod/flux-system/.env.d/age.agekey | \
+kubectl create secret generic flux-sops-age \
+--namespace=git-limbosolutions-com \
+--from-file=age.agekey=/dev/stdin
+```
+
+**Encrypt secrets:**
+
+``` bash
+sops -e deploy/clusters/prod/app/helm-values.private.dec.yaml > deploy/clusters/prod/app/helm-values.private.yaml
+```
+
 ### Continuous Deploy
 
 Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-continous-deploy.yaml).
@@ -50,6 +74,8 @@ Deploy App
 ```
 
 - [kustomization](/deploy/infra/kustomization.yaml)
+
+
   
 ## Backups
 
diff --git a/deploy/flux/git-repo.yaml b/deploy/flux/git-repo.yaml
new file mode 100644
index 0000000..8c92f86
--- /dev/null
+++ b/deploy/flux/git-repo.yaml
@@ -0,0 +1,12 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: git-limbosolutions-com
+  namespace: git-limbosolutions-com
+spec:
+  interval: 1m0s
+  url: ssh://git@git.limbosolutions.com:2222/limbosolutions.com/git.limbosolutions.com.git
+  ref:
+    branch: main
+  secretRef:
+    name: flux-repo-ssh-credentials
\ No newline at end of file
diff --git a/deploy/flux/kustomization.yaml b/deploy/flux/kustomization.yaml
new file mode 100644
index 0000000..898d105
--- /dev/null
+++ b/deploy/flux/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - git-repo.yaml
+secretGenerator:
+  - name: flux-repo-ssh-credentials
+    files:
+      - "identity=./.env.d/flux-repo-ssh-key"
+      - "known_hosts=./.env.d/flux-repo-ssh-known_hosts"
+      - "pubkey=./.env.d/flux-repo-ssh-key.pub"
+generatorOptions:
+  disableNameSuffixHash: true
\ No newline at end of file
diff --git a/ops-scripts/apply-flux.sh b/ops-scripts/apply-flux.sh
new file mode 100755
index 0000000..847ee60
--- /dev/null
+++ b/ops-scripts/apply-flux.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+echo "Executing infra deploy."
+
+kubectl kustomize deploy/flux | kubectl -n git-limbosolutions-com apply -f -
+
+