- network-policies - egress

- folder structure revision - ops scripts revision - helm chart update version - 12.5.0
2026-03-07 11:06:29 +00:00
parent bdf8ca4446
commit 12cfe5ce79
23 changed files with 166 additions and 75 deletions
--- a/.gitea/workflows/app-continous-deploy.yaml
+++ b/.gitea/workflows/app-continous-deploy.yaml
@@ -69,25 +69,24 @@ jobs:

          # ensure cleanup always runs
          trap 'rm -f \
-                    deploy/app/cronjobs/backups/.env.d/secrets \
-                    deploy/app/cronjobs/backups/.env.d/id_rsa \
-                    deploy/app/cronjobs/backups/.env.d/borg_key' EXIT
+                    deploy/backups/backups/.env.d/secrets \
+                    deploy/backups/backups/.env.d/id_rsa \
+                    deploy/backups/backups/.env.d/borg_key' EXIT

-          # setup env for cronjobs backups
-          echo "PBS_REPOSITORY=${CRONJOBS_BACKUPS_SECRETS_PBS_REPOSITORY}" >> deploy/app/cronjobs/backups/.env.d/secrets
-          echo "PBS_PASSWORD=${CRONJOBS_BACKUPS_SECRETS_PBS_PASSWORD}" >> deploy/app/cronjobs/backups/.env.d/secrets
-          echo "PBS_FINGERPRINT=${CRONJOBS_BACKUPS_SECRETS_PBS_FINGERPRINT}" >> deploy/app/cronjobs/backups/.env.d/secrets
-          echo "BORG_REPO=${CRONJOBS_BACKUPS_SECRETS_BORG_REPO}" >> deploy/app/cronjobs/backups/.env.d/secrets
-          echo "BORG_PASSPHRASE=${CRONJOBS_BACKUPS_SECRETS_BORG_PASSPHRASE}" >> deploy/app/cronjobs/backups/.env.d/secrets
-          echo "OFFSITE_TARGET_FOLDER=${CRONJOBS_BACKUPS_SECRETS_OFFSITE_TARGET_FOLDER}" >> deploy/app/cronjobs/backups/.env.d/secrets
+          # setup secrets files
+          echo "PBS_REPOSITORY=${CRONJOBS_BACKUPS_SECRETS_PBS_REPOSITORY}" >> deploy/backups/cronjobs/.env.d/secrets
+          echo "PBS_PASSWORD=${CRONJOBS_BACKUPS_SECRETS_PBS_PASSWORD}" >> deploy/backups/cronjobs/.env.d/secrets
+          echo "PBS_FINGERPRINT=${CRONJOBS_BACKUPS_SECRETS_PBS_FINGERPRINT}" >> deploy/backups/backups/.env.d/secrets
+          echo "BORG_REPO=${CRONJOBS_BACKUPS_SECRETS_BORG_REPO}" >> deploy/backups/cronjobs/.env.d/secrets
+          echo "BORG_PASSPHRASE=${CRONJOBS_BACKUPS_SECRETS_BORG_PASSPHRASE}" >> deploy/backups/cronjobs/.env.d/secrets
+          echo "OFFSITE_TARGET_FOLDER=${CRONJOBS_BACKUPS_SECRETS_OFFSITE_TARGET_FOLDER}" >> deploy/backups/cronjobs/.env.d/secrets
+          echo "${CRONJOBS_BACKUPS_SECRETS_ID_RSA}" >> deploy/backups/cronjobs/.env.d/id_rsa
+          echo "${CRONJOBS_BACKUPS_SECRETS_BORG_KEY}" >> deploy/backups/cronjobs/.env.d/borg_key
          
-          echo "${CRONJOBS_BACKUPS_SECRETS_ID_RSA}" >> deploy/app/cronjobs/backups/.env.d/id_rsa
-          echo "${CRONJOBS_BACKUPS_SECRETS_BORG_KEY}" >> deploy/app/cronjobs/backups/.env.d/borg_key
-          
-          # enforce security
-          chmod 600 deploy/app/cronjobs/backups/.env.d/secrets
-          chmod 600 deploy/app/cronjobs/backups/.env.d/id_rsa
-          chmod 600 deploy/app/cronjobs/backups/.env.d/borg_key
+          # enforce secrets files security
+          chmod 600 deploy/backups/cronjobs/.env.d/secrets
+          chmod 600 deploy/backups/cronjobs/.env.d/id_rsa
+          chmod 600 deploy/backups/cronjobs/.env.d/borg_key

          # invoke deploy script
          ops-scripts/apply-app.sh