flux: limbosolutions-com act runner

README.md

@@ -35,11 +35,17 @@ cat deploy/flux/.env.d/age.agekey | \
 kubectl create secret generic flux-sops-age \
 --namespace=git-limbosolutions-com \
 --from-file=age.agekey=/dev/stdin
+
 cat deploy/flux/.env.d/age.agekey | \
 kubectl create secret generic flux-sops-age \
 --namespace=kb-cicd \
 --from-file=age.agekey=/dev/stdin
 
+cat deploy/flux/.env.d/age.agekey | \
+kubectl create secret generic flux-sops-age \
+--namespace=limbosolutions-com-cicd \
+--from-file=age.agekey=/dev/stdin
+
 ```
 
 **Encrypt secrets:**
@@ -47,7 +53,8 @@ kubectl create secret generic flux-sops-age \
 ``` bash
 sops -e deploy/app/helm-values.private.dec.yaml > deploy/app/helm-values.private.yaml
 sops -e deploy/backups/secrets.dec.yaml > deploy/backups/secrets.yaml
-sops -e deploy/act-runners/kb/deploy/app/secrets.dec.yaml > deploy/act-runners/kb/deploy/app/secrets.yaml
+sops -e deploy/act-runners/kb/app/secrets.dec.yaml > deploy/act-runners/kb/app/secrets.yaml
+sops -e deploy/act-runners/limbosolutions-com/app/secrets.dec.yaml > deploy/act-runners/limbosolutions-com/app/secrets.yaml
 ```
 
 ## Backups

deploy/act-runners/kb/app/secrets.yaml

@@ -4,21 +4,21 @@ metadata:
     name: act-runner
 type: Opaque
 data:
-    GITEA_INSTANCE_URL: ENC[AES256_GCM,data:4TKctXyD4X9E8gJJHt9WI30w7bDxEzDMncRX/Ddr,iv:MeTSf+Nbfr0ERJg2RmIzTdXG/0yrCGKtMCEUTIGNlo4=,tag:zViPlFCXecj9dYX8i0duxA==,type:str]
+    GITEA_INSTANCE_URL: ENC[AES256_GCM,data:AJeOt1WH4k13AYCX8G2gNysDq30hp4edKLB2WA5h,iv:oUoUKhyJHIK9JypIUIzWEEhGdPakxbbofcbn7n2mv1g=,tag:uzpOdJ/ZPo5pzG5em0EC3w==,type:str]
-    GITEA_RUNNER_NAME: ENC[AES256_GCM,data:0GvSAV4w4Z4DF2qr,iv:3bRGeouS0j8FH4qBJXawzkcT34wUJwH+kfQOH18Xr+8=,tag:7IEf+iR7cgKvgAuwh+ttGQ==,type:str]
+    GITEA_RUNNER_NAME: ENC[AES256_GCM,data:CmDVTTgKYdt8gU05,iv:QESuJGBvJiS8ogC+Vg2TiB1jqmGANgLOxhtNVGLE2VQ=,tag:xIBN9H0qoa6SfVRudELm/g==,type:str]
-    GITEA_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:/pRPj8K35WTIUDSyswwOCFN+iZN4itBJkQYCvyxiJZqW6c/1PBc8/w==,iv:i0l/qDoQYIomRhQqBkvsUfhaS5ao3HlxxHGe0sU9Fkc=,tag:SLlv7SG1J6OdJ5/HINBX9w==,type:str]
+    GITEA_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:AcB64QIRmzoJv44+tHk9jCpYTxa1oAZLBpqO4CmlOZwYc2c+J0L2Jw==,iv:uwzg2FNAvbXSfAuX0YDcnS0HsWHWevXcXVY2nC/Ps+4=,tag:o46u1nDT1poH+hshs881Iw==,type:str]
 sops:
     age:
         - enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMzMzWE9OVDZqRjhtemhM
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsV3YvR2xQMGhtbkZ2Rmlo
-            NHNCWFkrQm1kMmRwSlhhM3k0MEZyVzJudEJBCkZWaVpnbHBQaXhnT1dSWktubnox
+            RmM1eDk0clZ1SVNXd3RPeFFaUUExZ1JMWDFzCjFLazc3UjdkWmNsUlBqQ2JHUEZt
-            NkY5cHBCK2liM0xIbGVIK09JOG5IcUkKLS0tIGVLQnBSZnBQU1Jreld6ZExnS3Zz
+            b05EaWRKN0tOVW9VWnRxVStSbUgrVUkKLS0tIE1KN3l6aVV6NU9RREwyaTAwcCtj
-            Mi9YTWM0b1dpVGJwcEwrSlJRYTRFbnMKWScrnjaOYx32yxDEapYITrAaPHq8ghFE
+            UDQ5djdWWXdrOWQxU1hieEM4YmJKNVkKV/IBqH8zehlOvm2xvmNn7xehrW2axBt/
-            Q+xdv6szmhkWYYN3TZC1MvySFD2BR8VMlK31VQ/RZ+YrKjm8SF/8oQ==
+            g8khMMeSkqAbbbU3ql5G+6RCqvOH4XGK7qjmhj871N2VLkdqnf6Zrg==
             -----END AGE ENCRYPTED FILE-----
           recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g
     encrypted_regex: ^(data|stringData)$
-    lastmodified: "2026-06-04T20:38:18Z"
+    lastmodified: "2026-06-04T22:12:05Z"
-    mac: ENC[AES256_GCM,data:StxGbN+6B3YKLbG1ptfnpTV9aHiUA7N7VyKdvbUOkVXCs4u/1IKVuqbq0zeliM6bjHh4ZhNcCjKFMNvqlIGsxJVNp+BdjMuVkw8Zc3g9z9SfvbpEbR+k+HLdHhOR/rZ8TS2m/bAlwmp/qVFi05rEjrC0lFO6klXO4gdFYpSMbY0=,iv:ghRsTJiXV6L7coLUKS+0LH4RRhdDycOBReAX77Jqews=,tag:73oWt9QNZEaLYwnBRO6PhA==,type:str]
+    mac: ENC[AES256_GCM,data:QX4KRhJAmHgsyBlC4LMo05/u/8Urhc9nBOS0iZ2uthtbcKKhq5I11a6xpt+1Qh+ojLABvzysLPr32orbcT6xs6/N/MXQIYl2itWZf+lT6eoSPiX8zjOwvnjomKSGUNxe4LrxLugimf/YFr9ASn+4GnOU7kvHZ2K4caVIGijhPhI=,iv:M6u2JG52TmJMjv51GyHITRBrDmIFACMh2czdGBZZIJs=,tag:Sl9I0EXf+U4DE5Q5GRLhNA==,type:str]
     version: 3.13.1

deploy/act-runners/limbosolutions-com/README.md

@@ -1,13 +0,0 @@
-# limbosolutions.com - act-runner
-
-**Deploy app:**
-
-```bash
-./ops-scripts/apply-app.sh
-```
-
-**Deploy Infra:**
-
-```bash
-./ops-scripts/apply-infra.sh
-```

deploy/act-runners/limbosolutions-com/app/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - configmap.yaml
+  - deployment.yaml
+  - secrets.yaml
+

deploy/act-runners/limbosolutions-com/app/secrets.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: act-runner
+type: Opaque
+data:
+    GITEA_INSTANCE_URL: ENC[AES256_GCM,data:HhBxavSkLF19cY73+gvbLuRe6KI82v/KtXuXv9rm,iv:6gyx6Zs8JiLucSqQybgs9Dz1FQR2WQ1PbELacZaCAxQ=,tag:sNRoLsxGbfV25BQqRhAK0A==,type:str]
+    GITEA_RUNNER_NAME: ENC[AES256_GCM,data:akEL5H5T8Z9W/Uq/zhz5gyvXENC7vVVM/IFIVQ==,iv:R0yF4pIWuxPwO1isCVGieZKY5kUYfizctXwe4pQOjwI=,tag:DM4jNkudnVdgUXPJQ34bkw==,type:str]
+    GITEA_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:VDucrH/tca0UUV3hLrmJZKlpTWlycnyoaIm0JzvfCpCkqgFgVwqZEw==,iv:6nEcMihavJ2iHswz4CSjkD/Yb+I42LgxGby5H9a+or8=,tag:2ZkW6wlmKOMeg9QeyEjOZw==,type:str]
+sops:
+    age:
+        - enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cFFkVUNZVFdOcjF3akxY
+            bTBYUEJwbEJxckdqQXVxc2tEdU1vakxuN0RjCkFqOGJCRk1jcnJXWVp1RjYzUU9a
+            bElsekp3V2RxSFN3akZ1QkY3aU0zTDgKLS0tIDhWd2YxUGxDTmtyci9rUjhUbVYz
+            VXNCa1ZhSW56RlJkbW5KanJlbkU3aEEK+/dQJtiy6Wsntg3F/fMdGx9Aqo/xiYZ7
+            gM7aoYOhQoA3nDYe/0cSLM4vExyLcqQMUcDZGKYlRaND9uq729rAaw==
+            -----END AGE ENCRYPTED FILE-----
+          recipient: age1gk946fp37xtm3fv500407zdd5h89a5lvxysrufhau3f73xcq8ewqcu8l5g
+    encrypted_regex: ^(data|stringData)$
+    lastmodified: "2026-06-04T22:12:24Z"
+    mac: ENC[AES256_GCM,data:L2nIeJ5YaXNSBntxGcgNvJz0LQfUVvB0OtbUy+TRFO7DxRlWz4QnRuJBMcnw44+4cuHsJgXMg9Gxe9moD4R9pqa9a3uufX1hULAR5fx+DZWICj2Yopl/FQU30h0helCReklgqP+47xSlFZhZIDRZbyfiTudSU1tBIAW7OZZpC6A=,iv:uHEMG04FvDfNABX0MFuw47PpakfLXMLFo8L1u73xwsY=,tag:JQ0VO4LT1gqpTOzMQAOnkw==,type:str]
+    version: 3.13.1

deploy/act-runners/limbosolutions-com/deploy/app/.env.d/.gitignore

@@ -1,2 +0,0 @@
-**
-!.gitignore

deploy/act-runners/limbosolutions-com/deploy/app/kustomization.yaml

@@ -1,14 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - configmap.yaml
-  - deployment.yaml
-
-generatorOptions:
-  disableNameSuffixHash: true
-
-secretGenerator:
-  - name: act-runner
-    envs: 
-      - .env.d/.env
-

deploy/act-runners/limbosolutions-com/ops-scripts/apply-app.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-set -e
-NAMESPACE=limbosolutions-com-cicd
-kubectl kustomize deploy/app | kubectl --namespace ${NAMESPACE} apply -f - 

deploy/act-runners/limbosolutions-com/ops-scripts/apply-infra.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-set -e
-NAMESPACE=limbosolutions-com-cicd
-kubectl create namespace ${NAMESPACE} || true

deploy/flux/act-runner-limbosolutions-com-sync.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: act-runner-sync
+  namespace: limbosolutions-com-cicd
+spec:
+  interval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: git-limbosolutions-com
+    namespace: git-limbosolutions-com
+  path: deploy/act-runners/limbosolutions-com/app
+  prune: true
+  decryption:
+    provider: sops
+    secretRef:
+      name: flux-sops-age