From ab49ed26150e6903940a87c16568e74e3080b1a9 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 4 Feb 2024 04:31:02 +0100
Subject: [PATCH] feat(nas): Add S3 for GitLab backup

---
 apps/k8s01/nas/s3.yaml | 116 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 98 insertions(+), 18 deletions(-)

diff --git a/apps/k8s01/nas/s3.yaml b/apps/k8s01/nas/s3.yaml
index b37ff3c4c..a3a5e211f 100644
--- a/apps/k8s01/nas/s3.yaml
+++ b/apps/k8s01/nas/s3.yaml
@@ -16,8 +16,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-01T20:25:41Z"
-    mac: ENC[AES256_GCM,data:6xyD4YxItVMSuYHlcpRXbYBfK6RFETi7UM16aFVmuD0MyCZTMt+6YHGmu7Hd64uexwJFhAFrp/YqsfNd1Fiq55oAWWvFUhVSakQ6LYzL1sSV+v5YN+bhElZgnIljDLHUJkJAH/iV579A+Sjp+XrtZwjGdYoU63AaKQtQkelzRkw=,iv:SZ063mvvwtNBIa8yIYlWOXl35O1ViAOzusTxIb5gTxI=,tag:L/hAENLUJHMOCtX1Dvq8Iw==,type:str]
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
     pgp:
         - created_at: "2022-09-13T20:16:18Z"
           enc: |-
@@ -82,8 +82,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-01T20:25:41Z"
-    mac: ENC[AES256_GCM,data:6xyD4YxItVMSuYHlcpRXbYBfK6RFETi7UM16aFVmuD0MyCZTMt+6YHGmu7Hd64uexwJFhAFrp/YqsfNd1Fiq55oAWWvFUhVSakQ6LYzL1sSV+v5YN+bhElZgnIljDLHUJkJAH/iV579A+Sjp+XrtZwjGdYoU63AaKQtQkelzRkw=,iv:SZ063mvvwtNBIa8yIYlWOXl35O1ViAOzusTxIb5gTxI=,tag:L/hAENLUJHMOCtX1Dvq8Iw==,type:str]
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
     pgp:
         - created_at: "2022-09-13T20:16:18Z"
           enc: |-
@@ -170,8 +170,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-01T20:25:41Z"
-    mac: ENC[AES256_GCM,data:6xyD4YxItVMSuYHlcpRXbYBfK6RFETi7UM16aFVmuD0MyCZTMt+6YHGmu7Hd64uexwJFhAFrp/YqsfNd1Fiq55oAWWvFUhVSakQ6LYzL1sSV+v5YN+bhElZgnIljDLHUJkJAH/iV579A+Sjp+XrtZwjGdYoU63AaKQtQkelzRkw=,iv:SZ063mvvwtNBIa8yIYlWOXl35O1ViAOzusTxIb5gTxI=,tag:L/hAENLUJHMOCtX1Dvq8Iw==,type:str]
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
     pgp:
         - created_at: "2022-09-13T20:16:18Z"
           enc: |-
@@ -249,8 +249,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-01T20:25:41Z"
-    mac: ENC[AES256_GCM,data:6xyD4YxItVMSuYHlcpRXbYBfK6RFETi7UM16aFVmuD0MyCZTMt+6YHGmu7Hd64uexwJFhAFrp/YqsfNd1Fiq55oAWWvFUhVSakQ6LYzL1sSV+v5YN+bhElZgnIljDLHUJkJAH/iV579A+Sjp+XrtZwjGdYoU63AaKQtQkelzRkw=,iv:SZ063mvvwtNBIa8yIYlWOXl35O1ViAOzusTxIb5gTxI=,tag:L/hAENLUJHMOCtX1Dvq8Iw==,type:str]
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
     pgp:
         - created_at: "2022-09-13T20:16:18Z"
           enc: |-
@@ -328,8 +328,88 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-01T20:25:41Z"
-    mac: ENC[AES256_GCM,data:6xyD4YxItVMSuYHlcpRXbYBfK6RFETi7UM16aFVmuD0MyCZTMt+6YHGmu7Hd64uexwJFhAFrp/YqsfNd1Fiq55oAWWvFUhVSakQ6LYzL1sSV+v5YN+bhElZgnIljDLHUJkJAH/iV579A+Sjp+XrtZwjGdYoU63AaKQtQkelzRkw=,iv:SZ063mvvwtNBIa8yIYlWOXl35O1ViAOzusTxIb5gTxI=,tag:L/hAENLUJHMOCtX1Dvq8Iw==,type:str]
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
+    pgp:
+        - created_at: "2022-09-13T20:16:18Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wcFMA7kpg2bgzVHcARAAs2wtI2PnfYFdrQMyzW9uwi06Wzi5NPO1PmRp896RrkCr
+            tqILIJoJayon4IFtoXmG99KZUqDfMWAb7wqAzw8+pwI6Qy+xJjzZ88fYnaP2m8yX
+            2ebnaliurX7+VaRwJ0jBW5DJRUkpGqy4dm3kAA3uV8oyOU6QrCfVH5nekS38PKAH
+            QDQcCA+u3ERe6meAOTXyfJw/y8WMocTNrmFTQDImornspXaakDOBnN8WPOhizlvm
+            A8SmEZI1Mp4TlNuhRZaX8vu1zGMJ2Ut3QyzCBUy45cs1BVRtLQjj7LZ6zpyMSr7v
+            wNMxNByOiW4m5Ic6LrUSAoShLmIXqb+uUFno6uG8kyP5cQc3+9fXLhvPpwT2oedY
+            cnSpTkwqx7l1/lQ0xsnKrNhr+/RU3FK27Q5BgTj4NAQF5pCXkUa0QMeSHfKXtNo6
+            +/TE+KIHzbwvPoabWXXWl8odT3Jw6mmOy66otADlxXa6s+g5FhpZfQKQlCr54Lh/
+            EdAlQc3cGxPzDCeTVmDFZu53A9cXaeR/DpzILjJkdcw8muG9aJtGhq/taudZZhAv
+            +rgJHXYKvQu05LTGQLClMrlJidO2+B0qNV3aw40sYGyZ/n73nvnODrXaRzNG1jyR
+            +j5u4KQpWAUKpljlbAw3lKUll+wBhmmnPJ6UJQ87VmDDcadXFORua+yQsplKRtrS
+            5gHPRhnLFveyK1PjYIcasVnKCoS3OiRG187uwx9iPJq95oZETk0VmnpUleiJcml5
+            kPy6qaM/qjIx7lo1ShovIfLk25sEge6NkiUwkx/WXI8b++JHZO27AA==
+            =sOCX
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2022-09-13T20:16:18Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA4oYbIHZIrAPAQ/+I/VVicoriCwyJ3X3RRUJ2v/hlV7DmUHNBghR6xl5Hqc6
+            KzDh/3vFYCD14aqFprgv7sBI+WpwVZh5bgqfWUiZ+ydCQZl++r/t71sGlrC0yYhU
+            IKgAoc/nCRyAnNrK+7vpcQ4tjyCrHzerSJSmE8X5x1yVi1VfE3NhtuwWhfjieW88
+            aSwIPsj4twmOMVTCjwOaCvOw/xdehJEsL4J0nOXTNUrjWO6TuNrhEBVL5avk/Vxc
+            zGL3KZBaykVH8lai+ZwpPyf5lZgjbeHb82Gl8VdEy0o0oyDWWriJOkxX5w09/ajv
+            PcpROSGXdjPvt/7jLgSQR50UY6Ekju6DsUYxaXeJ4QryPITDkcf2MbFstEA6e2np
+            HGbNTN3yMnoFBijLQPWxQotk9xufDaKLVxDFfSZXoDdMu+005DJnVykM8Pv5qck7
+            /fC+jy59mGO0eiDfltWGb1q6CRyJeXk0RTnt9X77I4EMLWjeid6zUhjCp4ZDLSK9
+            UuKlnwk5/vb0aH2w87y60M9qgaaIzwB0Be7hpSZ+/OPBhakCS3gU1LxNSMLlSw0o
+            zoNviDkFxEACkqt+YIYJ3phNRn71RUzNUObiz/LWyd2ZasN5IDnezW39t/4uKjYa
+            Y1YyZ5HvdJEGvtBYycftTY7IwqUK2DVicImSc4Dszk1PbqMDzIUUbmGN7MxR/gTU
+            aAEJAhALMJFcOgYratPE/GE+mWKliwdylZQU2pKCuX5DZD5c363wYdmLL5zx32g9
+            3O9uQjmXIvIsKLQecFvk7L9W+F5H0Ya822Be5X1eQiIiYDmRLE3IDgrLypSGW870
+            XwzIGA4wMFDY
+            =5l9E
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
+    version: 3.7.3
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+    name: s3-gitlab-backup
+    namespace: nas
+    annotations:
+        nginx.ingress.kubernetes.io/client-body-buffer-size: 1G
+        nginx.ingress.kubernetes.io/proxy-body-size: 1G
+        nginx.ingress.kubernetes.io/proxy-buffering: "off"
+        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+        nginx.ingress.kubernetes.io/whitelist-source-range: 5.75.184.165/32
+spec:
+    rules:
+        - host: ENC[AES256_GCM,data:hyR+tGHuq0w5hULTLQsYf2BFShpeiV+EwVm/zOy3SMSFd6d4,iv:Y6GLW6KNWQ5xQGDaV+SEDot2zr6ZDYs6Jajj1qbgdjE=,tag:C8bQeV89dVH4RbfOEuyvuQ==,type:str]
+          http:
+            paths:
+                - path: /gitlab-backup
+                  pathType: Prefix
+                  backend:
+                    service:
+                        name: s3
+                        port:
+                            number: 9000
+    tls:
+        - hosts:
+            - ENC[AES256_GCM,data:VX2Ms8U7eW6kSJ8M8SM5DsuOsePf0aRtvJWnmHl/oszUtRCQ,iv:myvkCon5XQ8JWhyNf9xWJXixZzFiLVX49/SyAIXLc00=,tag:IB1+NFpKnQDHpkptPdVWQQ==,type:str]
+          secretName: ingress-s3-tls
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
     pgp:
         - created_at: "2022-09-13T20:16:18Z"
           enc: |-
@@ -407,8 +487,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-01T20:25:41Z"
-    mac: ENC[AES256_GCM,data:6xyD4YxItVMSuYHlcpRXbYBfK6RFETi7UM16aFVmuD0MyCZTMt+6YHGmu7Hd64uexwJFhAFrp/YqsfNd1Fiq55oAWWvFUhVSakQ6LYzL1sSV+v5YN+bhElZgnIljDLHUJkJAH/iV579A+Sjp+XrtZwjGdYoU63AaKQtQkelzRkw=,iv:SZ063mvvwtNBIa8yIYlWOXl35O1ViAOzusTxIb5gTxI=,tag:L/hAENLUJHMOCtX1Dvq8Iw==,type:str]
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
     pgp:
         - created_at: "2022-09-13T20:16:18Z"
           enc: |-
@@ -488,8 +568,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-01T20:25:41Z"
-    mac: ENC[AES256_GCM,data:6xyD4YxItVMSuYHlcpRXbYBfK6RFETi7UM16aFVmuD0MyCZTMt+6YHGmu7Hd64uexwJFhAFrp/YqsfNd1Fiq55oAWWvFUhVSakQ6LYzL1sSV+v5YN+bhElZgnIljDLHUJkJAH/iV579A+Sjp+XrtZwjGdYoU63AaKQtQkelzRkw=,iv:SZ063mvvwtNBIa8yIYlWOXl35O1ViAOzusTxIb5gTxI=,tag:L/hAENLUJHMOCtX1Dvq8Iw==,type:str]
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
     pgp:
         - created_at: "2022-09-13T20:16:18Z"
           enc: |-
@@ -567,8 +647,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-01T20:25:41Z"
-    mac: ENC[AES256_GCM,data:6xyD4YxItVMSuYHlcpRXbYBfK6RFETi7UM16aFVmuD0MyCZTMt+6YHGmu7Hd64uexwJFhAFrp/YqsfNd1Fiq55oAWWvFUhVSakQ6LYzL1sSV+v5YN+bhElZgnIljDLHUJkJAH/iV579A+Sjp+XrtZwjGdYoU63AaKQtQkelzRkw=,iv:SZ063mvvwtNBIa8yIYlWOXl35O1ViAOzusTxIb5gTxI=,tag:L/hAENLUJHMOCtX1Dvq8Iw==,type:str]
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
     pgp:
         - created_at: "2022-09-13T20:16:18Z"
           enc: |-
@@ -650,8 +730,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-01T20:25:41Z"
-    mac: ENC[AES256_GCM,data:6xyD4YxItVMSuYHlcpRXbYBfK6RFETi7UM16aFVmuD0MyCZTMt+6YHGmu7Hd64uexwJFhAFrp/YqsfNd1Fiq55oAWWvFUhVSakQ6LYzL1sSV+v5YN+bhElZgnIljDLHUJkJAH/iV579A+Sjp+XrtZwjGdYoU63AaKQtQkelzRkw=,iv:SZ063mvvwtNBIa8yIYlWOXl35O1ViAOzusTxIb5gTxI=,tag:L/hAENLUJHMOCtX1Dvq8Iw==,type:str]
+    lastmodified: "2024-02-04T03:30:50Z"
+    mac: ENC[AES256_GCM,data:3O7hne9CtQfHh5DpOw7c7Gebqzp5fs7HxBlADkGd/WFrZBQlLyOvBb1a7UqeN2McO3a0n6EiCdbZAQeZ8uEjK4BFjjPO+Q5UOjPj7l33yaY02iqqt9ise9zVIspOychu/LHgJcx317dWgBbt/S0SM6DbSTyU6veRzyzsd0WoED4=,iv:ISsRZ3H8/b2U7bnmoEPxsnIyBRlyGj/4XjyKaOT1t94=,tag:v6X4OOQZm6u6N77xvur5AA==,type:str]
     pgp:
         - created_at: "2022-09-13T20:16:18Z"
           enc: |-
-- 
GitLab