Compare commits

...

6 Commits

Author SHA1 Message Date
4cd586dee5 whoo deploy maybe
Some checks failed
Build and Push Container Image / build-and-push (push) Failing after 3m30s
2026-05-15 00:32:46 +02:00
3b3ea92c8d yay more env stuff 2026-05-15 00:32:26 +02:00
2ee5a9f012 remove the expose service since it was so damn safe 2026-05-14 23:54:59 +02:00
89d1bb1a4f expose! very safe yes yes 2026-05-14 23:48:52 +02:00
a8d06f5342 fix name 2026-05-13 13:19:44 +02:00
75d70f0db5 fix secrets? 2026-05-13 12:09:56 +02:00
7 changed files with 138 additions and 26 deletions

View File

@@ -1,9 +1,9 @@
apiVersion: secrets.hashicorp.com/v1beta1
kind: HCPStaticSecret
kind: VaultStaticSecret
metadata:
name: taskarr-ap
name: taskarr-app
spec:
method: GET
type: kv-v2
mount: secret
path: taskarr/app
destination:

View File

@@ -1,9 +1,9 @@
apiVersion: secrets.hashicorp.com/v1beta1
kind: HCPStaticSecret
kind: VaultStaticSecret
metadata:
name: taskarr-db
spec:
method: GET
type: kv-v2
mount: secret
path: taskarr/db
destination:

View File

@@ -0,0 +1,19 @@
apiVersion: secrets.hashicorp.com/v1beta1
kind: HCPDynamicSecret
metadata:
name: taskarr-db-app-user
spec:
mount: database
path: creds/taskarr-role
method: GET
destination:
name: taskarr-db-url
create: true
# This is where the magic happens
transformation:
templates:
DATABASE_URL:
# Use Go template syntax to build the string
# 'username' and 'password' come from the Vault response
content: "postgresql://{{ .username }}:{{ .password }}@postgres-service.taskarr.svc.cluster.local:5432/taskarr_db?sslmode=disable"
refreshAfter: 1h

View File

@@ -48,7 +48,7 @@ spec:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: taskarr-app
name: taskarr-db-url
key: DATABASE_URL
- name: ORIGIN
valueFrom:

View File

@@ -13,3 +13,4 @@ resources:
- ./postgres.yaml
- ./database-secret.yaml
- ./app-secret.yaml
- ./db-taskarr-user.yaml

View File

@@ -1,24 +1,6 @@
{
"name": "taskarr-mgr",
"private": true,
"version": "0.0.1",
"type": "module",
"scripts": {
"dev": "vite dev",
"build": "vite build",
"preview": "vite preview",
"prepare": "svelte-kit sync || echo ''",
"check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
"lint": "prettier --check . && eslint .",
"format": "prettier --write .",
"db:start": "podman compose up",
"db:push": "drizzle-kit push",
"db:generate": "drizzle-kit generate",
"db:migrate": "drizzle-kit migrate",
"db:studio": "drizzle-kit studio",
"auth:schema": "better-auth generate --config src/lib/server/auth.ts --output src/lib/server/db/auth.schema.ts --yes"
},
"devDependencies": {
"@better-auth/cli": "~1.4.21",
"@eslint/compat": "^2.0.4",
@@ -48,5 +30,23 @@
"typescript": "^6.0.2",
"typescript-eslint": "^8.58.1",
"vite": "^8.0.7"
}
},
"private": true,
"scripts": {
"dev": "vite dev",
"build": "vite build",
"preview": "vite preview",
"prepare": "svelte-kit sync || echo ''",
"check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
"lint": "prettier --check . && eslint .",
"format": "prettier --write .",
"db:start": "podman compose up",
"db:push": "drizzle-kit push",
"db:generate": "drizzle-kit generate",
"db:migrate": "drizzle-kit migrate",
"db:studio": "drizzle-kit studio",
"auth:schema": "better-auth generate --config src/lib/server/auth.ts --output src/lib/server/db/auth.schema.ts --yes"
},
"type": "module"
}

View File

@@ -1 +1,93 @@
// If you see this file, you have not run the auth:schema script yet, but you should!
import { relations } from "drizzle-orm";
import { pgTable, text, timestamp, boolean, index } from "drizzle-orm/pg-core";
export const user = pgTable("user", {
id: text("id").primaryKey(),
name: text("name").notNull(),
email: text("email").notNull().unique(),
emailVerified: boolean("email_verified").default(false).notNull(),
image: text("image"),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at")
.defaultNow()
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
});
export const session = pgTable(
"session",
{
id: text("id").primaryKey(),
expiresAt: timestamp("expires_at").notNull(),
token: text("token").notNull().unique(),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at")
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
ipAddress: text("ip_address"),
userAgent: text("user_agent"),
userId: text("user_id")
.notNull()
.references(() => user.id, { onDelete: "cascade" }),
},
(table) => [index("session_userId_idx").on(table.userId)],
);
export const account = pgTable(
"account",
{
id: text("id").primaryKey(),
accountId: text("account_id").notNull(),
providerId: text("provider_id").notNull(),
userId: text("user_id")
.notNull()
.references(() => user.id, { onDelete: "cascade" }),
accessToken: text("access_token"),
refreshToken: text("refresh_token"),
idToken: text("id_token"),
accessTokenExpiresAt: timestamp("access_token_expires_at"),
refreshTokenExpiresAt: timestamp("refresh_token_expires_at"),
scope: text("scope"),
password: text("password"),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at")
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
},
(table) => [index("account_userId_idx").on(table.userId)],
);
export const verification = pgTable(
"verification",
{
id: text("id").primaryKey(),
identifier: text("identifier").notNull(),
value: text("value").notNull(),
expiresAt: timestamp("expires_at").notNull(),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at")
.defaultNow()
.$onUpdate(() => /* @__PURE__ */ new Date())
.notNull(),
},
(table) => [index("verification_identifier_idx").on(table.identifier)],
);
export const userRelations = relations(user, ({ many }) => ({
sessions: many(session),
accounts: many(account),
}));
export const sessionRelations = relations(session, ({ one }) => ({
user: one(user, {
fields: [session.userId],
references: [user.id],
}),
}));
export const accountRelations = relations(account, ({ one }) => ({
user: one(user, {
fields: [account.userId],
references: [user.id],
}),
}));