setting acme servers to production.

samuel-messing · Dec 16, 2023 · e8a6a52 · e8a6a52
1 parent 0115e1b
commit e8a6a52
Show file tree

Hide file tree

Showing 11 changed files with 70 additions and 69 deletions.
diff --git a/ansible/inventory/host_vars/borg0.sops.yaml b/ansible/inventory/host_vars/borg0.sops.yaml
@@ -1,4 +1,4 @@
-ansible_become_pass: ENC[AES256_GCM,data:WJTbhfgwWhHEAAEbIlY=,iv:+xtFHPlTUAyqlYNCSD7HcuoJUnqTPM2addvmpFGtvu8=,tag:UzYvQTt1QNgnfUAmpD5ESQ==,type:str]
+ansible_become_pass: ENC[AES256_GCM,data:dRqmKsG8uSqvHDFAzWY=,iv:HMCZ8h38z77Tj6Lhmz3PiDxl7SGweKXISATI/A+33gI=,tag:+HwcbwGTc4pkjUXmHBrVpw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -8,14 +8,14 @@ sops:
         - recipient: age127vrhmu8g8sekvwvv7jkf23txad3cc48l5egvuvvr8tlsvyf2fsqq0y326
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMUTdhM1hidHJQQ05OM1lJ
-            dVZNd2liTFlYaXdQMzQ3YmJDN0psYU92WHg0CnBPN0dYTlA1U1lvcHJDZ1lBSlF2
-            ZXVHRnZwSkZWV2J1TWI3TXozUUdSR3MKLS0tIGxRTzJVS0VxQWhWcldUUDc3WGlh
-            aU5JOTlrQTdtRFpnS1ZRcDZRRExpNWcKDkwGmPfIkTnZqjid51Mqmp7PPrB1kIOI
-            tj8CI+49l+lrm61iYKhLhzYad/UN1TeNdL1ziDJNwWhG6OZP6Mk8BQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsZ1c2SEtLT2dGWHZWNmZH
+            UXNNc2h5ajNBZkgwcTQ3N0FXMGVzK2NCQ0E0CkNKcjZtaGpDeWdSeWVjeUs4WVFt
+            RXhxWUhRZGdVTnc3ZzdoV3dteS9raTAKLS0tIGFscnp0SFlXZld3WEJPRFh5T3Bw
+            VzRXZFBRWFRtTHhXcWtqMC9RRHp3VGMKLNnItYCM3c+lIufnusIOTNxW8cTzyVcr
+            blRH7pKY2Z2VsNQE5rVRWIocI37Px9asAuY0T2OPJmYkozjH6M2a+w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-16T20:44:28Z"
-    mac: ENC[AES256_GCM,data:NwnK8ZGTfieVnafW+vWbpMwB9W7jKXp7MYO80DiUCFNsdm6uxCsJUZoCjFuJoXYY6pNeHbBQ74UYODl+iex9ZTUxGKwd9AGFOS5i/FkiPKKbX28Qn8kUwt6x2gpz18y5hWpHz2p/zVSYkSX7vGmQG5ribGR5lESWhTbsP8YX5eY=,iv:AVCVM+mgjTnNybyNcAnbxsECKzjZDiVeoGnDrDS4ttI=,tag:NlwnWi9awO425PQoKfi5Yw==,type:str]
+    lastmodified: "2023-12-16T21:27:52Z"
+    mac: ENC[AES256_GCM,data:om1Rujob+HzvIxdW4+/frflB+omSUlytv6Ahy/HpEsKAnnExztp5sjenvBg2mzS5pHhYdgnN/Yj/F93h7CWtQjlqutEKAk7VFoVHKlpvHq3KBmGQvWKOFduRieGPmBxH1lrjWQN+5WtR7R5aBuMQFmmT/SykDX/n1g0Wt3n+JDI=,iv:5C5h3kYzXb7UA7EVs96IHCORWaY4YLJ7LvumJHBP8CI=,tag:IvUBU/uXR7Q85gW+pflXLg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/ansible/inventory/host_vars/borg1.sops.yaml b/ansible/inventory/host_vars/borg1.sops.yaml
@@ -1,4 +1,4 @@
-ansible_become_pass: ENC[AES256_GCM,data:KMb3L2ZJndMsFtGWPWs=,iv:sQT4uUQADFmpGmnXODBq7WgOH1B5njyBRtOP/1+JJwc=,tag:5o3hNHmCuKPWRgH2bgvU9A==,type:str]
+ansible_become_pass: ENC[AES256_GCM,data:KQ+aOt+b+TW9sE9czIE=,iv:Vtp579EpkzVhw+yrAS/o9LzjVlEnqfC8xzsKWJItFOE=,tag:u7JRs3lNi+Q9hg0W2H5TDg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -8,14 +8,14 @@ sops:
         - recipient: age127vrhmu8g8sekvwvv7jkf23txad3cc48l5egvuvvr8tlsvyf2fsqq0y326
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTVNaMkYxUlNFWnVnUnRI
-            NytzZnFQVUNIT2JKczdPS2Qwc2FzRFVrdGowCnBBSGw4Z2V4RGJXNjQrUHdWbzJ5
-            T2FvcmRqQWIvR0xiaVYzVmZ3RnViNHMKLS0tIGduZ3V3V1dKZXNmbXRnOHVieWp6
-            RHlVN2ZwWElXVjhxTUdoakVYd09OUm8Klk8aWCkfxf3kb6kzK5l0P14+wh3MAxPv
-            sdFY375RjmYHyfk6miVoziUp3ch2s1iSHI4mythqJxpfn/6eQ4OxtQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtT1crMm4vOHk0dXk2ekdD
+            TFpjOW1xdFdOdkRQNm9FN0E4K3hoOFV5ank0Clc1TzJEVmpLcnhHTUIzM3NTZWR6
+            TFhQeXF0Ynp0eXdvQ1R0Z0FkampGaE0KLS0tIHdRaTNrNm9jRXRMU3ZuOExxN0dZ
+            MjdwVHZXN2tWMXJQQitGcmtabUEySTQKpF7J+d8M9wXE7Ihkzo9dnHSAgUnh4YWu
+            YlHJ4ISr8Jz6o7kmp2w7WOKxYU4wOuMpBX7b3sjPJx4Bkpu6lAE1vw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-16T20:44:28Z"
-    mac: ENC[AES256_GCM,data:6FV1zbB61sl0ylVSIwC14Hgs0NEVZINmQN/GL4t60QVIVVIsdrjEsaHZpheP+VA9pyzrFgYJF2Txg/xgEiW6If9KuKcCWltrCWV+tmTtYGiKdHVfSSsxdzH6BeZP1ALrAvHvg/tBqoYGzoc1TUfma/jGDIbVuGMzcbkoFLZ48qs=,iv:wN1LFFXqJiIm312yrUIxg3Udt1AuDcdCfDGt/VuOOw4=,tag:1aLT6c+cGfbZQ2NUNKy6mA==,type:str]
+    lastmodified: "2023-12-16T21:27:53Z"
+    mac: ENC[AES256_GCM,data:Cl06i+O4F8jHpzZq5Q0Q1jY+3yZjAKEepWO2P/BFEfZXvEeM/QOv4r3qkSpyCC1mvp7M4/fg6nMi9jf95r1RT9cPRRHBvjZgR9BrQpJLvLt2kFW9T/axlaScR+xav8cM1LiB+U1QDbMnvMVQIcUehliXtQWmPpQPqsH9mknix9M=,iv:rJN7f+mHle67KYvhDQBtYAb1NPe9hXrVe4VYVd9vXRo=,tag:RlSTV9oa3ikcJfUV6g23RA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml
@@ -3,7 +3,7 @@ kind: Secret
 metadata:
     name: cert-manager-secret
 stringData:
-    api-token: ENC[AES256_GCM,data:WHGw8Q66LiT5np/TS7BsZyXNEalyku2qdpKUKSIv8BG3GX9L6li80g==,iv:C1lPfggJZ68HzLHw5RlGxrIBP4yQXJXP0O8nqLgrCNg=,tag:MmHBmRm6vwc6zMNNPQ5CBA==,type:str]
+    api-token: ENC[AES256_GCM,data:DIUX4LmKIMulzSNTnSggCNN8gS8+YSzJ3zxDA8tF0PRpF0yeHBwpEQ==,iv:7RN6AyROBHOq9mrfUyCYF3UZYnewLQi2B1rQNaGgD2o=,tag:DVMJEATNVsPay+UwAWhbNg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -13,14 +13,14 @@ sops:
         - recipient: age127vrhmu8g8sekvwvv7jkf23txad3cc48l5egvuvvr8tlsvyf2fsqq0y326
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdndlNTVER09JZkpSTDdp
-            dGxBeEJtQ0lhVGRvM1c4V1RRNUozeVN3dldrCjRnZHBBalU1U3JuQUt3ekJOZXlu
-            RmJ0ZlVmRXE0bUo1M010TW5aQ0hGbUUKLS0tIHQwWVFGaTZQM3o4R0ZHSlRhS1h5
-            T2dDYkRwRVlRc1IzSXpobmhLZUU2dm8KaSgIAfsB0XXJTkKsMx9l7GSIjtoWW23k
-            rbEiwclB1491cmnR96MnJRzT51tMM4K3ZB1UNW0gM5dOkAqrboNeEw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZDFJQ1FLRitpZHRBVThL
+            V0NKa3NsNzlWTlBXemQwYXZORkxlMjJjRmxnClk2ZUJUeTRZZjQzaTA5ck5vRmVL
+            MEh3RjhPT1cyU3U5SlNsNGcwRWM0YW8KLS0tIEo5ZFl0T2R5bklGc0QzZXN0andT
+            Q0hZVFRJVWE3T0FUY1h1eFFIcUwvbjQKJ32vbDKHkhcB+BWHKaACMlZ51Zpq3zYj
+            I3KG2DfJ9Vy3NJRvi6ORpHICm1eKQt4TWEwOS+ZUJGYfdQbrGxXNyw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-16T20:45:47Z"
-    mac: ENC[AES256_GCM,data:46Jx2FTVt7O3InL96z82xKoFNiaQoGoNIEJQEADCEL04Zgc05GY4aBg0lHsAKfIIWPcus1s4PFo7R5Dc162/rz0fr4Ugc7oQwsqozcXvhwPBqzepv7JDJCXfE4hlNhtInHF8BIs1XgPsP/GZwNkrdRbSZa7ikbFJUc/3AmU8CeQ=,iv:YtT1skchXIpRmXThCPVoq3+LDX6Maj2lPjkeW6TPtpg=,tag:I8Ch2v9ptg64PFs8gfhQPQ==,type:str]
+    lastmodified: "2023-12-16T21:29:18Z"
+    mac: ENC[AES256_GCM,data:vcgVVPvAUlUG55b/NxygQiH+QvL5cVvTqEYKkKkl0fDjILw9vKKI4rWB97PgKUC/szup1vrT0PY0m+KdUFztFcQ6ehNiw/z1vC8kAQTyCPXhpg7MCzwPAuDlI0GtLpd3wx79sGL60UH+7V1GPMC3iT1ozb9PlQ9xdlJkJGUX/Lo=,iv:1LEjdbL0wGTRwaIfyQYKgKURd51gl1C8pWGkPmMOoOQ=,tag:kiB6G0S6fcWIGtiWjyc69A==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.8.1
diff --git a/kubernetes/apps/flux-system/addons/webhooks/github/secret.sops.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/secret.sops.yaml
@@ -3,7 +3,7 @@ kind: Secret
 metadata:
     name: github-webhook-token-secret
 stringData:
-    token: ENC[AES256_GCM,data:Bj5GFdHCC3rIJ9v7Jxu5yIrLc6Ejmpu6,iv:od7A7qFtlTpA8kv11+ggGaLoAnRDioSggWwz0uhLpY8=,tag:Ysacoht5u4zsOdGZ1B10Kw==,type:str]
+    token: ENC[AES256_GCM,data:oHbVaYB0KDbmkLZnjo4gVTY8fIgKBm//,iv:dIqPdrB591jGY9dHqLLJtAkTH1r/3/nPT7dk1moTvyA=,tag:EAL7si/vt2yRZnCLmtdcrA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -13,14 +13,14 @@ sops:
         - recipient: age127vrhmu8g8sekvwvv7jkf23txad3cc48l5egvuvvr8tlsvyf2fsqq0y326
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLN0xubThXRmpWelpEV3Np
-            VkttV1F6RWZzVFRCY0pQWmVzWmF3MG5PMFNJCmtiSzJ4YnpHSFk2dGFZc0pGVitC
-            N1VQMjBzbUNraWMrd1RUeXQ5YW13UGMKLS0tIFNSNjd6YVNGRFZSTEtPVmtmVFpP
-            OFVoTUdXVUtKQXJZSzNIdldjM0ppNUUKtcjVppssZijSCvQhAUrKazmzO+GnpAuZ
-            z2Mji1sy/B6PNmRZgXz3AiuP7k3P+M+d3c88HJPe24VHmYv21XCVKw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPMms3L1BVbXgyWDgxVzJF
+            ckc3OU9heEVrd25BVjBOY1pqMXVYVmxQUlc4CkJJcGpqdHRJdmdZbU9udTlIT2pU
+            QWpuWFZuaDY2eGFQOGMxdGUxQ1pKY2sKLS0tIHNMSlNaa2lJSnI0Y0V6Um9rOEpI
+            QzN4QlN5WXREVXVySjcxdDlYZU5YbEEKFk1tNiQROovzCOiFw7vEsvq9PDm6Xros
+            iZbM6r2qfxz0XaFT9fuiBedN/WdhHNhDRVeilFp4nfgt3W2KtMjWvA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-16T20:45:46Z"
-    mac: ENC[AES256_GCM,data:QRyDbGeQQ6tnAyGWOzgCzlYOBrnZda9YtBrash56/wqAFobjCKr0a6FlD77lPx8v7XatgfMrrALFNz3bkrcIUDpCVaQ5pDfSgm7JLlp7tZOCPinWS9DAspTMr1bnSkT1H5ZGnJwV6eD38Gf35wELiWwG2t2bhtqNoepwQeU7hrM=,iv:ZoZrFa5IQ+ZQbSMH//iFX3Apq3H9W31r2cCV9uot+AE=,tag:IauKF/S0LK4tQt5yWDSx4g==,type:str]
+    lastmodified: "2023-12-16T21:29:16Z"
+    mac: ENC[AES256_GCM,data:Aqrt2a4ng79EyVjWzzn0nejTOnZMeENtXGiE9rwJy8GVSaNGD38SIbMwBJf0JWueNTJtCSPs36Tc4b/VXZKRCN7anWWTQk0b5kuabzkRuyqUzOFaC4RuQGxSel8MbFC2SOVpxzPHVeE2AW8DGCW2VmfE2AqY/FfpC4+gMkcPejE=,iv:rQ1GI70w3deIp7lCaJ6B1Pr6lK+DrzyNJe7uMPotFDY=,tag:1D17C4knLqmJuVAcihbr9g==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.8.1
diff --git a/kubernetes/apps/networking/cloudflared/app/secret.sops.yaml b/kubernetes/apps/networking/cloudflared/app/secret.sops.yaml
@@ -3,8 +3,8 @@ kind: Secret
 metadata:
     name: cloudflared-secret
 stringData:
-    TUNNEL_ID: ENC[AES256_GCM,data:mhWPo+wYvBw9pqBTNY5M21E+hq3Oqjna4uCX/v3+u7eMq7oo,iv:q/TtY6ZgPrefJ4P0tvu3oYbVsHTw9nqxyoIORAnL+aw=,tag:NwWx6h+xJQQCLZL7aRSIsg==,type:str]
-    credentials.json: ENC[AES256_GCM,data:oc9jaEXqi9NLBdF+TGH9ZxhVk0u/IUlNrGyJiWyop/8sgY0WI3s2nBeVNpOB1Gv3i9SAfHdMNp1bCO2A+/u9kNxCxxGHJWKy1FJ47LWUVgnmaMYHJtCzIfGDW2BLc46pA1zGjgricBG+ToduBWinLWwREMQqCQiqDF81K5aumgsnZHovSgcx/tu49R8os29Km8vdp0eD7oAfssTi+ukO23etxP7jZWSWWXbZyVH5gA==,iv:BSWws/Ae+iIhnk6KZCAOvVNRfh49HB2SCFJcIK5v8pc=,tag:/hMthwXOo5FnPMs13Lcs9g==,type:str]
+    TUNNEL_ID: ENC[AES256_GCM,data:mRsu/F8u4pfE8moQXWEifwIRZsxb7gapi5dC4Plh5594WXs8,iv:U6NqPegJIHsw1WcooPWwMuBrhD4M6Ey43UXArAVROYQ=,tag:VIq0hyLMmhxZ8rOFRdJ2JQ==,type:str]
+    credentials.json: ENC[AES256_GCM,data:+Um4iZkW2AhWOwk6V424DOsWvVYFnvQcz/ZQx5ShHbmEJ4MRZmJ/TEcAsZ43vr4LGAiw4bUgzu57b6uMwvXR9z/4HTYGPoSN6tj1wKPoow7/QzeVvisR6DugZD3CmlCWdqxM71r0Efj/FXs2qqOZINIoKswjJN5APY1y+9ksE9dabhvUCFEkopiN61y3Fg3FFPkx4aUxNOYQWk0cwMMcUy5nd+W5Lvub9HTdX9J8CA==,iv:mPeGHKGqY4kNMjMziWNj6kUczKhxaHPMsnC4PpCTOf4=,tag:W6/l9wpoMmsfPOtwOWLN8w==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,14 +14,14 @@ sops:
         - recipient: age127vrhmu8g8sekvwvv7jkf23txad3cc48l5egvuvvr8tlsvyf2fsqq0y326
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQ2dWOFpoa3VmQnlnZ1B1
-            eVdZMVZpU3dxRjdJbm5TYmRKR2tuallNcFJRClRMUFFDMGVxQ0ZwU2RCVDJ5ZTcw
-            ZG5aR0YyTGIwTVNFTFdldGQ1RElyYTgKLS0tIDAvMU9JRlk0UzV6SEsxVWZaNjQ2
-            TGdoZ1ZocnVuWUtwZzIzTDBmUFJQY0kKJM1CiLp6ul6634o/MfDXvdy2nAU3kk16
-            X+UfLV+2NBkChgoOUB3TvA/Fq3u716R31szmJ818M450qPTQ/AO7Tg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYXlpSHVGMk50UnhTM1JM
+            dnVZVkRyZWlvWEd3V0VHQ0VrcHdZY3ZqNmc0CmFCV2lzYWxIbEUvbHpVaWJTdXN3
+            ZGU4eXNBV2tQaGtnWUMrVks2SzBZWkkKLS0tIDFmNkZOV0FMa0FMNjZLUjhLMDBU
+            TmhMa0tWR3dqSWxoT2ZBaXNwYS9PTGsKEmLSsWKvsjS4El9m37ay7ftKRWSKATyi
+            m8Pn8QDqDyzUCqBg/qUed6pA/z3Tytnm3zCluxakQTRiGa2QBAHe/A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-16T20:45:47Z"
-    mac: ENC[AES256_GCM,data:CfyqsF30Q0SoD+q/XKOrouJQgLxi493A0wfqVZYEm1oFvvCMq+vaiwECriF8wXCfGXcD3EgtdmXu+H9bvj1QZuCiu2hHYm/wBl5wNZEyOFFBXw8umHU5rYrqgiGOSKSfBA2yN8Vm/WejwMNofRs2wxPs6Ub/VLnFWxas7YwprBc=,iv:WJbDboB2xo//B57FtkCXV8npR1XMq0gVfnlDbBU/Qwg=,tag:1rHMJouf6KyKy7tV6DDP1g==,type:str]
+    lastmodified: "2023-12-16T21:29:17Z"
+    mac: ENC[AES256_GCM,data:mVIz1FczMl2XNmjZHdYer1tLsYOn+tIjkLHjvklO8Eo3O4txQF2XKImPVjM5n+YNZykqtEdm/7mNx6WRbP1v1ToCWiSorg6GtUdeDGLBtN3MaVB80qjI8mcHZ93SLMeJEjnzWDgNS8/Dw2GYqWAnlJEM4cjOQspP77TE9rh9ivA=,iv:8N91eEfUR+zLR8M+gpDle9VBO7O7d3MCwSjcd75l8D4=,tag:o0st/HXoxnrUlLfF7JkL3Q==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.8.1
diff --git a/kubernetes/apps/networking/external-dns/app/secret.sops.yaml b/kubernetes/apps/networking/external-dns/app/secret.sops.yaml
@@ -3,7 +3,7 @@ kind: Secret
 metadata:
     name: external-dns-secret
 stringData:
-    api-token: ENC[AES256_GCM,data:RwD27HlAtvBcuQex5YnoYY5zGoomTfvD0rgDjFg3h2d9eJrZiVrP3w==,iv:qbIUl+N895OvOBTJKwAJq8N38y60BVs9OrORKRjDVZ4=,tag:LS5x1cBTxxSxR/Ltxril7w==,type:str]
+    api-token: ENC[AES256_GCM,data:aVVtePWxtyALRJ77NlVYMKYF2s7ypA9g2FY3+M53cC1actNP/kK6JA==,iv:WhRYxbayDJvlsztELUpuJDwNEBh+2WVr6olmOgNAQ2M=,tag:6VlwA+YhOSXeW4t9LF19Ig==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -13,14 +13,14 @@ sops:
         - recipient: age127vrhmu8g8sekvwvv7jkf23txad3cc48l5egvuvvr8tlsvyf2fsqq0y326
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZWtwT1liWmFnenE4dThM
-            ZU1PTGljV3VKRXc5aUN0b2FTUWJ4dldmZ3pVCjZwWnIxcmdadEtWbGJpOHltK0h3
-            TFhkWExlWlBJNlFETGhheUY4VjEzc1EKLS0tIFhsRVRFU3pMQWd4NjRzS0k0STVv
-            WmpuazN1QzJ5MUhzNnlJSEpOcWVSaVEKBFSA6lGxWbVn9BXK5AGlFnuWt8NPP1Fu
-            Nd9TySZBvwolHi6kjipRrkXYEhq/h+DsKzeJlI8+wfQY+fWlOHIYfg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNUhSdFJ6eEt0WjNyZHUx
+            bi93ODRRcnU0RnlHNXBFVmIvRTNMZHpqSVE4ClNZZk1HWjFPQmNPRHRZSVVVbUcr
+            TWZscXJ3M0ZnaEFTMXpnUnRjUmp5NzgKLS0tIDdCcTZSbk5jNW02N3hRZk5MUXIw
+            WC9xTEZoV2V3ZDhMTlFlUTJDTGdIck0KAq8TfHObn85kJ7v94k3WMjnSF8o6Toon
+            YfZyiEtRb6aWNh8IxXmQ0uiAhPSRCI7ZHteDqiw12+mf2qObIdQnkA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-16T20:45:47Z"
-    mac: ENC[AES256_GCM,data:CtWA1aqFgEWFZ9RjMaKiueybNed0msvlGlJZhuY3Q4UI5bQwRhNorZ+RndG9KkaIei6Q/igNTpdYxAcA9o7KqXyy+0R/1+y9IIkyWkZXMEGsXC8SXUm+KYeIPatGWre6PmNxhnaN9uMy4aCakVZQ0c7+cbqQqFAufPZloyxwZNc=,iv:0rewgO3P5RTugl1h3U7VFbZKVzvwnJW1UeHLY9sCK4M=,tag:HefmY8/xGVYGUJwWnwIwnA==,type:str]
+    lastmodified: "2023-12-16T21:29:17Z"
+    mac: ENC[AES256_GCM,data:alyKFw+SLISRxZF0R8uKiBYzGvmmWPoqmMSfGsJFT2VbOmDvUxZUTCbi1kaRafkTNf2MUDKrkWho9C9c1Wdnge0M/YMM5V89rjGL/CFmVcClloFIxKE0P6nxJ3Y8IJjY21zQ5jSRcCGEwlxx/Db2pQ6bt6IknkQGzZb+StHlEEs=,iv:6aakK64jkXqSIc3SE5R7wIW3acygfIch9s/aNNOC6wE=,tag:koVwLY3+xOTeCpdyZa2i9g==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.8.1
diff --git a/kubernetes/apps/networking/nginx/certificates/kustomization.yaml b/kubernetes/apps/networking/nginx/certificates/kustomization.yaml
@@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./staging.yaml
+  - ./production.yaml
diff --git a/kubernetes/apps/networking/nginx/external/helmrelease.yaml b/kubernetes/apps/networking/nginx/external/helmrelease.yaml
@@ -73,7 +73,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: "networking/${SECRET_DOMAIN/./-}-staging-tls"
+        default-ssl-certificate: "networking/${SECRET_DOMAIN/./-}-production-tls"
       topologySpreadConstraints:
         - maxSkew: 1
           topologyKey: kubernetes.io/hostname

diff --git a/kubernetes/apps/networking/nginx/internal/helmrelease.yaml b/kubernetes/apps/networking/nginx/internal/helmrelease.yaml
@@ -70,7 +70,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: "networking/${SECRET_DOMAIN/./-}-staging-tls"
+        default-ssl-certificate: "networking/${SECRET_DOMAIN/./-}-production-tls"
       topologySpreadConstraints:
         - maxSkew: 1
           topologyKey: kubernetes.io/hostname

diff --git a/kubernetes/flux/vars/cluster-secrets-user.sops.yaml b/kubernetes/flux/vars/cluster-secrets-user.sops.yaml
@@ -4,7 +4,7 @@ metadata:
     name: cluster-secrets-user
     namespace: flux-system
 stringData:
-    SECRET_PLACEHOLDER: ENC[AES256_GCM,data:cT5zz/IfnxAmrc97,iv:f0Age0gc2X5AzoJnuPcPKNXJHvDfa2XWRlQ3hlm9hPg=,tag:7GADI58do3ut9ceE+GLmpQ==,type:str]
+    SECRET_PLACEHOLDER: ENC[AES256_GCM,data:W7fByVgU00SNiLF9,iv:dpwjKbFPkWRSnBGFjyn2jplEPfi8YxvOUkE62GRQf7Q=,tag:vEXnOr/Ntdht/hm2chJaIA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,14 +14,14 @@ sops:
         - recipient: age127vrhmu8g8sekvwvv7jkf23txad3cc48l5egvuvvr8tlsvyf2fsqq0y326
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSWFZVzRobzdJYVIyZ3F6
-            eERWbjlzb1loRFhaNjRwaW1PSlFQajZrN25rCjdxVGhnZlRaS29MWW9wbDV1Mlow
-            MWhLS3NBd1Y4YTBFRm1qSVgydFpOY3cKLS0tIFQ3SHkvSGtuMEFCVThDOUZDRDF4
-            SHlZVWIwR2hDZWFPY2UrQVkvVVJ1TGsKlTwQkMoxN0owVVMr+4HanBQxxwCvFTGk
-            H2by66F3g36tVj0c1pwBhW7kq6+Qmvd8ZHEHsTxcQ68FRbPTxZGebw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhREVZWjkrcmRmbnlOSDlI
+            OUVuWFcvOFI1QUZsZDdtN3REQTZJTU9CNTEwCmw3cnJpazNIdlQ0R2dWWlM4aE8y
+            aDV2R296aUZyVEdUVGlDSG9FanY3bVEKLS0tIEs0VTVzbVlENUFTbW1TM2Iwb2dR
+            WmVOVGNXei9VbXpXYVRyZVFNSjJxSHMKgtz2ErTpxDXSF+vba6Kte/t4A373CF5L
+            HC0NdGTZVmqbnWi35m0EhxH9FyjVHUDq7jKdUXc5r3GPG5Lb6h8bIw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-16T20:45:45Z"
-    mac: ENC[AES256_GCM,data:t05eB5mXogiikoN7nxoS61k5rIJIanmZCXHvtIalq9ZNaMQDM6hH6hJTKB80HviKUigJJyrL/k98grzAM4t2xfovAmyX7DPb0OAzILZ7rWRU5jwe/4M32VqrtC8x1CD6g62NDm7NP9IHY50/hINquPjnWjh1FMWWoNDxIEMJxU4=,iv:hJbCmKyMeCN2HJLexQprU5EBeGG60LSox69upKQYTC8=,tag:bbfVKCv8dfg2c/viAPg2Vw==,type:str]
+    lastmodified: "2023-12-16T21:29:15Z"
+    mac: ENC[AES256_GCM,data:ihcqKKOR/RmArxxDxJn+ocZiIN8vv8MspqVI4fj0Bd1J0BQEUTzDks/gQ6MbH67s9VZhKvmHcMHmMOa88ZJ1nUvQc2CvCQ8SWujE9d7Ezyd/TNXr8imfakeJGnUuxxWTDJ4uZP6Z5KGaiTuECtyaMFJjwAcsD8ermCzRXKmvroQ=,iv:3HSRqS4Tec/t+yeGueuqTqDip1ZoGDe3cWlPKxV9q2I=,tag:Hh8lOGofPk+oTFq1/LXxcw==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.8.1
diff --git a/kubernetes/flux/vars/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml
@@ -4,9 +4,9 @@ metadata:
     name: cluster-secrets
     namespace: flux-system
 stringData:
-    SECRET_ACME_EMAIL: ENC[AES256_GCM,data:PDcUGvQ56ekwCsEMVbdjV/BN248=,iv:HFTnJ2AqTCXRCP8eEdEDH6ym7QkDT56vBmJjLmLeo1k=,tag:aMaRipYbNEBK3Bps34Q+kQ==,type:str]
-    SECRET_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:pILsJAG4Fz2BcJSDeqgcCaHlPfXEWy5cD9XVbxh2ZVB4oUNo,iv:Nmla99rSD4GBSKkCVDUXA/v+O7HkHISB6S31JEIyKb4=,tag:JbVOG30LDYNLlvBu8O5kDQ==,type:str]
-    SECRET_DOMAIN: ENC[AES256_GCM,data:XGTB4mmC4jyZsTs=,iv:iIXm1YiXDNp/H2QPt5TTpT7TqbpykJDSHF/64P2yN6o=,tag:hZysnpmh/YaEbjUbgO5Alw==,type:str]
+    SECRET_ACME_EMAIL: ENC[AES256_GCM,data:fN9BXTAwXqpR4xU7NAff56SbzhY=,iv:sgS10YxNoIDPWn+N28PPpHjd0UwEAsjnOwQojAJqFv8=,tag:l01i3izbRIqfr44GuAnOxA==,type:str]
+    SECRET_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:2Qswpmsy3ji5p8M/GHa52K6wAY244FuiZdWyK0yzfmfutl3q,iv:pZ+BuZ3aJlZ8OcvCEk/aMAHu28FxOIrT0ax6pXv4XxA=,tag:aIOoT/ckx3jAoCn4XHIhgQ==,type:str]
+    SECRET_DOMAIN: ENC[AES256_GCM,data:ryYYW3Lg7EVSMOs=,iv:tnTHAhvDi0/B7cHMwUHfH2JfF/+aErTxIaXWLk+SNYM=,tag:uopqFeZeGY3HjrX4vl8oDg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -16,14 +16,14 @@ sops:
         - recipient: age127vrhmu8g8sekvwvv7jkf23txad3cc48l5egvuvvr8tlsvyf2fsqq0y326
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOURxb1dmSDlIanZpQlNl
-            YlZXUDVlMWtsMjFlU2kxeUZOY0Vpa1ZJdFhVCkJaVzc0NURQbE81Sk1vWGZucFZx
-            UzFETGlZZG90YnNxMnF0UVpFMDVJa0kKLS0tIC9jUGkwTStCMWNYVlIvVUp4TFVs
-            V3Z1RXEvZTFmUFphRUpJMW81N0NKQmMKFF6x2DVxvCj0c/g3U6Nbw14/NbjwLhbx
-            0DEMPZfr2wkDLNVsfASyPLjUtgLtc9UxnaGx4GZScWNc/SsPlsVTCA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAraFNWaThBTnRkclhFaXdv
+            WThzQlA4MWhMQ3lXQ0k2SWJtcUoyYnNCTHpzCjJ1cDJWeGQ4K0VjdWM1aDFjc2pu
+            ejdxYXFYUSs1WjlDRm1DYkE4YXNiRGMKLS0tIDBPcEpHUEt2WnVZaTFFS0p2akVw
+            dTdCQXhEN1ZFcUpHN1V6aVEyT1NBTVUKSEaaBwmbX7v/jODPHRSDNPxg3+BqEbFV
+            BYcZSGI+i0fpJagYm+TxrmCkyEWLn7+8Kv8nKUE6FAMLHfhOEtVHxw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-16T20:45:46Z"
-    mac: ENC[AES256_GCM,data:2qsrGxCUyFX9DOUSI4pKIyUqPYSfsek+3EbID42xQgGz6V2H8l+NhEezZd/euG61ekypkCTdtlNwxsgOAvjR3kPvx73E5Vw00VIucCy+pTp3QmgoXvBFowRARuSj/gtHJiuvM3Y71dqVv/7HriSeIoPg5BA7i8qDnQz8AztmDdA=,iv:8G870CZqUHeHACdaC65qnBQzQGMSafN6hqj7ElE8waA=,tag:806NuejwN+77fsjmBpvmuw==,type:str]
+    lastmodified: "2023-12-16T21:29:16Z"
+    mac: ENC[AES256_GCM,data:hFXIqyQnARig0ky53HSHZwk1xbpE/nb7EO2RZeGPZPkhD8lIcntFdlhqyIWGCWiYeoUOIdUc2ixIv4U5uQlFBwLj/WiWsi3g94lBJpAmcK4Q7dQEmfzKvoxeluX1TaFEV7in1KGj0RAm5D1iiSnUT1taAJUH7WGyt3GcdqveMm0=,iv:V8tu9Dv+z6CnZbrpD+WMXxVPAGRKSxU5RWN/D2avHXg=,tag:dOtAW1EYaaVe2/tgp4Ee7Q==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.8.1