From dbc47d023104cdacc94a4db155c9ff6c7f213a64 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Mon, 26 Jan 2026 07:52:11 -0800 Subject: [PATCH] Migrate ArgoCD repos from indri:2200 to forge.ops.eblu.me:2222 Update all ArgoCD application repo URLs and SSH known hosts to use the new Caddy-proxied forge endpoint instead of the legacy Tailscale MagicDNS hostname. Co-Authored-By: Claude Opus 4.5 --- argocd/apps/alloy-k8s.yaml | 2 +- argocd/apps/apps.yaml | 2 +- argocd/apps/argocd.yaml | 2 +- argocd/apps/blumeops-pg.yaml | 2 +- argocd/apps/cloudnative-pg.yaml | 4 ++-- argocd/apps/devpi.yaml | 2 +- argocd/apps/grafana-config.yaml | 2 +- argocd/apps/grafana.yaml | 4 ++-- argocd/apps/kiwix.yaml | 2 +- argocd/apps/kube-state-metrics.yaml | 2 +- argocd/apps/loki.yaml | 2 +- argocd/apps/miniflux.yaml | 2 +- argocd/apps/prometheus.yaml | 2 +- argocd/apps/tailscale-operator.yaml | 2 +- argocd/apps/teslamate.yaml | 2 +- argocd/apps/torrent.yaml | 2 +- argocd/manifests/argocd/README.md | 4 ++-- argocd/manifests/argocd/argocd-ssh-known-hosts-cm.yaml | 8 ++++---- argocd/manifests/argocd/repo-forge-secret.yaml.tpl | 4 ++-- 19 files changed, 26 insertions(+), 26 deletions(-) diff --git a/argocd/apps/alloy-k8s.yaml b/argocd/apps/alloy-k8s.yaml index 29d996c..9b652bc 100644 --- a/argocd/apps/alloy-k8s.yaml +++ b/argocd/apps/alloy-k8s.yaml @@ -6,7 +6,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/alloy-k8s destination: diff --git a/argocd/apps/apps.yaml b/argocd/apps/apps.yaml index c028062..0eebe54 100644 --- a/argocd/apps/apps.yaml +++ b/argocd/apps/apps.yaml @@ -8,7 +8,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/apps destination: diff --git a/argocd/apps/argocd.yaml b/argocd/apps/argocd.yaml index f056ef0..c5e89e8 100644 --- a/argocd/apps/argocd.yaml +++ b/argocd/apps/argocd.yaml @@ -8,7 +8,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/argocd destination: diff --git a/argocd/apps/blumeops-pg.yaml b/argocd/apps/blumeops-pg.yaml index 54f20c5..6a9e57e 100644 --- a/argocd/apps/blumeops-pg.yaml +++ b/argocd/apps/blumeops-pg.yaml @@ -12,7 +12,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/databases destination: diff --git a/argocd/apps/cloudnative-pg.yaml b/argocd/apps/cloudnative-pg.yaml index d2f6e81..73c3bf0 100644 --- a/argocd/apps/cloudnative-pg.yaml +++ b/argocd/apps/cloudnative-pg.yaml @@ -11,7 +11,7 @@ spec: project: default sources: # Helm chart from forge mirror (SSH via egress) - - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/cloudnative-pg-charts.git + - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/cloudnative-pg-charts.git targetRevision: cloudnative-pg-v0.27.0 path: charts/cloudnative-pg helm: @@ -19,7 +19,7 @@ spec: valueFiles: - $values/argocd/manifests/cloudnative-pg/values.yaml # Values from our git repo - - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main ref: values destination: diff --git a/argocd/apps/devpi.yaml b/argocd/apps/devpi.yaml index e294f5b..4a15672 100644 --- a/argocd/apps/devpi.yaml +++ b/argocd/apps/devpi.yaml @@ -18,7 +18,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/devpi destination: diff --git a/argocd/apps/grafana-config.yaml b/argocd/apps/grafana-config.yaml index e363933..f98399c 100644 --- a/argocd/apps/grafana-config.yaml +++ b/argocd/apps/grafana-config.yaml @@ -13,7 +13,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/grafana-config destination: diff --git a/argocd/apps/grafana.yaml b/argocd/apps/grafana.yaml index 1a748d8..ec9262e 100644 --- a/argocd/apps/grafana.yaml +++ b/argocd/apps/grafana.yaml @@ -14,7 +14,7 @@ spec: project: default sources: # Helm chart from forge mirror (SSH via egress) - - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/grafana-helm-charts.git + - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/grafana-helm-charts.git targetRevision: grafana-8.8.2 path: charts/grafana helm: @@ -22,7 +22,7 @@ spec: valueFiles: - $values/argocd/manifests/grafana/values.yaml # Values from our git repo - - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + - repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main ref: values destination: diff --git a/argocd/apps/kiwix.yaml b/argocd/apps/kiwix.yaml index 70be2c1..36e5b93 100644 --- a/argocd/apps/kiwix.yaml +++ b/argocd/apps/kiwix.yaml @@ -7,7 +7,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/kiwix destination: diff --git a/argocd/apps/kube-state-metrics.yaml b/argocd/apps/kube-state-metrics.yaml index 91df2cd..1644532 100644 --- a/argocd/apps/kube-state-metrics.yaml +++ b/argocd/apps/kube-state-metrics.yaml @@ -6,7 +6,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/kube-state-metrics destination: diff --git a/argocd/apps/loki.yaml b/argocd/apps/loki.yaml index cb9dd41..834c86c 100644 --- a/argocd/apps/loki.yaml +++ b/argocd/apps/loki.yaml @@ -6,7 +6,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/loki destination: diff --git a/argocd/apps/miniflux.yaml b/argocd/apps/miniflux.yaml index 36cff8d..d9165bb 100644 --- a/argocd/apps/miniflux.yaml +++ b/argocd/apps/miniflux.yaml @@ -16,7 +16,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/miniflux destination: diff --git a/argocd/apps/prometheus.yaml b/argocd/apps/prometheus.yaml index b53a243..3348736 100644 --- a/argocd/apps/prometheus.yaml +++ b/argocd/apps/prometheus.yaml @@ -6,7 +6,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/prometheus destination: diff --git a/argocd/apps/tailscale-operator.yaml b/argocd/apps/tailscale-operator.yaml index e3cc2c8..4ca5ea7 100644 --- a/argocd/apps/tailscale-operator.yaml +++ b/argocd/apps/tailscale-operator.yaml @@ -14,7 +14,7 @@ spec: jsonPointers: - /spec/externalName source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/tailscale-operator destination: diff --git a/argocd/apps/teslamate.yaml b/argocd/apps/teslamate.yaml index 9c22c42..6165b8e 100644 --- a/argocd/apps/teslamate.yaml +++ b/argocd/apps/teslamate.yaml @@ -21,7 +21,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/teslamate destination: diff --git a/argocd/apps/torrent.yaml b/argocd/apps/torrent.yaml index 91e5fdc..7fd4135 100644 --- a/argocd/apps/torrent.yaml +++ b/argocd/apps/torrent.yaml @@ -7,7 +7,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/torrent destination: diff --git a/argocd/manifests/argocd/README.md b/argocd/manifests/argocd/README.md index 42762df..344b1e2 100644 --- a/argocd/manifests/argocd/README.md +++ b/argocd/manifests/argocd/README.md @@ -32,7 +32,7 @@ argocd account update-password PRIV_KEY=$(op read "op://vg6xf6vvfmoh5hqjjhlhbeoaie/csjncynh6htjvnh2l2da65y32q/private key?ssh-format=openssh")$'\n' && \ kubectl create secret generic repo-creds-forge -n argocd \ --from-literal=type=git \ - --from-literal=url='ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/' \ + --from-literal=url='ssh://forgejo@forge.ops.eblu.me:2222/eblume/' \ --from-literal=insecure=true \ --from-literal=sshPrivateKey="$PRIV_KEY" && \ kubectl label secret repo-creds-forge -n argocd argocd.argoproj.io/secret-type=repo-creds @@ -82,7 +82,7 @@ metadata: spec: project: default source: - repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git + repoURL: ssh://forgejo@forge.ops.eblu.me:2222/eblume/blumeops.git targetRevision: main path: argocd/manifests/my-app destination: diff --git a/argocd/manifests/argocd/argocd-ssh-known-hosts-cm.yaml b/argocd/manifests/argocd/argocd-ssh-known-hosts-cm.yaml index 61525aa..cf3b728 100644 --- a/argocd/manifests/argocd/argocd-ssh-known-hosts-cm.yaml +++ b/argocd/manifests/argocd/argocd-ssh-known-hosts-cm.yaml @@ -1,5 +1,5 @@ -# Patch to add forge (indri) SSH host key to ArgoCD known_hosts -# Includes upstream defaults plus indri.tail8d86e.ts.net:2200 +# Patch to add forge SSH host key to ArgoCD known_hosts +# Includes upstream defaults plus forge.ops.eblu.me:2222 apiVersion: v1 kind: ConfigMap metadata: @@ -21,5 +21,5 @@ data: gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - # Forge (indri) - Forgejo SSH on port 2200 - [indri.tail8d86e.ts.net]:2200 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlGQT5w03XxlhmEiDVtGq2SkhLIZU4vYhdMey/T2tFLp7kEiOwCWgDgbBn12VDfqXTXJreykBuREqYNSx4tL4Znwap0+HjLOjTIVri8af2ZFF6IP52pcmJEOnxm/yUZhJCosu1wOZwLOoQEPBYM6sPN4OY9PFOsrsxMO2LWPJAZujPlnsfKOTsIS5iRpiT4yU7Z+oWB21rMxjZ9sXZRn8PI2MbUIs/Yazpah2XPJm2YJ7C+kqTLmld4mXQaQtHhzvPaRNB59RS8xyinuaRs618tD3DQq3Qpt8ZZKZydLVv4CIrGvjdqavt0l+4rsNGBh8dWvDR7l2Z6wo9ggDCej957+J6tInfZ82KHSW3ONdm2mUOHObUVSte2xUPlRpnIBFt3lcCapifPULE7PuN0Xdw4r+ewr+6R65RzdptqGfKyyAYsERhbq904ryNZ9fy30vH8+j9imL5AhMkCbP8S/UW49rDIdfN6MvZlX9MoBhmbrkv+kETB7qz9zaOrocEOZOE3fzB9iZxNwlXjstUnjkqi4P1yY/SKpyLC/yDCUpxC79FbCAKIJwar3C2mZaLeBGyqL31HPKOx175VsSxIbjeJX8uNO9WhbFPlcbRETeEoq+dczeU25OESCyyelGb72tTNJYObn2R8Br9NFPiwGZJX6TLlKqaE7x3D0M64ncTJQ== + # Forge - Forgejo SSH on port 2222 + [forge.ops.eblu.me]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlGQT5w03XxlhmEiDVtGq2SkhLIZU4vYhdMey/T2tFLp7kEiOwCWgDgbBn12VDfqXTXJreykBuREqYNSx4tL4Znwap0+HjLOjTIVri8af2ZFF6IP52pcmJEOnxm/yUZhJCosu1wOZwLOoQEPBYM6sPN4OY9PFOsrsxMO2LWPJAZujPlnsfKOTsIS5iRpiT4yU7Z+oWB21rMxjZ9sXZRn8PI2MbUIs/Yazpah2XPJm2YJ7C+kqTLmld4mXQaQtHhzvPaRNB59RS8xyinuaRs618tD3DQq3Qpt8ZZKZydLVv4CIrGvjdqavt0l+4rsNGBh8dWvDR7l2Z6wo9ggDCej957+J6tInfZ82KHSW3ONdm2mUOHObUVSte2xUPlRpnIBFt3lcCapifPULE7PuN0Xdw4r+ewr+6R65RzdptqGfKyyAYsERhbq904ryNZ9fy30vH8+j9imL5AhMkCbP8S/UW49rDIdfN6MvZlX9MoBhmbrkv+kETB7qz9zaOrocEOZOE3fzB9iZxNwlXjstUnjkqi4P1yY/SKpyLC/yDCUpxC79FbCAKIJwar3C2mZaLeBGyqL31HPKOx175VsSxIbjeJX8uNO9WhbFPlcbRETeEoq+dczeU25OESCyyelGb72tTNJYObn2R8Br9NFPiwGZJX6TLlKqaE7x3D0M64ncTJQ== diff --git a/argocd/manifests/argocd/repo-forge-secret.yaml.tpl b/argocd/manifests/argocd/repo-forge-secret.yaml.tpl index e72b037..9d6187e 100644 --- a/argocd/manifests/argocd/repo-forge-secret.yaml.tpl +++ b/argocd/manifests/argocd/repo-forge-secret.yaml.tpl @@ -11,7 +11,7 @@ # PRIV_KEY=$(op read "op://vg6xf6vvfmoh5hqjjhlhbeoaie/csjncynh6htjvnh2l2da65y32q/private key?ssh-format=openssh")$'\n' && \ # kubectl create secret generic repo-creds-forge -n argocd \ # --from-literal=type=git \ -# --from-literal=url='ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/' \ +# --from-literal=url='ssh://forgejo@forge.ops.eblu.me:2222/eblume/' \ # --from-literal=insecure=true \ # --from-literal=sshPrivateKey="$PRIV_KEY" && \ # kubectl label secret repo-creds-forge -n argocd argocd.argoproj.io/secret-type=repo-creds @@ -25,7 +25,7 @@ metadata: argocd.argoproj.io/secret-type: repo-creds stringData: type: git - url: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/ + url: ssh://forgejo@forge.ops.eblu.me:2222/eblume/ insecure: "true" sshPrivateKey: | # Key from 1Password: op://vg6xf6vvfmoh5hqjjhlhbeoaie/csjncynh6htjvnh2l2da65y32q/private key