diff --git a/README.md b/README.md
index 103eff7..e4a9a9e 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,5 @@
*TODO: Files with sensitive data; migrate to SealedSecret*
```
-# line ??: services/TfState/deploy-TfState.yml
# line ??: services/Mastodon/deploy-Mastodon.yml
```
@@ -299,11 +298,16 @@ kubectl apply -f services/PVR/deploy-Sonarr.yml
```shell
kubectl apply -f services/Shaarli/deploy-Shaarli.yml
```
-##### 5.11) [Traefik-Certs-Dumper](https://github.com/ldez/traefik-certs-dumper) (certificate tooling)
+##### 5.11) [Terraform backend](https://www.terraform.io/language/settings/backends/pg) (supporting database)
+```shell
+kubectl apply -f services/TfState/deploy-TfState.yml
+kubectl apply -f services/TfState/sealedSecret-TfState.yml
+```
+##### 5.12) [Traefik-Certs-Dumper](https://github.com/ldez/traefik-certs-dumper) (certificate tooling)
```shell
kubectl apply -f services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml
```
-##### 5.12) [Unifi-Controller]() (wlan AP management)
+##### 5.13) [Unifi-Controller]() (network infrastructure management)
```shell
kubectl apply -f services/Unifi/deploy-Unifi.yml
```
@@ -319,6 +323,7 @@ kubectl rollout restart deployment --namespace unifi unifi
ssh @
sed -e 's|stun://|stun://:3479|' -i /etc/persistent/cfg/mgmt
```
+
### 6) Miscellaneous
*Various notes/useful links*
diff --git a/services/TfState/deploy-TfState.yml b/services/TfState/deploy-TfState.yml
index da7ba1b..cc89981 100644
--- a/services/TfState/deploy-TfState.yml
+++ b/services/TfState/deploy-TfState.yml
@@ -30,12 +30,11 @@ spec:
- name: postgres
image: bv11-cr01.bessems.eu/proxy/library/postgres:14-alpine
env:
- - name: POSTGRES_USER
- value: terraform
- - name: POSTGRES_PASSWORD
- value: terraform
- name: POSTGRES_DB
value: terraform_backend
+ envFrom:
+ - secretRef:
+ name: tfstate-secret
ports:
- name: db
containerPort: 5432
diff --git a/services/TfState/sealedSecret-TfState.yml b/services/TfState/sealedSecret-TfState.yml
new file mode 100644
index 0000000..9a26b6f
--- /dev/null
+++ b/services/TfState/sealedSecret-TfState.yml
@@ -0,0 +1,24 @@
+{
+ "kind": "SealedSecret",
+ "apiVersion": "bitnami.com/v1alpha1",
+ "metadata": {
+ "name": "tfstate-secret",
+ "namespace": "default",
+ "creationTimestamp": null
+ },
+ "spec": {
+ "template": {
+ "metadata": {
+ "name": "tfstate-secret",
+ "namespace": "default",
+ "creationTimestamp": null
+ },
+ "type": "Opaque",
+ "data": null
+ },
+ "encryptedData": {
+ "POSTGRES_PASSWORD": "AgCTsPK7n1PYReT5IjN9nDfPBQN260vAK+iNdeq5ZwZW5YLgnQeVE5YkEcNCWhmyoznHjhdBuaI/n2lQT5lvcQKjKccOQoZdRdsiPBKilGTO/QNJKD80Tvu0Gin9mmN2TEU4vGqgCQAVKJ8VqBP7WhvQii5XptMagRzn7ClsqOXa9oqF7OzFHKBww2YjOPYasDTzWoUcNwfsdJxgyM4UPoo3vv2Yo4bsJzd1WwSM+qQQnn47b68tgZlC7WwKal9NNEbTrjTO1finLURR+HkBg3A33poEBF0qIc55ku2nnQy4Pf+MDpdBTkt31WoQhydwcLtZYj1hLJuCVkSDTN7k/cepnAznqvBIbzUvnx83kgnsprBWIzakKnWrluSh7gdRqsB/ccVbyjzomPxdmySd5HWQxEUkOF99c04yoTnIzdA6si6NQMHHH12naNE2rkwbWO12P8kTuI9mhyIEx9Yi0bQsaXijdo1mk/ZDWnYgo8JagdjBtWBZq05FSMT8a42HkhLg9sAHeOg3nnrohwkCOfJ5RFlGj1A6EZF2bnXbSfS6atvHlwOthrXfHGYRpUL15VIL6Ho6OHEmLEzJDMy6dKnfwIf4mJKvjdKnAoKgNeRV72GSLbPxODMpRIzNA+1riC7s3atyGhK71xZ9emcxuGZ/aWm8nDu5XkEDBKF2ckX4W7GKb3BusdaWLWhUcXZ1GFgDkKdrT4RfNi0=",
+ "POSTGRES_USER": "AgBQe5kF4Fan7Uty+019ak1ATJVUo9ZOJ3if4qnaIvwGOy39EZKVLHMUCuwzdJZbbZS3bgs0rzTDVaxjmSD6ZjSdqIG2FJlVpx6MqBrqKWUEhnBOOLsYF5gpwqDhaUS4f80b9dX8XvkCL+9YjCtoLZalOnBgRMuyFtg1ijc6B/mnE5WrAIQYTe3Y5LV3dmgbHbnLIWshiXpqg/I/lqqZeuLgIPslx2OsY9yk9Zeqj6zbIsGYaI6l993pwW3MhEcDTOJfg4mfdyTaCzWiC+196SGCkUt7ZrWUzLaAdx/6kBpNkPGeO34uW0eEzPcthKswllaVMyiIF/yibEb/cDmDwHUmuqF8EM2AFSbcemg2oF+J4u0Y9DAllnsvR/UCjvESaGmNOZS7FtmpAYjv5bketoBVh6mu0qHhVHid+AdS6XVX/OR/XtX7pJkqdPEb2mQnA93YhrkVwoNWXZ1yqGYGTHr4qzG5KCYB3KVjGWNOioayGL4R18FVcJBKdJRuFFfsj6tSjKt5XZEtkwaxzezkiwXaExtGteyIycd0DbTB/W2GK20Zgwqnz0WLdIg4JdqfhQW8w8s1BaXydE62dC0wbGdHFY55Z3XaoQSiE9RfZ9xS5XHwTBl8WkSvHBtU6b0ak5G7hHULYeOlisr5L8QgH0Kkicy3yTjjURaQQC5AZq4AO+Q9b5bCGwAOVEbcJsRuU/AdINzABaQOJ4A="
+ }
+ }
+}