From d8cad832bac1261dd70287362269414c2f9e03c8 Mon Sep 17 00:00:00 2001
From: Jack Jackson <scubbojj@gmail.com>
Date: Fri, 14 Mar 2025 20:46:59 -0700
Subject: [PATCH] Switch Vault to Jsonnett definition

As a precursor to:
* Enabling Plugins
* So that I can get GitHub credentials from Vault via [this
    plugin](https://github.com/martinbaillie/vault-plugin-secrets-github)
* So that I can use [this history-syncing
    plugin](https://gitea.scubbo.org/scubbo/commit-report-sync) without
    needing to refresh tokens, including in _this_ repo.
* At which point I want to [use LetsEncrypt to provide certs for Traefik
   Ingresses](https://adamtheautomator.com/letsencrypt-with-k3s-kubernetes/#Ensuring_Seamless_Certificate_Renewals_with_a_ClusterIssuer)
* So that I can use Keycloak, which [demands an http
    scheme](https://github.com/keycloak/keycloak/issues/30977#issuecomment-2208679081).

What a deep rabbit-hole I am in! :)
---
 app-of-apps/apps.yaml     | 44 ---------------------------------------
 app-of-apps/vault.jsonnet | 37 ++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 44 deletions(-)
 create mode 100644 app-of-apps/vault.jsonnet

diff --git a/app-of-apps/apps.yaml b/app-of-apps/apps.yaml
index 116e952..cd2d455 100644
--- a/app-of-apps/apps.yaml
+++ b/app-of-apps/apps.yaml
@@ -320,47 +320,3 @@ spec:
       prune: true
     syncOptions:
     - CreateNamespace=true
----
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: vault
-  namespace: argo
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-
-  source:
-    chart: vault
-    repoURL: https://helm.releases.hashicorp.com
-    targetRevision: 0.25.0
-    helm:
-      values: |
-        global:
-          namespace: "vault"
-        ui:
-          enabled: true
-        serverTelemetry:
-          serviceMonitor:
-            enabled: true
-        server:
-          ingress:
-            enabled: true
-            ingressClassName: traefik
-            hosts:
-              - host: vault.avril
-                paths: []
-          dataStorage:
-            size: 20Gi
-            storageClass: freenas-iscsi-csi
-
-  destination:
-    server: "https://kubernetes.default.svc"
-    namespace: vault
-
-  syncPolicy:
-    automated:
-      prune: true
-    syncOptions:
-    - CreateNamespace=true
diff --git a/app-of-apps/vault.jsonnet b/app-of-apps/vault.jsonnet
new file mode 100644
index 0000000..76c0dd8
--- /dev/null
+++ b/app-of-apps/vault.jsonnet
@@ -0,0 +1,37 @@
+local appDef = import './app-definitions.libsonnet';
+
+appDef.helmApplication(
+    name="vault",
+    sourceRepoUrl="https://helm.releases.hashicorp.com",
+    sourceChart="vault",
+    sourceTargetRevision="0.25.0",
+    helmValues={
+        global: {
+            namespace: "vault"
+        },
+        ui: {
+            enabled: true
+        },
+        serverTelemetry: {
+            serviceMonitor: {
+                enabled: true
+            }
+        },
+        server: {
+            ingress: {
+                enabled: true,
+                ingressClassName: "traefik",
+                hosts: [
+                    {
+                        host: "vault.avril",
+                        paths: []
+                    }
+                ]
+            },
+            dataStorage: {
+                size: "20Gi",
+                storageClass: "freenas-iscsi-csi"
+            }
+        }
+    }
+)
\ No newline at end of file