use bw secret in ntfy-alertmanager

argocd/infra/monitoring/ntfy-alertmanager.yaml

@@ -27,7 +27,7 @@ spec:
       volumes:
         - name: config
           secret:
-            secretName: ntfy-alertmanager-config-secret
+            secretName: ntfy-alertmanager-config
 ---
 apiVersion: v1
 kind: Service
@@ -63,4 +63,103 @@ spec:
                 name: ntfy-alertmanager
                 port:
                   number: 80
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: ntfy-alertmanager-config
+  namespace: monitoring
+spec:
+  target:
+    name: ntfy-alertmanager-config
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        config.yaml: |-
+          # Ref: https://git.xenrox.net/~xenrox/ntfy-alertmanager/tree/master/item/config.scfg
+
+          # Public facing base URL. Required for the "Silence" feature.
+          base-url https://ntfy-alertmanager.jibby.org
+          # http listen address
+          http-address :8080
+          # Log level (either debug, info, warning, error)
+          log-level info
+          # Log format (either text or json)
+          log-format text
+          # When multiple alerts are grouped together by Alertmanager, they can either be sent
+          # each on their own (single mode) or be kept together (multi mode) (either single or multi; default is multi)
+          alert-mode single
+          # Optionally protect with HTTP basic authentication
+          user {{ .ntfyamuser }}
+          password {{ .ntfyampass }}
+
+          labels {
+              order "severity,instance"
+
+              severity "critical" {
+                  priority 5
+                  tags "rotating_light"
+              }
+
+              severity "info" {
+                  priority 1
+              }
+
+              instance "example.com" {
+                  tags "computer,example"
+              }
+          }
+
+          # Settings for resolved alerts
+          resolved {
+              tags "resolved,partying_face"
+              priority 1
+          }
+
+          ntfy {
+              # URL of the ntfy topic - required
+              topic https://ntfy.jibby.org/alertmanager-alerts
+              # ntfy authentication via Basic Auth (https://docs.ntfy.sh/publish/#username-password)
+              user {{ .ntfyuser }}
+              password {{ .ntfypass }}
+          }
+
+          alertmanager {
+              silence-duration 24h
+              url http://alertmanager-operated.monitoring.svc.cluster.local:9093
+          }
 
+  data:
+    - secretKey: ntfyamuser
+      sourceRef:
+        storeRef:
+          name: bitwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: af0ecb7c-25e5-4907-82be-b3f80121ceae
+        property: username
+    - secretKey: ntfyampass
+      sourceRef:
+        storeRef:
+          name: bitwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: ae12b5aa-193f-4881-8976-b3f70137de15
+        property: password
+    - secretKey: ntfyuser
+      sourceRef:
+        storeRef:
+          name: bitwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 674fbf3d-531a-4ca6-afec-b1d7012d1a8a
+        property: username
+    - secretKey: ntfypass
+      sourceRef:
+        storeRef:
+          name: bitwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 674fbf3d-531a-4ca6-afec-b1d7012d1a8a
+        property: password