home-server/deployments-old/ssl/certmanager.yaml

---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: jetstack
  namespace: flux-system
spec:
  url: https://charts.jetstack.io
  interval: 1h
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: cert-manager
  namespace: cert-manager
spec:
  interval: 30m
  chart:
    spec:
      chart: cert-manager
      version: v1.18.2
      sourceRef:
        kind: HelmRepository
        name: jetstack
        namespace: flux-system
  install:
    crds: CreateReplace
    createNamespace: true
  values:
    installCRDs: true
    extraArgs:
      - --dns01-recursive-nameservers-only
      - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-rfc2136
spec:
  acme:
    email: admin@hxme.net
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-rfc2136
    solvers:
    - dns01:
        rfc2136:
          nameserver: hawke.hxst.com.au:53
          tsigKeyName: "hxme-update-key"
          tsigAlgorithm: HMACSHA512
          tsigSecretSecretRef:
            name: hxme-update-key
            key:  hxme-update-key
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-hxme-net
  namespace: cert-manager
spec:
  secretName: wildcard-hxme-net
  secretTemplate:
    annotations:
      replicator.v1.mittwald.de/replication-allowed: "true"
      replicator.v1.mittwald.de/replicate-to: "monitoring,authentik,nextcloud"
  issuerRef:
    name: letsencrypt-rfc2136
    kind: ClusterIssuer
  commonName: "hxme.net"
  dnsNames:
    - "hxme.net"
    - "*.hxme.net"
Just ignore commits please 2025-07-10 16:28:34 +10:00			`---`
			`apiVersion: source.toolkit.fluxcd.io/v1`
			`kind: HelmRepository`
			`metadata:`
			`name: jetstack`
fuck helm. 2025-07-10 20:00:02 +10:00			`namespace: flux-system`
Just ignore commits please 2025-07-10 16:28:34 +10:00			`spec:`
			`url: https://charts.jetstack.io`
			`interval: 1h`
			`---`
			`apiVersion: helm.toolkit.fluxcd.io/v2`
			`kind: HelmRelease`
			`metadata:`
			`name: cert-manager`
fuck helm. 2025-07-10 20:00:02 +10:00			`namespace: cert-manager`
Just ignore commits please 2025-07-10 16:28:34 +10:00			`spec:`
			`interval: 30m`
			`chart:`
			`spec:`
			`chart: cert-manager`
			`version: v1.18.2`
			`sourceRef:`
			`kind: HelmRepository`
			`name: jetstack`
fuck helm. 2025-07-10 20:00:02 +10:00			`namespace: flux-system`
Just ignore commits please 2025-07-10 16:28:34 +10:00			`install:`
			`crds: CreateReplace`
fuck helm. 2025-07-10 20:00:02 +10:00			`createNamespace: true`
Just ignore commits please 2025-07-10 16:28:34 +10:00			`values:`
			`installCRDs: true`
			`extraArgs:`
			`- --dns01-recursive-nameservers-only`
			`- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: ClusterIssuer`
			`metadata:`
			`name: letsencrypt-rfc2136`
			`spec:`
			`acme:`
			`email: admin@hxme.net`
			`server: https://acme-v02.api.letsencrypt.org/directory`
			`privateKeySecretRef:`
			`name: letsencrypt-rfc2136`
			`solvers:`
			`- dns01:`
			`rfc2136:`
			`nameserver: hawke.hxst.com.au:53`
			`tsigKeyName: "hxme-update-key"`
			`tsigAlgorithm: HMACSHA512`
			`tsigSecretSecretRef:`
			`name: hxme-update-key`
			`key: hxme-update-key`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: wildcard-hxme-net`
fuck helm. 2025-07-10 20:00:02 +10:00			`namespace: cert-manager`
Just ignore commits please 2025-07-10 16:28:34 +10:00			`spec:`
			`secretName: wildcard-hxme-net`
			`secretTemplate:`
			`annotations:`
			`replicator.v1.mittwald.de/replication-allowed: "true"`
			`replicator.v1.mittwald.de/replicate-to: "monitoring,authentik,nextcloud"`
			`issuerRef:`
			`name: letsencrypt-rfc2136`
			`kind: ClusterIssuer`
			`commonName: "hxme.net"`
			`dnsNames:`
			`- "hxme.net"`
			`- "*.hxme.net"`