---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: jetstack
  namespace: flux-system
spec:
  url: https://charts.jetstack.io
  interval: 1h
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: cert-manager
  namespace: cert-manager
spec:
  interval: 30m
  chart:
    spec:
      chart: cert-manager
      version: v1.15.0
      sourceRef:
        kind: HelmRepository
        name: jetstack
        namespace: flux-system
  install:
    crds: CreateReplace
    createNamespace: true
  values:
    installCRDs: true
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-rfc2136
spec:
  acme:
    email: admin@hxme.net
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-rfc2136
    solvers:
    - dns01:
        rfc2136:
          nameserver: hawke.hxst.com.au:53
          tsigKeyName: "hxme-update-key"
          tsigAlgorithm: HMACSHA512
          tsigSecretSecretRef:
            name: hxme-update-key
            key:  hxme-update-key
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: tamcard-cert
  namespace: cert-manager
spec:
  secretName: tamecard-cert-tls
  issuerRef:
    name: letsencrypt-rfc2136
    kind: ClusterIssuer
  commonName: "hxme.net"
  dnsNames:
    - "hxme.net"
# ---
# apiVersion: cert-manager.io/v1
# kind: Certificate
# metadata:
#   name: wildcard-cert
#   namespace: cert-manager
# spec:
#   secretName: wildcard-cert-tls
#   issuerRef:
#     name: letsencrypt-rfc2136
#     kind: ClusterIssuer
#   commonName: "*.hxme.net"
#   dnsNames:
#     - "*.hxme.net"