---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: jetstack
  namespace: flux-system
spec:
  url: https://charts.jetstack.io
  interval: 1h
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: cert-manager
  namespace: cert-manager
spec:
  interval: 30m
  chart:
    spec:
      chart: cert-manager
      version: v1.15.0
      sourceRef:
        kind: HelmRepository
        name: jetstack
        namespace: flux-system
  install:
    crds: CreateReplace
    createNamespace: true
  values:
    installCRDs: true
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-rfc2136
spec:
  acme:
    email: admin@hxme.net
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-rfc2136
    solvers:
    - dns01:
        rfc2136:
          nameserver: hawke.hxst.com.au:53
          tsigSecretSecretRef:
            name: hawke-tsig
            key: tsig-secret
          tsigAlgorithm: HMACSHA256
          tsigKeyName: externaldns-key.
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-cert
  namespace: cert-manager
spec:
  secretName: wildcard-cert-tls
  issuerRef:
    name: letsencrypt-rfc2136
    kind: ClusterIssuer
  commonName: "*.hxme.net"
  dnsNames:
    - "*.hxme.net"