From 6128223fcf6ef7b0b0d6674b3d9d39dc32898530 Mon Sep 17 00:00:00 2001
From: j37hr0 <jethro.cotton3@gmail.com>
Date: Sun, 3 May 2026 11:02:39 +1200
Subject: [PATCH] refactor certificates to be per namespace/app

---
 apps/arr/certificate.yaml                 | 13 +++++++++++++
 apps/arr/jellyfin/ingress.yaml            |  4 ++--
 apps/arr/kustomization.yaml               |  1 +
 apps/arr/prowlarr/ingress.yaml            |  4 ++--
 apps/arr/qbittorrent/ingress.yaml         |  4 ++--
 apps/arr/radarr/ingress.yaml              |  2 +-
 apps/arr/sonarr/ingress.yaml              |  4 ++--
 apps/forgejo/certificate.yaml             | 13 +++++++++++++
 apps/forgejo/kustomization.yaml           |  1 +
 apps/kimai/certificate.yaml               | 13 +++++++++++++
 apps/kimai/kustomization.yaml             |  1 +
 infrastructure/pgadmin/helmrelease.yaml   | 17 +++++++++++++++++
 infrastructure/pgadmin/kustomization.yaml |  4 ++++
 infrastructure/sources/kustomization.yaml |  1 +
 infrastructure/sources/runix.yaml         |  8 ++++++++
 15 files changed, 81 insertions(+), 9 deletions(-)
 create mode 100644 apps/arr/certificate.yaml
 create mode 100644 apps/forgejo/certificate.yaml
 create mode 100644 apps/kimai/certificate.yaml
 create mode 100644 infrastructure/pgadmin/helmrelease.yaml
 create mode 100644 infrastructure/pgadmin/kustomization.yaml
 create mode 100644 infrastructure/sources/runix.yaml

diff --git a/apps/arr/certificate.yaml b/apps/arr/certificate.yaml
new file mode 100644
index 0000000..b909f5a
--- /dev/null
+++ b/apps/arr/certificate.yaml
@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-jpcit-coza
+  namespace: media
+spec:
+  secretName: wildcard-jpcit-coza-tls
+  issuerRef:
+    name: letsencrypt-dns
+    kind: ClusterIssuer
+  commonName: "*.jpcit.co.za"
+  dnsNames:
+    - "*.jpcit.co.za"
\ No newline at end of file
diff --git a/apps/arr/jellyfin/ingress.yaml b/apps/arr/jellyfin/ingress.yaml
index f29870a..09a618b 100644
--- a/apps/arr/jellyfin/ingress.yaml
+++ b/apps/arr/jellyfin/ingress.yaml
@@ -18,8 +18,8 @@ spec:
                   number: 80
   tls:
    - hosts:
-      - radarr.jpcit.co.za
-     secretName: widlcard-jethrocotton-com-tls
+      - jellyfin.jethrocotton.com
+      secretName: wildcard-jethrocotton-com-tls
 
 #    - match: Host(`movies.merox.cloud`) # change to your domain
 #      kind: Rule
diff --git a/apps/arr/kustomization.yaml b/apps/arr/kustomization.yaml
index 6722a01..d14f467 100644
--- a/apps/arr/kustomization.yaml
+++ b/apps/arr/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
   - media-namespace.yaml
   - arr-configmap.yaml
+- certificate.yaml
   #- homarr
   - jellyfin
   - mediapvs
diff --git a/apps/arr/prowlarr/ingress.yaml b/apps/arr/prowlarr/ingress.yaml
index 1880d54..8fca6f7 100644
--- a/apps/arr/prowlarr/ingress.yaml
+++ b/apps/arr/prowlarr/ingress.yaml
@@ -18,6 +18,6 @@ spec:
                   number: 80
   tls:
    - hosts:
-      - radarr.jpcit.co.za
-     secretName: widlcard-jethrocotton-com-tls
+      - prowlarr.jpcit.co.za
+      secretName: wildcard-jpcit-coza-tls
 
diff --git a/apps/arr/qbittorrent/ingress.yaml b/apps/arr/qbittorrent/ingress.yaml
index 2ddebdd..8d87425 100644
--- a/apps/arr/qbittorrent/ingress.yaml
+++ b/apps/arr/qbittorrent/ingress.yaml
@@ -18,6 +18,6 @@ spec:
                   number: 80
   tls:
    - hosts:
-      - radarr.jpcit.co.za
-     secretName: widlcard-jpcit-coza-tls
+      - qbittorrent.jpcit.co.za
+      secretName: wildcard-jpcit-coza-tls
 
diff --git a/apps/arr/radarr/ingress.yaml b/apps/arr/radarr/ingress.yaml
index fafc3a1..9825c20 100644
--- a/apps/arr/radarr/ingress.yaml
+++ b/apps/arr/radarr/ingress.yaml
@@ -19,4 +19,4 @@ spec:
   tls:
    - hosts:
       - radarr.jpcit.co.za
-     secretName: widlcard-jpcit-coza-tls
+      secretName: wildcard-jpcit-coza-tls
diff --git a/apps/arr/sonarr/ingress.yaml b/apps/arr/sonarr/ingress.yaml
index caf6905..bc4036f 100644
--- a/apps/arr/sonarr/ingress.yaml
+++ b/apps/arr/sonarr/ingress.yaml
@@ -18,5 +18,5 @@ spec:
                   number: 80
   tls:
    - hosts:
-      - radarr.jpcit.co.za
-     secretName: widlcard-jpcit-coza-tls
+      - sonarr.jpcit.co.za
+      secretName: wildcard-jpcit-coza-tls
diff --git a/apps/forgejo/certificate.yaml b/apps/forgejo/certificate.yaml
new file mode 100644
index 0000000..169986a
--- /dev/null
+++ b/apps/forgejo/certificate.yaml
@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-jethrocotton-com
+  namespace: forgejo
+spec:
+  secretName: wildcard-jethrocotton-com-tls
+  issuerRef:
+    name: letsencrypt-dns
+    kind: ClusterIssuer
+  commonName: "*.jethrocotton.com"
+  dnsNames:
+    - "*.jethrocotton.com"
\ No newline at end of file
diff --git a/apps/forgejo/kustomization.yaml b/apps/forgejo/kustomization.yaml
index 4616667..76a9a99 100644
--- a/apps/forgejo/kustomization.yaml
+++ b/apps/forgejo/kustomization.yaml
@@ -7,3 +7,4 @@ resources:
 - ingress.yaml
 - pvc.yaml
 - sshingress.yaml
+- certificate.yaml
diff --git a/apps/kimai/certificate.yaml b/apps/kimai/certificate.yaml
new file mode 100644
index 0000000..9e69b4d
--- /dev/null
+++ b/apps/kimai/certificate.yaml
@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-numbergoup-coza
+  namespace: kimai
+spec:
+  secretName: wildcard-numbergoup-coza-tls
+  issuerRef:
+    name: letsencrypt-dns
+    kind: ClusterIssuer
+  commonName: "*.numbergoup.co.za"
+  dnsNames:
+    - "*.numbergoup.co.za"
\ No newline at end of file
diff --git a/apps/kimai/kustomization.yaml b/apps/kimai/kustomization.yaml
index 163463b..f71cef7 100644
--- a/apps/kimai/kustomization.yaml
+++ b/apps/kimai/kustomization.yaml
@@ -4,6 +4,7 @@ resources:
 - helmrelease.yaml
 - db
 - kimaisecrets.yaml
+- certificate.yaml
 
 namespace: kimai
 
diff --git a/infrastructure/pgadmin/helmrelease.yaml b/infrastructure/pgadmin/helmrelease.yaml
new file mode 100644
index 0000000..105f17a
--- /dev/null
+++ b/infrastructure/pgadmin/helmrelease.yaml
@@ -0,0 +1,17 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: pgadmin4
+  namespace: pgadmin
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: pgadmin4
+      version: "*"
+      sourceRef:
+        kind: HelmRepository
+        name: external-secrets
+        namespace: flux-system
+  install:
+    createNamespace: true
diff --git a/infrastructure/pgadmin/kustomization.yaml b/infrastructure/pgadmin/kustomization.yaml
new file mode 100644
index 0000000..e0425d9
--- /dev/null
+++ b/infrastructure/pgadmin/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- helmrelease.yaml
diff --git a/infrastructure/sources/kustomization.yaml b/infrastructure/sources/kustomization.yaml
index 48a1f51..1a9d055 100644
--- a/infrastructure/sources/kustomization.yaml
+++ b/infrastructure/sources/kustomization.yaml
@@ -10,3 +10,4 @@ resources:
 - cloudnative-pg.yaml
 - mariadb-operator.yaml
 - smb-driver.yaml
+- runix.yaml
diff --git a/infrastructure/sources/runix.yaml b/infrastructure/sources/runix.yaml
new file mode 100644
index 0000000..154b262
--- /dev/null
+++ b/infrastructure/sources/runix.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: pgadmin4
+  namespace: flux-system
+spec:
+  interval: 12h
+  url: https://helm.runix.net