@@ -1,79 +0,0 @@ 
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: fsrv
-  labels:
-    app: fsrv
-spec:
-  selector:
-    matchLabels:
-      app: fsrv
-  template:
-    metadata:
-      labels:
-        app: fsrv
-    spec:
-      nodeSelector:
-        kubernetes.io/hostname: sini
-      containers:
-        - name: fsrv
-          image: sini:5000/fsrv:latest
-          imagePullPolicy: Always
-          env:
-            - name: FSRV_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: fsrv-key
-                  key: key
-          volumeMounts:
-            - name: uploads
-              mountPath: /uploads
-              readOnly: false
-          ports:
-            - name: http
-              containerPort: 9393
-          args:
-            - -url
-            - https://x.icyphox.sh
-            - -key 
-            - $FSRV_KEY
-            - -index
-            - /index.html 
-            - -storepath 
-            - /uploads
-      volumes:
-        - name: uploads
-          hostPath:
-            path: /var/lib/uploads
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: fsrv
-spec:
-  selector:
-    app: fsrv
-  ports:
-    - name: fsrv-http
-      port: 9393
-      targetPort: 9393
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: x.icyphox.sh
-  namespace: default
-spec:
-  ingressClassName: caddy
-  rules:
-  - host: x.icyphox.sh
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: garage
-            port:
-              number: 80
-

@@ -65,8 +65,14 @@ kind: Ingress
 metadata:
   name: h.icyphox.sh
   namespace: default
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
-  ingressClassName: caddy
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - h.icyphox.sh
+      secretName: h-icyphox-sh-tls
   rules:
   - host: h.icyphox.sh
     http:

@@ -50,8 +50,14 @@ kind: Ingress
 metadata:
   name: x.icyphox.sh
   namespace: default
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
-  ingressClassName: caddy
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - x.icyphox.sh
+      secretName: x-icyphox-sh-tls
   rules:
   - host: x.icyphox.sh
     http:

@@ -53,8 +53,14 @@ kind: Ingress
 metadata:
   name: git.icyphox.sh
   namespace: default
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
-  ingressClassName: caddy
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - git.icyphox.sh
+      secretName: git-icyphox-sh-tls
   rules:
   - host: git.icyphox.sh
     http:

@@ -11,8 +11,14 @@ kind: Ingress
 metadata:
   name: ani.place
   namespace: default
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
-  ingressClassName: caddy
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - ani.place
+      secretName: ani-place-tls
   rules:
   - host: ani.place
     http:

@@ -4,9 +4,18 @@ metadata:
   name: icyphox.sh
   namespace: default
   annotations:
-    caddy.ingress.kubernetes.io/permanent-redirect: "https://anirudh.fi"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/server-snippet: |
+      location = /.well-known/webfinger {
+        return 301 https://h.icyphox.sh$request_uri;
+      }
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
 spec:
-  ingressClassName: caddy
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - icyphox.sh
+    secretName: icyphox-sh-tls
   rules:
   - host: icyphox.sh
     http:
@@ -25,7 +34,11 @@ metadata:
   name: anirudh.fi
   namespace: default
 spec:
-  ingressClassName: caddy
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - anirudh.fi
+    secretName: anirudh-fi-tls
   rules:
   - host: anirudh.fi
     http:

@@ -0,0 +1,29 @@ 
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: anirudh@oppiliappan.com
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: anirudh@oppiliappan.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+      - http01:
+          ingress:
+            ingressClassName: nginx

@@ -1,15 +0,0 @@ 
-apiVersion: helm.cattle.io/v1
-kind: HelmChart
-metadata:
-  name: caddy-ingress
-  namespace: caddy-system
-spec:
-  repo: https://caddyserver.github.io/ingress/
-  chart: caddy-ingress-controller
-  targetNamespace: caddy-system
-  valuesContent: |-
-    fullnameOverrride: caddy-ingress
-    ingressController:
-      config:
-        email: anirudh@oppiliappan.com
-    replicaCount: 1

@@ -0,0 +1,13 @@ 
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: koti
+  namespace: ingress-nginx
+spec:
+  repo: https://kubernetes.github.io/ingress-nginx
+  chart: ingress-nginx
+  targetNamespace: ingress-nginx
+  valuesContent: |-
+    controller:
+      allowSnippetAnnotations: true
+

@@ -6,7 +6,6 @@ namespace: metallb-system
 spec:
   addresses:
   - 100.122.122.12/32
-  - 100.122.122.13/32
 ---
 apiVersion: metallb.io/v1beta1
 kind: L2Advertisement

@@ -21,7 +21,7 @@ • tailscale: mesh network
 • metallb: bare metal LoadBalancer provider
 • coredns: DNS server
 • longhorn: distributed block storage
-• caddy: ingress controller
+• nginx: ingress controller
 • prometheus/grafana: stats and visualisation