From e2bbd852e1a5f75611434071848ea5773531e625 Mon Sep 17 00:00:00 2001
From: nold <nold@gnu.one>
Date: Mon, 21 Nov 2022 21:32:38 +0100
Subject: [PATCH] fix(cert-manager): ACME solver set to DNS

---
 projects/core/project.yml              | 27 +++++++++++++-------------
 projects/woodpecker/project.yml        |  8 ++++++++
 resources/manifests/clusterissuer.yaml | 26 +++++++++++++++----------
 3 files changed, 38 insertions(+), 23 deletions(-)

diff --git a/projects/core/project.yml b/projects/core/project.yml
index 822f9675..4e27b5b2 100644
--- a/projects/core/project.yml
+++ b/projects/core/project.yml
@@ -35,19 +35,6 @@ apps:
   targetRevision: 0.13.4
   syncWave: '0'
 
-- name: cert-manager
-  namespace: cert-manager
-  repoURL: https://charts.jetstack.io
-  chart: cert-manager
-  targetRevision: v1.10.0
-  parameters:
-  - name: installCRDs
-    value: 'true'
-  secrets:
-  - name: cert-manager-vault-approle
-    keys:
-    - secretId
-
 - name: ingress-internal
   namespace: ingress-internal
   repoURL: https://helm.traefik.io/traefik
@@ -69,3 +56,17 @@ apps:
   - name: cloudflare-api
     keys:
     - CF_API_TOKEN
+
+- name: cert-manager
+  namespace: cert-manager
+  repoURL: https://charts.jetstack.io
+  chart: cert-manager
+  targetRevision: v1.10.0
+  secrets:
+  - name: cert-manager-vault-approle
+    keys:
+    - secretId
+  - name: cloudflare-api
+    fromApp: external-dns
+    keys:
+    - CF_API_TOKEN
diff --git a/projects/woodpecker/project.yml b/projects/woodpecker/project.yml
index 8be32dc1..b172f960 100644
--- a/projects/woodpecker/project.yml
+++ b/projects/woodpecker/project.yml
@@ -3,6 +3,14 @@ config:
   repoURL: https://woodpecker-ci.org
   targetRevision: v0.15.5
 
+  networkPolicy:
+    groups:
+    - internet
+
+  labels:
+    environment: external
+
+
 apps:
   - name: woodpecker-server
     chart: woodpecker-server
diff --git a/resources/manifests/clusterissuer.yaml b/resources/manifests/clusterissuer.yaml
index 303d8942..ef99b373 100644
--- a/resources/manifests/clusterissuer.yaml
+++ b/resources/manifests/clusterissuer.yaml
@@ -16,13 +16,19 @@ spec:
       name: issuer-account-key
     # Add a single challenge solver, HTTP01 using nginx
     solvers:
-    - http01:
-        ingress:
-          class: ingress-external-traefik
-          ingressTemplate:
-            metadata:
-              labels:
-                environment: external
-              annotations:
-                traefik.ingress.kubernetes.io/frontend-entry-points: "web"
-                kubernetes.io/ingress.class: ingress-external
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api
+            key: CF_API_TOKEN
+
+      #- http01:
+      #   ingress:
+      #    class: ingress-external-traefik
+      #    ingressTemplate:
+      #      metadata:
+      #        labels:
+      #          environment: external
+      #        annotations:
+      #         traefik.ingress.kubernetes.io/frontend-entry-points: "web"
+      #         kubernetes.io/ingress.class: ingress-external